Any corporate entity (including partnerships) can be criminally liable under the Criminal Finances Act 2017 when its employees, contractors or any associated persons are seen to be facilitating tax evasion by a taxpayer, for example a client, customer or supplier.
The offence, effective since 30 September 2017, applies to all taxes and all organisations irrespective of their size or industry sector and non-UK companies will also be caught if the tax evaded is UK tax.
HMRC’s guidance stresses the need for organisations to assess the risk of being exposed to the facilitation of tax evasion by those providing services on their behalf. That said, it is surprising that in a survey carried out by HMRC in December 2018, only 24% of respondents had assessed their risk and most did not have the risks formally documented.
Regulated businesses such as law firms also face additional scrutiny and possible further sanctions from their regulatory body, as well as consequent reputational damage.
An organisation can plead a defence that it has put in place reasonable measures, procedures and
safeguards to prevent such facilitation of tax evasion.Prevention procedures must be reasonable in that it
may be, for example, for a particular situation it was
unreasonable to expect the organisation to have any
such safeguards in place.
HMRC regards the following as examples of reasonable steps to prevent the facilitation of tax evasion.
Step 1 is fundamental – An assessment of the potential exposure to the risk of any employees or associated persons engaging in activity, which could help facilitate tax evasion, plays an important role in demonstrating to HMRC that the company has actively sought to put reasonable prevention procedures in place.
The risk assessment:
Organisations should take steps immediately to ensure that their processes and controls are robust.
There is real potential for organisations to incur criminal liability in relation to the activities of ‘associated’ persons, which may include contractors over whom they have relatively little control.
Organisations need to consider all the scenarios where a breach could occur. Some practical examples of this are mentioned below.
We can provide: