Content

Introduction

First published September 2017 | Updated April 2023

It is now six years since the corporate criminal offences of failing to prevent facilitation of UK and foreign tax evasion came into effect.

It is worth noting that the UK Government now intends to introduce a new "failure to prevent fraud" corporate criminal offence modelled on broadly similar lines and likely to come into force by the end of 2024. The new offence will form part of broader reforms of UK corporate criminal liability and there is likely to be some overlap with the cheating the public revenue element of this offence and failure to prevent tax evasion offences. Organisations considering this new offence should look to experience gathered from the CCO when considering implementation of reasonable procedures and, in the context of M&A, considering contractual protections relevant to the risk presented by these offences.

The "CCO": corporate offences of failing to prevent the facilitation of tax evasion

The introduction of the offences, usually referred to together as the "CCO" was always primarily about changing behaviour and attitudes towards risk and forcing businesses to put in place procedures to stop the facilitation of tax evasion. The offences have to be seen in the context of the UK Government's strong commitment to combat perceived tax avoidance and evasion, as well as other forms of economic crime. This mirrors international moves in this area and a growing use of the criminal law to stamp down on so-called tax abuses. There is a (sole) statutory defence where at the time of the offence the relevant body had reasonable prevention procedures in place to prevent tax evasion facilitation offences or where it is unreasonable to expect such procedures. As potential fines are unlimited (and there are other consequence such as reputational damage), this is important.

HMRC provide biannual updates on their counteraction activities. The latest of these shows that, as at 23 January, HMRC had 9 live investigations, a further 26 under review and had reviewed and rejected a further 77. HMRC report that the 'live' investigations span 11 different business sectors, including software providers, labour provision, accountancy, legal services and transport and involve both small businesses and some of the UK's largest organisations. Additional sectors identified in earlier updates included financial services, oil and construction.

Government guidance, last updated in May 2018, is key to understanding the scope of the offences. This guidance is supplemented by government-endorsed sector-specific guidance from industry bodies including The Law Society, UK Finance and other financial services sector associations. Each organisation must look at its own specific risks; it would be unwise to rely on generic guidance or to rely on historic procedures to combat related offences.

Back when the regime was announced, it was clear that organisations needed a timeframe and implementation plan in place by the time the offences came into force and businesses worked hard to identify major risks and priorities. The guidance acknowledged that some procedures such as training programmes and new IT systems would take time to put in place and that what is it is "reasonable" to expect would change over time. It also noted that prevention procedures that were planned (but not yet in place) at the time an offence is committed would be taken into consideration in defence. However, it was also clear that "rapid implementation" was expected. Six years into the regime, businesses will be expected to have well established procedures and to be able to demonstrate their effectiveness and the requisite top-level management commitment. Businesses now need to periodically refresh and review what they have in place.

The need to be able to demonstrate compliance is also important when businesses are bought or sold: a buyer will want to check that the new group company has appropriate procedures in place and will need to integrate those with procedures in their existing group; a seller should expect to be asked to warrant that it has appropriate procedures in place.

The offences

The offences are a reaction to the Government's frustration at the difficulty in attributing criminal liability to companies and partnerships ("relevant bodies") where tax evasion was facilitated by employees or other associates. As a result, the offences are "strict liability" offences and do not require proof of involvement of the "directing mind" (effectively senior management) of the entity. In contrast to the Bribery Act 2010, on which the offences have been largely modelled, it does not matter whether any benefit has been obtained from facilitating the tax evasion.

Potential fines are unlimited. Disclosure may also be required to professional regulators and conviction may prevent organisations being eligible for public contracts as well as lead to wider reputational damage. Both UK and international businesses can be within scope. While financial services, legal and accounting sectors are likely to be most affected, all companies and partnerships are potentially in ambit as evidenced by the wide range of industries subject to the current investigations.

The UK domestic offence is split into three components, referred to as "stages"

Stage 1: Criminal evasion of tax by the taxpayer

This picks up the offence of cheating the public revenue and all other statutory offences involving dishonestly taking steps with a view to, or being "knowingly concerned in" the fraudulent evasion of tax. Anything falling short of a criminal offence at taxpayer level does not count. There need not be an actual criminal conviction against the taxpayer but where the Crown Prosecution Service has chosen not to pursue a conviction it needs to prove to the criminal standard when prosecuting the relevant body that the underlying taxpayer offence had been committed.

