This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our privacy statement for more information on the cookies we use and how to delete or block them.
Article:

Corporate Criminal Offence: Top 10 FAQs

06 August 2020

Corporate Criminal Offences: FAQ’s

We have been working hard with over 150 of our clients to support them in demonstrating a defence to the legislation, and we set out below the top 10 FAQs and learnings based on our work. We have also produced a Corporate Criminal Offences approach guide that looks at the two offences in detail providing examples of how they might arise, outlining the six key principles of defence as set out in HMRC guidance and practical examples of how other organisations are responding.

Further insight how the BDO Tax Risk team can support you, are found below:

1) What is the Corporate Criminal Offence?

The CCO legislation took effect on 30 September 2017.  Essentially, it created two corporate offences, one relating to the evasion of UK tax and one relating to the evasion of foreign tax. The legislation is very widely drawn and can apply to the evasion of any tax, including indirect and employment taxes, anywhere in the world. Any UK business, be it a UK corporate or a foreign corporate doing business in the UK, will be within the scope of both offences. The corporate or partnership will have a strict liability under criminal law for failing to prevent the facilitation of tax evasion by one of its associates (employee, contractor or any other person providing services for or on behalf of the corporate). A defence exists of having ‘reasonable prevention procedures’ in place.

Back to the top

2) Who does this affect?

All companies and partnerships - there is no de minimis. 

3) What happens if we don’t do anything? Are we at risk of penalties?

Yes, you are. A successful prosecution could lead to:

  • An unlimited fine
  • Public record of the conviction
  • Significant reputational damage and adverse publicity.

We also know that HMRC is already undertaking live investigations.

Back to the top

4) What has HMRC told us since the legislation came into force?

HMRC spoke at our Financial Crime seminar on 10 December 2018. It was made clear that HMRC is taking this legislation very seriously. For example, we have been informed that HMRC has started to undertake CCO investigations - including the first of a number of office dawn raids. As part of these ‘interventions’, HMRC’s procedure is to interview staff to see what they know of CCO, what actions they are aware the business is taking in response to CCO and to see if personnel know what to look out for to identify tax fraud. CCO is very much aligned to the Bribery Act and we know that many organisations have faced punitive and business critical fines and penalties as a result of Bribery Act prosecutions. It is not unlikely we will see the same for CCO.

We also know that a review of the extent of CCO procedures is one of the indicators of the new Business Risk Review approach by HMRC.

Finally, HMRC made it clear that the risk assessment plays a fundamental role in evidencing that you have reasonable prevention procedures in place. According to HMRC “everything hangs off this. You need an assessment of how your associated persons could criminally facilitate tax evasion.” In addition, we were informed that you “must document your risk assessment - I cannot tell you how many businesses fail to do this in respect of the Bribery Act”.

Back to the top

5) Can you give me some case studies of what this legislation covers?

Here are some  examples:

  • A member of your HR or payroll team deliberately falsifying information relating to a worker, so that the worker is treated as a contractor rather than deducting PAYE at source
  • An employee deliberately and dishonestly collaborates with one of your suppliers to falsify the amount paid on an invoice eg, by reducing the true amount paid so that the supplier evades income/corporate taxes
  • An employee deliberately conspires with a supplier to conceal the true source country of goods to evade Customs duties
  • A US bank has a branch in London and a branch in Singapore. An employee of the Singaporean branch deliberately facilitates Russian tax evasion. The US bank would be culpable.

Back to the top

 6) Who needs to take the lead on CCO within the business?

What we are seeing from our conversations with other clients (from FTSE100 to smaller inbounds) is that typically the head of legal and/or the head of risk and compliance is accountable to the Board for ensuring compliance with the legislation (and specifically ensuring the right policies/procedures are in place). However, responsibility for ensuring the risks are identified and that policies/procedures are drawn up which reflect these risks will fall on the tax or finance function.

Back to the top

7) We already have Bribery Act and AML/KYC procedures in place. What more do we need to do?

