Corporate Criminal Offence: Myth Busters edition

Wed 07 Oct 2020

The Corporate Tax Governance team at Mazars has been working extensively with a number of our clients in ensuring they are compliant with the corporate criminal offence (‘CCO’) legislation in accordance with the Criminal Finances Act 2017 (‘CFA 2017’).

We often address comments, questions and queries in relation to how this piece of legislation works, who it applies to and what needs to be done. We have shared some of these below.

It only applies to large businesses

The CCO applies to all companies, partnerships and incorporated charities (‘relevant entities’).

There are no thresholds or criteria that have to be met – the legislation does apply to all relevant entities irrespective of the sector or industry in which they operate.

So, we just need to make sure our company does not evade tax in the UK?

The legislation calls for relevant entities to prevent its associated persons (for example suppliers, employees, agents and off payroll contractors; in essence, anyone acting for an on behalf of, or performing services on behalf of, the relevant entity) from facilitating tax evasion.

CFA 2017 introduced two offences per the CCO; (1) UK tax evasion offence and (2) foreign tax evasion offence. Therefore compliance with the legislation is not at all confined solely to UK tax evasion.

The relevant entity itself does not have to have benefitted from the tax evasion. An example of how this could happen is as follows: an employee of a company colludes with a supplier, and deliberately pays the amounts due to the supplier into an offshore bank account operated under a different name to that of the supplier, to enable the supplier to conceal this income from the relevant tax authorities. The company in this example could be caught by the legislation in that its associated person (i.e. the employee) has facilitated the evasion of tax (i.e. the tax due by the supplier, either in the UK or overseas). The only defence the company would have is if it had implemented reasonable prevention procedures to avoid this from happening beforehand.

We already have Anti-Bribery procedures in place. Is this sufficient from a CCO perspective?

The CCO legislation calls for bespoke preventative measures (which are reasonable and proportionate in the circumstances) to be put in place by a relevant entity to specifically address the tax evasion risks it identifies. Therefore if a relevant entity’s extensive Anti Bribery procedures incorporate and address, specifically, the facilitation of domestic and foreign tax evasion, they may be considered to be appropriate from a CCO statutory defence perspective.

However, complying with the CCO legislation is subject to wider guidance, in accordance with HMRC six guiding principles detailed below. Thereby relying on existing protocols and procedures should not be deemed to provide immunity from a CCO viewpoint, until reviewed specifically with the legislation in mind.

The legislation is new, so HMRC will issue some grace period with regards to compliance, especially now because of COVID-19

The long and short of it is that the legislation has been in effect since 30 September 2017 and relevant entities are expected to have taken steps to comply with the legislation from this date.

HMRC’s guidance states that there will be no leeway and that “rapid implementation” is/was expected. To elaborate, the expectation is that relevant entities will have commenced their CCO compliance processes on or shortly after 30 September 2017, whereby major risks were prioritised (and actioned), and there was a plan in place with reference to timescales (which is adhered to!) with regards to the other risks that the businesses face.

HMRC acknowledges, however, that there will be some processes and procedures that will take some time to acquire/develop/implement – for example, training programmes and updated IT systems. Their consideration, however, should be documented in the risk assessment to show that the risk was identified and that the implementation of a specific prevention procedure/process is underway.

If and when we choose to undertake a risk assessment, our company will be protected from a CCO perspective for the period of time since the legislation came into effect

No. Complying with the legislation does not constitute a retroactive statutory defence.

If HMRC was to investigate a corporate criminal offence which took place after 30 September 2017 but before a risk assessment was undertaken (and reasonable prevention procedures implemented), a relevant entity would have little or no defence against the CFA 2017 penalties and repercussions.

If HMRC was to investigate a corporate criminal offence which took place after 30 September 2017, where compliance with the CCO legislation has been considered, HMRC will take into account the prevention procedures and processes that have been put into place to combat the facilitation of tax evasion, in addition to those that have been planned to be put into place.

Correspondingly, if, a relevant entity has not considered the CCO legislation until (say) January 2020, and HMRC investigates a corporate criminal offence which took place in January 2019, it would have no defence for the offence in question. This is because the tax evasion risks had not been identified at the time (i.e. January 2019), and therefore nor had the implementation of prevention procedures been considered.

The penalty is fixed and will not be punitive

The CCO legislation is a ‘strict liability’ offence. This means that the intention and knowledge of the relevant entity, with regards to the tax evasion, is irrelevant. Rather, a relevant entity will have committed a criminal offence, if:

1. Tax evasion has taken place by a taxpayer (could be an individual and/or legal entity) and
2. The criminal tax evasion was facilitated by someone (i.e. the associated person) performing services for/on behalf of the relevant entity.

