The U.K. government is set to introduce a new corporate criminal offence, based on the strict liability of the entity in question. It almost certainly will come into force in 2017, once the Criminal Finances Bill (Bill) is passed.

This new offence, known simply as Failure to Prevent, has an underlying component, namely preventing the facilitation of criminal tax evasion. It has extraterritorial effect, and it mirrors the U.K. Bribery Act by providing the corporate with an adequate procedures defence. All entities, whether or not based in the U.K., will have to demonstrate that they have implemented adequate and appropriate procedures to prevent the facilitation of criminal tax evasion. We anticipate, as with money laundering legislation, that this statute will become the “gold standard” for other governments seeking to meet public disquiet about the perceived levels of tax evasion. At the same time, the U.K. intends to consult on broadening the underlying component beyond preventing tax evasion to encompass most financial crimes, and at the time of writing, amendments have been proposed during the passage of the Criminal Finances Bill through Parliament, which broaden the component to include certain economic crimes.

We consider below the background to the new offence, as well as some of the specific implications for global financial institutions (GFIs).

Background to the New Criminal Offence

The Bill had its first reading on October 13, 2016. It introduces two new corporate offences; failure to prevent persons associated with the corporate — “associated persons” (Associated Persons) — from: (a) facilitating U.K. tax evasion or (b) facilitating foreign tax evasion.

This follows significant consultation by Her Majesty’s Revenue and Customs (HMRC) during the course of 2015 and the release of draft legislation and guidance for comment between April and October 2016. As stated by the Home Office in its press release accompanying publication of the Bill, the new offences are aimed at “sending out a clear message that anyone doing business in and with the UK must have the highest possible compliance standards.”

Basic Components HMRC’s draft guidance (updated in October 2016) makes clear that both offences are founded on three basic components:

(a) criminal tax evasion by a taxpayer (either an individual or a legal entity) under existing law;

(b) criminal facilitation of the tax evasion by an Associated Person of a “relevant body” (Relevant Body) (while acting in the capacity of an Associated Person); and

(c) the Relevant Body failed to prevent its Associated Person from committing the criminal facilitation act.

Where the tax evasion is in relation to foreign tax, two additional criteria must be met, namely:

(d) the Relevant Body must have a sufficient U.K. nexus (i.e., it must be incorporated or carrying on business in the U.K. or its Associated Person must have carried out the criminal facilitation in the U.K.); and

(e) there must be dual criminality (i.e., the conduct of both the taxpayer and the facilitator must be recognised as criminal offences in both the U.K. and the jurisdiction to which the foreign tax relates).

Key Concepts

Clearly, Relevant Body and Associated Person will be key concepts for the purposes of these new offences. Potentially problematic from a compliance perspective, however, is that both concepts are broadly defined.

A Relevant Body may be a body corporate or partnership (wherever incorporated or formed) or a firm or entity of a similar character formed under the law of a foreign country. Of similar breadth, a person will be acting in the capacity of a person associated with a Relevant Body where the person is: (a) an employee of the Relevant Body acting in the capacity of an employee; (b) an agent of the Relevant Body acting in the capacity of agent; or (c) performing services for or on behalf of the Relevant Body and acting in the capacity of a person performing such services. Circumstance (c) in particular, expands the definition of Associated Person to a significant range of entities and is likely to include third-party advisers and those delivering the “infrastructure” that enables tax evasion to take place (for example, virtual offices, invoicing services and IT systems all are targeted).

Primary and Secondary Offences

In order for either new offence to be committed, both a primary tax evasion offence and secondary “facilitation” offence must be committed, although neither needs to have been separately prosecuted successfully.

Current U.K. law contains various statutory tax evasion offences (usually requiring the taxpayer to have been knowingly concerned in or, in the case of certain taxes, knowingly taking steps with a view to the deliberate and dishonest non-payment of tax), as well as a more general common law offence of cheating the public revenue (i.e., carrying out deliberate and dishonest conduct (including omissions) with the intention of defrauding HMRC by failing to pay sums lawfully due). As currently drafted, the Bill allows for any of these offences to satisfy the requirement of a primary tax evasion offence.

