The new strict liability corporate offences brought into force by the Criminal Finances Act 2017 make businesses criminally liable if their “associated persons” facilitate tax evasion by a taxpayer either in the UK or overseas. The offences, modelled on the corporate “failure to prevent bribery" offence in the Bribery Act 2010, are equally wide ranging and stringent:

  • First, “associated persons" means any person that provides services for or on behalf of the business. This of course includes employees. But it also extends to agents, representatives, subcontractors, consultants and others.
  • Second, because the offences are strict liability, the management need not have participated in, known about, or even suspected that their business’s associated person was engaged in facilitating tax evasion. The mere fact of that facilitation will be sufficient to impute the business with criminal liability.
  • Third, any business with any part of its operations in the UK (even a small office will suffice) will bring themselves under the regime’s ambit.

The only defence available to a business is to demonstrate that it has in place “reasonable” prevention procedures. The HMRC guidance (PDF) explains what such procedures should look like. We set out here a checklist of five things to consider doing now, given that the offences are live.

1. Top level commitment

HMRC considers it is senior management's responsibility to foster an internal culture in which the facilitation of tax evasion is never acceptable. Accordingly, senior management should consider evidencing their commitment through the following:

  • Specifically instructing the team tasked with leading on the development and implementation of the business's reasonable prevention procedures.
  • Issuing an all-staff memorandum making staff aware of the offences and the business’s zero tolerance approach to tax evasion.
  • Formally approving the procedures once developed.

2. Risk assessment

This assessment must seek to identify where the risks, if any, lie of an associated person facilitating tax evasion by a taxpayer. Specifically it might include the following:

  • Who are the business’s associated persons? Consider both internally (employees) and externally (agents, representatives, contractors etc.).
  • What do they do for the business? Do they have the opportunity and/or incentive to facilitate tax evasion? For example, do they deal with invoicing and VAT? Do they provide financial services? Do they provide tax advice?
  • Where does the business operate? Does it deal with “tax havens” or other jurisdictions where tax evasion is more prevalent?
  • What kind of transactions does the business enter into? Does it engage in high-value projects or projects involving multiple parties, jurisdictions or intermediaries?
  • What products and/or services does it deal with that could lend themselves to the facilitation of tax evasion.
  • Have any actual examples of facilitation of tax evasion occurred? If so, what happened? Who was involved?

The risk assessment might also cover:

  • What mitigation measures are currently in place? Are there whistleblowing procedures? Are we confident they would be used?
  • What additional risk mitigation could be conducted?
  • Is the risk profile likely to change in the short to medium term? For example, are there plans to extend operations into high-risk jurisdictions where tax evasion is more prevalent?

3. Proportionate policies and procedures

Having completed the risk assessment, procedures designed to deal with those risks need to be put in place. The business might consider a written policy, setting out:

  • The business’s zero tolerance approach to tax evasion.
  • A summary of the offences.
  • Some examples of how the offences could be triggered in the business.
  • What controls the business has in place to deal with the risks (e.g. additional sign off requirements where higher risk activities are identified, contractual requirements imposed on contractors etc.).
  • How compliance with the procedures will be enforced and monitored.
  • What people should do if they have any concerns.

The policy and procedures should be reviewed at least annually to ensure that, first, staff are aware of them and, second, they are adhering to them.

4. Due diligence

The business should consider the following measures, proportionate to the risks posed by associated persons:

  • Formal written due diligence in respect of associated persons, especially contractors, representatives etc. This could take the form of a questionnaire.
  • Contract clauses obligating associated persons to warrant that they:
    • Will not engage in any facilitation of tax evasion of any kind.
    • Have in place their own reasonable prevention procedures.
    • Will report any suspected tax evasion in the conduct of their services.
  • Contract clauses entitling the business to terminate the contract in the event that the associated person breaches their obligations in this regard.

5. Training

Training in this area should be considered for:

  • Senior management as to the risks of corporate criminal liability.
  • The legal and/or tax teams as to the scope and content of the legal regime.
  • Operational staff on the business's procedures, how to avoid triggering the offences and what to do if they suspect tax evasion.
  • External associated persons, if such training is considered proportionate to the risks posed.

The training may be incorporated into existing financial crime prevention training e.g. covering bribery, money laundering etc. Its impact and effectiveness should be periodically evaluated, again at least annually.