Corporate Criminal Offences: Increased risk of remote working
The ongoing COVID-19 pandemic has resulted in huge social and financial costs to individuals, businesses and the government. The UK tax authorities will have a key role in helping to meet this cost, by monitoring and ensuring tax compliance in order to maximise the revenue flowing to the Treasury.
Part of the cost is a heightened risk of fraud as an unfortunate and inevitable consequence of the pressures on struggling businesses to cut and manage expenditure. There is also the opportunistic risk of those seeking to take advantage of government grants and loans, with HMRC recently estimating almost 7,000 cases of Coronavirus Job Retention Scheme fraud.
HMRC continues to focus on clamping down on tax fraud and, unlike some other HMRC initiatives, there has been no suspension of key anti-tax evasion measures such as the Corporate Criminal Offences of Failure to Prevent Facilitation of Tax Evasion (CCO).
Corporate Criminal Offences
In summary, under the CCO legislation, businesses can be prosecuted for a criminal offence if they fail to prevent an Associated Person facilitating tax evasion – either through that person’s deliberate action or through ‘turning a blind eye'. Importantly, businesses can also be held liable for the actions of third parties – service providers or suppliers to the business.
A successful prosecution would lead to an unlimited financial penalty and significant reputational damage. Pre-COVID-19, HMRC announced that 30 businesses were already under criminal investigation. This number will undoubtedly increase as a direct result of frauds taking place during COVID-19, and we are aware that both HMRC and the Serious Fraud Office are working collaboratively in reviewing potential cases for prosecution.
Impact of remote working
As a result of COVID-19, there have been widespread staff reductions and unprecedented numbers of employees working remotely, potentially leading to an increased burden on remaining staff and a lower level of oversight of their activities. With senior management focused on business critical functions, outdated processes which have not been reviewed to take into account the changes in working practice will give rise to a heightened risk of compliance failures.
To manage the risk, it is imperative that businesses take steps to protect themselves both from fraud and also potential prosecution under this legislation. There is a defence from prosecution of having ‘reasonable prevention procedures’, and these procedures include rigorous supplier due diligence and ensuring the right level of communication both within the business and also externally, in the form of appropriate contractual clauses and codes of conduct.
An essential element of this is understanding where the risks are and providing the right level of training, making sure that employees, contractors and agents of the business have an awareness of the legislation, the potential risk areas, and also what to do if they see or suspect tax fraud, or the facilitation of tax fraud. Existing controls which rely on face-to-face discussion and physical sign-off will need to be reviewed and enhanced.
For those businesses that have already undertaken steps towards compliance with CCO, this will mean ensuring the risks arising as a result of the ‘new’ ways of working are addressed. This fits absolutely within the ‘principles’ of HMRC’s Guidance concerning the CCO, which states that businesses must refresh their risk assessment and controls as the risk environment evolves.
Additionally, the importance of communication cannot be over stressed – employees need to be aware of the risks arising from the changing environment and clearly need to be cognisant of new processes and controls. Before long, the new way of business will be Business As Usual.
All businesses continue to develop both their response to COVID-19 and also an evolving working environment post COVID-19. The challenges, and opportunities, of a remote workforce and the accelerating pace of digital change mean that different approaches to compliance, governance and regulation must be considered.
A key element of this is embedding a culture of fraud prevention within businesses. With this in mind, we have developed an online offering through which businesses can access the tools, templates and know-how to develop a response to the CCO legislation, as well as a suite of online e-Learning modules covering not only CCO but also the Bribery Act, GDPR and DAC 6.
The tools available through the online store are founded on our experience of handling global implementations across various industries. They are ideally suited to small and medium-sized businesses in taking the steps necessary to comply with the CCO legislation and, although the response to the CCO legislation must be proportionate to the size and complexity of the organisation, they can also be used by large businesses as a first step towards compliance.
How can BDO Tax Risk team support businesses?
All businesses continue to develop their response both to COVID-19 and also an evolving working environment post COVID-19. The challenges, and opportunities, of a remote workforce and the accelerating pace of digital change mean that different approaches to compliance, governance and regulation must be considered.
It is important to ensure that reasonable prevention procedures are designed to prevent associated persons from committing the facilitation offences in the new reality.
This Toolkit provides organisations with the tools, templates and knowhow to develop a response to the Corporate Criminal Offence legislation.
It is a step-by-step guide to ensuring that the controls businesses implement are aligned to HMRC’s Six Guiding Principles and meet the legislations requirements, including carrying out their own CCO Risk Assessment. The documentation includes various policies, internal and external messaging and example contractual terms.
Ensuring staff and other associated persons understand their responsibilities is a critical control in minimising the risk of enforcement action. We have developed a bespoke elearning course to meet HMRC’s requirements.
The elearning module can be easily uploaded to an existing Learning Management System for staff distribution, or we can provide a platform through which the training can be distributed. This method of learning and embedding is well suited to remote working.
Risk assessments and ongoing monitoring
Where there are staff reductions, employees working from home, or management focused on critical functions only, unique opportunities arise for committing tax fraud. Risk assessments should be regularly reviewed, particularly within the context of COVID-19.
For businesses who have already performed a risk assessment, we can support with carrying out a review, which normally involves reviewing existing policies and procedures as well as refreshing current risk assessment to reflect any changes in the business.