First business charged under UK corporate criminal offences for failure to prevent tax evasion

A UK accountancy firm has become the first business charged under the Criminal Finances Act (CFA) 2017 offences for failing to prevent the facilitation of tax evasion. Businesses are at risk of criminal prosecution  if they fail to implement and update proper procedures.

CFA recap

Under the CFA, which is sometimes called the "corporate criminal offence", businesses commit a criminal offence if they fail to prevent an associated person (an employee, agent or third party who is performing services for or on behalf of the business) from facilitating tax evasion by a third party. These offences apply to both UK and non-UK tax evasion. For UK tax evasion, it does not matter where the relevant corporate entity is based or where the conduct of the relevant parties takes place. The non-UK tax evasion rules are complex but broadly require some connection to the UK. 

These are strict liability offences and so it is not necessary to prove knowledge on the part of senior management. If a business has facilitated tax evasion, the only defence to the CFA offences is having reasonable preventative procedures in place (see below).

If prosecuted, a business can face unlimited fines, reputational damage and potential loss of regulatory approvals. Under the Procurement Act 2023 (in force earlier this year), a CFA prosecution can mean entire supply chains being barred from public bids.

This "failure to prevent" approach was first adopted in the UK under the Bribery Act 2010 for bribery offences. From September 2025, a new failure to prevent fraud offence also comes into force covering various types of fraud including tax fraud. Previously, English law generally only permitted corporate prosecutions where the necessary dishonest behaviour could be attributed to the "direct mind and will" of the business; that is, members of senior management. These new types of statutory offence make it easier for corporates to be prosecuted.

Landmark prosecution decision

HMRC have previously confirmed the existence of several long-running CFA investigations. As at 31 December 2024, there were 11 live investigations and 28 "opportunities" under review, with a further 114 opportunities already reviewed and dismissed. However, despite the CFA offences having been in force since September 2017, there had not been any prosecution decisions. That has now changed.

On 7 August 2025, representatives of a UK accountancy firm appeared at Manchester Crown Court upon charges under the CFA. Alongside the firm, six individuals have been charged with offences including cheating the public revenue and money laundering. The offences relate to an alleged tax fraud in connection with research and development (R&D) tax relief and Covid-19 "bounce back" loans. 

It is assumed  this case may be linked to a previous announcement made by HMRC back in October 2022 confirming eight arrests in relation to over 100 allegedly fraudulent R&D tax credits totalling over £16 million. According to reports at the time, 130 officers from HMRC's Fraud Investigation Service had executed arrest warrants in multiple locations across England. 

HMRC were reported as commenting: "The arrests include a tax agent suspected of criminally facilitating the fraudulent attack. More arrests are expected in the coming days. By acting quickly to pause payments and implement additional checks on claims, we've protected £46m of public money."

Although no formal pleas have yet been entered, recent press reports quote the accountancy firm in question as publicly denying the charges under the CFA: “The business faces a single technical regulatory offence connected to its monitoring procedures; this is not part of the principal case before the court. We can confirm that the matter is denied and will be vigorously defended.”

Full details of the case will be revealed in due course, with the full trial expected in 2027. However, under the CFA, senior members of the firm would not need to be aware of the tax fraud in question (if they were, they could be prosecuted as individuals). It would be sufficient to prosecute the firm under the CFA if a single employee – however junior - were to knowingly permit fraudulent R&D claims to be submitted by or on behalf of a client to HMRC (or perhaps even turn a blind eye to the fact that they were fraudulent). The only defence for the firm in that scenario would be to have had in place reasonable preventive procedures.

The defence of reasonable procedures

The CFA offences have been in force since September 2017. All businesses, irrespective of sector and size, should therefore already have had reasonable procedures in place for some time to prevent the facilitation of tax evasion. What is reasonable for a business depends on the circumstances – there is no "one size fits all" approach. A business will need procedures tailored to the particular risks it faces. A light-touch compliance regime may suffice for some or all areas or smaller businesses, but higher-risk businesses will need a more rigorous compliance regime to establish the defence.

Reasonable procedures are not limited to initial risk assessments or simple written policies. For a risk assessment and procedures to be effective, they must necessarily relate to the business as it is now and not as it was at the time of the risk assessment. HMRC's CFA guidance makes this clear, as one of the "guiding principles" is monitoring and review whereby businesses are expected to review their procedures over time to ensure that they remain up to date and effective. 

Even those businesses that may have previously implemented procedures may, therefore, find themselves at risk of prosecution, particularly if it has been some time since those procedures were last reviewed or if there have been changes in the business – whether it be the acquisition of subsidiaries, new software systems or team structures, remote working or otherwise, or even external market factors.

Osborne Clarke comment

This is a long-awaited landmark development that should come as no surprise, following various signals from the government about increasing corporate tax prosecutions. The Labour Party's general election plans to close the tax gap specifically referred to the lack of CFA prosecutions at that time (as well as Sir Keir Starmer's record on white collar tax evasion in his former role as director of public prosecutions). 

Building on this, the Spring Statement 2025 saw the government announce a raft of new measures against tax non-compliance. This incorporated a new prosecution target, including tackling tax evasion "facilitated by those in large corporations" – a clear signal that the first CFA prosecution was likely to be imminent. The CFA also now forms a standard part of HMRC's Business Risk review (BRR+) and we are seeing the CFA being raised by HMRC as part of general compliance checks.
A reason behind the previous lack of CFA prosecutions was that these offences were introduced to help drive behavioural change. However, many businesses still do not have reasonable procedures in place (which includes those that may have purchased "off-the-shelf" procedures that have not been properly adapted or updated to reflect current working practices). The lack of prosecutions under the CFA had therefore led to criticism that would lead to businesses questioning whether there was a real threat of enforcement. 

The latest news clearly means that all businesses should review their position and take the CFA offences very seriously. Where potential breaches are discovered, businesses should ensure that they take appropriate (legally privileged) tax and criminal advice to protect their position.