Failure to prevent the criminal facilitation of tax evasion brings with it the risk of prosecution and unlimited financial penalties – not to mention reputational damage. It is therefore vital that businesses consider the requirements of the Corporate Criminal Offences (CCO) legislation.
Introduced in 2017, as part of the Criminal Finances Act, the CCO rules apply to all companies and partnerships - irrespective of size or sector - who must be able to demonstrate they have taken reasonable steps to prevent their employees, agents or contractors from facilitating tax evasion. Its purpose is to hold businesses to account for the behaviours of those who act on their behalf.
Corporate Criminal Offences enforcement
CCO compliance is increasingly being scrutinised, and HMRC has confirmed its first-ever criminal prosecution relating to alleged R&D tax credit repayment fraud, with a trial set for September 2027. It is also investigating 11 other CCO cases, with a further 27 under review across a number of sectors, including software providers, labour provision, accountancy, legal services, and transport.
If there is a CCO failure, the consequences are severe. A business can face sanctions, including:
corporate prosecution,
unlimited financial penalties,
significant reputational damage and
potential exclusion from public procurement under the Procurement Act 2023.
The topic is increasingly being covered as part of diligence work on business sales, with potential purchasers wanting assurance that this risk area has been considered and addressed.
Managing CCO compliance – actions your business can take
We would reasonably expect the first prosecution to trigger a general level of interest in this legislation. Even though the legislation is now eight years old, there are still a lot of businesses that have not considered their CCO position.
If there is a CCO failure, the only defence is that a business had reasonable prevention policies and procedures in place at the time to stop those acting on their behalf from helping others (whether customers or suppliers) to evade tax.
This is a regulatory and compliance obligation, albeit policed by HMRC, rather than a tax filing obligation.
A key point is that businesses should look at this area not because they think that they have failures, but because they want to be able to confirm that the risk areas are being managed appropriately, and, importantly, that they have an audit trail to demonstrate what has been considered.
HMRC guidance indicates businesses should consider the following areas when addressing CCO requirements:
risk assessment
proportionality of procedures
top level commitment
due diligence
communication and training
monitoring and review
It is a question of adopting a proportionate approach, based on the perceived level of risk in the business. That said, if a business cannot demonstrate it has carried out a risk assessment and training in the first instance, it will be an uphill battle to demonstrate that it has reasonable prevention procedures in place.
For advice and support in this area and to ensure you are taking the required steps for CCO compliance, please get in touch. Call 0808144 5575 or email help@armstrongwatson.co.uk.
