The U.K. tax authority, HM Revenue & Customs (“HMRC”), has made clear that the Corporate Criminal Offenses legislation is designed to drive a “cultural and behavioural shift among corporates and partnerships to take an active and increased responsibility for preventing the facilitation of tax evasion.”

As part of its wider strategy aimed at preventing tax evasion, HMRC has allocated significant time and resource to clamping down on the facilitators and enablers of non-compliance.

The Corporate Criminal Offenses (“CCO”) were introduced as part of the Criminal Finances Act 2017, against the backdrop of increasing public focus on tax avoidance and evasion, including the leaked Panama Papers in 2015. They came into force on September 30, 2017.

“Associated Person”

In summary, the legislation means that if an “associated person” of a business criminally facilitates tax evasion, and the business is unable to demonstrate that it had reasonable procedures in place to prevent such facilitation, the business is guilty of a criminal offense.

The consequences of a prosecution include unlimited fines, reputational damage and the likelihood of regulatory sanction. “Associated person” is defined very widely and includes any person (individual or corporate) who represents (or provides a service for or on behalf of) the business—employees, contractors, agents, and in certain circumstances external suppliers.

Are Organizations Aware?

According to the 2018 Tax Gap figures published by HMRC, tax evasion and the hidden economy annually cost the U.K. exchequer 8.5 billion pounds ($11.2 billion). As the messaging from HMRC tells us, that represents a lot of hospitals and schools. By seeking to “nudge” organizations through behavioral changes to pay the “right” amount of tax, HMRC has it in their sights to claw this money back.

With this in mind, in late 2018, HMRC commissioned research with the purpose of evaluating the extent to which organizations are making this change. The results were published last week and were perhaps not entirely encouraging for HMRC. Headline figures included that 75 percent of respondents stated that they had not even heard of the Criminal Finances Act 2017 and only 3 percent thought that the legislation was relevant to them.

These figures are perhaps more concerning for corporates and partnerships who may be in the 75 percent category, particularly in light of increasing HMRC activity. We know that there are live CCO investigations taking place, prosecutions are coming, and that as part of these investigations, HMRC are undertaking office raids on premises. During these raids, we have heard this includes interviewing members of staff as to their awareness of the CCO legislation.

There is a real risk for all corporates and partnerships if nothing is done. Remember, it is a strict liability offense and unless they have the right procedures in place, companies can be convicted of the offense even if completely unaware of the actions of rogue individuals.

The good news for HMRC, however, is that some operational changes are happening as a result of CCO. Over half of all businesses (55 percent) said they had at least one of the expected five prevention procedures in place, with over a quarter (26 percent) saying they intend to make changes in the next 12 months.

However, the message to HMRC, advisers and business leaders is that more needs to be done to ensure a culture where the facilitation of tax evasion is not acceptable, and this is embedded within the business; thereby minimizing the risk of a successful prosecution.

Planning Points

The overriding message is that organizations need to take the legislation seriously, and from the research, we do know that the majority of large businesses and those in the financial services and insurance sector have already done so.

Ten Practical Tips

For all organizations, however, there are some easy “quick wins” and clearly demonstrable steps that can be made to help provide a defense to the legislation.

In practical terms, what are these? We set out below our top ten tips.

1. All corporates should undertake a documented CCO risk assessment which is proportionate to the size and complexity of the business. “Risk assessment” is one of the six guiding principles of the defense as set out in HMRC’s CCO guidance, and involves identifying your associated persons, considering where they may have the “means, motive and opportunity” for facilitating tax evasion.

In the words of HMRC, if an organization has not undertaken a risk assessment, it is unlikely to be able to prove a defense of having reasonable prevention procedures in place.

2. In many cases, it is the chief financial officer and/or head of tax who will lead the CCO project, working collaboratively with the money laundering reporting officer/head of risk and compliance as appropriate.

However, there is no single right answer in terms of who should manage the process in your organization. It is important for all those whose actions could impact financial transactions to be involved, especially in the risk assessment process—from human resources, to procurement, to those in operations.

