New obligations and liabilities for directors under the Economic Crime and Corporate Transparency Act 2023 (ECCTA). Some obligations and liabilities have already come into force while others will be implemented during 2025 and 2026.
New ID verification rules:
Ban on acting as a director if identity not verified
ECCTA introduces new identity verification (IDV) requirements for all directors. An individual will be banned from acting as a director if their identity has not been verified. While a breach does not affect the validity of acts as a director, in practice the ban will mean that a director should not act on behalf of a company in their capacity as a director until their identity has been verified.
Companies will also have a duty to ensure that individuals do not act as directors unless their identity has been verified, and any avoidance can lead to fines for the company and its directors. Directors who act without verification will also be liable to be disqualified.
Will the IDV requirements apply to all directors?
Yes, IDV requirements will apply to all directors of UK companies. It is also expected to be extended to cover directors of UK establishments registered at Companies House, with an overseas parent.
When will the IDV requirements come into force?
There are different timing stages for new and existing appointments:
New company incorporation:
From autumn 2025, proposed directors will need to have their identify verified before the application to register a company is made.
New director appointments:
From autumn 2025, all new directors appointed to existing companies will need to have their identity verified before the notice of their appointment is filed at Companies House and, more importantly, before they act as a director.
Existing directors:
Existing directors will have a transition period of up to 12 months in which to comply. Once the law takes effect, Companies will need to confirm that their directors have had their identity verified in their next confirmation statement.
Ban on acting as a director if appointment notification is filed late
A company must notify Companies House within 14 days of a person becoming, or ceasing to be, a director.
ECCTA will prohibit an appointed director from continuing to act as such beyond those 14 days. This is unless the individual ‘reasonably believed’ that Companies House had been informed of the appointment. The breach will not affect the validity of the appointment nor that person’s acts as a director, but it may give rise to fines.
The notification to Companies House of a director’s appointment must include confirmation that the director’s identity has been verified.
Any changes to the directors’ details, name, date of birth and nationality, service address, usual residential address and country of residence must be filed with Companies House within 14 days of the change. It will be an offence not to do so, which may give rise to a fine.
Restrictions imposed on corporate directors
Restrictions on the use of corporate directors are expected to come into force.
A corporate director will only be permitted if all its directors are natural persons who have had their identities verified, and that only UK corporate entities with legal status will be able to act as a corporate director.
Director disqualifications
An individual cannot be appointed as a director if they have been disqualified under directors’ disqualification legislation. If a director is so appointed, the appointment will be void. ECCTA also provides for all directorships to terminate automatically on disqualification.
If a director as been disqualified, they will also be unable to be a subscriber shareholder or a person with initial significant control on an application to incorporate a new company.
ECCTA has already expanded the director disqualification regime so that individuals subject to relevant financial sanctions are disqualified from being directors.
Failure by a director to prevent a fraud offence
From 1 September 2025, ECCTA will introduce a new corporate offence of failing to prevent fraud. Under this offence, large organisations may be held criminally liable where an associate (including employees, agents and subsidiaries) commits a specified fraud offence intending to benefit the organisation or any of its customers.
A ‘large organisation’ is one which meets two out of three of the following:
over 250 employees, turnover of over £36 million and assets of over £18 million.
A breach is punishable by a potentially unlimited fine. There is a defence if the organisation can show that it has reasonable procedures in place to prevent fraud.
Contact Our Experts
