The UK’s new Corporate Criminal Offence of failing to prevent the facilitation of overseas and domestic tax evasion — are you prepared?
Executive Director – Tax Controversy
As the focus on global tax transparency heightens, businesses around the world are adjusting to the new requirements under the US Foreign Account Tax Compliance Act (FATCA), Europe’s Common Reporting Standards (CRS) and the OECD’s base erosion and profit shifting (BEPS) framework.
But alongside these initiatives is an emerging trend within some countries’ domestic legislation that shifts the emphasis from transparency and reporting to enforcement and corporate criminal liability. And although such legislation is typically proposed, passed and enforced in a single jurisdiction, the impact may be more far reaching and can threaten global businesses with even minimal connection to the enacting jurisdiction.
A current example is the UK’s Corporate Criminal Offence of the Failure to Prevent the Facilitation of Tax Evasion (‘CCO’), which is now law and will be effective from 30 September 2017. In this article we explain the wider context in which the legislation will operate, why every business either doing business in, with or through the UK needs to consider the legislation, and the view from HM Revenue & Customs (HMRC) as to how businesses should respond by 30 September 2017.
‘Failure to prevent’ offences — the wider context
Whilst the CCO focuses on a new offence concerning the failure to prevent the facilitation of tax evasion, the approach taken by the UK Government mirrors that adopted in the 2010 Bribery Act (the ‘Bribery Act’) and the CCO is expected to share the following characteristics and consequences with a proposed new offence of the Failure to Prevent Economic Crime (anticipated to be introduced in 2018):
- Places greater responsibility on businesses to prevent criminal activities undertaken on their behalf and, consequently, makes businesses criminally liable if they fail to do so;
- The line of defence for businesses rests on whether their preventative procedures are deemed sufficient in proportion to the risks;
- The reach of the legislation is international and wide-ranging, and will for many organisations require a global approach.
As seen in EY’s latest UK Bribery Digest,1 there are a growing number of cases citing the Bribery Act’s Section 7 corporate offence of ‘Failure to prevent,’ in some cases resulting in the UK’s Serious Fraud Office handing down significant fines to offenders.
The new CCO of failing to prevent third-party tax evasion
The new offence concerns an ‘associated person’ — such as an employee, agent, contractor or subsidiary acting on behalf of a business — facilitating the evasion of tax by a third party.
If that business cannot evidence that it had reasonable preventative procedures in place to prevent the facilitation of tax evasion by persons acting on its behalf, then it could be subject to a corporate criminal conviction. A successful public prosecution could result in an unlimited fine, as determined by the court.
The repercussions are likely to have far-reaching consequences — for regulated businesses, for example, systematic failures in systems and controls will not be viewed favourably and could result in revoked licences in some jurisdictions. Further, organisations may find themselves barred from public procurement processes and face reputational damage.
HMRC is not expecting organisations to put in place fail-safe procedures to stop their clients and customers from committing tax evasion, or stopping the de facto tax evasion itself. Rather, it expects businesses to take a risk-based approach and to be doing all that is ‘reasonable’ to prevent their people, service providers and third parties acting on their behalf from being knowingly concerned in facilitating tax evasion by third parties globally.
Global reach of the legislation
Despite the serious consequences and significant financial penalties associated with these offences, many businesses are still at the very early stages of understanding the multijurisdictional implications of the legislation. Any group that either has a business in the UK, has people acting on its behalf in the UK or transacts with UK-based persons can be at risk of falling foul of the new requirements.
The legislation applies to any relevant body — broadly defined as any company or partnership wherever incorporated or formed. The tax evasion can be of any tax, anywhere in the world. Furthermore, the facilitation can be undertaken anywhere in the world. This represents a complex mix of challenges for businesses to manage, and is leading to many adopting a globally consistent approach to the legislation.
What are ‘reasonable procedures’ to prevent the facilitation of tax evasion?
To respond to the legislation, HMRC recommends that businesses should put in place procedures that are proportionate to the risks they face, using HMRC’s six principles as a guide:
- Risk assessment
- Proportionality of risk-based prevention procedures
- Top level commitment
- Due diligence
- Monitoring and review
What constitutes ‘reasonable’ is likely to be the crux for tax, compliance and legal teams in the run up to 30 September 2017s. As is the case with the Bribery Act, the line of defence for the new CCO rests upon proportionality.
Act now to meet the September deadline
By September 2017, any business seeking to ensure that it has a defence of reasonable procedures should have identified, documented and categorised the specific risks of facilitation of tax evasion across their organisation, identified the controls already in place to manage those risks, and devised a plan to address any control shortcomings or other necessary actions to address the risks identified.
In a recent EY webcast — the archive of which can be viewed online – the importance of this risk assessment and the urgency for global organisations to act was underlined.
