The brand new company legal offence of failure to forestall tax evasion

Click here to listen to the audio.

In this episode, we are joined by Sam Dean, who spearheads HMRC’s campaign to raise awareness of the corporate criminal offence of failure to prevent tax evasion.

With this being the first “fail to prevent” style offence dealt with by HMRC, podcast host, Alice Kemp, quizzes Sam on what exactly this means, where your business may be at risk of liability and what you can do to prevent that from happening.

* Please note these podcasts will not run on Internet Explorer

We hope you enjoy the episode. Please subscribe on Apple Podcasts (or Spotify if you are not using an Apple device) to keep up with future episodes.


Hello, and welcome to Taxing Matters, your one stop audio shop for all things tax brought to you by RPC. My name is Alice Kemp and I will be your guide as we explore the sometimes hostile and ever-changing landscape that is the world of tax law and tax disputes. Taxing Matters brings you a fortnightly roadmap to guide you and your business through this labyrinth. In case any of you miss any crucial information or just want some bedtime reading, there is a full transcript of this and indeed every episode of Taxing Matters on our website at

Today we are joined by Sam Dean, who works for Her Majesty’s Reven ue and Customs. Sam specialises in the reasonably new corporate criminal offences of failure to prevent tax evasion which were en acted by the Criminal Finances Act 2017. Sam has been spearheading HMRC’s campaign to raise awaren ess of what these offences are, where businesses may be at risk of liability and what you can do to prevent that from happening.

In addition, Sam told me that he travelled to New Zealand and in fact proposed to his now wife on the banks of Lake Taupo. He said he thinks New Zealand is a beautiful country and, of course, he’s right. And with that kind of clear judgement his guest spot status on the podcast was a given.

Sam, welcome to Taxing Matters.


Thanks, Alice. Thanks very much for having me.


So, what are the new corporate criminal offences?


So, there are actually two corporate criminal offences, both introd uced 30 September 2017; one related to UK tax evasion and the other relates to foreign tax evasion.

So HMRC’s responsibility, and I guess therefore my responsibility, is solely with the UK tax evasion offence, so that’s really what I’m going to be talking about today.

It is worth pointing out it applies to all corporate bodies and partnerships and for the purposes of legislation we tend to call these “relevant bodies”. What it actually does is it now makes it a criminal offence for one of

those relevant bodies to fail to prevent someone acting on their beh alf from criminally facilitating tax evasion .

It is really designed to try and tackle, not just the tax evasion, but those who facilitate it – those people who

help people commit tax evasion – by encouraging their organisations, the companies that they work for, to put in place what we call “reasonable preventative proced ures”.

And really having reasonable preventative procedures in place is the only defence that an organisation can offer once they charged with the offences.

These offences weren’t introduced simply to increase the number of corporate prosecutions that HMRC are looking for, but more to try and change what we would call longstanding ind ustry practices and attitud es

towards risk; so really, trying to reduce the opportunity for facilitation to occur in the first place.


So, how is this different from what the law was previously?


It’s quite a big change for us. It is modelled on the bribery act and it’s the first of what we call “fail to prevent” offences that we’ve dealt with in HMRC.

So, before we could certainly tackle tax evasion and we could certainly tackle those who facilitate it. But for us to be able to hold their companies, their organisations, the people that they work for or they are acting on beh alf of, to account, we had a directing mind and will test. So, we would have to be able to evidence that either someone on the Board of Directors, or someone suitably senior within an organisation, that we could say, you know, “they are the directing mind and will of an organisation”, that they actually had the guilty

knowledge of the facilitation, they knew that it was going on, they were complicit for all intents and purposes. So, they were as guilty as the facilitator themselves.

Now, obviously when you get into larger organisations, they operate multiple sites, transnational

organisations – really hard to prove that someone at the Board of Directors knew what somebody was doing further down their organisation all of the time. This basically just flips it on its head and says “we’re not trying to prove that you knew what was going on any more, what we’re saying is you failed to prevent someone acting on your behalf from doing that” and as I say that defence of reasonable proced ures then is well “what have you done that is reasonable and proportionate to try and stop that from happening?”

So that’s why it’s such a big change for us.


So, let’s break it down. What does this criminal offence actually involve? What are we talking about here?


So, it’s ultimately one abo ut conduct and dishonesty.

It’s easy to think abo ut HMRC legislation as “tax” but it’s far easier to think about this as “conduct”.