Similarly, current U.K. law provides a range of facilitation offences relevant to tax evasion, because facilitators may be caught both under the same statutory provisions as the primary taxpayer (as a person knowingly concerned in or, in the case of certain taxes, knowingly taking steps with a view to the deliberate and dishonest non-payment of tax by another person) or through the wider “aiding and abetting”-style criminal offences provided by the Serious Crime Act 2007 (i.e., by encouraging or assisting the tax evasion offence either intentionally or believing that the offence would be committed). Again, the Bill allows for any of these offences to satisfy the requirement of a secondary facilitation offence.

Once it is found that a primary tax evasion offence has been committed by a taxpayer and an Associated Person of a Relevant Body committed a secondary facilitation offence in relation to that primary offence (and, where the primary tax evasion offence relates to foreign taxes, the Relevant Body has a sufficient U.K. nexus and there is dual criminality), the Relevant Body is prima facie liable for the relevant new corporate offence as a matter of strict liability. Crucially, and unlike the Bribery Act, it is not necessary for there to be any intention on the part of the Associated Person to benefit the Relevant Body through committing the secondary tax evasion facilitation offence.

Reasonable Prevention Procedures Defence

The new provisions allow a defence if the Relevant Body can show reasonable procedures were in place to prevent its Associated Persons from committing any secondary facilitation offence (the Reasonable Prevention Procedures Defence).

The procedures must be those that it would be reasonable in all the circumstances to expect the Relevant Body to have implemented.

According to the current HMRC guidance for the new criminal offence (the HMRC Guidance), such procedures will depend on a range of considerations including the size, complexity, industry and risk profile of the Relevant Body in question. In any event, procedures should be informed by HMRC’s six Guiding Principles, namely: (a) risk assessment, (b) proportionality, (c) top-level commitment, (d) due diligence, (e) communication (including training), and (f) monitoring and review, all of which have been directly taken from the Ministry of Justice Guidance to the Bribery Act.

The Guiding Principles show the emphasis that these new offences place on top-level management taking responsibility for the actions of their Associated Persons, for promoting a zero-tolerance attitude to the facilitation of tax evasion and for developing appropriately geared and effective compliance structures within their organisations. This approach contrasts starkly with the current U.K. law on corporate criminal liability that was seen, during and since the Financial Crisis, as encouraging senior management to “turn a blind eye” to the criminal acts of their employees and to discourage internal reporting.

Prosecution and Penalties

While prosecution under either of these new offences first must satisfy a “public interest” test, in the current political climate we anticipate that GFIs will face particular scrutiny and may well be the first to be investigated and/or prosecuted for the criminal facilitation of tax evasion (think action taken against a number of large banks post the global financial crisis, the Swiss tax scandal and the Panama Papers). These industries also are regulated and should not only be anticipating attention from HMRC, but also from the Financial Conduct Authority (FCA) and, in the longer term, other similar regulators in other jurisdictions. Indeed in recent years the FCA has levied very significant fines against GFIs for failure to implement adequate bribery, corruption and money laundering controls, and there is no reason to believe it will not take the same approach when the legislation is in force.

Prevention of financial crime and anti-money laundering continue to be a core priority for the FCA (included in its 2016/17 Business Plan). There is every reason to expect a similar approach to preventing tax evasion offence.

Conviction carries significant penalties. Relevant Bodies face the possibility of unlimited financial penalties as well as other orders, such as confiscation or serious crime prevention orders, not to mention potentially significant reputational damage.

It is worth noting that the penalties on the entity itself are in addition to any penalties that may result from the primary and secondary offences for the actual taxpayer and facilitator involved.

Implementation

The Bill is currently progressing through Parliament and was given its second reading on October 25, 2016. While there is still a way to go before it receives Royal Assent, passage of the Bill thus far has been rapid, and there is speculation that it may come into force as early as spring 2017.

While the HMRC Guidance provides for an initial implementation period (during which a lower threshold should apply for the Reasonable Prevention Procedures Defence, it goes on to highlight that “[at] the same time the Government expects there to be rapid implementation, focusing on the major risks and priorities, with a clear timeframe and implementation plan on entry into force.”