For some businesses, though, an initial obstacle may be to identify which internal function should be responsible for preparing for the new legislation. This was evidenced in a recent EY online poll of more than 100 financial services organisations, which showed that nearly 40% of respondents had yet to identify which function should ‘own’ responsibility for compliance with the CCO.
There is, of course, no ‘one-size-fits-all’ answer, with tax, legal and compliance functions all having some role to play. Every business faces its own level of risks and, indeed, many might consider that the risk of facilitation of evasion is inherently low in their business. However, it is important to document how any conclusion has been reached and, encouragingly, first reactions from businesses which have taken early action in response to CCO is positive. Indeed, the sooner that businesses start to assess the impacts and their responses, the easier it is to form their strategy.
Risk assessment — the first response
The risk assessment drives the response to the legislation — until you identify where your risks arise, it is impossible to know whether existing controls sufficiently manage the risk. Before building a plan for introducing reasonable procedures, we advise that a risk assessment is undertaken to ensure that any response is proportionate.
A logical starting point is to risk assess your business operations, considering the geographies, divisions, products, supplies, relationships and motivations that could result in a facilitation of tax evasion risk. Identifying the ‘associated persons’ of the business, and the risks of facilitation, can ensure a focus on key risk areas. It can also be helpful to consider who the counterparties to your transactions are who potentially could be evading tax, to then identify where facilitation could arise — for example customers, suppliers and employees.
As risks are identified and prioritised, existing controlling procedures can also be identified and evaluated for design and operational effectiveness, taking into account proportionality. A plan can then be built to address any gaps in controlling procedures. As defined in the reasonable procedures section above, any response should include top-level commitment from the organisation as well as sustained communication — which itself is likely to be facilitated through training.
Building reasonable procedures
Following the risk assessment, the business can build a proportionate response to the legislation to seek to ensure that it meets the ‘reasonable procedures’ test.
With time, what constitutes ‘reasonable’ is likely to change, as businesses are expected to adapt their systems and controls on an ongoing basis in line with the new legislation. And with the 30 September 2017 deadline for completion looming, now is the time for businesses to act to avoid being caught unawares.
Through our work supporting businesses in responding to this legislation, we answer five of the most common questions raised.
- 1. Who in the business should lead the project?
Our experience is that tax, compliance and legal will all have a role in delivering the project with key business functions also involved in helping to perform the risk assessment. Tax, in particular, has a key role at the outset in identifying the areas of facilitation of tax evasion risk that could arise across the organisation.
- 2. Do we adopt a global or a local response?
The scope of the legislation is significant, potentially impacting a number of international transactions. It is important to assess at an early stage whether a global response is appropriate when scoping the project, and in many cases businesses have determined that such a global approach to preventing the facilitation of tax evasion is the most effective way of responding to this legislation.
- 3. What role can existing Anti-Bribery and Corruption (ABC) policies play in responding to the legislation?
The legislation is similar in approach to the Bribery Act, and the guiding principles advocated by HMRC should be familiar to businesses. Whilst it is necessary to undertake a risk assessment to understand the risks that need to be addressed, it should then be possible to build on the existing ABC framework to address them.
- 4. Can I simply amend my ABC policies and the terms and conditions in my contracts to mention the facilitation of tax evasion?
It may be the case that a proportionate response to the risk assessment is to simply amend the policies and contractual terms if you have concluded that this amounts to reasonable procedures. However, it is important to firstly perform the risk assessment, as this will enable you to determine whether policies and contracts need to be amended at all and, if they do, the risk that the amendments are seeking to address.
Concern has been expressed by HMRC that there are products being sold in response to CCO in respect of training and policies which do not consider the specific risks within the business. The message has been made repeatedly that the response of the business should be driven by a risk assessment.
- 5. I’m not in the financial services sector and consider my business to be low risk; do I need to do anything?
Whilst the financial services sector is one of the industries at higher risk, the legislation applies to all industries and there are a number of risks that permeate across many industries. If a business appears to be low risk, it will be important to document why. It need not be an onerous exercise to perform the risk assessment.
The CCO is now law and will be effective from 30 September 2017. Businesses, therefore, have limited time to carry out their risk assessment processes, which will require careful coordination across multiple business functions. And with the summer vacation season now fast-approaching in many jurisdictions, businesses which have not yet started preparations are recommended to do so as soon as possible.
Our experience is, however, that, by gathering together key stakeholders across the business to perform an initial assessment of the risk of facilitation across the business, a plan of action can quickly be formulated which focuses on key areas of risk and provides assurance as the legislation becomes effective.
With the new corporate criminal offence for failing to prevent the facilitation of tax evasion soon becoming effective, it leaves little time for businesses to perform a risk assessment and ensure that they have reasonable procedures in place to mitigate the risk of prosecution. Will you be ready in time?