So, for the offences, to work, we have to have tax evasion; where it’s a taxpayer – a customer – knows that what they’re doing is going to result in tax being evad ed, it’s going to result in HMRC and the government not receiving the taxes or duties that they are due. And again, the dishonesty has to then go through into the facilitator; so, whoever is helping them commit the tax evasion has to know that tax evasion is the end result.

Once you’ve got those two things it’s what we call a strict liability criminal offence. So, if those two conditions are met, tax evasion and criminal dishonest facilitation, then the corporate, the relevant body is automatically guilty of the offence.


And what happens if they are guilty of the offence? What are the penalties that we are looking at here?


So, they are quite substantial.

So, obviously we can’t put a corporate in prison, so the sanction is a financial one. But it’s actually unlimited financial pen alties, so, you know, you can read into that that, dep endent on the scale of the tax that has been evad ed, dep endent on the culture, the attitud es of an organisation, the sky’s the limit in terms of the fines and that will be ultimately for the courts to decide.

But also something that we point out in the published government guidance, if there is a successful

prosecution and a conviction there there’s a whole host of what we call ancillary orders. So, we can look at confiscation orders; serious crime prevention orders; we can look at licensing implications, if you need a

licence to operate in that sector; fit and proper test implications. In the worst case scen ario, it could mean that

an organisation can no longer operate in their sector any more.

So, it is not something that you can take lightly and choose to ignore to be honest.


So, you mentioned reasonable procedures and that being the only defence to this strict liability offence. What are we talking about reasonable procedures, what are they?


So, we actually offer what we call our “six guiding principles” in the government guidance, and I’m sure you can probably share a link to listen ers to have a look through it, so I won’t go through them all in detail, but they cover: a risk assessment; proportionality of procedures; a top level commitment – so that’s really abo ut the culture within an organisation; the importance of due diligence; communication and training; and then a final one, and an important one, around monitoring and review.


I think what’s important to say is that it is certainly not a tick box exercise, so you can’t go through those six principles and say “okay well I’ve covered everything that HMRC said in the guidance, therefore we have

done everything that we need to”.

But it is important, and I think it would be difficult to envisage a scenario where an organisation has put in

place reasonable proced ures that aren’t predicated on a sound risk assessment, to really take in the time to understand what the legislation is, who could be deemed to be acting on their behalf and the potential for

them to facilitate tax evasion. And in the same way that it’s not a tick box exercise, it’s not a pap er exercise either, so it’s important that, should an organisation, should a relevant body be subject to a CCO

investigation, they’re going to have to demonstrate that the proced ures are in place and that they are understood by employees and associated persons.

I think a final point to me on that, crucially it’s going to be for the courts to decide what’s reasonable and a jury to decide what’s reasonable. So, perhaps it’s quite a good acid test for corporates, I think, “would 12 ordinary people think what we’ve done is reasonable or not?”


So how often would you expect, looking at an organisation, for them to be considering their procedures? How often would a review happen?


I think there are two ways of looking at that question.

I think one will be the periodic nature of review, so after a passage of time – which we would expect that to be covered in the risk assessment – so how freq uently an organisation needs to review their procedure should be covered in that risk assessment and that will change from organisation to organisation, from

sector to sector.

But I think a really important point is for organisations to think abo ut not just the passage of time but what else has changed. What has changed within the organisation? Perhaps has it moved into new markets? Does it

operate in a different way? Has the sector itself, has that changed? Has HMRC had some compliance activity in the sector which might prompt an organisation to look in their procedures?

So I think it’s safer to look at, you know, a series of those events as being a prompt for an organisation to look at those proced ures; has our level of risk changed, and as a result of that do we need to do anything different in terms of preventative procedures.


So what about those organisations and those individuals who are sitting there looking at this and saying “I don’t have an exposure to any of these risks”’, “I don’t have associated persons” or “I’m not covered by this legislation”, what do you say to those people?


So, I think the first thing to say is everyone has risk. And I think it’s just a matter of scale.

So I know when we talk abo ut tax evasion and we talk abo ut the facilitation of tax evasion, people will

naturally think of complicated offshore structures and financial and profession al services and think “well, we don’t have any real interaction with that therefore, you know, can’t see what CCO risk that we’ve got”.

But the legislation covers all taxes and duties, and what we actually mean by “facilitation of tax evasion” is incredibly broad.

