Building a defence

OMB

01 June 2017

Annis Lampard examines the corporate criminal offence for failure to prevent facilitation of tax evasion and considers the six most important risks

Key Points

What is the issue?

HMRC are expected to introduce new corporate criminal offences for failure to prevent facilitation of tax evasion later this year.

What does it mean to me?

The corporate criminal offences will affect all corporates and partnerships (‘businesses’), both UK and non-UK. There is no de minimis limit for the size of business in scope for this offence, and the proposed offences have been drafted in such a way that the only defence for a business against financial and reputational sanctions is to prove that they had reasonable procedures in place at the time an offence occurred.

What can I take away?

A concise summary of the offence, an overview of how the facilitation offence may impact differently, the six risk principles involved in building a defence, and some thoughts on how businesses are addressing their risk exposure.

The new corporate criminal offences for failure to prevent facilitation of tax evasion, expected to come into force from 1 September 2017, affect all UK and non-UK corporates and partnerships. Under HMRC guidance companies and partnerships are expected to be able to demonstrate senior-level involvement in preventing facilitation of tax evasion. Time is short for businesses still needing to consider how to act in relation to these measures.

This article covers the background to the introduction of the new corporate criminal offences, a summary of the sanctions involved under the measure, how businesses may fall within scope of these and a discussion of the potential impact of the corporate criminal offences on different sectors.

It will then look at the six risk principles to be considered in building the ‘reasonable procedures’ that businesses will need to put in place to have an adequate defence against sanctions under the corporate criminal offences, and offer a few thoughts on the time-frames and potential next steps in relation to those reasonable procedures.

Background to the legislation

In recent years, HMRC have developed a detailed strategy, underpinned by closely-aligned policies, particularly around evasion involving offshore income or assets. As part of that, HMRC identified that those who evade tax rarely act alone, but tend to rely on a network of other enablers. As a result, HMRC have turned their focus to the parties who facilitate tax evasion, and not just the end (non) taxpayer.

However, HMRC were frustrated by the fact that the law only permitted the UK tax authorities to criminally prosecute a business when they could establish beyond reasonable doubt that the directing minds of that business were knowingly involved in the tax evasion facilitation. In the case of larger organisations this was often difficult to prove, and HMRC were concerned that risk reporting was in fact not being raised to a senior level in organisations. The new corporate criminal offences will significantly change the current status quo, by introducing a strict liability offence unless corporates and partnerships can prove that they had reasonable procedures in place to prevent facilitation of tax evasion at the time that any facilitation offence takes place. The result is that HMRC no longer needs to prove that the directing mind of a business was also knowingly involved in any facilitation offences.

When thinking about the wider backdrop to these new offences, we should not overlook that the number of HMRC prosecution targets and of criminal raids conducted have both risen sharply in recent years nor that the Public Accounts Committee has criticised HMRC for failing to sufficiently prosecute in relation to offshore tax evasion. Alongside this has been a growing debate around the responsible tax agenda, which has driven, amongst other policies, the obligation for businesses with turnover above £200 million or a balance sheet worth over £2 billion to publish their tax strategy.

This is not to suggest that HMRC are expected to launch inappropriate prosecutions under the new corporate criminal offence legislation, and indeed their selective prosecution policy will no doubt continue to apply. Nevertheless, the combination of changes in the law to enable easier prosecution of organisations who fail to prevent facilitation of tax evasion, rising numbers of HMRC cases taken, and the expectations in a world of responsible taxation all combine to present a considerable shift in the expectations around business behaviour.

The three key steps: the corporate criminal offences and sanctions

In order to prove that an offence has been committed there are three stages. See figure 1.

Image

The onus of proof rests on HMRC for the first two stages, and it is a criminal standard of proof, i.e. beyond reasonable doubt. Stage three is a fact that exists if stages one and two have occurred, and for the defence the onus is on the business, and is to the civil standard of proof, i.e. on the balance of probabilities.

There are in fact two corporate criminal offences for failure to prevent facilitation of tax evasion. One offence relates to an underlying evasion of UK tax (‘UK tax facilitation offence’); the other where the underlying evasion has been of non-UK tax (‘foreign tax facilitation offence’). Although the three steps listed above apply to both offences, there are also some differences.
UK tax facilitation offences can be committed by the associate of any corporate or partnership worldwide, even if that entity has no office, branch or permanent establishment in the UK and the facilitation takes place outside of the UK. The risk to businesses for UK facilitation offences is linked to whether there is a link between associated persons in their business capacity and UK taxpayers, again irrespective of whether those UK taxpayers are UK resident or non-resident.

The foreign tax facilitation offence must firstly be an offence both in the country in relation to which tax evasion occurred, and in the UK. In addition, the underlying tax evasion must also be a criminal offence in both jurisdictions. Assuming those conditions are met, there must also be a UK nexus for the business. A UK nexus is defined as UK incorporation, a UK branch or permanent establishment, or that the associate was present in the UK at the time they facilitated the non-UK tax evasion. Finally, in England, Wales and Northern Ireland, any decision to prosecute a foreign tax facilitation offence must be approved by the Director of the Serious Fraud Office. In Scotland, the decision will be made by the Crown Office and Procurator Fiscal.

These two offences are summarised in figure 2.

Image

Should a company or partnership be found to have failed to prevent facilitation of tax evasion, then there are potentially both financial and non-financial sanctions. 

