News & Insights

Failing to prevent tax evasion is now an offence

Sian Ralph considers the new provisions making companies and partnerships liable to criminal charges if a person associated with them knowingly or unknowingly facilitates tax evasion by another person and they did not have sufficient procedures in place to prevent that facilitation.

Does your business have a policy or procedures in place to minimise the risk of your business failing to prevent staff from facilitating (unknowingly or unknowingly) an act of tax evasion by another person? If not, you could be at risk of prosecution from September 2017, with the threat of an unlimited fine and resulting reputational damage.

From September companies and partnerships (“corporates”) will need to have in place reasonable procedures to prevent those associated with it (such as officers, staff and possibly even contractors; which collectively I shall refer to as “staff”) from failing to prevent, or facilitating tax evasion in the UK or overseas. It will be a strict liability offence, so HMRC will not need to show that there was any intention by staff to facilitate or fail to prevent the tax evasion. The only defence will be if the corporate has taken steps to put in place reasonable prevention procedures or it would be unreasonable to expect such procedures to be in place.

The new offence does not extend the scope of tax evasion, but it does enable HMRC to prosecute more parties when tax evasion has taken place. Instead of the perpetrator of the tax evasion being the only one to face criminal penalties, HMRC will now be able to include
corporates who are deemed to have assisted with the tax evasion (whether knowingly or unknowingly) because they failed to put in place sufficient procedures to prevent staff inadvertently facilitating or failing to prevent the perpetrator of the tax evasion committing the evasion. The test for who is caught is wide and will make corporates responsible for the acts and omissions of their staff. The purpose of the new offence is to put more stringent obligations on corporates to monitor their staff and keep in check processes that could be facilitating tax evasion.

Whilst the idea of trying to identify where this new offence could be relevant to your business might sound like an impossibly vague and unrealistic task, nevertheless the consequences of failing to and later discovering staff have inadvertently helped to perpetrate tax evasion, could be extremely unpleasant; particularly for professional advisers such as accountants and solicitors.

An example

At this stage, an example might be helpful to give context to the sorts of circumstances the new offence is intended to catch. Take, for example VAT carousel fraud (or missing trader intra-community VAT fraud), where fraudsters import goods into the UK, VAT free because they are business to business supplies from the EU, and then sell those goods to UK buyers charging VAT and not paying it over to HMRC. Involved in this process could be an entirely unknowing logistics business assisting with the physical importation, but they would be guilty of this new offence (even in the absence of knowledge) if they failed to have sufficient internal procedures in place to ensure full due diligence was done on the people they provided importation services to.

Whilst this is an extreme example, there are plenty of everyday examples; such as the office manager who pays the window cleaner in cash and doesn’t ask for a receipt. That window cleaner may not be declaring his income to HMRC, which is tax evasion, and the office manager has facilitated that by paying cash. If the corporate did not have in place a clear policy to prevent staff paying suppliers in cash, then the corporate would have committed this new offence.

So what do you need to do?

The first practical step is to carry out a risk assessment by reviewing all business operations (including support functions) and categorise them as high, medium or low risk.
For example, providing advisory services to a UK VAT registered company with whom you have a long established history of dealing, may be classified as low risk. Contrast this with providing advisory services for the first time to a client in Panama which might be treated as high risk. For those areas that are medium or high risk a more detailed risk assessment is then needed to understand what the risks are and how they can be minimised.

The process of identifying risk areas so that procedures can be put in place is not easy. I have been trying to do this for our firm, and despite it being a cross team effort to identify vulnerabilities, it is a struggle to be satisfied that you have considered every possible avenue. If the task were to be undertaken by only one person within the business, it would be impossible, because they would not have practical visibility of every process in the business that presents a risk.

This risk assessment process should be fully documented so that there is a clear audit trail. If you are unfortunate enough to find that a member of staff has facilitated an act of tax evasion, then being able to show a considered and thorough risk assessment process will go a long way to establishing a defence.

Once you have identified and fully considered the medium and high risk areas, you should consider what procedures you already operate that minimise these risks and whether there are any gaps in these procedures. HMRC has already indicated that relying on the existing Bribery Act or AML policies and procedures is unlikely to be sufficient for the purposes of establishing reasonable prevention procedures. That said, HMRC is not expecting procedures predicated in paranoia; the key is reasonableness.

Again, the point is perhaps best explained with an example. When providing advisory services to a company in the UK that forms part of an international group, you should have a policy that states if you are asked to address the invoice for services to one of the overseas companies, you should either refuse or have a very strict procedure for ascertaining whether there is any attempt by the client to avoid UK VAT being paid.

But having put the procedures in place, there then needs to be a mechanism for monitoring and reviewing the effectiveness of the procedures and a clear pathway for staff to report suspected breaches of the procedures or any weakness or shortfall in the procedures. As with the initial risk assessment, the reviews should be documented in order to provide an audit trail.

A “Prevention of Tax Evasion Policy”

The rather limited guidance produced by HMRC on this topic indicates that they also expect to see corporates making a clear commitment to prevent staff being involved in tax evasion; along with a commitment not to recommend the services of other corporates who do not have equivalent standards on tax evasion prevention. This sort of statement lends itself quite nicely to a paragraph in standard terms and conditions of business. In addition to this, the requirement to communicate the zero tolerance approach to staff also suggests that reference to the approach to prevent tax evasion facilitation by staff should be made in the staff handbook.

There are probably plenty of other sources of information for staff and customers that could be revised to include a clear statement of the corporate’s commitment to prevent its staff being used to perpetrate an act of tax evasion. The greater the number that you can identify and amend, the more entrenched your commitment will be perceived to be, which can only be a positive thing in the eyes of HMRC.

What do I do now?

  • [if you’re like me] rant and rave a bit about how tiresome and burdensome all these new compliance changes are becoming; and then
  • identify existing policies and documents that can be updated to include the policy statement about the corporate’s commitment to prevent tax evasion;
  • conduct a risk assessment to identify low, medium and high risk areas;
  • try to fully understand issues with medium and high risk areas identified;
  • review existing procedures to see if any address the medium and high risk areas;
  • identify any gaps in existing procedures;
  • establish new procedures for those risk areas not already covered;
  • set up a monitoring and review process to keep the procedures updated; and
  • establish a reporting pathway for breaches and weaknesses identified.