Select Committee on Business and Enterprise Thirteenth Report

4  Identity fraud and 'company hijack'

38. The All Party Parliamentary Group (APPG) on Identity Fraud and the British Bankers Association (BBA) warned that information registered at Companies House could be used for criminal activities:

  • it gives fraudsters information to commit identity fraud—a criminal could take a director's personal details and use them to apply for credit; and
  • fraudsters can "hijack" companies by changing details on the Companies Register—a fraudster could change the registered office address of a company by writing to Companies House, using a signature copied from the register, and then orders goods to be delivered to that address. Suppliers checking the Register of Companies will find that a company of that name exists and appears to be trading at that address. The fraudsters then sell on the goods and leave the company with the bills.[69]

The Metropolitan Police estimate that each successful crime of this type via Companies House can net over £100,000[70] and costs the economy in excess of £50 million per year.[71]

39. Companies House told us that:

    Business and government want a system where it is easy to establish companies and to conduct business relatively free from the burdens of regulation. The challenge is to balance this need for a low regulatory burden with the need to prevent the companies register being used to facilitate fraud and financial crime.[72]

It has been working with the Metropolitan and City of London Police to try to combat fraud. In May 2005 they jointly launched 'Operation Sterling' to identify and prevent attempts to take over companies' identities for criminal use. A Metropolitan Police Officer was stationed in Companies House for 18 months disrupting 490 attempts of fraud.[73] We were concerned to learn that this posting was now over. When we questioned Companies House we were told that the objectives of "building robust and efficient mechanisms for co-operation between Companies House and the different police forces" had been achieved; and that it was not necessary for an officer to continue to be physically stationed at Companies House because the secondment had been used "wisely to transfer skills and knowledge of networks" to Companies House staff.[74] We hope this is indeed the case. We understand the rationale for the withdrawal of the permanent police presence at Companies House, but are nervous about this apparent reduction in the overall anti-fraud effort. We recommend that Companies House and both the Metropolitan and City of London Police forces conduct regular assessments of the skills and knowledge of the staff at Companies House in relation to the opportunities for fraud. We also expect the possibility of reinstating the permanent police presence to be kept under continuous review.

40. We note that the Fraud Advisory Panel has recently emphasised that fraud should be a mainstream policing issue and called for local Police and Community Fraud Liaison Groups to feed intelligence and concerns to local police forces.[75] The former arrangements between the Metropolitan Police and Companies House seemed an excellent example of close working. However, we are pleased that Companies House is continuing to work with the police in developing its intelligence role and is contributing to data sharing among the UK's law enforcement agencies. The effectiveness of these working arrangements must be reviewed regularly.


41. The BBA considered that the removal of directors' personal addresses, dates of birth, signatures and dates of appointment from the register would reduce its usefulness to fraudsters. However it warned that this would need to be measured against anti-money laundering requirements as certain details reported to Companies House are used to identify potential launderers.[76]

42. A solution could be having different levels of access to the data; the APPG and BBA both suggest restricting the amount of public access to personal details.[77] The Companies Act 2006 provides for a secure register for directors' residential addresses which will only be available to certain authorities and credit reference agencies. This both prevents misuse of the information by activists and should make it harder for the Companies Register to be used in identity fraud. Whilst this solves the fraud problem the BBA were concerned that by restricting access to just some authorities and credit references and not to banks their members would find it harder to meet consumer due diligence requirements because:

  • banks will not be able to link Directors by the addresses used—it is often the case in fraud syndicates that the link is the addresses used;
  • banks will not be able to protect ourselves at front end should these Directors make personal applications for finance.;
  • banks will not be able to have any access to addresses of the companies shareholders so will not know who is behind the companies they are dealing with or in fact where they live (Sanctioned Countries);
  • banks will not be able to obtain any documents from Companies House to confirm when and how someone was added as a Director nor compare signatures;
  • if someone is a Personal Guarantee on an agreement and they have moved since the date the agreement was taken out the bank will not be able to locate them to enforce the Personal Guarantee;
  • access to limited information will negatively impact Risk and Underwriting decisions;
  • banks' investigations into individuals who are added to companies as Directors will be frustrated as they will not be able to contact them to confirm that they are directors of the companies concerned and if their involvement is genuine and if not protect them and advise them to have their details removed; and
  • banks will not be able to contact the genuine directors of companies that have been cloned.[78]

43. The issue raised by the BBA goes wider than the remit of Companies House. However, there is clearly a balance to be struck between making the register useful to those who are attempting to prevent crimes such as money laundering, while preventing it being useful to those attempting to commit other crimes such as fraud. This balance should be frequently reviewed and legislation amended as necessary.


