Skip to main content
Search

ECCTA compliance: a strategic action plan for UK companies

25 July 2025
spotlight_insights_16.jpg
As a Company Secretary, you’re responsible for upholding your organisation’s integrity and reputation. When regulatory frameworks shift, the stakes rise for everyone from directors to board members. At Vistra, we understand the gravity of these changes. As the Economic Crime and Corporate Transparency Act (ECCTA) transforms the compliance landscape, Dana Wagstaff, Vistra’s Global Product Lead for Entity Management, outlines what organisations need to know to stay in control.

A wake-up call for UK businesses

Many UK companies assume their organisations are on the right track with ECCTA but the numbers tell a different story.  As of July 2025, only 250,000 out of around 7 million directors PSCs and LLP members have verified their identity. If you haven’t started the process yet you’re not alone but with enforcement intensifying and key deadlines approaching, this is a clear signal that urgent action is needed. 

The Economic Crime and Corporate Transparency Act (ECCTA) is the most sweeping reform to Companies House since it was founded in 1844. The act transforms the way businesses handle identity verification, transparency and fraud prevention.

The ECCTA heralds a new era of corporate accountability for the UK but many firms still wrongly believe they’re already compliant. A recent Vistra survey of 100 UK company directors found that 21% claimed to have completed identity verification. However, recent Companies House data suggests the actual figure is much lower – closer to 3%.

With enforcement already underway and key deadlines looming, the cost of inaction is rising fast. 

ID Verification and the Failure to Prevent Fraud Offence

So, here’s three key things you need to know. 

  1. The ECCTA isn’t just a regulatory update but a fundamental shift in corporate governance. Organisations will soon be required to verify the identities of directors, persons with significant control (PSCs) and LLP members, maintain more rigorous controls around company formation and filings and adapt to a newly empowered Companies House with enhanced technology that’s already rejecting inaccurate submissions and exercising greater scrutiny than ever before.

  2. Authorities are stepping up enforcementCompanies House and the Insolvency Service have uncovered 30 entities that had incorporated 30,000-50,000 companies they considered to be involved in ‘illicit activities’ and are in the process of removing 10,000 from the register. They have also started investigations into 100,000 shell companies. The message to firms is clear: take notice and act now. 

  3. From September 2025, a new ‘failure to prevent fraud’ offence will be enforced requiring larger firms to demonstrate they have reasonable procedures in place to prevent fraud. This is an expectation that can only be met through active monitoring, robust documentation and clear accountability, all operational processes that a lot of companies may think they have in place but not to the standard expected by the ECCTA.

     

Complacency in compliance

So, why are so many organisations lagging behind when it comes to ECCTA compliance?

  • Lack of awareness: many organisations assume that their existing processes for fraud and identity checks are compliant and that filings and procedures are always accurate. Yet none of these internal audits have been validated against ECCTA-specific rules or the new digital standards.

  • Overreliance on legacy processes: Companies sometimes rely on informal onboarding processes, outdated ID copies and legacy data without timestamped audit trails or digital verification standards, which may fall short of ECCTA requirements.

  • Lack of fraud detection mechanisms: according to PWC research, while more than half of UK firms identify procurement fraud as a major threat, a fifth of companies still don’t use any data or analytics to detect this fraud. These statistics reveal a disconnect between perceived readiness and actual compliance.

A lack of understanding won’t shield companies from the consequences of non-compliance. Delaying identity verification or relying on outdated processes risks disqualification, reputational harm and unlimited fines, with regulators likely to make examples of those who fall short, as seen with the implementation of GDPR. The financial risks are significant, if we take GDPR as an example - since 2018, 2,245 fines have been issued totalling more than 5.6 billion euros with an average fine of more than 2.3 million euros.

 

Your ECCTA action plan

Taking a pro-active, structured approach to ECCTA compliance will help futureproof your company against potential shocks. We recommend the following steps:

  • Conduct a comprehensive ECCTA readiness audit: identify gaps in your current processes, documentation and controls. Assess whether your digital identity verification, fraud detection mechanisms and internal policies meet the new regulatory standards.

  • Identify Directors and Persons of Significant Control (PSCs): conduct a review to make sure you have identified all relevant personnel.

  • Implement digital identity verification solutions: ensure directors, PSCs and LLP members are verified using secure, compliant digital platforms.

  • Update and strengthen internal controls: review and revise onboarding, record-keeping and filing procedures to align with the ECCTA’s requirements, including time-stamped audit trails and transparent traceable processes.

  • Deliver targeted training: equip directors, company secretaries and senior management with up-to-date training on the ECCTA obligations, fraud prevention and reporting standards.

  • Engage in regular compliance health checks: ongoing reviews help maintain compliance as regulatory expectations evolve and ensure your controls remain effective.

  • Leverage independent expertise: consider third-party support to validate your compliance framework and provide peace of mind for your board and stakeholders.

Vistra was among the very first organisations to register as an Authorised Corporate Services Provider (ACSP), setting the pace for our industry. This early move, reflects our forward-thinking approach to ECCTA solutions, demonstrating genuine leadership in anticipating regulatory changes and delivering peace of mind for our clients.

We offer a range of related services that alleviate the practical and mental load of ECCTA compliance:

  • End-to-end digital identity verification services

  • Fraud prevention support tailored to your organisation’s risk profile

  • Independent ECCTA readiness audits and ongoing compliance health checks

  • Training modules and advisory services for directors and company secretaries

Don’t let assumptions put your company at risk. Let Vistra take care of keeping your organisation 100% compliant and worry-free.

If you are unsure where your business stands, don’t wait any longer.

Contact Vistra today to schedule your ECCTA audit and build a foundation of compliance, credibility and resilience for your business.

Related services
Entity Management
ECCTA
Legal

The contents of this article are intended for informational purposes only. The article should not be relied on as legal or other professional advice. Neither Vistra Group Holding S.A. nor any of its group companies, subsidiaries or affiliates accept responsibility for any loss occasioned by actions taken or refrained from as a result of reading or otherwise consuming this article. For details, read our Legal and Regulatory notice at: https://www.vistra.com/notices . Copyright © 2026 by Vistra Group Holdings SA. All Rights Reserved.


Got a question?
Get in touch
Make an enquiry
×

UK Companies House ID verification is now mandatory

Ensure your UK entity is compliant, let our experts guide you through the process so you can stay compliant.

Get in touch