Any business entity will be automatically liable if it fails to prevent tax evasion by an employee or an associated person, even if it was not directly involved in the act or was unaware of it. A prosecution could lead to a criminal conviction and unlimited penalties.

Criminal liability may be avoided if a business already has reasonable prevention procedures in place, or if it can demonstrate that it would have been unreasonable or unrealistic to have had procedures in place. So what are reasonable prevention procedures? And how can internal audit support their organisations to minimise risk associated with facilitating tax evasion?

Internal audit is in a unique position to help as it will already have sufficient knowledge of its own organisation’s risks, controls and potential weaknesses. It can provide strong support to ensure that appropriate procedures to minimise exposure are in place. 

The Criminal Finances Act 2017 (CFA)

The CFA was given Royal Assent on 22 April 2017. It is intended to address some perceived weaknesses in existing legal frameworks and strengthen the powers of law enforcement in four key areas: unexplained wealth orders, interim freezing orders, the Suspicious Activity Reports (SARs) regime and failure to prevent facilitation of tax evasion.

Although some of these changes only affect regulated firms, failure to prevent the facilitation of tax evasion by ‘associated persons’ applies to any business entity, whether regulated or not.    

What are the key provisions of the Act?

The Act sets out two new offences:

  • failure to prevent facilitation of a UK tax evasion offence
  • failure to prevent facilitation of a foreign tax evasion offence.​

These two new offences criminalise three types of behaviour:

  • a UK-based body failing to prevent those who act on its behalf from criminally facilitating UK tax evasion
  • a non-UK based body failing to prevent those who act on its behalf from criminally facilitating UK tax evasion
  • a UK-based body failing to prevent those who act on its behalf from criminally facilitating tax evasion overseas where such evasion is a criminal offence under local law.

What is the difference between tax avoidance and tax evasion?

Tax planning entered into with an honest belief that it is a legal method of reducing tax liability is not tax evasion provided there has been no dishonest misrepresentation or non-disclosure to HMRC. Tax evasion is the unlawful non-payment of taxes that are legally due, such as a deliberate, intentional failure to declare income on investments held offshore or payments of falsified expenses to an offshore structure to dishonestly create deductible expenditure.

What is meant by the facilitation of tax evasion by ‘associated persons’?

Associated persons has a broad definition and is defined as an employee, agent or other person who performs services for or on behalf of the business entity. This could include suppliers, contractors, sub-contractors, intermediaries, agents, subsidiaries, distributors, joint ventures, business partners, related entities and advisers. 

Facilitation can include examples such as when an employee is persuaded by a client to re-issue an invoice to a foreign/offshore company to avoid incurring VAT, or a tax adviser approved by a financial institution to assist with a customer’s tax matters knowingly assists the customer to evade tax. There are many potential scenarios depending on the nature of the business and the type of transactions it conducts. Large, international corporations with complex, disparate business structures and operations are likely to be at risk.

What are the common risk areas?

Some examples include the following: 

  • customers – background and probity of customers, such as non-residents
  • countries – tax jurisdictions that turn a blind eye to tax evasion
  • business sector – financial/tax advisers giving advice to clients, legal advisers and accounting firms operating offshore
  • transactions – contrived to evade tax
  • opportunity – dishonestly exploiting business structures and environments, such as projects involving many parties or multi-jurisdictions and intermediaries
  • product – high value, small in size (eg mobile phones, computer chips) often used in facilitating VAT carousel frauds

What are ‘reasonable prevention procedures’ to prevent facilitation of tax evasion?

