6 minute read 12 Jul 2019
her majestys revenue and customs building parliament square london

Why businesses need a risk-based approach to UK’s tax evasion law

By EY Global

Multidisciplinary professional services organization

6 minute read 12 Jul 2019

Companies should know if “reasonable procedures” are in place to prevent employees, contractors and others from facilitating tax evasion.

Companies or partnerships doing business in, with or through the UK today need to know the answer to the following question: do they have “reasonable procedures” in place to prevent an employee, contractor or other “associated person” from helping a third party evade either UK or foreign taxes?

If businesses can’t demonstrate having reasonable procedures in place they could be charged under a new UK law — the Criminal Finances Act 2017 — that took effect on 30 September 2017.

There has been a recent increase in Her Majesty’s Revenue and Customs (HMRC) focus on transparency, tax evasion and a particular public scrutiny on tax administration and value-added tax (VAT) fraud. VAT is one of the areas that HMRC is currently targeting because it poses a high risk for many businesses around interactions with subcontractors, personal service companies, etc.

The new Corporate Criminal Offence (CCO) is a significant development in the focus on tax evasion; HMRC is hiring 500 additional investigators. Businesses convicted following a public prosecution could face:

  • An unlimited fine as determined by the court
  • A corporate criminal conviction (putting licenses to operate at risk worldwide)
  • Exclusion from public procurement markets
  • Reputational damage

Fighting financial crime

The 2008 financial crisis forced governments to address deficits in laws related to taxes and corruption within the global business landscape. During the past decade, digitalization and increased cooperation among jurisdictions on tax matters has helped boost transparency, providing governments with a more detailed picture of businesses that operate worldwide.

Now some countries such as the UK are introducing extraterritorial initiatives that seek to hold businesses liable for financial crimes worldwide. In January 2017, the UK Ministry of Justice said that enforcement agencies had struggled to prosecute businesses for criminal offenses under existing laws.

In 2010, the UK introduced the Bribery Act, a groundbreaking approach that includes holding businesses criminally liable for the “failure to prevent” bribery. A string of criminal investigations has since led to settlements of up to £500m for companies. Given fresh impetus by the 2016 Panama Papers tax evasion revelations, the Criminal Finances Act 2017 extended the failure-to-prevent concept to tax evasion, increasing the compliance requirements for businesses in the UK and abroad.

“This is about how you engage with your contractors, your suppliers and your customers, and whether there could be any possibility of evading tax through those transactions,” says Paul Dennis, the EY’s UK Corporate Criminal Offence lead for commercial industries.

Reasonable procedures

The UK’s new CCO concerning tax evasion should get the attention of business leaders everywhere because enterprises that failed to do all they reasonably could to confirm that their organization did not assist tax evasion — in any jurisdiction — could be held to account.

The challenge for businesses resembles that for responding to anti-bribery and corruption laws, according to Jonathan Middup, EY’s UK Head of Anti-Bribery and Corruption. “How do we determine that we have adopted a reasonable and proportionate response to this risk in our business?”

The new UK law makes no change in defining what is criminal but rather who is held accountable.

Previously, businesses could also be found liable for criminally facilitating tax evasion under UK law only if the organization’s most senior members, such as the board of directors, were aware of the conduct.

Now, businesses should be in a position to provide evidence that there were reasonable procedures in place to prevent the facilitation of tax evasion by persons or entities acting on their behalf. HMRC doesn’t expect businesses to establish fail-safe procedures, but rather to adopt a risk-based approach and do all that is “reasonable” to prevent employees, contractors and others who act on their behalf from knowingly facilitating tax evasion.

By way of example, in one of our webinars, Jennifer Haslett, HMRC’s Corporate Crime and International Engagement Lead, highlighted the criminal liability risks under the new law for an online trading platform selling internationally.

Could the platform be unwittingly enabling sellers to avoid paying import or export taxes, VAT or income tax on sales, Haslett asked? If so, the business could be found guilty under CCO unless it convinces a UK court that it has taken reasonable preventive measures.

Next steps

Together with EY colleagues, Paul Dennis has been working with organizations ranging from manufacturers to service providers to football clubs to help them identify and implement reasonable steps to confirm that they are not facilitating tax evasion.

Simply introducing a new policy would certainly not be an adequate response, according to Dennis. A holistic response is required across the organization that would typically involve considerations beyond a new policy on its own. For example, this is certainly what is expected by HMRC. Historical, as well as future risks, may be buried in departments that interact with third parties, such as customer relations, procurement and human resources.

Organizations must work out what the risk is, where it is and how they are exposed. In response, they can implement the following six steps, as described in our report Next steps for CCO compliance:

  • Document a risk assessment
  • Develop proportional risk-based prevention procedures
  • Clearly demonstrate top-level commitment
  • Carry out due diligence
  • Communicate (including proof of effective training and development)
  • Monitor and review

There has been evidence of recent changes in due diligence practices around the third parties that businesses interact with, along with an increase in requests between businesses that seek confirmation that they are compliant with CCO and/or have appropriate policies and procedures in place. This has further led some businesses to introduce more central and consistent responses to such requests regarding CCO compliance.

“Failure to prevent” is quickly becoming the standard for doing business in the UK and elsewhere, and organizations should also brace for additional compliance going forward.

In 2017, the UK’s Ministry of Justice consulted on extending the corporate “failure to prevent” model to cover fraud, false accounting and money laundering. It plans to publish its convictions in “due course.”

The European Union is also introducing new requirements concerning tax planning, but these are aimed specifically at advisors, accountants and lawyers. In March 2018, the European Council agreed on a proposal that requires tax advisors, accountants and lawyers to report tax planning schemes viewed as “particularly aggressive.” EU member states would automatically exchange this information through a centralized database and could impose penalties on intermediaries that fail to comply with the new reporting requirements, which are slated to take effect on 1 July 2020, according to the EU.

This article was originally published in Tax Insights on 16 July 2018.


Under the UK’s Criminal Finances Act 2017, companies or partnerships doing business with or through the UK without “reasonable procedures” in place to prevent an employee, contractor or other “associated person” from helping a third party evade UK or foreign taxes could face charges. 

About this article

By EY Global

Multidisciplinary professional services organization