The Criminal Finances Act 2017 (the CFA) came into force on 30 September 2017. It created two new offences for companies: failing to prevent facilitation of tax evasion in the UK and overseas. The "failure to prevent" offence follows the wording adopted in section 7 of the Bribery Act 2010, whereby a company is criminally liable for the actions of its staff, agents or other persons associated with it, unless it can demonstrate it had reasonable "prevention procedures" in place. The purpose of the CFA is to hold companies criminally liable where they fail to prevent those who act for, or on their behalf, from criminally facilitating tax evasion unless they can demonstrate that they took adequate steps to manage and mitigate the risk of that happening. Many SMEs have been struggling to know what such mitigation should look like.

The HMRC guidance is now finalised and has a helpful section for SMEs. The Law Society has also published Guidance for solicitors and the British Bankers' Association and consultants are providing training but it is difficult for companies to evaluate the risk of a breach of this legislation and their real exposure to prosecution. SMEs have a tendency to take a conservative approach to putting in place risk management for new "compliance" legislation – indeed many companies have still not adopted risk management policies or procedures for the Bribery Act 2010, which came into force in 2011. Companies are still struggling to understand what it is they are expected to be doing and are attempting to benchmark their procedures and controls against other companies. However, unlike the SFO as it was in 2010, HMRC is already a mature, active and aggressive prosecutor of tax evasion and will not hesitate to apply this legislation. HMRC is also well resourced.

Benchmarking indicates that SMEs have generally done a risk assessment, looked at existing controls and how they manage the risk but not necessarily taken any further steps. By now each company should have put in place a full risk assessment and specific training relating to: "…..the products and services it offers, as well as internal systems and client data that might be used to facilitate tax evasion, including by ‘sitting at the desk’ of employees and other associated persons, considering the motive, means and opportunity for facilitating tax evasion."

The Government has made clear that organisations' procedures should become more sophisticated over time, and there is a recognition that some procedures (such as training programmes and new IT systems) will take time to roll-out. As at 1 October, the Government indicated that companies should have completed a risk assessment. So whilst this pragmatic approach provides some comfort, there are various minimum steps beyond this that should be prioritised and perhaps by now completed, in particular:

  1. Demonstrating a clear commitment to compliance by putting in place reasonable measures and procedures to prevent the criminal facilitation of tax evasion, including an implementation plan;Securing top-level commitment and initial communication plan;
  2. Completing a Risk Assessment and taking any mitigating measures necessary
  3. Training.

Risk exposure will vary from company to company but training is key to managing even low risk businesses, particularly in a world where SMEs often have a global supply chain or customer base. Exposure will vary from simple VAT and cash in hand tax evasion risk to suppliers seeking to split their invoicing between a number of jurisdictions or potential violations arising due to interactions relating to off-shore investment schemes.

In particular we have seen interest from the Private Equity (PE) and Hedge Fund community in benchmarking against their sector. Below are some thoughts we have had on the relevance of the CFA to PE and Hedge Fund activity:

  • The extra territorial reach of this legislation is likely to be relevant in the context of funds that will have investors based across the globe. If an employee of a UK PE/Hedge fund was to facilitate the evasion of tax in another territory then the UK fund could potentially be liable. This will mean that fund managers will need to be very careful to ensure there is no risk of tax evasion taking place elsewhere when they bring investors on board.
  • The wording of the legislation regarding associated persons will mean that fund managers are likely to be seen as associated with both their employer (the management entity) and also the actual funds that they manage and any portfolio companies.
  • The manner of structuring any PE buyout deal involving a multiple holding company structure for structural subordination purposes is unlikely to give rise to any risks per se. It may give risk to a higher risk profile (where offshore companies are being used) but is unlikely to be seen as tax evasion in itself.
  • The key thing will be for the relevant funds to put in place proper anti-tax evasion procedures to benefit from the defence under the Act. Fund managers who also act as directors of portfolio companies should also ensure that appropriate policies are in place for the companies that they oversee and that these are being followed in practice.