Businesses are not expected to be able to eliminate all conceivable risk of an associated person facilitating tax evasion, only to be able to demonstrate that the procedures they adopt are reasonable for their business environment. If put to the test, it would be for the courts to determine what was reasonable. HMRC guidance puts forward six guiding principles as to what constitutes ‘reasonable prevention procedures’:

  1. Top level commitment: The guidance expects senior management to drive the design and implementation of procedures.   This should include clear and genuine board-level commitment to preventing the facilitation of tax evasion.
  2. Risk assessment: HMRC guidance describes a risk assessment as ultimately requiring the assessors to '"sit at the desk" of their employees, agents and those who provide services for them or on their behalf and ask whether they have a motive, the opportunity and the means to criminally facilitate tax evasion offences, and if so how this risk might be managed'.
  3. Proportionality of risk-based prevention procedures:  HMRC has indicated that they are not expecting the procedures to be unnecessarily burdensome, but they should be realistically proportionate to the identified risks.     
  4. Due diligence: Businesses will be expected to undertake due diligence into ‘associated persons’ in sufficient depth to identify potential risks and mitigate them accordingly. The guidance warns against adapting existing due diligence procedures for any new risks identified.
  5. Communication (including training):  HMRC expects all staff to be made aware that they are expected to have a zero tolerance attitude to the facilitation of tax evasion.  Clear communication and training are  important to ensure that procedures are fully understood and properly implemented. 
  6. Monitoring and review:  Risks must be kept under constant review.  As risks evolve within the business, procedures should be reviewed and updated. This could involve anything from discussions with staff to a formalised feedback procedure.

How should I start the assessment?

Establish, if necessary with the support of tax specialists, any schemes, transactions or business arrangements in the UK and overseas that have been facilitated by ‘associated persons’:

  • identify the types of tax evasion scenarios that associated persons could instigate that may affect the business - to include motives, opportunities and means
  • identify the network of ‘associated persons’, number and their role in the business
  • assess all potential risk areas (eg country, business sector, supply chain, etc.)
  • establish the existing level of internal controls and assurance around the probity of people, schemes, transactions, business arrangements and tax advice facilitated by ‘associated persons’. 

What risk mitigation steps should I consider?

Proportionate procedures, if needed, depend on the scale of potential risk. These could include:

  • board communication to employees
  • clauses in contracts with employees and external contractors requiring them not to engage in facilitating tax evasion, and to report their concerns
  • staff training to recognise and prevent fiscal crime
  • staff bonuses that encourage reporting and discourage pursuing profit to the point of ignoring tax evasion
  • provision of a confidential whistle-blowing channel
  • designing new controls for areas at risk
  • regular monitoring procedures, especially for high risk operations
  • reviewing risks associated with finance, billing and invoicing
  • regular reviews of existing preventative controls.

What should my priorities be to ensure compliance with this new legislation?

Protiviti has put together a four-point plan:

  1. Understand how the new legislation affects your business and its commercial relationships: Many of its provisions relate to increasing transparency and information sharing, preventing suspicious money trails from going any further, and tackling financial crime. Some businesses are likely to be more vulnerable, including those with complex and non-transparent company structures; tax planners and private clients with large asset holdings in low tax offshore jurisdictions; and entities such as religious organisations and charities, which may be used as a vehicle for money laundering.
  2. Review and update policies and procedures: Senior management need to ensure that policies and procedures are updated and communicated in a clear and practical way. Firms will be expected to demonstrate that they have ‘reasonable prevention procedures’ in place to combat the facilitation of tax evasion and should consider whether new or additional procedures are necessary, including those for associated persons, depending on risk levels and potential exposure.
  3. Prepare and train staff: Identify staff likely to be affected by the new legislation, such as customer-facing teams, compliance and internal audit. Provide training to ensure that they are aware of legislative changes and the impact on their role. Circulate regular communications to reinforce the company’s policy and staff responsibilities.
  4. Review existing commercial relationships: Consistent with taking reasonable prevention procedures, firms should adopt a risk-based approach to dealing with the assessment of their existing relationships. This might include a review of those that could expose your organisation to the risk of tax evasion. Regulated firms may already be covered as part of their periodic review of know your customer information for anti-money laundering purposes.

John Cassey – UK forensic director, Protiviti