44. Companies House has also introduced ways to help companies protect themselves when using the register. There are three methods which they refer to as their 'three-point plan':

45. Mr Jones told us that although Companies House was encouraging people to take part in the three-point plan, only about 160,000 companies out of 2.6 million had signed up to PROOF even though it was free.[81] BBA suggested that part of the problem was the lack of awareness amongst businesses of PROOF and Monitor. They recommend that there should be a publicity campaign to highlight the anti fraud benefits of the tools.[82] Companies House's 2007/08 Annual Report highlighted that it had run marketing campaigns to encourage take up of electronic filing and the three-point plan[83] however it would seem that they have not been far reaching enough as the Companies House has consistently missed its targets on take up of electronic filing although these targets have risen sharply (see Table 3).

Table 3: Electronic filing targets and out-turn
Year Target Out-turn
2004/0515% 12%
2005/0635% 28%
2006/0740% 37%
2007/0855% 47.9%

Source: Companies House Annual Report and Accounts 2007/08

In justification Companies House said that the previous target of 55% of all submissions being electronic was too "ambitious;"[84] as a consequence the target has been changed to a 26% increase in electronic filing by volume for 2008/09. We note that this is a target to achieve less than that which was achieved last year, when 3.1 million documents were filed electronically, a 30% increase on the year before. We therefore question whether this new target is adequately challenging.


46. The potential for abuse is increased through the dual use of paper and electronic filing at Companies House. Although electronic filing can be protected, paper filing cannot, other than through the use of signatures. A member of the Institute of Chartered Secretaries and Administrators said that:

Although PROOF goes some way towards mitigating this risk, only 6% of companies have signed up for it.[86] The APPG suggested that PROOF should be made compulsory. Mr Jones told the Committee that "the key to making PROOF compulsory is to make e-filing compulsory for these documents. PROOF is a scheme that requires the agreement of the company and therefore making it mandatory is not a practical aim. A better approach is to broaden the use of PROOF as a first step and ultimately mandate electronic filing of company information".[87]

47. We were told that:

  • in January 2009 Companies House will be consulting with their customers on a strategy for electronic filing;
  • in June 2009 a revised electronic PROOF service will be launched accompanied by a marketing campaign warning of the dangers of not signing up; and
  • depending on the outcome of consultation, Companies House will make further progress towards 100% electronic filing of basic form types (i.e. PROOF-related documents) and, subsequently, all filings—detailed timings to be considered post consultation, but 2011 would be feasible for the first stage.[88]

This action is encouraging, and we do not wish to disrupt it. However, we would have liked to have seen more urgency in increasing take-up of electronic filing, considering the targets have never been met. We are disappointed that there is no new campaign to encourage electronic filing until June 2009.

48. As this chapter shows, there are difficulties in balancing the need to provide an accessible, efficient, open register of companies details at a reasonable cost and the need to have systems to reduce the opportunities for crime. The evidence presented suggests that there could be merit in a review to assess whether Companies House could do more to prevent crime without compromising its core functions. Such a review could include a risk assessment to identify whether particular types or sizes of companies are more vulnerable to fraud, or more commonly used as vehicles for fraud, than others and if so whether there are cost effective targeted interventions which could reduce the risks such as by asking for annual verification of information submitted.

69   Ev 31 (Companies House) Back

70   Ev 15 (All Party Parliamentary Group on Identity Fraud) Back

71   Ev 22 (British Bankers' Association) Back

72   Ev 27 (Companies House)  Back

73   Ev 26 (Companies House)  Back

74   Ev 31 (Companies House) Back

75   Fraud Advisory Panel, Tenth Annual Review, 2007-08  Back

76   Ev 23 (British Bankers Association) Back

77   All Party Parliamentary Group Report into Identity Fraud, October 2007 Back

78   Ev 24 (British Bankers Association) Back

79   Ev 31 (Companies House) Back

80   Companies House website: Back

81   Q 57 Back

82   Ev 22 (British Bankers Association) Back

83   Companies House Annual Report and Accounts 2007/08 All geared up Back

84   Companies House Annual Report and Accounts 2007/08, All geared up Back

85   Ev 38 (Institute of Chartered Secretaries and Administrators) Back

86   Q 57 Back

87   Ev 36 (Companies House) Back

88   Ev 36 (Companies House) Back

previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2008
Prepared 21 November 2008