HMRC’s corporate risk assessment takes a new approach

14 October 2019

On 1 October 2019, HMRC introduced its new Business Risk Review (BRR) process for large corporates. This follows a consultation in which HMRC recognised the original approach is 10 years old and, whilst it is deemed successful, has undergone limited change.

The formal BRR process is adopted for those companies handled by its Large Business Directorate, which broadly are those with UK turnover of over £200 million or with gross balance sheet assets of over £2 billion and those companies will have a Customer Compliance Manager (CCM) appointed to them. It is clear that many of the underlying BRR principles are often considered by HMRC when considering the tax compliance risk of the larger companies handled by its Wealthy & Mid-Sized Compliance Directorate.

While the fundamental approach to BRRs remains largely unchanged, HMRC has responded to concerns from businesses and increased the number of risk categories to 4 - low, moderate, moderate-high and high. With limited resources available, HMRC continues to offer the ‘carrot and stick’ approach of offering less interaction for low risk customers with the opposite for those it deems not to be low risk.

The stated intention is to get into granular detail so that HMRC will have greater understanding of how businesses operate. It aims to move away from just focusing on the traditional risk factors (structure, cross border relationships and transactional type risks), to give a more rounded assessment, taking into consideration the governance and control environments that surround the way they operate.

In the consultation, HMRC specifically referenced the OECD’s forum on Tax Administration’s Large Business Programme and the importance of Tax Control Frameworks for multi-national enterprises. The OECD has introduced a concept of ‘justified trust’ where the integrity of a company’s policies and procedures are tested to check they are being accurately applied. HMRC states that it “sees a direct alignment between the key elements of the TCF and our decisions relating to low risk”.  

In its revised guidance, HMRC confirms that all businesses, no matter how large and complex, “are capable of being classified as low risk if they mitigate these risks by meeting the behavioral indicators for systems and delivery, internal governance and approach to tax compliance”.

Of course, whether a company is commercially able to meet HMRC’s expectations of what it needs to do to become low risk will depend on both the company and frankly, based on previous experience, the expectations of its appointed CCM. There can be some tension in this area but, usually, a sensible accommodation can be reached provided the company engages with the process.

Beyond the BRR

There is a natural link between a BRR and a company’s compliance with other key statutory requirements including the Senior Accounting Office and Corporate Criminal Offence (CCO) regimes. We have seen several recent examples of companies, in various sectors, being approached by HMRC’s Fraud Investigation Service alleging fraud in their supply chain. The letters refer to the CCO legislation and HMRC’s ability to block input VAT and charge penalties if it finds the company has not undertaken appropriate checks on its suppliers.

Given the unlimited fines and reputational damage risk of being prosecuted under the CCO legislation, companies are creating significant risk if they have not fully addressed this legislation, which is now over two years old. Yet, in our experience, many companies have not taken action because the responsibility (and budget) for doing so does not readily sit in one particular Department.

Which taxes will HMRC be focusing on?

In a recent document HMRC stated that in the 2018/19 tax year it collected 34.1 billion by tackling “avoidance, evasion and non-compliance”. Of this, the Large Business service collected £9.766 billion. More interestingly, £6 billion of this was VAT and £2 billion was corporation tax, broadly the ratio we would expect. By contrast, it only collected £61 million of income tax (assumed to be PAYE and NIC). Given that PAYE and NIC are much larger net contributors to the Exchequer than corporation tax, this seems much lower than one would expect. However, it may simply be a result of the CCMs coming principally from a corporate tax or VAT background.

In the same document, HMRC published its pipeline of tax potentially due from its current compliance activities in the Large Business Directorate. The total is approaching £30 billion – 3 times what was achieved last year. The headlines in the supporting breakdown are:

  • Transfer pricing and thin cap - £6 billion
  • VAT – £3.4 billion
  • Employment - £920 million
  • International - £2.5 billion
  • Avoidance - £1.3 billion.

The updated BRR is to be welcomed, although quite how effective it is for companies remains to be seen especially at a time when HMRC is more resource constrained than ever following the regionalisation of offices to 13 centres which is causing material morale issues and leakage of skills to the private sector and into early retirement.  

For help and advice on HMRC corporate tax enquiries please contact Jon Claypole.

Read more on managing tax risks.


Business Edge index