UK Criminal Finances Act 2017: New Corporate Facilitation of Tax Evasion Offence – Act Now to Secure the Reasonable Prevention Procedures Defence

September 29, 2017

I. Introduction

The UK Criminal Finances Act 2017 (the CFA) became law on 27 April 2017. On 30 September Part 3 of the CFA, which creates two new corporate criminal offences, will come into force.

The two new offences are:

Section 45 – failure of a relevant body to prevent facilitation of UK tax evasion (the UK Offence), and

Section 46 – failure of a relevant body to prevent facilitation of foreign tax evasion (the Non-UK Offence).

The Offences are similar in design to the ‘corporate’ failure to prevent bribery offence under section 7 of the Bribery Act 2010.  A key similarity is that the only available defence is to have in place reasonable prevention procedures designed to prevent the facilitation. The Offences represent a very significant development in corporate criminal law in the UK.

On September 1, 2017 the HM Revenue and Customs (HMRC) published the required guidance on measures to be taken by businesses to put in place the reasonable prevention procedures (the HMRC Guidance).  The HMRC Guidance amends and replaces the draft guidance published in October 2016. The CFA also empowers the Chancellor to approve guidance issued by other bodies, such as sectoral regulators.  This sort of recognition mechanism has been used previously in anti-money laundering legislation; for example the Joint Money Laundering Steering Group (a grouping of trade associations in the UK financial services industry) publishes guidance which has been given official approval.  The CFA envisages that similar industry guidelines will be produced in this context.

The HMRC Guidance contains useful practical examples and discussion that will inform any interpretation of the legislation.  However, it is not definitive, nor does it operate as a ‘safe-harbour’ to provide immunity from prosecution in cases where it has been followed. As with the similar Bribery Act guidance, it is not binding on the courts, although it is expected to be of highly persuasive effect at the very least.

This Client Alert provides an overview of the Offences, analyses some of the more interesting issues which have the potential to shape the scope of their application, as well as examining the political drivers and regulatory appetite in this space.

II. The Offences

A. Overview

In order to commit either of the two new Offences, it is necessary for two underlying predicate offences to have been committed.  First, there must be an underlying tax evasion offence committed by a taxpayer. Secondly, the associated person of the “relevant body” must have facilitated that evasion.  The HMRC Guidance describes the offence by the taxpayer as “Stage 1“; the facilitation by the associated person as “Stage 2“.  The failure to prevent as “Stage 3“.

In outline, a relevant body commits one of the Offences where a person associated with it, acting in that capacity, criminally facilitates an act of fraudulent tax evasion by another person, and that relevant body does not have reasonable prevention procedures in place.

It must be stressed that “tax” is defined very broadly in the CFA. Under section 52(1) tax is stated to include “duty and any other form of taxation (however described)”. All government levies, excises, tariffs, as well as VAT, national insurance contributions, capital gains tax, income tax, corporation tax, inheritance tax – and all other taxes – are covered.

B. Jurisdiction

The two offences both have extraterritorial effect and both require a nexus to the UK, although the minimum nexus required differs between the two Offences.

The only UK nexus required for the UK Offence is that it involves the evasion of UK tax. There is no other required link to the UK – not the location of any conduct and nor does the relevant body need to be incorporated or formed in the UK.

For the Non-UK Offence the required minimum nexus is that the relevant body either be incorporated or formed in the UK, or that it carries on a business or part of the business in the UK or any conduct constituting part of the foreign tax evasion facilitation offence takes place in the UK.  Note that this minimum nexus may be more readily satisfied than at first it might appear, as the offence may be committed through a non-UK affiliate of the relevant body if the affiliate is an “associated person” of the relevant body under the CFA.  Moreover, case law suggests that the requirement for conduct taking place in the UK may be satisfied by payments or correspondence through the UK.

The definitions of the elements of the Offences repay closer scrutiny.  They raise a number of interesting questions regarding their own scope as well as highlighting potential practical difficulties associated with implementation of the new legislation.

C. “relevant body”

Under the CFA, it is only a “relevant body” that can be charged with either of the Offences. A “relevant body” means a body corporate or partnership.  This also extends to an entity of a similar character formed under the law of a foreign country. The Offences therefore apply to all companies, LLPs and partnerships. The Offences cannot be committed by individuals.