A statutory defence exists in respect of this legislation, such that relevant entities must either:

1. be able to evidence the consideration and implementation of reasonable and proportionate prevention procedures i.e. procedures designed specifically to prevent associated persons from facilitating tax evasion or
2. be able to demonstrate that it was unnecessary for them to have implemented reasonable and proportionate prevention procedures (if an entity considers that it falls into this category, it is required to undertake and document a risk assessment which allowed them to reach this conclusion).

Falling foul of the CCO legislation could result in:

• an unlimited financial penalty being levied,
• confiscation or serious crime prevention orders being issued,
• severe and adverse reputational damage and
• public record of the conviction.

HMRC personnel are not even aware of the legislation, so what is the likelihood of being pursued for an enquiry?

HMRC has invested significant resource by expanding internal training and awareness of CCO as well as setting up dedicated teams to carry out investigations.

HMRC has begun writing to taxpayers to discuss/investigate specific aspects of a supply chain where tax evasion is suspected, in accordance with the CCO legislation.

CCO related investigations may not, on the face of it, appear to be CCO related. Conduct during a “routine enquiry” could subsequently trigger HMRC in considering the CCO legislation.

HMRC is not doing anything about this legislation as yet, so we need not bother yet either

HMRC’s latest update (see here) shows that there are:

• currently 10 live CCO investigations,
• a further 22 live opportunities are currently under review,
• 12 investigations or opportunities relate to businesses in the financial sector – the part of the UK economy which provides financial services to commercial and retail customers, and;
• the investigations and opportunities sit across all HMRC customer groups from small business through to some of the UK’s largest organisations.

HMRC will be providing an update on its activity bi-annually and we can expect to see prosecutions going through the Courts.

There has been an increase in HMRC activity by way of enquiry letters being issued to taxpayers whereby HMRC is investigating a supply chain from a CCO perspective, and it is inevitable that this will increase with more and more HMRC officers being trained to consider the legislation.

This will be the responsibility of our Finance Officer, so we will just get him/her to write some notes and put it on file

No. Compliance with the CCO legislation requires for it to be embedded within a business as opposed to a business merely paying lip service and/or a document filed away.

A business is required to continuously evaluate the risk of its associated people facilitating tax evasion and implement proportionate processes to minimise that risk. The responsibility of complying with the CCO legislation does not fall on the shoulders of one person within a business. One person and/or just the finance officer will not be able to identify the tax evasion risks of an entire business (unless it is a company with a sole trader), rather all parts of a business need to undertake this evaluation together and contribute to it.

HMRC has six guiding principles with regards to appropriate CCO procedures. They are:

1. Risk Assessment – identifying the associated persons and the extent to which they can facilitate tax evasion
2. Proportionality of procedures – identifying and implementing proportionate procedures based on the findings of the risk assessment 
3. Top level commitment – the involvement of senior management in the creation and implementation of preventative procedures
4. Due diligence – implementing risk-based procedures to ensure associated persons cannot facilitate the evasion of tax 
5. Communication and training – ensuring prevention procedures are effectively communicated and embedded within a business
6. Monitoring and review – reassessing the tax evasion risks, and updating the prevention procedures in a timely manner

It is also noteworthy that HMRC expects relevant entities to review their reasonable procedures periodically to ensure they are updated in accordance with the relevant entities understanding and exposure to the risks they face.

A business is continuously evolving – for example, it could change its offerings/products/services, its client base and the way in which it operates. Therefore, its risks are also evolving and this needs to be assessed and documented as and when it is relevant.

Our company is registered overseas, so it is not caught by this legislation

Where it is UK tax that is evaded, it does not matter as to where in the world the relevant entity is registered or incorporated or where the associated person (who carries out the facilitation of tax evasion) is located. Put simply, in this instance, UK tax has been evaded and the courts of the UK can prosecute the relevant entity.

Where it is overseas tax that is evaded, the legislation is applicable to relevant entities with a ‘UK nexus’, where there is ‘dual criminality’.

It is clear that it is not only UK registered entities that need to consider complying with the CCO legislation.

As far as the CCO is concerned, doing nothing is not an option.

Want to know more? Mazars is jointly hosting a webinar, with HMRC’s lead on the CCO, on Tuesday 3 November 2020 at 1.30pm. For further details and/or to register for this free webinar please click here.

If you have any other questions in relation to the legislation, feel free to reach out to us: Kam Gill kam.gill@mazars.co.uk and Aude Delechat-Patel aude.delechat-patel@mazars.co.uk

Information contained in this article is intended to provide only a general outline of the subjects covered. It should neither be regarded as comprehensive nor sufficient for making decisions, nor should it be used in place of professional advice.