Introduction

The Economic Crime and Corporate Transparency Act 2023 (“ECCTA 2023” or the “Act”) constitutes a landmark development in the United Kingdom’s (“UK”) legal framework to combat financial crime and reinforce corporate accountability.

Enacted in 2023, the Act introduces two key provisions: the creation of the new corporate offense of failure to prevent fraud, entered into force in September 1st, 2025, and the expansion of the identification doctrine through the senior manager regime, entered into force in December 26, 2023.

These new provisions are expected to generate significant challenges for companies both within and outside the UK, as the scope of exposure is broad with potential extraterritorial implications - such as organizations incorporated in the UK and multinationals with UK operations. In this regard, the most effective way to address these challenges is to implement or enhance compliance programs to prevent fraud and ensure appropriate oversight of senior management.

This article aims to present the key challenges posed by these new provisions and highlight practical measures that companies should adopt to mitigate them. An essential component of this approach is the periodic review of compliance programs, ensuring that they remain tailored to the company’s risks, regulatory requirements and corporate structures.

Preliminary considerations

The United Kingdom has progressively reinforced its legal framework to address economic crimes and enhance corporate accountability. A key milestone was the UK Bribery Act of 2010 (“UKBA”), which introduced the pioneering corporate offense of failure to prevent bribery. Under this strict liability regime, organizations may be held criminally liable for bribery committed by an associated person intending to benefit the organization, unless them can demonstrate that adequate procedures had been implemented to prevent such conduct.

The ECCTA 2023 represents an evolution. It complements and expands the UKBA by introducing the failure to prevent fraud offense, applicable to large organizations - defined as those meeting at least two of the following criteria: (i) more than 250 employees, (ii) annual turnover exceeding £36 million, or (iii) total assets exceeding £18 million.

In addition, the Act expands the identification doctrine, enabling corporate liability for offenses committed by senior managers acting within the scope of their authority, even if they do not hold formal executive titles.

Taken together, the UKBA and ECCTA 2023 establish a robust legal framework that shifts the burden onto organizations to proactively prevent misconduct, rather than merely responding to it. This evolution underscores the UK’s enduring commitment to enhancing transparency, accountability, and ethical conduct in corporate environments.

As mentioned before, the Act contains provisions with extraterritorial effects. Companies inside and outside the UK may still fall within the scope of ECCTA 2023 if they have relevant UK connections, such as UK-based customers, operations, or assets. Under the senior managers regime and failure to prevent fraud offense, liability may arise regardless of incorporation or location, provided that there is a demonstrable UK nexus.

Hence, these companies have an ongoing obligation to continuously monitor and periodically review the effectiveness of their compliance programs.

Periodic compliance review as a strategic response

Companies subject to the ECCTA 2023 - as well as those operating under other robust anti-corruption frameworks - should carry out periodic reviews of their compliance programs. Such reviews are critical not only to confirm that existing procedures remain adequate, but also to ensure that the program evolve in response to shifting regulatory expectations and emerging risks. The absence of this continuous reassessment exposes organizations to heightened liability, particularly in jurisdictions that demand demonstrable and proactive compliance efforts, as the UK.

A compliance review is a structured and in-depth evaluation of a company’s compliance framework. It usually includes a thorough document review, which includes compliance-related policies and internal procedures, training materials and sessions provided, sample analysis of relevant third parties to check whether the appropriate procedures are being carried out.

In addition, one effective tool during the review is to perform a general compliance perception assessment, involving structured interviews with key personnel to capture insights on the program’s effectiveness. The findings can then be used to identify and address specific opportunities for improvement, ensuring that the compliance framework remains both responsive and robust.

In this regard, periodic reviews have proven to reinforce a culture of integrity. They also promote accountability, particularly at the senior management level, since these leaders are typically engaged in the review process and bear responsibility for supporting compliance across the organization in order to meet the broader governance expectations – expanded by the ECCTA 2023.

Within the context of the failure to prevent fraud offense, a well-structured and regularly reviewed compliance program serves as a strategic defense, both to mitigate risks and liability. The reviews may be conducted internally by the compliance department, however, when conducted by outside counsel, it provides added value by ensuring independence, minimizing potential conflicts of interest, and enhancing the credibility of the assessment before regulators and stakeholders.

Conclusion

The Act has increased legal and operational exposure for large organizations with direct or indirect links to the UK – mainly due to the introduction of the failure to prevent fraud offense.

In response to this heightened regulatory landscape, the periodic review of the compliance program assumes a strategic role. By systematically evaluating the practical effectiveness of the internal compliance programs, the review enables organizations to identify and remediate deficiencies before they escalate into regulatory consequences.

For Brazilian companies with operations, clients, or assets in the UK, or for UK companies with a presence in Brazil, the September 2025 enforcement underscores the urgency to act. Implementing and maintaining reasonable prevention procedures is essential not only to support a defense under the ECCTA 2023, but to also foster a culture of integrity and accountability across all levels of corporate governance. This resonates with the spirit of the Brazilian Clean Companies Act.

Taken together, these legal frameworks highlight the need for companies operating transnationally to align compliance programs to both jurisdictions, embedding continuous monitoring, periodic reviews, and strong governance practices.

Authors: Isabela Vidal, Leonardo Kozloswki , Salim Saud.