The relevant body’s liability is strict in the sense that liability does not require any mental element on the part of the relevant body to be established. The importance of this is that enforcement of the Offences will not be restricted by the historical difficulties associated with successfully prosecuting corporations in the UK due to the need to find a “controlling mind and will” (broadly, a director) of the company to whom the relevant mens rea can be attributed.  This strict liability approach is similar to that taken under the offence of failure to prevent bribery in section 7 of the Bribery Act 2010.  It is noteworthy in this respect that the majority of Deferred Prosecution Agreements (DPAs) in the UK to date have related to section 7 of the Bribery Act.

A relevant body can be found guilty of an Offence, even if the “associated person” has not been convicted or even prosecuted for a tax evasion offence, and even if the underlying tax evader has not faced prosecution.  It is open to an “associated person” to report tax evasion and facilitation to the prosecuting authorities in return for immunity for themselves, whilst opening the door to a prosecution of a relevant body. Such agreements are available under the Serious Organised Crime Prevention Act 2005, and have been upheld by the courts (R v Dougall [2010] EWCA 1048). This scenario is likely to be a particularly concerning one for relevant bodies given the incentive it gives associated persons and the authorities to seek to strike deals with one another.

D. “associated person”

The CFA (section 44(4)) defines a person as being an “associated person” of a relevant body if that person is an employee, agent acting in that capacity or any other person who performs services for or on behalf of the relevant body.  The associated person can be an individual or a body corporate. While under the Bribery Act there was only a rebuttable presumption that an employee, was an “associated person”, under the CFA, an employee (when acting in that capacity) is an associated persons. By contrast, subsidiaries are not specifically identified as associated persons on the face of the CFA.  Nonetheless, where subsidiaries or affiliates (or their employees) act on behalf of or, or perform services for, the relevant body, the subsidiary or affiliate will be an “associated person”.

It is notable that the width of this definition is capable of including third party organisations, such as suppliers and subcontractors, and it has even been speculated that it could potentially extend to persons to whom the relevant body refers work. In one recent Bribery Act enforcement in Scotland (Rand-Rex Limited) a company’s customer (in the form of a distributor who purchased the company’s goods for on-sale) was its “associated person”.

The question as to whether a person is performing services for or on behalf of an organisation is to be determined by reference to all the circumstances and not just the nature of the relationship between that person and the organisation. The contractual status or the formal title given to an individual performing services for or on behalf of the organisation does not matter.  The HMRC Guidance (p. 7) states that “The concept of a person who ‘performs services for or on behalf of’ the organisation is intended to be broad in scope, to embrace the whole range of persons who might be capable of facilitating tax evasion whilst acting on behalf of the relevant body“.

The outer limits of this broad definition can be most easily seen in respect to referrals.  The HMRC Guidance states that a “vanilla” referral would not attract liability on the basis that it was “not a case of sub-contracting“.   Such a referral is explained (p. 36) as being “an introduction in good faith where the referrer believes the external service provider is unlikely to be involved in facilitating tax evasion“.

E. “in that capacity”

The offence is only committed where the facilitation or evasion is undertaken by someone acting in the capacity of an associated person. This is an evolution of a similar concept in the Bribery Act and serves to restrict liability that would otherwise flow from the broadly drawn definition of “associated person“.  There are at least two situations in which one can envisage this becoming relevant.

First, where an employee engages in criminal facilitation outside the scope of his employment, amounting to a “frolic of his own“, he will not be acting in the capacity of an associated person. An example of this (given in the HMRC Guidance, page 32) would be where an associated person facilitates their spouse’s avoidance of tax.  In such circumstances, the employer of the associated person would not be committing the offence.

Secondly, where an associated person is associated with multiple relevant bodies, that person’s conduct will not automatically have the potential to trigger liability for all of the relevant bodies.  Instead, any activity of the associated person that does not fall within its relationship with a relevant body cannot be said to be a situation in which the individual is acting in their capacity as an associated person of that relevant body.  Here, the example given in the HMRC Guidance (at page 32) is of a consultancy firm introducing clients to a bank. The consultancy is not used by the bank to provide tax advice to its clients but, unbeknownst to the bank, the consultancy offers additional services to those clients and criminally facilitates tax evasion. Here the bank would not be liable as the tax services were provided outside of the consultancy’s relationship with the bank and therefore not provided for or on its behalf.

F. “tax evasion offence” and “tax evasion facilitation offence”

In respect of the UK Offence, identifying a UK tax evasion offence at stage 1 is relatively straightforward.  It is either:

  1. the common law offence of cheating the public revenue; or
  2. an offence in any part of the UK consisting of being knowingly involved in, or taking steps with a view to, the fraudulent evasion of tax.