So, let’s think about invoicing. Most organisations will have someo ne responsible for raising and paying

invoices, right. So, if that person agrees to pay an invoice to a different account to the one that’s named on the invoice or they manipulate, say, the proportion of VAT-able goods or services on an invoice so that their valued customer can claim that little bit extra VAT back, that is tax evasion and that is the facilitation of

tax evasion.

So, a really, really basic example that should apply to the vast majority of organisations, and even one step further to the associated persons test, which I think is quite important: lots of organisations will,

understandably, outsource their payroll, and that is a perfectly acceptable way of running your business, but it will bring with it a degree of risk to the corporate criminal offence legislation. So, if, when operating that

payroll, somebody facilitates tax evasion in any number of different ways that they could do that in operating the payroll, then it is likely that your organisation will be responsible for failing to prevent it.

So, it’s important not just to think about your employees, or the people immediately within your organisation, but anyone acting on your beh alf.


And there’s probably another bit on top of that so we just talked about what might trigger an organisation to revisit their risk assessment. I don’t think there has been as big a change to the way organisations operate in the last twelve months than COVID-19 and the pandemic, with lots more people working from home, working in completely new ways, perhaps, you know, rushing through new suppliers, new products; a whole load of

things that come with it and all of those will have brought about an additional degree of risk.

If people are working at home, as opposed to in the office, that’s not to say for a minute that everyone

working from home, you know, will throw things out of the window in terms of what they would do in the office, I’m not saying that for a minute, but it brings with it a degree of additional risk; there is less physical oversight. It may well be that processes that work in an office environment won’t work as easily when people are spread across the country.

So I think that’s a relevant example of current climate should really be prompting organisations to look at their risk assessments, their preventative procedures and possibly, even those that haven ’t looked at it so far,

there’s an additional prompt to say “well actually perhaps we do need to have a look at this”.

The final point on that I think would be you can’t backdate your proced ures. So, I think this is a really important point – so, organisations that haven’t done anything yet, the longer that they leave it to do

something, the greater the risk is that facilitation could have, you know, occurred between 30 September 2017 and when ever those proced ures are put in place.


So basically, they’re just leaving themselves wide open for an investigation.


They are. And I guess, you know, a real world impact of that, you know – I’m hearing from a few different sources to be honest – abo ut whether it’s part of the merger and acquisition process and extended due

diligence of transactions, firms pulling out of those deals because an organisation hasn’t done anything in

relation to CCO, and that ultimately means that they could be footing the bill for the unlimited fine further down the line if something was to happen.

So, there is a real-world impact there of not taking the legislation seriously and not acting to do what is ultimately reasonable and proportionate to stop people acting on your behalf committing criminal offences. So, it doesn’t feel like a big ask to be perfectly honest.


So just talking about that real-world impact, what are HMRC doing at the moment in terms of investigations and compliance?


So, we’ve been doing quite, and one of the things that I’ve been keen to do is try and tell people that we are doing quite a lot. We publish reasonably reg ular updates on our compliance activity, so abo ut every six

months or so, the last update, I think, was towards the end of October or beginning of November and we said that we’ve got 13 live investigations and another 18 under review, and importantly across 10 different

business sectors.

So when I talk abo ut the legislation applying to all taxes, businesses of all shapes and sizes and that the facilitation can be incredibly broad, I think what is reassuring from my perspective and hopefully what will come through to the listeners, are compliance activities really underpinning our messaging. It is applying to businesses of all shap es and sizes, it is applying across multiple sectors and I think that will be a key part of

our compliance approach, to continue to demonstrate the breadth of application and that organisations need to act.


So what about for those businesses who are unfortunate enough to find that they don’t have these compliance procedures in place and the worst has already happened, what do they do?


So there is a self-reporting port online which is for exactly that; whether that be as part of doing their first risk assessment, whether that be as part of looking at how effective their proced ures have been , they find

something that means they have got liability, someone within their organisation or acting on their behalf has facilitated tax evasion, they can use that dedicated portal.

And I think an important point for me and, you know, it’s not necessarily specific to the corporate criminal

offence, it has always been HMRC’s position that it is far better for a customer – whether that be an individual

or business – to come forward voluntarily to HMRC, disclose the wrongdoing and work with us to correct it, than it is to sit on your hands, hope we don’t find out about it and hope that it goes away.

