The UK-India free trade deal has marked a new phase of co-operation between the two countries and makes the UK an investment destination for Indian businesses. The deal is expected to be implemented from April 2026, subject to ratification and entry-into-force processes, supporting a bilateral trading relationship worth about £47.2 billion in goods and services.
Rising geopolitical risks, uncertainty and enforcement action expose cross-border trade and transactions to several risks. One key consideration for Indian businesses expanding in the UK is compliance with the Economic Crime and Corporate Transparency Act 2023, or UK ECCTA Act, as it presents a regulatory risk. This is not limited to overseas subsidiaries of Indian companies or Indian entities with UK exposure.
Historically, many Indian companies have managed cross-border risk through anti-bribery compliance programmes. The UK ECCTA Act brings fraud risk, along with the “failure to prevent fraud” framework and expectations of controls, into focus. Organisations must implement a fraud compliance framework across the group. Fraud risk may arise through India-based management teams, global capability centres and support functions, or intermediaries. Indian companies should consider the UK ECCTA Act within enterprise-wide governance frameworks, strengthen investigation readiness and internal controls, and avoid treating it in the same way as earlier cross-border regimes.
ALSO READ: Iran's Hormuz Gamble: How The Geopolitical Chokepoint Is Fueling A New Global Oil Shock
The New UK Offence
One key provision in the UK ECCTA Act is the “failure to prevent fraud” offence, in effect since Sept. 1, 2025. An organisation may face criminal liability if an employee or third party commits fraud with the intention of benefiting the organisation. It is not necessary to show that directors or senior managers were involved in or aware of the fraud.
Indian companies that have focused on anti-bribery controls should expand compliance frameworks to include fraud-specific scenarios. These include revenue recognition manipulation, procurement fraud, channel stuffing, customer or invoice fraud, expense fraud, false representations to lenders or counterparties, and misuse of incentive schemes. France's Sapin II regime also extended compliance expectations to French groups and their overseas operations, including in India, and affected compliance programme design and enforcement readiness.
Indian laws already cover multiple routes through which fraudulent conduct may attract civil, regulatory and criminal consequences. These include the Bharatiya Nyaya Sanhita 2023, the Prevention of Corruption Act 1988, the Prevention of Money Laundering Act 2002, and the Companies Act 2013 on books and records, disclosures and governance. The UK offence expands the risk landscape for Indian groups with cross-border operations.
Applicability And 'Reasonable Procedures'
The failure to prevent fraud offence applies only to large organisations or their subsidiaries with annual turnover above GBP 36 million, balance sheet assets over GBP 18 million, or more than 250 employees. An organisation does not need to be registered in, based in, or carrying out business in the UK.
For Indian businesses, this includes several operating models. These include an Indian parent company with a UK sales or distribution subsidiary, India-based global capability centres processing finance or payroll for UK entities, Indian technology companies serving UK customers remotely, Indian manufacturers exporting to the UK, and Indian groups using third-party intermediaries or consultants in the UK.
The offence applies if there is a UK nexus, even if minimal. This includes cases where fraudulent conduct takes place in the UK or where gain or loss occurs in the UK. The “reasonable procedures” defence allows an organisation to avoid criminal liability if it can show that it had reasonable fraud prevention procedures in place, or that it was not reasonable to expect such procedures.
Building Fraud Risk Readiness Programme
India-based businesses in the UK should assess applicability at a group level rather than only at the entity level. This is relevant where UK operations sit within subsidiaries or where India-based entities support UK-facing business. Even if the UK business is small, Indian groups should assess whether group size thresholds and parent structures bring entities within scope.
Fraud risks should be mapped across the operating structure. This includes decision-makers on revenue generation and approvals for counterparties and payments.
Under ECCTA, the compliance question shifts from whether management knew or intended to whether the organisation had reasonable fraud prevention procedures that operated in practice. Indian governance mechanisms can be used but should be adapted to address fraud and implemented in operations.
“Reasonable procedures” should translate into targeted fraud risk and forensic workstreams rather than generic training. These include themed fraud risk assessments and periodic reviews, such as third-party risks in outsourced models, revenue recognition, incentive schemes, distributor discounts, customer invoicing and counterparty representations. They also include whistleblower reporting channels with defined timelines to assess and escalate complaints, investigation protocols that protect legal privilege, audit committee reporting, and third-party due diligence and contracting controls for UK-linked intermediaries.
Organisations should expect greater scrutiny at the statutory audit level. Orders and enforcement records from the National Financial Reporting Authority show that auditors are expected to identify and respond to fraud indicators and control gaps. This increases pressure on management, audit committees and internal audit teams to show fraud risk governance.
ECCTA can cover scenarios that Indian laws often address indirectly or after the event. These include cases where a UK-facing sales team or agent inflates orders or invoices or misrepresents product quality to meet targets, a distributor or introducer makes false representations to UK customers, or finance teams manipulate revenue recognition or rebates with a UK impact. Under ECCTA, exposure depends on whether effective prevention procedures were in place, even without senior management knowledge. This requires a shift from policy-based compliance to control-based fraud prevention.
Indian companies should also consider this when acquiring or investing in UK businesses. Pre-acquisition diligence, deal-stage diligence and post-closing integration planning should identify risks and establish controls.
Conclusion
As the UK and India strengthen ties, Indian businesses have more opportunities. Organisations that integrate regulatory strategy into growth plans can use these opportunities.
Indian businesses should approach compliance with the UK ECCTA Act as a governance and growth matter, not only a legal risk. Companies that implement fraud prevention controls early, align UK-facing compliance with Indian governance frameworks and build response mechanisms can pursue UK opportunities.
ALSO READ: India-UAE-Russia: New Geopolitical Triangle In The Making | The Reason Why
This article was authored by David Lister, forensic accounting partner at international law firm Pinsent Masons, and Susanah Naushad, counsel at Khaitan & Co.
Disclaimer: The views expressed in this article are solely those of the author and do not necessarily reflect the opinion of NDTV Profit or its affiliates. Readers are advised to conduct their own research or consult a qualified professional before making any investment or business decisions. NDTV Profit does not guarantee the accuracy, completeness, or reliability of the information presented in this article.
Essential Business Intelligence, Continuous LIVE TV, Sharp Market Insights, Practical Personal Finance Advice and Latest Stories — On NDTV Profit.