This latter category is narrower than it might first appear.  It does not extend to all tax evasion offences, only those involving an element of deliberate fraud.  The HMRC Guidance offers as relevant offences for this purpose fraudulent VAT evasion (section 72, Value Added Tax Act 1974), fraudulent evasion of income taxes (section 106A, Taxes Management Act 1970) and the Law Society Guidance further adds fraudulent evasion of national security contributions (section 114, Social Security Administration Act 1992), false accounting (section 17, Theft Act 1968), and the offences in sections 2 to 7, Fraud Act 2006 (in so far as they relate to tax evasion).

Tax avoidance – the adoption of legal means to limit one’s tax – will not trigger liability. Although the HMRC Guidance makes clear that aggressive tax avoidance schemes and not the target for the Offences, the boundary between aggressive tax avoidance and tax evasion is not always clear-cut.

The same is true when dealing with stage 2 in respect of the UK Offence. For the purposes of the CFA, criminal facilitation by an associated person is committed where a person:

  1. is involved in or knowingly concerned in, or takes steps with a view to; or
  2. aids, abets, counsels or procures,

cheating the public revenue and/or the fraudulent evasion of UK tax by another person.

Things are slightly different when it comes to the Non-UK Offence, where there is a double criminality requirement.  For the Non-UK Offence to be made out both the criminal evasion of tax (stage 1) and the criminal facilitation of evasion (stage 2) must represent conduct amounting “to an offence under the law of a foreign country” (section 46(5)).  And, in addition, both the foreign tax evasion offence and the foreign tax evasion facilitation offence must amount to offences under English law.  In short, the Non-UK Offence cannot be committed in respect of any act that would be lawful in relation to a UK tax.

Under English law, the content of foreign law is an issue of fact determined by the trial court on the basis of expert evidence.  Consequently, if prosecutions are brought under the Non-UK Offence, criminal courts in the UK will have to consider expert evidence of foreign criminal tax law. A High Court judge making findings of facts about foreign law whilst sitting alone in the Commercial Court is one thing, but the prospect of a lay jury in a Crown Court being asked to determine matters of criminal guilt or innocence in connection with technical aspects of the French tax code, or that of any other country, having heard conflicting expert foreign law evidence on the issue, is a prospect that prosecutors are likely to find unappealing.  The difficulties inherent in such a prosecution invites the hypothesis that the Non-UK Offence may have been designed to be dealt with more by way of DPA than by actual prosecutions. This is made possible as both of the Offences have been added to the list of offences for which DPAs are available to prosecutors in the UK.  Readers will recall that a DPA is an agreement between a company or partnership and a prosecuting agency under which the company or partnership admits certain facts, cooperates with prosecutors (including in relation to other potential defendants), accepts certain outcomes (potentially including fines, disgorgements, compensation payments, compliance requirements, liability for investigation costs, etc) and in return avoids a criminal conviction.

III. The defence

A. Overview

As the offence is one of strict liability, once the predicate offences (stage 1 and stage 2) are made out, and it is established that the facilitator is an associated person of the relevant body, the only defence is the one of having reasonable prevention procedures in place. This defence is made out where a relevant body shows that, at the time the tax evasion facilitation offence was committed, it had in place such “prevention procedures” as it was reasonable in all the circumstances to expect it to have in place, or that it was not reasonable in all the circumstances to expect the relevant body to have any prevention procedures in place (section 45(2)).

This is very similar to the “adequate procedures defence in section 7 of the Bribery Act, although the CFA defence is supplemented by a further safe harbour in which it is possible to show that it was not reasonable to expect the company to have any procedures in place to prevent the facilitation of tax evasion in question.

B. Prevention procedures 

The “Reasonable prevention procedures” can refer to both formal policies and the practical steps taken to enforce compliance. Whilst it is possible to augment anti-money laundering and Bribery Act policies, any policy must consider the risk of tax evasion facilitation independently. The simple addition of wording relating to tax evasion to a company’s compliance manuals will not be sufficient. Any measures put in place will need to be regularly reviewed to reflect changes to the company’s risk profile. Examples of procedures that companies should consider include:

  • A formal anti-tax evasion policy;
  • Internal training, including specific content for operations most exposed to risk ;
  • Revisions to terms of engagement with clients and customers;
  • Monitoring of their high-risk operations;
  • Identification of, and appropriate engagement and communication with, those persons, both within the relevant body’s corporate group and beyond, who act in the capacity of associated persons of the relevant body;
  • Due diligence processes for service providers (and others), and revisions to their contractual terms and conditions;
  • Consideration of risks associated with finance, billing and invoicing; and
  • Increased supervision and monitoring of employees where appropriate.

