Save article




UK enacts new corporate criminal offense for failure to prevent facilitation of tax evasion

New offense has global implications

Executive summary

On 27 April 2017, the UK Criminal Finances Act (the Act) received royal assent. Among other measures, the Act introduces a new corporate criminal offense (CCO) of failing to prevent the facilitation of tax evasion. The new offense concerns when an ”associated person,” such as an employee, agent, contractor or subsidiary, facilitates the evasion of tax of a third party while acting on behalf of the business. The legislation overcomes the difficulty in attributing criminal liability to businesses for the criminal acts of employees, agents or those that provide services for or on their behalf.

If those persons acting on behalf of a business facilitate the tax evasion of a third party, then the business (defined as a ”relevant body”) would be at risk of a criminal conviction and unlimited fine if it cannot evidence that it had reasonable preventative procedures in place to prevent the facilitation of tax evasion. While UK legislation, the impact is far reaching and could result in overseas businesses being prosecuted. The legislation defines a relevant body as “a body corporate or partnership (wherever incorporated or formed).”

It is expected that, regardless of the result of the upcoming general election, the next Government will take all necessary steps to make the new offense effective from September 2017.

HM Revenue & Customs (HMRC) is not expecting organizations to put in place fail-safe procedures to stop clients and customers from committing tax evasion, or stopping the de facto tax evasion itself. Rather, it expects businesses to take a risk-based approach and to be doing all that is ”reasonable” to prevent their people, service providers and third parties from being knowingly concerned in facilitating the tax evasion of third parties around the world.

The repercussions, if found guilty of the new CCO, are likely to have long-standing consequences – for regulated businesses for example, systematic failures in systems and controls will not be viewed favorably and could result in licenses being revoked in some jurisdictions. Further, organizations may find themselves barred from public procurement processes, see directors disqualified under existing laws, and face reputational damage.

By September 2017, HMRC expects all businesses to have identified, documented and categorized the specific risks of facilitation of tax evasion across their organization, and to have devised a plan on how each will be addressed.

Detailed discussion

What are ”reasonable procedures” to prevent the facilitation of tax evasion?

Businesses should put in place procedures that are proportionate to the risks they face, using HMRC’s six principles as a guide:

  • Risk assessment
  • Proportionality of risk-based prevention procedures
  • Top level commitment
  • Due diligence
  • Communication
  • Monitoring and review

What constitutes ”reasonable” is likely to be the crux for tax, compliance and legal teams over the coming months. The expectations of what is ”reasonable” are likely to develop, with businesses having to adapt their systems and controls on an ongoing basis. The approach taken by the UK Government mirrors that adopted in the 2010 Bribery Act and as is the case with that Act, the line of defense for the new CCO rests on whether a business’ preventative procedures are deemed sufficient in proportion to the risks.

Global reach of the legislation

The reach of the legislation is international and wide-ranging, and will for many organizations require a global approach.

Many businesses are still at the very early stages of understanding the impact of the legislation. Any group which either has a business in the UK, has people acting on its behalf in the UK, or transacts with UK-based persons needs to consider the new requirements. The entity can be based overseas, the facilitation can arise overseas, and the evasion can be of overseas tax.

Risk assessment – the first response

The risk assessment drives the response to the legislation – until a business identifies where its risks arise, it cannot know whether existing controls address the risk. Before building a plan for introducing reasonable procedures, it is advisable that a risk assessment is undertaken to ensure that the response is proportionate.

A logical starting point is to risk assess business operations, considering the geographies, divisions, products, supplies, relationships and motivations which can result in a risk. Identifying the ‘associated persons’ of the business, and the risks of facilitation can ensure a focus on key risk areas. It can also be helpful to consider who the counterparties to transactions are who could be potentially evading tax and then identify where facilitation could arise, for example customers, suppliers, and employees.

As risks are identified and prioritized, existing controlling procedures can then also be identified and evaluated for design and operational effectiveness. A plan can then be built to address any gaps in controlling procedures and deliver a proportionate response aligned to the remaining guiding principles. Any response should include top-level commitment from the organization as well as communication (likely to be through policies and training in the initial instance).

Next steps

Businesses should consider undertaking a risk assessment as it provides the platform to build on a company’s existing control framework and deliver a plan to include top-level commitment, policy development, training, monitoring and testing which addresses the risks identified. The UK practice has established a methodology for undertaking a risk assessment for the CCO and has worked with a number of businesses to build a proportionate response to the legislation.

Examples of some of the key questions to address include:

  • Who in the organization will take ownership of compliance with the legislation, for example tax, compliance, legal or a combination of these functions?
  • What does ”reasonable” mean in the context of the size and industry sector of the business?
  • Who are the associated persons of the business?
  • Where are the highest risk roles, divisions or geographies in the organization?
  • Are whistle-blowing systems in place and, if so, are they sufficient?
  • How do you build on existing policies and training programs to deliver a proportionate response to the risks identified?
  • How will any allegations of the facilitation of tax evasion be assessed and investigated?
  • How will you document and regularly review your procedures?

Further information

To hear more on HMRC’s expectations of how businesses should respond, listen to our webcast of 16 March 2017 held with HMRC’s policy lead on CCO, Jennifer Haslett, at

EYG no. 01994-171Gbl

Download this Tax Alert as a PDF file

Privacy  |  Cookies  |  BCR  |  Legal  |  Global Code of Conduct

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.



Font size

Tax topics >

No filter criteria selected.

Industries >

No filter criteria selected.

Countries >

No filter criteria selected.

 < Close


 < Close


 < Close

Tax topics

 < Close


 < Close


 < Close

0 articles have been saved