ECCTA Compliance: A Checklist for Treasury and Finance Leaders

Published: August 18, 2025

Corporate treasurers and finance leaders are on the front lines of a new era of transparency, accountability and enforcement as the Economic Crime and Corporate Transparency Act transforms the UK compliance landscape for good. Alan Hughes, Executive Director, Head of International Legal Services, Vistra, outlines what firms need to know to stay in control, and why the time to act is now.

The Economic Crime and Corporate Transparency Act (ECCTA) is arguably the most sweeping reform to Companies House since it was founded in 1844, fundamentally changing how businesses handle identity verification, transparency, and fraud prevention.

Though many UK firms assume their organisations are on the right track, the numbers tell a different story. A recent survey of 100 UK company directors found that 21% claimed to have completed identity verification. However, recent Companies House data suggests the actual figure is much lower. As of July 2025, only 250,000 out of around 7 million directors, persons of significant control (PSCs) and Limited Liability Partnership (LLP) members have verified their identity. That’s less than 4% of those affected.

From September 2025, the new failure to prevent fraud (FTPF) criminal offence will raise the stakes even higher, imposing unlimited fines if firms are unable to prove they have “reasonable procedures” in place to prevent fraud from occurring.

With enforcement already underway and key deadlines looming, the cost of inaction is rising fast. Treasury and corporate finance leaders can’t afford to assume that someone else will handle it, and the cost of complacency, including disqualification, criminal liability, and reputational damage, will ultimately negatively impact the bottom line.

ID verification and the FTPF offence

The ECCTA isn’t just a regulatory update but a fundamental shift in corporate governance. From next month, organisations will be required to verify the identities of directors, PSCs and LLP members, maintain more rigorous controls around company formation and filings, and adapt to a newly empowered Companies House with enhanced technology that’s already rejecting inaccurate submissions and exercising greater scrutiny than ever before.

Authorities are stepping up enforcement. Companies House and the Insolvency Service have uncovered 30 entities that had incorporated between 30,000 and 50,000 companies they considered to be involved in ”illicit activities”. They are in the process of removing 11,500 from the register. They have also started investigations into 100,000 shell companies. The message to firms is clear: take notice and act now.

The FTPF offence will also require larger firms to demonstrate they have ”reasonable procedures” in place to prevent fraud. This is an expectation that can be met only through active monitoring, robust documentation, and clear accountability, all operational processes that many companies may think they have in place – but not to the standard expected by the ECCTA.

ECCTA action plan

Taking a proactive, structured approach to ECCTA compliance will help future-proof against potential shocks.

Treasurers and financial leaders should conduct a comprehensive ECCTA readiness audit to identify gaps in current processes, documentation, appropriate training for directors/senior managers and controls. This will enable firms to assess whether their digital identity verification, fraud detection mechanisms, and internal policies meet the new regulatory standards across ID verification and the FTPF offence.

For ID verification, it is imperative that all directors and PSCs, and other relevant personnel are identified, before ensuring they are verified using secure, compliant digital platforms.

For the FTPF offence, a targeted training programme for key internal stakeholders across treasury, finance, legal, risk, company secretaries, and executives, combined with a comprehensive review, enables businesses to understand their level of exposure and map where their fraud risks lie. This includes assessing internal controls and evaluating whether prevention procedures truly meet the required standards. It’s also important to embed key finance and treasury policies such as anti-fraud, bribery, identity verification, and transparency obligations to ensure finance and treasury teams are ECCTA-ready. This sends a clear signal to regulators, investors, and internal stakeholders that the organisation is serious about corporate accountability – a reputational advantage that shouldn’t be overlooked.

Identify your large entities within the group and ensure that stakeholders are aware of the FTPF offence. Updating and strengthening internal controls, such as onboarding, record-keeping, and filing procedures, can also help firms better align with the ECCTA’s requirements, including time-stamped audit trails and transparent, traceable processes. Continuing to engage in regular compliance health checks will also help maintain compliance as regulatory expectations evolve and ensure controls remain effective.

Finance and treasury leaders must establish robust accounting policies, enforce strong internal controls, and ensure clear segregation of duties to prevent false accounting. This includes maintaining accurate financial records that reflect underlying transactions, preventing manipulation of data to distort performance, and conducting regular internal audits to identify and address any irregularities or misstatements.

They should also conduct proportionate and risk-based due diligence on third-party suppliers to identify potential links to fraud, economic crime, or hidden beneficial ownership. This includes verifying the legitimacy of the supplier’s corporate structure, checking for red flags in ownership or control, and ensuring that suppliers are not being used to disguise improper payments or transactions. Regular supplier reviews, enhanced checks for high-risk jurisdictions, and clear onboarding controls should be embedded into procurement and payment processes.

Treasury teams must ensure that due diligence on third-party suppliers includes identifying and verifying Ultimate Beneficial Owners (UBOs), especially for entities in high-risk sectors or jurisdictions. This involves obtaining reliable documentation to confirm ownership or control, assessing whether the structure obscures ownership or facilitates illicit activity, and ensuring UBOs are not subject to sanctions or linked to economic crime. UBO transparency should be embedded within the organisation’s anti-fraud and supplier risk management framework.

Lastly, leveraging third-party expertise can support the validation of compliance frameworks, delivery of targeted training for senior management on the ECCTA obligations, and provide peace of mind for the company board and stakeholders.

Ignorance offers no defence

Many organisations are lagging behind when it comes to ECCTA compliance due to a lack of awareness, overreliance on legacy processes, and a general complacency due to the belief that what they already have in place will suffice.

However, a lack of understanding won’t shield companies from the consequences of non-compliance. Delaying identity verification or relying on outdated processes risks disqualification, reputational harm, and unlimited fines, with regulators likely to make examples of those who fall short, as seen with the implementation of GDPR. The financial risks are significant, if we take GDPR as an example – since 2018, the CMS Enforcement Tracker Report covering the EU states that 2,245 fines have been issued, totalling more than €5.6bn, with an average fine of more than €2.3m.

The worst mistake organisations can make is assuming they are compliant simply because nothing has gone wrong. Confidence without evidence is not a strategy, it’s a serious judgment error. In this increasingly stringent regulatory climate, inaction is not an option and ignorance offers no defence.

For treasury teams, this is about more than just regulatory box-ticking. It’s about protecting the business’ financial standing, reputation, and governance standards at a time when trust and transparency matter more than ever. In this new era of corporate transparency, failure to take action could make complacency the costliest risk on your balance sheet.