Ultimately, the prevention measures that should be implemented will flow from a proper assessment of the circumstances of the relevant body’s business. The assessment of what procedures are needed is intrinsically linked to a proportionate, risk-based evaluation of the scope of operations of the relevant body, and the risks arising from those operations.

C. Reasonable in all the circumstances

The procedures do not, in order to meet the demands of the defence, have to eliminate all conceivable risk; even if they fail to prevent an associated person from facilitating tax evasion, the company will still be able to claim the defence as long as the procedures were “reasonable in all circumstances“.

What is considered “reasonable in all circumstances” will depend upon the particular business of the company. The HMRC Guidance confirms that the procedures should be proportionate to the risk the company faces. High-risk factors, which mean that more robust policies and procedures are required, include:

  • Customers – unusual circumstances, non-residents, cash intensive businesses or complex or opaque ownership structures;
  • Countries – countries with inadequate anti-money laundering and counter-terrorist financing measures as well as those subject to sanctions;
  • Sectors – e.g. private banking, legal services, tax advice and company service providers.

Wherever these factors are found, preventative measures will have to be correspondingly more stringent in order to satisfy the reasonableness threshold.

It is also worth highlighting that the HMRC Guidance (p. 12) contains an explicit acknowledgement that any consideration of what is reasonable on the part of HMRC will change as time passes. What is reasonable on the day that the new Offences come into force will not be the same as when the offences have been established for some time. The HMRC Guidance clearly envisages that it will take time for relevant bodies to get accustomed to the new duties and obligations imposed by the CFA, along with allowances being made in the early stages of implementation.  Organisations should consider this a clear signal on the part of the authorities that they expect a real shift in corporate behaviour following the CFA’s entry into force.

The reasonableness of the measures implemented should also be viewed through the lens of the HMRC Guidance which identifies six guiding principles that should inform the formulation of prevention procedures. They are the same as under the Bribery Act:

  1. Risk assessment
  2. Proportionality of risk-based prevention procedures
  3. Top level commitment
  4. Due diligence
  5. Communication (including training)
  6. Monitoring and review

These can be examined in turn.

Firstly, the HMRC Guidance (p. 16) describes risk assessment as ultimately requiring relevant bodies to “‘sit at the desk’ of their employees, agents and those who provide services for them or on their behalf and ask whether they have a motive, the opportunity and the means to criminally facilitate tax evasion offences, and if so how this risk might be managed“.

Secondly, by addressing proportionality, it is acknowledged (p. 21) that the authorities are not intending the required measures to be unduly burdensome, albeit they cannot be mere lip-service to the goals of the CFA.

Thirdly, the HMRC Guidance (p. 25) stresses the desirability of senior management being involved in the formulation and implementation of procedures. Whilst recognising that senior level time cannot be spent on the minutiae of these sorts of issues, expressions of board-level commitment to and endorsement of preventative measures will go a long way to demonstrate that a relevant body has an appropriate culture and attitude towards dealing with tax evasion.

The fourth principle is a recognition of the need to undertake due diligence in sufficient depth to identify risks and enable companies to respond accordingly. The HMRC Guidance (p. 27) acknowledges that some organisations in high-risk sectors such as lawyers and tax advisors will already have such systems in place, albeit noting that simply applying the old measures to this new risk will be unlikely to be enough.

Principle five focuses upon the requirement to propagate the details of any measures throughout a relevant body. It is made clear (at p. 28) that HMRC expects that all staff, officers and employees of businesses should be made aware that they are expected to have a zero tolerance policy towards the facilitation of tax evasion. This does not however mean that everyone must undergo extensive training. Nor is it necessary for all associated persons to gain a deep understanding of tax law in any jurisdiction, with training only needing to be proportionate to the risks found in each instance.

Principle six makes express a theme that runs throughout the guidance, namely that the risks relating to the facilitation of tax avoidance must be kept under constant review by relevant bodies and changes to procedures made as appropriate.

Although understandably generic, these principles can be useful in the preparation of an outline of an organisation’s formal anti-tax evasion policies.  As with similar guidance produced to accompany the Modern Slavery Act 2015, the HMRC Guidance should be looked at as a touchstone for organisations when drafting the relevant procedures and materials envisaged by the legislation.  There is no sense here that the CFA is seeking to “catch out” companies.  The Government noted (in a memorandum relating to the human rights law compliance of the Criminal Finances Bill as it made its way through Parliament) that “There is very little prospect of a defendant relevant body being wrongly convicted as a result of practical difficulties in proving a defence that it in fact has; the defence will be easy to prove if it exists”.  Relying on the implementation of policies and procedures that have been drafted with these principles running through them will clearly place a defendant company in a stronger position than simply pointing to existing policies that have been lightly edited.