Stage 2: Criminal facilitation of the tax evasion by an "associated person" of the relevant body who is acting in that capacity

Committing a "UK tax evasion facilitation offence" requires deliberate and dishonest action to facilitate the tax-payer level evasion – assisting unwittingly, even if negligently, is not be caught by this offence.

An "associated person" is a person who performs services for or on behalf of the relevant body. The concept is deliberately broad and guidance is clear that it picks up agents and sub-contractors as well as employees. In practice, it may be hard to determine a person's status.

The more nuanced question is whether that individual is "acting in the capacity of" an associated person. Two examples are picked up by the guidance to illustrate where this test is not met:

  • An employee acting in the course of their private life "as a frolic of their own".
  • A contractor performing tasks for multiple "relevant persons": any activity of the associated person undertaken outside its relationship with the relevant body, for example for others or in an independent capacity, will not give rise to liability for the relevant body.

Referrals and sub-contracting are also discussed in the guidance.

  • Unsurprisingly, a straightforward "vanilla" referral without more will not give rise to the requisite association.
  • If services are sub-contracted the position is different. Service providers should note the example given of a foreign tax adviser instructed by a UK financial services firm to provide tax advice to a client: that foreign tax adviser is an "associated person" of the UK firm. Its advice to the client could attract liability for the UK firm.
  • Where services provided by a third party are outside the scope of its relationship with the relevant body that third party's actions will not give rise to liability. The example given is of an offshore consultancy firm introducing clients to a UK bank. The consultancy is not used by the UK bank to provide tax advice to its clients but, unknown to the bank, offers additional services to those clients and criminally facilitates tax evasion. Here the UK bank would not be caught as the tax services were provided outside of the consultancy's relationship with the bank and therefore not provided for or on its behalf.

The guidance responds to concerns that there can be liability where a corporation has little or no control over those providing services and notes that this will be a factor in considering what constitutes "reasonable" procedures. It may be sufficient in respect of sub-contractor staff, to include a term in the contract requiring the subcontractor to provide the necessary controls in respect of its staff. This is something seen in the context of the Bribery Act and equivalent foreign regimes.

Stage 3: Failure by the relevant body to prevent that facilitation

This is a strict liability offence. There is a statutory defence where at the time of the offence the relevant body had reasonable prevention procedures in place to prevent its associated persons from committing tax evasion facilitation offences or where it is unreasonable to expect such procedures.


The foreign offence starts from the premise that tax evasion is wrong and that a UK-based relevant body should not escape liability for failure to prevent the facilitation of tax evasion simply because the foreign country suffering the tax loss is unable to bring a prosecution against it.

In addition to the three stages outlined above, the foreign offence requires a "UK Nexus" and "dual criminality".

UK Nexus

This will exist where the relevant body:

  • Is incorporated or formed under UK law;
  • Carries on business in the UK; or
  • Where any of the conduct constituting the facilitation of the foreign tax evasion takes place in the UK.
  • The guidance expands a little on this.

Examples given include:

  • Any UK bank with overseas branches.
  • Any overseas bank with a London branch.
  • Any bank which does not conduct any business in the UK but where its associated person (acting in that capacity) facilities the criminal act from the UK.

This confirms concerns raised in responses to consultation that overseas head office operations would be brought within scope by a UK branch.

Dual criminality"

The requirement for "dual criminality" is met where both the actions of the taxpayer (tax evasion) and of the facilitator would be an offence in the UK and where the overseas jurisdiction also has equivalent criminal offences at both the taxpayer and facilitator level: the offence cannot be committed in relation to act that would not be illegal in the UK.

This means that there will be no UK offence regardless of the standards of the foreign law where the facilitation was inadvertent or negligent.


Establishing a defence: "Reasonable prevention procedures"

Because of the financial and reputational risk stemming from any suggestion of an offence having been committed, having procedures in place, so that the defence is potentially available, is important.

What constitutes "reasonable prevention procedures" is informed by six guiding principles. These follow the guiding principles identified in guidance to the Bribery Act.

Whilst there may be some efficiency in developing procedures alongside those already in place (such as for the Bribery Act) it is not a matter of simply piggybacking another regime. The guidance is clear that an entity must have in place "bespoke prevention measures" based on the "unique facts of its own business" and the risks identified. A thorough risk assessment must have been undertaken having regard to Government and sector-focused industry guidance; and again, whilst the guidance is helpful, the Government stress the importance of each business looking at their own circumstances and risks.

