For sale: the need for due diligence

Many businesses either acquire or merge with other entities, or sell a part or all of their trade or assets. Mergers and acquisitions do not only carry with them the opportunity for enhancing a business’s activities; critically, from a risk perspective they can also add to its liabilities and potentially increase a business’s exposure as to how it conducts its affairs.

Due diligence exercises are key to ensuring that the entity being acquired is appraised, verified and valued correctly; and their purpose and remit has become even more essential. Due diligence now ought to encompass consideration of a business’s compliance with the corporate criminal offence (CCO) legislation. 

Facilitation of tax evasion

The Criminal Finances Act 2017, which includes the CCO legislation, has been in force since 30 September 2017. The legislation is in four parts and five schedules. 

Part 3 is entitled ‘Corporate offences of failure to prevent facilitation of tax evasion’. In a nutshell, the legislation states that corporate bodies and partnerships (‘relevant bodies’) could be liable to a criminal conviction and an unlimited financial penalty where tax evasion is facilitated by its associated person(s), such as an employee, subcontractor or suppliers. Three elements are required for an off ence: a tax evasion off ence; the off ence is criminally facilitated by a third party; and the facilitator is associated with the relevant body. 

The question arises of how far the causal link (remoteness and causation) needs to be established between the act and the harm (the tax evasion) in order for a valid charge under this provision. The wording is broad and the words ‘associated with’ imply that a wide net can be cast.

A relevant body only has a statutory defence if it has undertaken a risk assessment and has implemented reasonable prevention procedures in light of the risks identified. English criminal law seeks to look at factual causation and applies the ‘but for’ test, requiring that the result must be caused by a culpable act with no intervening act that breaks the chain of causation. The offence under the CCO legislation appears, on the face of the statutory wording, not even to require a chain of causation but mere association. Even more concerning is that whilst criminal intent must be established with respect to the taxpayer and the facilitator, a relevant body can find themselves guilty of a CCO offence even without having any awareness of the tax evasion, merely by having failed to do anything to prevent it.  

It is worth examining how the legislati on defines ‘association’. Section 44(4) states that employees, agents and anyone who performs services for and on behalf of a corporate body or partnership are included. For smaller businesses, this could amount to a significant number of entities; for multinationals, the number of associated entities could amount to several hundred. 

Compliance with the CCO legislation Compliance with the CCO legislation does not have a retroactive effect. This means that a business which has not considered the CCO legislati on since 30 September 2017 has no statutory defence in place up until the point it undertakes a risk assessment and implements reasonable prevention procedures – and it cannot undertake a risk assessment retrospectively. Therefore, relevant bodies that have not yet complied with the CCO legislation continue to have an exposed period, which grows day by day.

This is of particular importance regarding business decisions to acquire or merge with other entities. For example, the acquiring entity could be impacted by the adverse repercussions of the target’s potential CCO offence/liabilities (see Example 1: Failure to undertake risk assessment below). Also, the acquiring entity could itself, by virtue of acquiring the target, fall foul of its CCO obligations (see Example 2: Tax evasion offence below).  

Example 1: Failure to undertake risk assessment

• A Ltd acquired the shares of B Ltd on 31 July 2019. 
• B Ltd did not undertake a risk assessment or implement reasonable prevention procedures in respect of the CCO between 30 September 2017 and 31 July 2019. 
• HMRC investigates a tax evasion offence which took place in March 2018, that involved an employee of B Ltd (who worked in finance) making payments to a UK based supplier into their offshore bank account, knowing that this would allow them to conceal this income from HMRC. (B Ltd did not benefit from this arrangement.) 

The tax evasion offence in question took place in March 2018 – some nine months before A Ltd took over. B Ltd has retained its identity as a separate legal entity, irrespective of its change in ownership, and consequently it is exposed in respect of its failure of complying with the CCO legislation. The adverse reputation and financial damage are going to affect not only B Ltd but also, by association, A Ltd. 

