Reasonable procedures
The UK’s new CCO concerning tax evasion should get the attention of business leaders everywhere because enterprises that failed to do all they reasonably could to confirm that their organization did not assist tax evasion — in any jurisdiction — could be held to account.
The challenge for businesses resembles that for responding to anti-bribery and corruption laws, according to Jonathan Middup, EY’s UK Head of Anti-Bribery and Corruption. “How do we determine that we have adopted a reasonable and proportionate response to this risk in our business?”
The new UK law makes no change in defining what is criminal but rather who is held accountable.
Previously, businesses could also be found liable for criminally facilitating tax evasion under UK law only if the organization’s most senior members, such as the board of directors, were aware of the conduct.
Now, businesses should be in a position to provide evidence that there were reasonable procedures in place to prevent the facilitation of tax evasion by persons or entities acting on their behalf. HMRC doesn’t expect businesses to establish fail-safe procedures, but rather to adopt a risk-based approach and do all that is “reasonable” to prevent employees, contractors and others who act on their behalf from knowingly facilitating tax evasion.
By way of example, in one of our webinars, Jennifer Haslett, HMRC’s Corporate Crime and International Engagement Lead, highlighted the criminal liability risks under the new law for an online trading platform selling internationally.
Could the platform be unwittingly enabling sellers to avoid paying import or export taxes, VAT or income tax on sales, Haslett asked? If so, the business could be found guilty under CCO unless it convinces a UK court that it has taken reasonable preventive measures.
Next steps
Together with EY colleagues, Paul Dennis has been working with organizations ranging from manufacturers to service providers to football clubs to help them identify and implement reasonable steps to confirm that they are not facilitating tax evasion.
Simply introducing a new policy would certainly not be an adequate response, according to Dennis. A holistic response is required across the organization that would typically involve considerations beyond a new policy on its own. For example, this is certainly what is expected by HMRC. Historical, as well as future risks, may be buried in departments that interact with third parties, such as customer relations, procurement and human resources.
Organizations must work out what the risk is, where it is and how they are exposed. In response, they can implement the following six steps, as described in our report Next steps for CCO compliance:
- Document a risk assessment
- Develop proportional risk-based prevention procedures
- Clearly demonstrate top-level commitment
- Carry out due diligence
- Communicate (including proof of effective training and development)
- Monitor and review
There has been evidence of recent changes in due diligence practices around the third parties that businesses interact with, along with an increase in requests between businesses that seek confirmation that they are compliant with CCO and/or have appropriate policies and procedures in place. This has further led some businesses to introduce more central and consistent responses to such requests regarding CCO compliance.
“Failure to prevent” is quickly becoming the standard for doing business in the UK and elsewhere, and organizations should also brace for additional compliance going forward.
In 2017, the UK’s Ministry of Justice consulted on extending the corporate “failure to prevent” model to cover fraud, false accounting and money laundering. It plans to publish its convictions in “due course.”
The European Union is also introducing new requirements concerning tax planning, but these are aimed specifically at advisors, accountants and lawyers. In March 2018, the European Council agreed on a proposal that requires tax advisors, accountants and lawyers to report tax planning schemes viewed as “particularly aggressive.” EU member states would automatically exchange this information through a centralized database and could impose penalties on intermediaries that fail to comply with the new reporting requirements, which are slated to take effect on 1 July 2020, according to the EU.
This article was originally published in Tax Insights on 16 July 2018.