You may already have financial and economic crime prevention procedures in place. These existing procedures are relevant but it is essential that a risk assessment which is specific to the facilitation of tax evasion is carried out and then mapped to the existing procedures. You need to bridge any gaps.

Back to the top

8) What should the message be from the Board?

You need top level commitment. The Board is typically best placed to champion this. From here, your staff will need training so that they know what they need to do. It is imperative that there are no blocks to compliance (ie middle management blocking whistle-blowing from more junior staff).

To be compliant with the legislation, the clear message needs to be zero tolerance for tax evasion, and specifically, the facilitation of it.

Back to the top

9) I haven’t done very much.  What do I need to do?

The CCO legislation is no longer new and HMRC will expect you to have in place reasonable procedures to demonstrate a defence to this legislation.

We see four key stages to compliance with the CCO legislation

  1. Risk Assessment – your first priority is to carry out and clearly document your Risk Assessment
  2. Implementation – the Risk Assessment process should include the development of a CCO Implementation Plan, setting out prioritised next steps, responsibilities and timetable
  3. Training and communications – this is to ensure CCO policies and procedures are successfully communicated within and outside the business; supported by CCO eLearning training that we can roll out across all organisations
  4. Monitoring, review and testing – this comprises both testing of the process in place as well as periodic update of the CCO Risk Assessment

Back to the top

10) What are other organisations doing practically?

Once the Risk Assessment is complete, there are typical ‘quick wins’ and practical steps that are clients are implementing.

This includes developing a suite of CCO policies (e.g., below) and ensuring CCO training is rolled out across the business.

Example policies include:

  1. Board paper on CCO
  2. Internal ‘Instant Messaging’ within the business
  3. CCO communications to Suppliers (for all Associated Persons)
  4. CCO Policy – detailed internal overview of CCO
  5. CCO Employee Code of Behaviour
  6. Code of Conduct for Suppliers – CCO section
  7. Agent Declaration
  8. CCO contractual terms for suppliers
  9. Supplier due diligence checklist
  10. M&A due diligence checklist

As to training, HMRC specifically state that organisations “should seek to ensure that its prevention policies and procedures are communicated, embedded and understood throughout the organisation, through internal and external communication, including training.” We have rolled out CCO eLearning training across not only all our staff at BDO but for dozens of our clients across all industries (and over 10,000 people). Specifically, we see it as a way of demonstrating the right ‘culture’ within the organisation – ie that you can demonstrate you have a zero tolerance approach to tax evasion and facilitation of tax evasion.

For help and advice on any tax risk issue please contact James Egert, Ed Dwan or Martin Callaghan.

Back to the top

How can BDO Tax Risk team support you?

All businesses continue to develop their response both to COVID-19 and also an evolving working environment post COVID-19. The challenges, and opportunities, of a remote workforce and the accelerating pace of digital change mean that different approaches to compliance, governance and regulation must be considered. 

It is important to ensure your reasonable prevention procedures are designed to prevent associated persons from commuting the facilitation offences in the new reality. 

This Toolkit provides your organisation with the tools, templates and knowhow to develop a response to the Corporate Criminal Offence legislation.

It is a step by step guide to ensuring that the controls you implement are aligned to HMRC’s Six Guiding Principles and meet the legislations requirements, including carrying out your own CCO Risk Assessment. The documentation includes various policies, internal and external messaging and example contractual terms.

Ensuring your staff and other associated persons understand their responsibilities is a critical control in minimising the risk of enforcement action. We have developed a bespoke elearning course to meet HMRC’s requirements.

The elearning module can be easily uploaded to your existing Learning Management System for staff distribution, or we can provide a platform through which you can distribute the training. This method of learning and embedding is well suited to remote working.

  • Risk assessments and ongoing monitoring

Where there are staff reductions, employees working from home, or management focused on critical functions only, unique opportunities arise for committing tax fraud. Risk assessments should be regularly reviewed, particularly within the context of COVID-19.

For businesses who have already performed a risk assessment, we can support with carrying out a review, which normally involves reviewing your existing policies and procedures as well as refreshing your current risk assessment to reflect any changes in the business.

Back to the top