Principle 1
Risk assessment

The organisation must assess the nature and extent of its exposure to risk. The guidance refers to concepts familiar from Anti-Money Laundering guidance: you must "sit at the employee's desk" and ask whether they have a motive and opportunity to facilitate tax evasion.

The headline characteristics of appropriate procedures broadly reflect those in guidance to the Bribery Act but the identified areas of high risk differ. A number of additional characteristics are identified which go to identification of emerging risks and identified tax-specific "commonly encountered risks". Providing services in jurisdictions outside the Common Reporting Standard or offering a product with a known or identified risk of misuse are identified as risks.

Transactions identified as high risk include complex tax planning structures involving high levels of secrecy, overly complex supply chains and transactions involving politically exposed persons. Financial services, tax advisory and legal sectors are identified as sectors with particular risk.

The guidance also imports high risk factors identified in the Joint Money Steering Group (JMLSG) guidance which identifies as high risk private banking, anonymous transactions, non-face-to-face business relationships and payment received from unknown or unassociated parties.

Principle 2
Proportionality of risk-based prevention procedures

To be "reasonable" the prevention procedures must be proportionate to the risks. Three questions are posed:

  • Is there any opportunity for someone to facilitate tax evasion?
  • Is there a motive?
  • How could it be done?

Organisations offering private wealth management services are particularly identified as facing significant risks. The procedures are expected to evolve with the relevant body's activities and the risk climate.

Principle 3
Top level commitment

The procedures in place must reflect the commitment of top-level management to prevent engagement in facilitation of tax evasion and the fostering of an atmosphere in which it is never acceptable. Management must be able to demonstrate that they are both committed in this way and that their commitment is shared by all in the business.

The guidance sets out a series of formal messages that might be given, including

  • Zero tolerance.
  • Articulation of reputational and customer benefits of rejecting the provision of enabling services.
  • A commitment not to recommend services of others who do not have reasonable prevention procedures in place.

Principle 4
Due diligence

The guidance recognises that substantial due diligence is already undertaken in high risk sectors in relation to specific transactions; clients or jurisdictions. That will not necessarily be correctly targeted for the offence: the risk assessment will determine what is required. Procedures are likely to differ across an organisation to reflect varying levels of risk.

Principle 5
Communication (including training)

The focus here is on effective internal communication including establishment of whistleblowing channels.

Effective external communication is also identified as important to send a strong deterrent message to potential criminal parties.

Suggested training is set out. What is required from training is an understanding of the scope of the offences and the associated risks, of how to seek advice, raise concerns and of whistleblowing procedures rather than a detailed understanding of tax rules.

Principle 6
Monitoring and review

There is a focus on monitoring, regular review and adjustment throughout the guidance. Review might be undertaken on a formal periodic basis but might also be prompted by market developments or the identification of criminal activity: the risk assessment will guide what is reasonable and proportionate.


Prosecuting authorities are able to employ Deferred Prosecution Agreements (DPAs), used for economic crimes including fraud and bribery, to help mitigate the collateral damage that would otherwise be caused to an organisation and those dependent on it by an actual conviction under these offences.

This is at their discretion and subject to certain conditions being met: the basic message is that an organisation needs to have appropriate defensive procedures in place.

Implementation has been a large task for many organisations, particularly those operating globally. The first step was for groups to identify risk areas and to work out what procedures are appropriate, and how best to implement them, so that commitment was demonstrable. Six years into the regime, they will be expected to have gone on to embed the identified training and procedures and to have subsequently reviewed their continued efficacy.

The guidance includes a number of basic examples relating to branch and subsidiary situations which highlight the need for adequate prevention procedures to be implemented wherever staff and associated persons act and not just in the UK. Establishing "reasonable prevention procedures" will also involve revisiting contracts with sub-contractors and other "associated bodies" to confirm that those contracts require them to have necessary procedures in place. Whether changes can wait to be made when contracts are renegotiated is fact and risk reliant: particular care will be needed in respect of contractual arrangements with associated persons identified as high risk or with whom bespoke arrangements are entered into.

Procedures are expected to evolve with the relevant body's activities and the risk climate. Guidance is expected to develop over time to reflect industry experience and so this also needs to be monitored. There is no one-size fits all approach that can be taken which means that businesses have undertaken risk assessments and then implemented controls and procedures in response to identified risk areas. Retention of records demonstrating compliance activity will be key if facilitation of evasion is identified.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.