Note that in the event that B Ltd was wound up and dissolved after 31 July 2019 (with its trade and assets being transferred to A Ltd), HMRC has the power to reinstate B Ltd in order to investigate its tax affairs. 

Example 2: Tax evasion offence

• C Ltd is acquiring the shares and/or assets of D Ltd.
• The step plan for the acquisition entails C Ltd paying the proceeds into the bank account of the recipients in a bank account located in a tax haven, allowing for the capital gain on disposal to be hidden from the tax authorities. 
• C Ltd’s employees are involved in completing this lucrative transaction and are aware of the aforementioned step plan and its implications. 

In this example, the tax evasion offence has been committed by D Ltd or its shareholders, and C Ltd’s employees (C Ltd’s associated persons) have facilitated the evasion of tax. As a consequence, irrespective of whether assets and/or shares have been acquired by C Ltd, it may have fallen foul of its CCO obligations, exposing itself to a criminal conviction and an unlimited financial penalty.   

HMRC investigations

When considering the corporate criminal offence, HMRC and the relevant prosecuting bodies will consider whether the business, at the time, had a statutory defence; 
i.e. whether it had undertaken a risk assessment to identify the risks of the facilitation of tax evasion and implemented reasonable prevention procedures.

In Example 1, B Ltd ought to have implemented an additional due diligence process where a supplier asks for payments to be made to non-approved bank accounts. Ahead of the acquisition, A Ltd’s due diligence should have captured whether B Ltd had implemented a range of reasonable prevention procedures in light of the risks of the facilitation of tax evasion. 

In Example 2, a reasonable prevention procedure for D Ltd could have been the undertaking of an enhanced due diligence exercise by an experienced third party on every occasion that shares or assets are being acquired. If D Ltd had commissioned a vendor due diligence exercise, it could have recognised the repercussions of agreeing the payment into the offshore bank account. 

If investigating a corporate criminal offence occurring after 30 September 2017, HMRC will take into account the prevention procedures and processes in place to combat the facilitation of tax evasion, as well as those planned. A due diligence exercise must seek to understand where a business is in respect of its CCO tax governance. 

Points to bear in mind

The legislation and supporting guidance adopt a principles-based approach. There are six guiding principles:

1. risk assessment; 
2. proportionality of risk-based prevention procedures; 
3. top-level commitment; 
4. due diligence; 
5. communication (including training); and
6. monitoring and review.

Whilst HMRC’s guidance recognises that it can be more difficult to hold large multinational corporates to account (owing to more decentralisation), it does not negate the need to ensure that robust monitoring and ongoing review procedures are in place to avoid entities from becoming associated with evaders and/or facilitators. Also bear in mind that tax evasion can be investigated by HMRC going back 20 years – something that is very common in the world of enquiries and disputes. The affairs of the supplier who evaded tax in Example 1 (in March 2018) could be enquired and investigated into through to 5 April 2038. 

When a business is acquiring or merging with another, it needs clarity as to what liabilities and adverse risks it could be implicated by. From a CCO perspective, unlimited penalties could be imposed, with dire consequences on the viability of a business, as well as reputational damage. A company which purchases an entity that did undertake fraudulent activity will inevitably have to participate in the HMRC investigation, with all the cost of management time at the very least. 

The CCO legislation is not new and HMRC expects businesses to have policies and procedures in place. It is pivotal that the target entity’s compliance with the CCO is considered adequately at the due diligence stage. If it is considered not to be sufficient, adequate warranties and indemnities must be in place. Solely from an acquisitions perspective, compliance with the CCO is prudent – so that it is not a hold up for when a merger or acquisition takes place. The lack of an effective CCO policy and relevant training for office holders and staff members of the business looking to sell could have a far greater impact on that business’s ability to sell than currently may seem relevant. 

The CCO offence highlights the importance of ensuring that good governance is in place to identify and mitigate tax evasion facilitation risks.