The Criminal Finances Act 2017 came into effect on 30 September 2017, and the new corporate offence of failure to prevent the facilitation of tax evasion is now in force in England and Wales. The offence carries a penalty of an unlimited fine and a criminal record for corporates if convicted.
Corporates need reasonable procedures in place to prevent the facilitation of tax evasion in order to establish a defence.
All corporations are within the scope of the new legislation and should take steps to prepare for it. This should involve, at the very least and as a first step, adapting your wider financial crime compliance programme to include a specific facilitation of tax evasion risk assessment, and acting on any identified risk areas.
We have worked with a number of clients to carry out a risk-assessment of their business, identify high-risk areas and help to put in place proportionate prevention procedures, which should be monitored and reviewed on an on-going basis. Those who have not yet taken any action should do so now.
Overview of the new offence
A corporation will be guilty of the new office if all three steps below are established:
- a tax evasion offence is committed by a tax payer (a tax evader);
- the commissioning of that offence is criminally facilitated by a third party (the facilitator); and
- the facilitator is associated with the corporation.
Importantly, criminal intent on the part of both the tax evader and the facilitator must be established. There are, therefore, two underlying criminal offences that must be committed in order to hold the corporation liable, although it is not necessary for the offences to be prosecuted or the perpetrators convicted.
However, there is no requirement to establish intent on the part of the corporate. In fact, the corporate can be convicted even if it did not benefit from the offence.
Who is an associated person?
Corporations will only commit the new offence if the facilitation offence was carried out by an associated person.
The definition of an associated person is deliberately broad. It includes employees, agents and anyone who performs services for and on behalf of the corporate (which could include distributors, subcontractors, consultants, joint venture partners, subsidiaries and other group companies).
For large corporations with extensive global networks, this could amount to hundreds of entities.
The territorial scope is extremely wide, with the new legislation comprising two separate offences: a UK tax evasion offence and a foreign tax evasion offence.
- For the UK tax evasion offence, the tax evader must be a UK tax payer, but the corporation can be from anywhere in the world and needs no UK nexus in order to be guilty of the corporate offence.
- For the foreign tax evasion offence, the tax evader must have committed a tax evasion offence in the country in question, but the conduct must also amount to an offence in the UK. The facilitator must also have committed a facilitation offence in the country in question, which must also be a facilitation offence in the UK. Unlike the UK offence, the corporate must have some connection with the UK in order to be brought within the scope of the foreign tax evasion offence, but this could be as remote as part of the facilitation being carried out in the UK.
How can a corporation establish a defence?
As the offence is a strict liability offence, if stages one and two are committed then the relevant body will have committed the new corporate offence unless it can show it has put in place reasonable preventative procedures.
Once the underlying offences have been proven (but, as referred to above, not necessarily prosecuted), the burden shifts to the corporation to show it had reasonable and proportionate procedures in place to prevent the facilitator doing what he or she did.
The legislation and supporting guidance takes a principle-based approach. There are 6 “guiding principles”:
- risk assessment;
- proportionality of risk-based prevention procedures;
- top-level commitment;
- due diligence;
- communication (including training); and
- monitoring and review.
What is reasonable and proportionate for a corporate will depend entirely on the circumstances particular to it. Corporations will need bespoke procedures based on an assessment of the specific risks they face. Upon carrying out a risk assessment, it may be reasonable and proportionate for a corporation to conclude that a light touch compliance regime is required, but it is vital as an absolute minimum requirement that a risk assessment is carried out, documented and regularly reviewed.
For higher risk corporations, such as entities that operate in the financial services sector (and in particular tax advisory firms) and/or high risk jurisdictions (such as tax havens), a much more rigorous compliance regime will be required in order to establish the defence.
HMRC also expects that a feature of any compliance regime will be timely self-reporting following the discovery of a suspected facilitation offence being carried out by an associated person.
What should corporates have done by now?
HMRC guidance is clear that it expected corporations to have at the very least carried out a tax evasion facilitation risk assessment and be working towards implementing a bespoke set of reasonable and proportionate procedures by 30 September 2017.
If your organisation has not already done so, we recommend taking action now to start this process. We can work with you to understand what this might involve, and how you can integrate your compliance and reporting programmes to future-proof against the current trend of ever-increasing levels of corporate transparency and liability.
Osborne Clarke comment
Having carried out a number of risk assessments, we have encountered some common high-risk areas, which include:
- the role played by umbrella companies;
- the role played by suppliers;
- the ways in which consultants and others are rewarded.
We have been able to suggest practical ways in which companies can implement and demonstrate proportionate prevention procedures that are tailored to their business, and would urge any companies that have not yet carried out a risk assessment and/or have not yet begun to put in place such procedures to act now to start this process.