IV. Penalties

If a company is found guilty of either of the Offences, it faces unlimited financial penalties.  The approach to setting the fines for corporate offenders pursuant to Section 164 Criminal Justice Act 2003 requires that the fine must reflect both the seriousness of the offence and the factual circumstances of the offender.  The sentencing guidelines for corporate tax evasion offenders set the level of fine by using the offender’s actual or intended net gain as a starting point.  This is then multiplied depending on the aggravating and mitigating factors in the specific case.  The mid-range multiplier for a mid-level case is to double the starting point in order to arrive at the fine – the offender will be fined double the amount that they tried to evade.  We would expect a similar approach to be taken in respect of the new Offences.  It is likely that there would be adverse publicity for a company found guilty of an Offence, and a regulated business would need to consider the regulatory impact resulting from any prosecution. A professional services firm is unlikely to take much comfort from a DPA as opposed to a criminal prosecution and conviction.

V. Enforcement appetite and political drivers

The UK Offence will be investigated by HMRC, with prosecutions brought by the Crown Prosecution Service (the CPS). The Non-UK Offence will be investigated by the Serious Fraud Office (the SFO), or the National Crime Agency, and prosecutions brought by the SFO or the CPS. Due to the extra-territorial implications of the Non-UK Offence, proceedings cannot be brought against a company for this offence unless the Director of Public Prosecutions or the Director of the SFO gives their consent (although it is anticipated that consent is most likely to be denied in cases where the overseas tax in question is repugnant to UK foreign policy). The HMRC Guidance notes that it will be preferable for the jurisdiction that has suffered the tax loss to bring any prosecution.

The tone of the HMRC Guidance appears to suggest that the appetite for enforcement is outweighed by the desire to affect self-started change in high risk sectors.  The existence of the HMRC Guidance and the availability of for DPAs may be expected to lead to a balanced and nuanced approach to enforcement. Companies should be under no illusion, however, that egregious failure to put in place prevention procedures leading to tax evasion going unchecked, particularly when coupled with a failure to report failings to the authorities, is likely to result in prosecution.

Enforcement agencies (both criminal and fiscal) across a range of countries, including HMRC, have established a highly integrated network of systematic co-operation, particularly across Europe and between Europe and the U.S., and the broad political appetite to clamp down on tax evasion shows no sign of diminishing. Enforcement under the CFA will form a useful new tool for enforcement authorities.

VI. What should companies do next?

It is not too late.  The reasonable prevention procedures defence is not available only to those companies who have put all the necessary procedures in place in advance of the 30 September 2017 deadline.  A proportionate, risk-based risk assessment can be provided quickly and efficiently, and can provide substantial comfort going forward.  Moreover, if companies are confident in their existing AML and anti-bribery procedures, they may well find that the incremental work needed to manage CFA risks (and potentially avail themselves of the defence should it ever prove necessary to seek to do so), is more modest than might otherwise be imagined.

We will keep our clients and friends updated on developments in the enforcement of these new offences.


This alert was prepared by Nick Aleksander, Patrick Doris, Mark Handley, Steve Melrose and Jonathan Cockfield.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following lawyers in the firm’s London office:

Nicholas Aleksander (+44 (0)20 7071 4232, naleksander@gibsondunn.com)
Philip Rocher (+44 (0)20 7071 4202, procher@gibsondunn.com)
Patrick Doris (+44 (0)20 7071 4276, pdoris@gibsondunn.com)
Charles Falconer (+44 (0)20 7071 4270, cfalconer@gibsondunn.com)
Osma Hudda (+44 (0)20 7071 4247, ohudda@gibsondunn.com)
Penny Madden (+44 (0)20 7071 4226, pmadden@gibsondunn.com)
Allan Neil (+44 (0)20 7071 4296, aneil@gibsondunn.com)
Ali Nikpay (+44 (0)20 7071 4273, anikpay@gibsondunn.com)
Deirdre Taylor (+44 (0)20 7071 4274, dtaylor2@gibsondunn.com)
Mark Handley (+44 20 7071 4277, mhandley@gibsondunn.com)
Steve Melrose (+44 (0)20 7071 4219, smelrose@gibsondunn.com)
Sunita Patel (+44 (0)20 7071 4289, spatel2@gibsondunn.com)


© 2017 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.