What do I need to know?
The Criminal Finances Act 2017 (CFA) came into force on 30 September 2017, introducing a number of changes to the law relating to money laundering, civil recovery and enforcement and seizure powers, among other things. A key feature of the CFA that should be given wide consideration is the introduction of two new corporate offences relating to the facilitation of tax evasion.
The new offences criminalise a businesses failure to prevent a tax evasion facilitation offence by an associated person. Rather than radically altering what acts are deemed to be criminal, the CFA hones in on who is ultimately accountable for the acts of facilitation which are already criminal under existing law.
What are these offences?
The new corporate criminal offences are:
- the failure of a corporate body to prevent facilitation of UK tax evasion by an associated person; and
- the failure of a corporate body to prevent facilitation of non-UK tax evasion by an associated person.
For each offence there must be: criminal tax evasion by a taxpayer; criminal facilitation of the offence by a person acting on behalf of the corporate entity; and failure to take reasonable steps to prevent the facilitation by that corporate entity. Where a person 'associated' with the business criminally facilitates tax evasion, unless steps have been taken by that business to prevent such facilitation, the entity will be held accountable. Proof of board-level knowledge by HMRC is not required.
How does this affect me?
- The CFA is widely framed and applies both to UK bodies and international bodies with a presence in the UK.
- Any incorporated body or partnership (including limited partnership) could find themselves accused of an offence under the CFA should they fail to take the necessary protective steps.
- Liability under the CFA is strict but limited to incorporated body or partnership itself. Unless firms can show they had reasonable prevention procedures in place (or that it was in fact not reasonable to have such procedures), they can be found guilty of an offence.
- The level of scrutiny will likely accord with the general risk profile of the sector within which the business operates. However, with possible consequences including an unlimited fine, the possibility of additional sanctions being levied, and the risk of suffering serious reputational damage, compliance with the CFA should be high on every businesses regulatory compliance list.
Is the CFA not just for big business operating in high-risk sectors like banking?
- Although large business in high-risk sectors are likely to be subject to enhanced scrutiny under the new legislation, it is not just banks and professional services firms who need to take action. Given the broad application of the rules, and the limited scope of the defence to an accusation of an offence, every business should consider their own position. Reputational damage alone may be significant, even without the application of any additional sanctions available under the legislation.
- All businesses must consider their own business and the sector in which they operate as well as their wider relationships and businesses with whom they contract. The larger or more complex the business, the greater the risk and more robust the approach to the CFA may be required to be. However, every business, regardless of size, should take action.
HMRC have made clear that compliance with statutory guidance alone will not render a body immune from prosecution. Certain demonstrable and evidence-based steps require to be taken.
What steps should I take?
A business can defend itself against a CFA prosecution only where it can demonstrate either: that it had reasonable prevention procedures in place, designed to prevent the facilitation of the offence; or that it was not reasonable in the circumstances to have in place such prevention procedures.
With the burden of proof falling squarely on the corporate entity, a body must be able to objectively display: top level commitment; robust risk assessment and due diligence processes; appropriate ongoing monitoring procedures; and adequate and proportionate policies and internal training.
Every business, regardless of turnover, size or sector, should consider:
- reviewing their commercial contracts to ensure that the parties with whom they contract are compliant with the CFA;
- completing a risk assessment to identify potential areas of risk adequate for their business needs;
- reviewing existing due diligence and internal policies;
- making clear the top-level commitment to compliance required under the CFA and ensuring that this is cascaded throughout the full extent of the business;
- delivering adequate and proportionate staff training on the CFA and related risks if deemed necessary; and
- planning for the ongoing monitoring and review of policies, training, and risk assessments.
Taking no action is simply not an option.
How can we assist?
As far as the CFA goes, there is certainly no "one size fits all" approach and every business must take active and comprehensive steps to avoid falling foul of the new legislation. We can help to assess your needs in light of the new rules, assisting with your risk assessment and providing specific assistance in relation to staff training, policy and contract reviews, and implementation of ongoing review.
Action required under the CFA is measured in relation to what is specifically and proportionately required for the particular business entity. We can work with you to build in suitably robust procedures to protect your business now and in the future.
If you have any concerns regarding compliance with the CFA or would like to discuss how we can help you, please contact our Tax Team or your usual DWF contact for support and advice.
Authored by Freya Gibb and Caroline Colliston.