As our colleagues have discussed here, here and here , the recent enactment of the Economic Crime and Corporate Transparency Act 2023 (the Act) has made two important changes to the UK’s corporate criminal law framework: the introduction of a new failure to prevent fraud offence (the FTP) and the expansion of the identification principle. Building on the overview in the UK section of our Tax investigations and disputes across borders guide, in this blog post we explore the practical implications of these changes from a tax perspective.
The previous position
There are a number of criminal offences for which taxpayers have long been potentially subject to prosecution in the UK. However, under the traditional identification principle, corporates could only be liable for these offences if it could be established that an individual who represented the ‘directing mind and will’ of that corporate had the necessary criminal intention. That imposed a high hurdle in practice.
Partly to address that, in 2017 the UK government introduced the corporate criminal offence of failing to prevent the facilitation of tax evasion (the CCO). By way of reminder, in very high-level terms, an organisation will be guilty of a criminal offence under the CCO if:
- a third party commits a tax evasion offence, and
- that third party is criminally facilitated in doing so by an associated person of the organisation, unless
- the organisation can establish that it had in place reasonable procedures to prevent the facilitation.
What has changed?
The Act has introduced two additional ways in which organisations may face liability in relation to tax offences.
In very broad terms, a large organisation will be guilty of a criminal offence under the FTP if:
- an associate of that organisation commits a specified fraud offence (including certain types of tax fraud), and
- the associate has the intention of benefiting the organisation is some way, unless
- the organisation can establish that it had in place reasonable procedures to prevent the fraudulent activity.
There are clear similarities between the FTP and the CCO – most notably, they are both strict liability offences subject to a reasonable procedures defence. There are, however, important differences to bear in mind in terms of how they apply in the tax context. In particular:
- Scope: unlike the CCO, the FTP only applies to organisations which meet certain size requirements, either alone or as part of a group.
- The wrongdoing by the associate and the purpose of the reasonable procedures: as highlighted in the diagrams above, the CCO is concerned with persons connected to an organisation criminally facilitating an offence committed by a third party, whereas the FTP is concerned with such persons themselves committing an offence. That difference in the underlying role of the associate is mirrored in the ‘reasonable procedures’ defences – that is, the CCO defence requires reasonable procedures to prevent the facilitation of tax evasion, whereas the FTP defence requires reasonable procedures to prevent (tax) fraud itself. This is potentially the most important distinction between the CCO and FTP for in-scope businesses: procedures which satisfy the CCO defence will not necessarily satisfy the FTP defence, and vice versa. (We discuss further below what this is likely to mean in practice.)
- Tax evasion v tax fraud: there is also a difference in what underlying offences are relevant: the CCO is concerned with tax ‘evasion’, whereas the FTP is concerned with tax ‘fraud’. On paper, the former is wider: while the common law offence of cheating the public revenue and the statutory offences of fraud under the Fraud Act 2006 and false accounting under the Theft Act 1968 are captured by both, certain other tax offences, such the fraudulent evasion of VAT, are not relevant underlying offences for FTP purposes. However, there is significant overlap between tax offences and taxpayer wrongdoing is often investigated under multiple heads, meaning this distinction is perhaps unlikely to be significant in practice.
- Jurisdictional requirements: the FTP is concerned with actions of associates which amount to a (tax) fraud offence under UK law. The CCO is not so limited in its jurisdictional reach and can be engaged by non-UK tax evasion offences, provided there is a ‘UK nexus’ and ‘dual criminality’ (i.e. both the underlying tax evasion and facilitation constitutes an offence in the UK as well as the relevant foreign jurisdiction). Prosecution of the CCO in relation to non-UK tax evasion also requires consent to be obtained from the Director of Public Prosecutions or the Director of the SFO. However, this difference may also be less significant than appears at first blush due to the practical difficulties for UK authorities in evidencing the fraudulent evasion of foreign tax and HMRC guidance indicating that prosecution under the CCO in respect of foreign tax evasion will often not be in the public interest.
