Skip to main content
Search

Why the clock is ticking on ECCTA compliance for fund managers

22 October 2025
spotlight_insights_01.jpg
  • Contacts
  • Sophie White Blue
    Sophie White
  • Associate Director – Business Development, London
The Failure to Prevent Fraud offence recently came into effect in the UK as part of sweeping new anti-fraud reforms led by Companies House. Fraud targeting investment managers, saw a significant increase in 2024 with cloning scams alone rising by 57%. Against this backdrop, Sophie White, Associate Director, Funds at Vistra, outlines what fund managers need to do to comply with the new fraud prevention measures.

The Economic Crime and Corporate Transparency Act 2023 (ECCTA) is the largest overhaul of Companies House in its 180-year history. For fund managers, the new requirements are a fundamental shift in the enforcement of fraud prevention, transparency and corporate governance.

Fraud remains a significant concern for many fund managers with investment management firms facing a 50% increase in fraud in 2024 compared to the previous year. A June survey found that 39% of UK directors were completely unaware of the ECCTA’s deadlines - including key legislation that came into effect on 1st September 2025.

Here’s what fund managers need to know about the new regulations, why they can’t afford to ignore them and the practical steps they need to take to ensure compliance. 

 

What’s changing for fund managers?

Several key reforms are reshaping how fund managers operate.

The Failure to Prevent Fraud offence, which has been in force since the start of September, holds ‘large organisations’ criminally liable for fraud committed by employees or associates unless ‘reasonable measures’ are in place to prevent it.

‘Large organisations’, by definition, are those that meet at least two of the following criteria: having more than 250 employees, an annual turnover exceeding £36m or total assets greater than £18m. This encompasses evidence of a governance framework, training and resources for employees, communication to workers on the company’s stance against fraud, risk assessments, prevention procedures, continuous due diligence and other relevant measures.

The ECCTA also enforces mandatory ID verification for directors, persons with significant control (PSCs) and LLP members, mandatory verification coming into effect on 18th November 2025.

Further changes to LPs are expected in 2026, affecting nearly 60,000 businesses. LPs will be required to provide partners’ details, including names, dates of birth and residential addresses, have a registered office in the UK within the same constituent country, offer a standard industrial classification code and file annual confirmation statements. They will also have to file their information through an Authorised Corporate Service Provider (ACSP).

 

Why should fund managers act now?

Waiting until deadlines approach could be financially costly.

Companies House has warned of ‘unlimited fines’ for failure to comply with mandatory ID verification. Furthermore, directors and PSCs, along with the funds they act on, will not be permitted to file documents, partake in acquisitions and could even be disqualified from the register.

Under the Failure to Prevent Fraud offence, funds that fail to prove the new standards for fraud prevention will be held criminally liable, and could also face unlimited fines.

Fund managers should also be concerned with the operational impact of non-compliance. For example, there is the potential for technical issues and backlogs. The latest numbers from Companies House in August 2025 show that less than 5% of affected directors/PSCs have completed mandatory ID verification. Bottlenecks could therefore easily arise ahead of the November deadline, and Companies House has encouraged firms to act now and ‘save time later’. Companies House also confirmed at the Corporate Governance Institute’s annual conference that it will remove all companies linked to non-verified individuals from the register after the deadline.

This hard-line stance makes complacency a risk for fund managers. Fund managers, for example, may not realise that ID verification through Companies House is limited to biometric documents and UK driving licences. Overseas directors and those reliant on paper documents will need to use ACSPs to sort this.

The crackdown on fake directors has already begun, with over 11,500 companies struck off the register. However, Companies House will have no qualms also going after legitimate non-compliant companies. The Crown Prosecution Service has already demonstrated its determination to make an example of non-compliant firms, securing the second-largest corporate criminal settlement agreement ever of £615m under the Failure to Prevent Bribery and Corruption Offence.

Simply put, those who act early will reduce risk, avoid last-minute panic and avoid reputational damage.

 

What should fund managers do?

To stay ahead, fund managers should adhere to the following ECCTA action plan:

  1. Conduct a comprehensive ECCTA readiness audit: identify gaps in your current processes, documentation and controls. Assess whether your digital identity verification, fraud detection mechanisms and internal policies meet the new regulatory standards.
  2. Identify Directors and Persons of Significant Control (PSCs): conduct a review to make sure you have identified all relevant personnel. Implement digital identity verification solutions: ensure directors, PSCs and LLP members are verified using secure, compliant digital platforms.
  3. Update and strengthen internal controls: review and revise onboarding, record-keeping and filing procedures to align with the ECCTA’s requirements, including time-stamped audit trails and transparent traceable processes.
  4. Deliver targeted training: equip directors, company secretaries and senior management with up-to-date training on the ECCTA obligations, fraud prevention and reporting standards.
  5. Engage in regular compliance health checks: ongoing reviews help maintain compliance as regulatory expectations evolve and ensure your controls remain effective.
  6. Leverage independent expertise: consider third-party support to validate your compliance framework and provide peace of mind for your board and stakeholders.

We offer a range of related services that alleviate the practical and mental load of ECCTA compliance, including:

  • End-to-end secure digital identity verification services
  • Fraud prevention support tailored to your organisation’s risk profile
  • Independent ECCTA readiness audits and ongoing compliance health checks
  • Training modules and advisory services for directors and company secretaries

Vistra was among the very first organisations to register as an Authorised Corporate Services Provider (ACSP), setting the pace for our industry. Don’t let assumptions put your company at risk. 
Contact us today and let Vistra take care of keeping your organisation compliant.

Related services
Entity Management
Fund Solutions
ECCTA

The contents of this article are intended for informational purposes only. The article should not be relied on as legal or other professional advice. Neither Vistra Group Holding S.A. nor any of its group companies, subsidiaries or affiliates accept responsibility for any loss occasioned by actions taken or refrained from as a result of reading or otherwise consuming this article. For details, read our Legal and Regulatory notice at: https://www.vistra.com/notices . Copyright © 2025 by Vistra Group Holdings SA. All Rights Reserved.


Got a question?
Get in touch
Make an enquiry