Recent high-profile hacking of worldwide computer systems, most noticeably those of the NHS, serve as a chilling reminder to businesses that threats are always evident. Hardly a day seems to pass without a new online scam or fraud making the headlines, each one slightly different, more costly, and more disruptive than the last. Terms such as ransomware, cybercrime and ID theft, unheard of just a few years ago, are now in everyday use.
Reports suggest that UK limited companies themselves are increasingly subject to ID theft with fraudsters known to change details of the appointed directors and registered office as a precursor to an elaborate scam. Once under their control, criminals are able to use the company to take out loans, make expensive purchases, or even hijack the Company for something more sinister.
Such is the risk that Companies House has just restated its advice for companies looking to protect themselves. Top of the list is the protected online filing scheme known as PROOF. This is now a well-established way to protect a company from unauthorised record changes by preventing the filing of certain paper forms which, if accepted for filing, would assist the criminal. Crucially, once a company becomes registered for PROOF it can no longer lodge notification of a new registered office or changes to directors on paper. Instead, all such changes must be made online using secure login details.
Part of the problem is the time taken for a legitimate director to discover that fraudulent filings have been made. After all, directors are not generally in the habit of checking their filing history on a regular basis and this delay creates a perfect window of opportunity. But a newly launched free Companies House service aims to address this by automatically sending an email notification every time a new document is filed for this, or any other, registered company. Learning of such changes early on is critical to help damage limitation.
Surprising to most is the limited extent of the registrar to investigate potential fraud. Although the official advice is to contact it early on, the registrar has no investigatory powers or powers of prosecution. In such circumstances, the Police and Action Fraud are better placed to assist.
In fact, it is only through the recent introduction of specific legislation that a mechanism exists to resolve disputes concerning registered office addresses. If a complaint is received that an address being used is not authorised, Companies House has the power to change the record following compliance with a dispute process. Although a step in the right direction, unfortunately, the timescales involved are such that this is unlikely to either deter or prevent fraudulent activity.
As ever the advice is to remain vigilant for anything unusual or out of place. But if your company becomes a victim then responding quickly is the best chance of limiting damage.
If you’d like to understand more about UK business fraud and what this might mean to you now and in the future, please contact Edward Garston, a Senior Associate in the Company Commercial Department. Call on 01708 229444 or email firstname.lastname@example.org. This article was written by Edward Garston, a company commercial solicitor at Pinney Talfourd LLP Solicitors. The contents of this article are for the purposes of general awareness only. They do not purport to constitute legal or professional advice. Specific legal advice should be taken on each individual matter. This article is based on the law as of May 2017.