- Intention behind the tax evasion / fraud: unlike the CCO, an organisation can only be liable under the FTP if the underlying (tax) offence was committed by the associate with the intention of benefitting the organisation. However, this does not require the associate to have committed the offence with the sole or main purpose of benefitting the organisation; nor does it require such a benefit to actually arise. As such, it remains unclear how significant this limb of the FTP will be in practice.
The expansion of the identification principle
Secondly, the Act has expanded the identification principle for a range of economic crimes, with the effect that if a senior manager of the organisation acting within the actual or apparent scope of their authority commits certain (tax) offences, the organisation will itself also be liable. In other words, rather than introducing a new offence, this reform makes it potentially easier for corporates to be found liable for existing offences.
The broad underlying concern that this reform seeks to address is essentially the same as that sitting behind the FTP: that persons connected to an organisation may themselves be committing economic crimes for which, without legislative reform, that organisation cannot be held criminally liable. Importantly though there are a number of clear differences from the FTP:
- The extended identification principle can apply to organisations of any size, not just those meeting a financial threshold.
- The list of relevant underlying economic crimes (including tax offences) is wider.
- The underlying offence must be committed (a) by a senior manager (rather than the broader category of associate), and (b) in the actual or apparent scope of their authority. (A note of caution: as our colleagues discuss here, the reference to the ‘apparent’ scope of a senior manager’s authority makes (b) much broader than might first appear.)
- The underlying offence does not need to be committed with the intention of benefiting the organisation.
- Perhaps most concerningly for businesses, there is no ‘reasonable procedures’-type defence available to them: organisations can be criminally liable even if they took every possible step to prevent such wrongdoing by their senior managers.
What does that mean for businesses?
As we recommended here, one key thing organisations can do to minimise the risk of any facilitation activity that could prompt a CCO investigation, and to avoid successful CCO prosecution should one nonetheless be brought, is ensure they are able to demonstrate that they have in place such prevention procedures as it is reasonable in all the circumstances to expect them to have.
In light of the FTP, organisations should also ensure that they can evidence such reasonable procedures for the prevention of tax fraud itself.
There is not yet guidance on what reasonable procedures in the context of the FTP may look like, but we expect there will be similarities with the existing CCO guidance. On that basis, businesses would be well-advised to follow a similar process:
- complete a detailed assessment process to identify the specific activities, processes and individuals within their business which pose particular risks;
- use that information to formulate a range of bespoke measures aimed at minimising those risks;
- implement those measures properly (ideally with senior stakeholder support), evaluate them for effectiveness and then keep them subject to ongoing review; and
- keep accurate and contemporaneous records of all steps taken, so that they can be demonstrated when required.
There will almost certainly be overlap between the risks identified and the measures formulated in relation to both the CCO and the FTP. (For example, one might expect individuals within the finance function of an organisation to be identified in both risk assessments, and for regular training and a clear whistleblowing policy to form part of the package of measures implemented for both offences.) Indeed, for large UK companies that are subject to the Senior Accounting Officer (SAO) regime, procedures should already be in place to ensure appropriate tax accounting arrangements which mean that, in practice, no additional measures may in fact be required. Nonetheless, it is important to ensure that the CCO and FTP regimes are not incorrectly conflated when carrying out the process set out above – doing so may prejudice the organisation’s ability to rely on the defence.
The expansion of the identification principle does not incorporate a reasonable procedures defence, but following the process above may nonetheless be helpful in this regard too: at best, the implementation of such procedures may prevent the underlying tax offence taking place at all; at worst, it may give the organisation possible arguments against prosecution being in the public interest and/or in favour of a more lenient penalty.
Businesses should also take steps to identify their ‘senior managers’ and, from within that pool, the individuals which are most likely to have the opportunity to commit a tax offence whilst acting in the actual or apparent scope of their authority – CFOs are perhaps the most obvious example, but there may well be others. Thought should then be given on a case-by-case basis as to whether any additional safeguards are needed in respect of their activities.
It is early days for the corporate criminal law reforms introduced by the Act, and further guidance on the FTP in particular is expected in the months ahead. Nonetheless, organisations would be well-advised to start thinking now about how they intend to mitigate the tax-specific risks these reforms may pose.
If you would like to discuss any of the points raised in this blog post in further detail, please contact the authors, our tax investigations and disputes team or your usual Freshfields contact.