3. Having undertaken a risk assessment it is important to develop a plan for implementing updates to existing policies and procedures. HMRC make it clear that relying on what you already have in place is not sufficient. The defense of having “reasonable prevention procedures” is established not just by the procedures already in place but also those enhanced procedures a business is planning to implement within a reasonable time frame. Adding the word “tax” to what you have already is not enough!

4. Communication and training is key and a quick win. Develop an appropriate program of communication both internally (with employees and contractors) and externally (with suppliers and agents). An important part of this revolves around appropriate CCO training—and many organizations use eLearning, that can be rolled out throughout the business and provides a log of all those who have undertaken the training.

5. Prosecutions are coming. Although there is no precedent to date, we can learn a lot by looking at prosecutions under the Bribery Act. The legislation is very aligned with the same six defenses as CCO.

All we have to do is look at the Skansen Bribery Act case to see the impact that not having appropriate prevention procedures in place can have on a business. This company was found guilty of failing to prevent bribery taking place in the supply chain.

The lesson we learned from the case was that “all the component parts of ‘adequate procedures’ need to be properly addressed—a clear and well-communicated policy, a properly documented and up-to-date risk assessment, a set of appropriate procedures tailored to the risks identified, appropriate due diligence on third parties, and proper training tailored to the business.”

6. It is possible to identify some areas that HMRC may focus on in the future—including supply chain management and contractor status. These areas can be addressed through taking a careful look at the due diligence carried out in respect of those with whom you do business. How well do you know them, have you carried out appropriate checks and do you know whether they themselves have undertaken any form of CCO compliance activity?

7. It’s tax evasion not tax avoidance—isn’t it?! Although tax evasion is clearly characterized by dishonesty, there is an increasing semantic shift in how tax authorities are discussing tax evasion and tax avoidance. We are hearing that HMRC’s position in relation to “aggressive” tax planning is that if implementation clearly fails, there is a risk that this could be considered evasion.

Put simply, if there is something structured to take advantage of a relief and it then happens that a condition fails it would probably not fall foul of CCO, but if there is an artificial arrangement which is poorly implemented, then there is a risk. Any business arrangements or other business transactions entered into must be clearly justifiable from a commercial perspective.

Of course, it goes without saying that any transactions based on facts that are false or fraudulent would fall within the scope of the CCO legislation.

8. Behind the headline numbers in the HMRC research, it is clear that large businesses, and multinational enterprises in particular, have greater awareness of the CCO legislation and are more likely to have taken steps towards CCO compliance.

The aim should be that CCO becomes “business as usual” in the large corporate sphere, with CCO a part of deal due diligence; CCO warranties and indemnities becoming commonplace as well as representations being sought from suppliers that they have appropriate CCO controls in place as part of the procurement process.

9. Do not underestimate the benefits of rolling out policies and procedures. This will include anything from a board-approved CCO policy, specific CCO communications to suppliers (for all associated persons), codes of behavior to agent declarations, formal CCO contractual terms for suppliers, and due diligence checklists for suppliers and as part of any merger and acquisition.

10. The CCO (and the Bribery Act before it) should be viewed in the context of the wider economic crime environment. This is particularly the case given the likely introduction of a general Failure To Prevent Economic Crime offense in the not-too-distant future.

There are numerous areas that overlap between CCO and other anti-bribery and corruption measures and taking a holistic approach to compliance will be the most efficient and cost-effective route.

Almost 18 months after it came into force, is the legislation achieving its aim? In the face of increasing regulatory and compliance obligations, the CCO could be seen as just another administrative burden for businesses. However, given the potential downside of not complying, it is important to get it right.

From our experience over the last 18 months, and based on our discussions with heads of tax, legal and compliance it can also be seen as an opportunity for corporates to take a fresh look at their risk and control structures.

James Egert is the lead BDO Tax Risk Partner in London specializing in SAO, tax strategy, risk and governance. Martin Callaghan is a Director in BDO’s Tax Performance and Risk Management Team, specializing in all risk and governance matters.

The authors may be contacted at: james.egert@bdo.co.uk; martin.x.callaghan@bdo.co.uk