Application of the Guiding Principles in Practice

The Guiding Principles are intended to be “outcomes focussed” and flexible and should be proportionate to the risk faced by the institution. The offence of criminal facilitation of overseas tax evasion, may be the most troubling for GFIs, given the divergent approaches taken in many jurisdictions to the payment of tax and the lack of a consistent international approach to criminal tax evasion. This undoubtedly will add a significant level of complexity and cost to an already complex compliance environment. The Guiding Principles make clear that it will be insufficient to simply add “tax” to the list of other procedures such as Know Your Customer (KYC), anti-bribery and anti-corruption policies.

1. Risk Assessment

For GFIs, an appropriate risk assessment should involve a detailed and well-documented assessment of their employees, agents and other Associated Persons and ask whether they have a motive, the means and the opportunity to facilitate criminal tax evasion offences and, if so, how this risk might be managed. It also will mean a careful analysis of operations and functions carried out in higher risk jurisdictions, including a review of secrecy laws and whether the country subscribes to the Common Reporting Standard, sectoral risk, transaction risk, business opportunity risk, business partnership risk, product risk and customer risk. The Joint Money Laundering Steering Group (JMLSG), which provides guidance on high and low risk factors, also may provide useful direction for best practice.

Common themes will include an oversight of risk assessments by senior management, an allocation of appropriate resources, the identification of information sources to enable risk assessment and review, due diligence, the documentation of risk assessments, periodic reviews, and procedures to identify emerging risks and internal challenge to risk assessments. As part of this process, risk assessments should consider whether internal structures, procedures and ‘culture’ add to the level of risk. This might include a review of training and the compensation structure, and whether there are any deficiencies in submission of Suspicious Activity Reports (SARs).

2. Proportionality

What constitutes reasonable procedures for the purpose of the Reasonable Prevention Procedures Defence should be proportionate to the risk faced by the institution. This will depend upon the nature, scale and complexity of the entity’s activities. For example, tax advisory and private wealth management are identified as having particular high risk. Reasonable procedures are likely to include common elements, such as a clearly articulated risk assessment, top-level commitment, articulation of the approach to mitigating risks, overview of strategy and timeframe to implement policies, monitored and enforced compliance, procedures reviewed for effectiveness, clear pathways for reporting wrongdoing, protection for whistleblowers and commitment to compliance over profit.

3. Top-Level Commitment

Senior management will be expected to take responsibility for implementing prevention measures, to endorse the policy, to have responsibility for raising awareness, to engage with a Associated Persons and external bodies, to be responsible for certifying the assessment of risk, to implement and oversee disciplinary procedures and to commit to adequate whistleblowing processes. There is no individual offence directed at senior management, but for regulated firms, the top level commitment principle creates an additional level of responsibility on top of the FCA’s new senior managers’ regime.

4. Due Diligence

GFIs should ensure that due diligence procedures are capable of identifying the risk of criminal facilitation of tax evasion by Associated Persons and, if appropriate, to their own clients. This may mean that certain business groups may require increased scrutiny based on risk assessments.

The examples in the Guiding Principles state that for a low-risk business it may only be necessary to perform due diligence on counterparties rather than further along the supply chain. Given the examples stating that the financial services industry is higher risk, this suggests that consideration should be given to persons with whom GFIs deal indirectly as well as directly.

5. Communication (Including Training)

GFIs should seek to ensure that policies and procedures are communicated, embedded and understood throughout the organization, through internal and external communication, including by way of training. Internal communication should make clear that the organisation has a zero-tolerance policy and outlines the consequences of breach. Internal communications also should provide clear channels for employees to communicate any questions that they have. External communications can act as a strong deterrent to those who otherwise might seek to use the firm’s services to further illegal activity.

Appropriate training is likely to include an outline of the organisation’s policies and procedures, an explanation of when and how to seek advice and report suspicions, an explanation of what constitutes U.K. and foreign “tax evasion” and associated fraud, an explanation of the employee’s legal duties, a summary of the penalties, and an overview of the social and economic effects of failing to prevent tax evasion.

6. Monitoring and Review

The nature of the risks faced will change over time, and the firm should seek internal feedback, perform periodic reviews and work with representative bodies to review their procedures.

Conclusion

In light of recent, well-publicised instances of tax evasion, the scope of the Failure to Prevent offence is hardly surprising, and based on the scope of the HRMC Guidance there is every reason to expect that GFIs will be required to uphold high compliance standards and to actively monitor and manage the risks posed by employees, agents and other Associated Persons going forward.