Skip to main content
DefenceFile
Help centre

Scope and compliance · 5 min

ECCTA scope and who it applies to

The UK nexus test, associated-person definition, and the large-organisation threshold under the Economic Crime and Corporate Transparency Act 2023.

Help baseline: 2026-06-15

ECCTAscopeUK nexuslarge organisationfailure to prevent fraud

Large-organisation threshold

The ECCTA failure-to-prevent-fraud offence applies to large organisations meeting at least two of three Companies Act 2006 criteria for the current or immediately preceding financial year. DefenceFile helps you organise evidence that you meet those criteria — it does not determine whether you are in scope. Source: Economic Crime and Corporate Transparency Act 2023, s.199; Home Office guidance d1.

  • Turnover exceeding £36 million.
  • Balance sheet total exceeding £18 million.
  • More than 250 employees.
  • Meeting two of the three criteria in scope year brings the organisation within the offence.
  • Whether your organisation is in scope is a question for legal advisers — DefenceFile organises the evidence, not the legal conclusion.

UK nexus test

A fraud offence has a UK nexus if any part of the fraudulent act, the intended victim, or the organisation's operations is in the UK. The nexus test is broad — partial UK exposure is enough. Source: ECCTA 2023, s.199; Home Office guidance d2.

  • UK nexus does not require the organisation to be incorporated in the UK.
  • Overseas organisations with UK operations, UK employees, or UK customers may have UK nexus.
  • A UK nexus finding means an associated person's fraud can trigger the offence — not that it has.
  • Advise your legal team before concluding on nexus: the analysis turns on facts specific to your organisation.

Associated-person definition

An associated person is someone who performs services for or on behalf of the organisation — employees, agents, subsidiaries, and in some cases supply-chain participants. Source: ECCTA 2023, s.199; Home Office guidance d3.

  • Employment status is not determinative — contractors and agents can be associated persons.
  • The test is whether the person was performing services for the organisation at the time of the relevant act.
  • Identifying and mapping associated persons is the first step in building a proportionate procedures defence.
  • DefenceFile records associated persons and links them to the evidence collected — it does not determine who counts.

Boundary

DefenceFile help explains workflow operation. It does not provide legal advice, create privilege, certify scope, certify reasonable procedures, or guarantee that a statutory defence will succeed.

Request pilot review