And all of those things, as is usually the case with HRMC investigation, will be factored in when it comes to pen alties, fines, sanctions. So, that importance of early identification, disclosing it to HRMC and then

cooperating with us to resolve all the issues is really, really important


So, what kind of businesses could this apply to? How far does the reach go?


So, even though we talk abo ut the UK offence, the evasion of UK taxes, the scope of the legislation and the reach of this legislation is effectively global.

So, I’ve talked about needing to have those two component parts, UK tax evasion, the facilitation of UK tax evasion, but where that facilitation of tax evasion happen ed, is irrelevant, so that doesn’t have to happen in the UK, the relevant body, the organisation, the corporate, doesn’t have to be within the UK, as long as there has been evasion of UK taxes or duties it is within HMRC’s jurisdiction to investigate.

And hopefully, peo ple may well have seen or heard of some of the work that HMRC has been doing as part of the J5 global alliance. It’s an area of work that we do, picking up some more responsibility, so there it’s the UK, it’s the US, it’s Can ad a, Australia and the Netherlands; tax administrations from those jurisdictions all

getting together specifically to look at how they can tackle global tax evasion, the en ablers of tax evasion and CCO is a big part of that.


So you mentioned the J5 countries, I’m assuming that you’re all working together and tackling this kind of project, what kinds of examples have you got of the work that you’ve done?


I think there has been some stuff published relatively recently actually, we’re sharing more intelligence between our jurisdictions than we have ever done before. I think even at the start of this year, we had our first big ‘global day of action’ with investigations taking place around the world and I think that will become

commonplace; particularly when we talk abo ut global tax evasion, we talk abo ut offshore service providers – the chances of one of those offshore service providers only impacting on the UK and not other jurisdictions is incredibly unlikely.

So wherever there is a shared interest you can expect to see a great degree of cooperation, not just between those J5 countries but I think there is a growing desire across, you know, a number of the OECD countries that are looking at professional en ablers, looking at tax crime, looking at tax evasion . I think international

cooperation is going to be a key part of most tax administrations’ enforcement policy.


So how do you see this corporate criminal offence fitting within the wider compliance risks that businesses face?


I do quite a bit of work with some other law enforcement ag encies and a lot of what I get asked for is ‘can you tell us what the red flags for tax evasion are, what does tax evasion look like?’ And in reality, it can look very, very similar to bribery and corruption red flags; it can look very, very similar to money laundering red flags.

So I think where CCO needs to be is right up there along with anti-bribery and corruption, anti-mon ey laundering procedures. And we do talk about in the guidance that some of those other perhaps more

longstanding policies and practices within an organisation can get a good starting point for CCO, but it’s important I guess for people to understand that what might start as a tax investigation could end up being a bribery investigation led by the SFO, or an SFO bribery investigation could end up being a tax evasion

investigation and a CCO investigation, so as well as there being you know a greater amount of cooperation internationally there’s also a greater degree of cooperation between UK law enforcement organisations on not just tax, but what we call economic crime more gen erally.


So what would your top tips be for helping businesses to deal with the CCO risk that they’re facing?


So I think my top tip would be a simple one; that’s risk assessment. So, if an organisation hasn’t already done one, then they really should be looking to complete a risk assessment to look at their potential level of

exposure, to look at whether they have existing protections and preventative proced ures already in place for things like bribery, corruption, money laun dering. It’s really not a wise move, as I said earlier, you know, to sit on your hands and hope we don’t find out abo ut it.

At very least understand where your starting point is, your level of exposure, and what you might need to do to protect yourself.


Thank you very much Sam for taking us through the corporate criminal offence.

As ever a big thank you goes to our miracle working producer Mary Mitchell; Josh McDonald, who does all the work pulling each episode together; our music is from musical genius Andrew Waterson; and of course a big thank you to all of our listeners for joining us.

A full transcript of this episode, together with our references can be found on our website and you can find Sam’s CCO explan atory videos on LinkedIn by searching for the hashtag #CCOClub – all one word.

If you have any questions for me or for Sam or any topics you’d like us to cover in a future episode please do email us on (email protected). We’d love to hear from you.

If you like Taxing Matters, why not try RPC’s other podcast offering, Insurance Covered, which looks at the inner workings of the insurance industry hosted by the brilliant Peter Mansfield and available on Apple

Podcasts, Spotify and Acast.

If you liked this episode please do take a moment to rate, review and subscribe and remember to tell a colleag ue abo ut us.

Thank you all for listening and talk to you again in two weeks.