A selective prosecution policy is expected to be followed, with the potential for unlimited fines on a business. In addition, there is likely to be severe reputational damage incurred from the publicity surrounding criminal prosecution.

The six most important risk principles

The principle defence for a business is that it had ‘reasonable prevention procedures’ but what does this mean? The government has issued guidance on this setting out six risk principles which all organisations are expected to consider when reviewing whether they have proportionate and reasonable risk protocols in place. 

It is important to stress that the corporate criminal offences are part of a principles-based regime, not a rules-based regime. As such, the guidance, whether from HMRC or indeed elsewhere, such as guidance from industry bodies, does not represent a ‘safe harbour’ for businesses. The risk principles outlined in current government draft guidance are shown in figure 3.

Image

The terminology used in HMRC’s risk guidance will be recognisable to those familiar with the Bribery Act., HMRC have also stated in conversations during the public consultation process that they envisage the potential for risk under the new corporate criminal offences to exist where there has been non-tax fraud. 

Equally, HMRC have stressed during consultations that organisations should not assume they can simply rely on existing protocols to protect them. Businesses will be expected to conduct a fresh review and document their thought processes in relation to the corporate criminal offences, albeit for some the conclusion will be that existing protocols are indeed adequate under the new measure too.

Whilst all the principles set out above are important, the starting point for most organisations will be those around risk-based reviews, proportionality and senior-level commitment.

The impact of the corporate criminal offences on different sectors

Turning to those first two principles, risk-based reviews and proportionality, discussions with HMRC have made it clear that risk does not relate solely to organisations, or teams within organisations, who provide tax advice or act on tax matters. Instead, risk should be understood in a far broader and more nuanced way, and in some ways it is helpful to think of fraud offences, rather than tax evasion. Consideration should also be given to: the jurisdictional reach of an organisation and their clients; the services or products provided; the organisation’s associate population; and the sector within which the business operates.

This article cannot consider all sectors, but the following are generally considered of higher risk:

  • Financial services: This sector is well versed in analysing its risk profile and responding appropriately, and will not be surprised to hear that it is considered high risk by regulators, and by HMRC in relation to this measure. Several issues will need to be considered given the complexity of this sector, but global mobility of associates, and also the impact of branches in the corporate structure are likely to need particular attention.
  • Fiduciary sector: the nature of client services offered by trust and companies service providers automatically place them on a high-risk end of the spectrum. As a result, some in this sector moving fairly rapidly to a deep-dive risk assessment and the implementation phase, rather than conducting an initial high-level threat review.
  • Professional practices sector: this sector was, unsurprisingly, one of the first to respond to the new measures, and has a good general awareness of the new corporate criminal offences. As a result, many are aware of the need to thoroughly consider the jurisdictional impact of this measure on their business, particularly where they partner with local organisations to provide client support across the globe. A further issue, in common with the financial sector, will be the global mobility of staff, which remains for many an important part of their business model.
  • Manufacturing: this sector is a broad church, which therefore probably deserves a separate article of its own. Having said that, this emphasises the need to carry out a threat review (see below) in a manner that focuses closely on what procedures will be proportionate to the business itself. The protocols that are needed by a smaller local firm with risks around false invoicing in the supply chain will be very different from a multi-national entity that frequently hires contractors and ad-hoc expert advisors, and therefore needs to consider the scope of their associate population.

Where next?

There can be no standard response to the risks posed by the new corporate criminal offences. Instead, whilst responding to the risk principles set out in HMRC’s draft guidance, businesses will need to consider what the impact of this new legislation is likely to be in their circumstances.

As a general approach, businesses should identify the stakeholders to be involved in reviewing the impact of the corporate criminal offences on their organisation as soon as possible, and then carry out a first stage threat review by the end of the first half of 2017. The three stages of the overall response are likely to be:

  1. A threat review and readiness assessment
  2. A deep-dive risk assessment
  3. Implementation of risk protocols, training programmes, etc.

A threat review and readiness assessment should provide a high-level view covering what services a business offers, and to whom, where it operates and what the associate population is, what risk protocols exist and what senior level involvement exists as part of those protocols.

For some, the results of that threat review will drive a further, deeper-dive risk assessment on specific risk areas which have been identified. In turn, the conclusions reached under that more detailed risk assessment will provide the first steps in implementing any new or revised risk procedures.

For each business there will be differing levels of detail involved in each of the three stages, and some businesses may be able to conduct a far more condensed review process. Nonetheless, it remains important to clearly document the thinking behind any ultimate conclusions and for most businesses, particularly those in high-risk sectors, or with a complex or multi-national structure, a sequential approach to conducting the risk review will help provide the important clarity and audit trail around any ultimate actions by the business.

In conclusion, the more that business can use the time before this legislation comes into force constructively, the more robust their procedures are likely to be. 

It is important to remember that a business’ prevention procedures will only be tested when HMRC already believes that one or both of the corporate criminal offences may be in point due to there already being evidence of both criminal tax evasion and criminal facilitation. 

The determination of whether procedures are reasonable will be made against a backdrop of suspected criminal behaviour by an associated person. When that happens a proportionate, well-documented prevention procedures regime should hopefully enable a business to demonstrate that the ‘reasonable procedures’ defence is available, and to avoid prosecution.