Corporate criminal offences (CCOs) under Part 3 Criminal Finances Act 2017 (CFA) are increasingly coming under the spotlight of the UK tax authorities. In a 10 February 2020 press release published in response to a Freedom of Information Act request, HM Revenue and Customs (HMRC) confirmed that it is currently reviewing 30 potential CCO cases involving large and small businesses across a wide range of industry sectors. Of these, nine are live investigations. This announcement, along with the UK Government’s plans to create a new Anti-Tax Evasion Unit within HMRC, suggests that HMRC is likely to continue stepping up its investigations for CCOs and related tax evasion offences for the foreseeable future. Thus, the need to have a “ reasonable prevention procedures” defence in place for your organisation has become all the more important. Further information on the CCOs and “reasonable prevention procedures” can be found in our Special Report.
Relevance of DAC6 in the context of the CCOs
Many practitioners are of the view that HMRC’s recent announcement on further CCO investigations going forward will mean that DAC6 compliance is more likely to be actively monitored, even though non-compliance with DAC6 obligations is not a criminal offence under UK law, unlike non-compliance with the CFA. The purpose of this note is to explain how having a CFA “reasonable prevention procedures” defense in place may serve as a “best practices” guidepost for how taxpayers concerned about DAC6 can mitigate DAC6 civil penalties by establishing the right internal procedures.
DAC6 non-compliance by itself will not necessarily increase the likelihood of a CCO investigation. For example, if an affected taxpayer or its intermediary failed to report an RCBA to HMRC and HMRC was not otherwise able to obtain information about that RCBA from other EU tax authorities through the automatic information exchange procedure, it would have no basis for commencing a CCO investigation. That said, it is possible that HMRC could identify risk triggers for DAC6 non-compliance (as well as CFA-related offences) in the normal course of an audit or enquiry into an organization’s UK tax affairs. Thus, as a practical matter, we recommend that you address DAC6 risks at the same time as CCO risks and related prevention procedures, and we can help you do this.
All businesses with UK operations need to address CCO compliance matters. However, businesses that act as intermediaries under DAC6 (typically, corporate services providers, family offices, investment banks, trust companies, accountancy firms and fund managers) should be particularly mindful of DAC6 risks in addition to CCO risks, since they will have the primary obligation to disclose reportable cross-border arrangements (RCBAs) to HMRC. As such, addressing DAC6 risks in tandem with CCO risks would make a lot of practical sense for such intermediaries. This approach also makes sense for any business with UK operations that engages in cross-border transactions involving at least one EU member state, where no external intermediary has been involved in advising on or implementing the transaction in question. Law firms are also capable of acting as intermediaries, although any legal advice on the implementation of an RCBA would likely be protected by legal professional privilege. This article therefore focuses primarily on issues of relevance to intermediaries that are not protected by legal professional privilege.
Our recent article “Top 10 Things You Need to Know About DAC6” explains the DAC6 reporting obligations for intermediaries and affected taxpayers, including who must report to HMRC, what to report to HMRC, and when to report it. Intermediaries and affected taxpayers may find their obligations and the reporting process confusing due to the regulations’ complexity and the current lack of clarity surrounding the rules relating to RCBAs, particularly where the hallmarks are concerned. It is hoped that the United Kingdom’s DAC6 reporting obligations will become clearer by the time HMRC publishes further technical guidance on DAC6 (expected shortly before the UK implementing regulations come into force on July 1 2020), but there is a chance that intermediaries and affected taxpayers could still inadvertently fail to report their RCBAs.
Organisations should therefore consider implementing a backup plan to mitigate any DAC6 penalties in case they find themselves in this situation. Such a backup plan means having “reasonable prevention procedures” in place to address DAC6 risks as well as CCO risks, even though their primary purpose is to act as a defence to the CCOs. The procedures are similar to anti-bribery and corruption policies, except that they are aimed at preventing tax evasion facilitation offences instead of bribery offences.
What are the DAC6 penalties in the United Kingdom?
Under the new regulations, a person (typically an intermediary, but also an affected taxpayer if no intermediary is available to do the reporting) who fails to file a return of reportable information with HMRC is liable to a civil penalty of up to £5,000. This one-off penalty is relatively low compared to the DAC6 penalties in EU Member States; however, further civil penalties can accrue daily if HMRC considers a one-off penalty to be inappropriately low. In these circumstances, HMRC may apply to the First Tier Tribunal (FTT) for determination of a daily accrued penalty at a rate of £600 per day. The FTT will take into account all relevant considerations in determining a daily accrued penalty, but in general, penalties for failing to report RCBAs implemented between June 25 2018 and July 1 2020 will accrue from September 1 2020 to the earlier of (i) the date on which the penalty is determined and (ii) the date the return is filed late. Penalties for failing to report RCBAs implemented after 1 July 2020 will accrue from the day following the end of the 30-day reporting period to the earlier of those same two dates. The penalty must not exceed £1 million in any event.
If the failure to report continues beyond the initial penalty determination date, HMRC may impose further civil penalties of up to £600 for each day of continued failure, even if the accrued total exceeds the £1 million cap determined by the FTT. HMRC has indicated that daily default penalties will only be imposed for serious failings, including where the behaviour leading to the failure was deliberate. If the behaviour is not deliberate or there are no other exacerbating factors such as repeated failures, the penalty will be a one-off, with the possibility of a reduction for mitigating factors.
Affected taxpayers must also file an annual return for the tax year or accounting period in which the RCBA is made available for implementation, and again for subsequent tax years or accounting periods in which their participation in the RCBA gives them a tax advantage. Should they fail to file an annual return, they will be liable to a penalty of £5,000 per RCBA to which the current failure relates, if there have been no previous failures. This increases to £7,500 per RCBA for a single previous failure in the previous 36 months, and to £10,000 per RCBA for two or more previous failures in the previous 36 months.
How can DAC6 penalties be mitigated or prevented?
Under the new regulations, no penalty will arise if the intermediary or relevant taxpayer satisfies HMRC (or, as appropriate, the FTT) that there is a “reasonable excuse” for failing to comply with any of the regulations. It is hoped that HMRC’s yet-to-be-published guidance will contain examples of what constitutes a reasonable excuse. In the meantime, the United Kingdom’s existing Disclosure of Tax Avoidance Schemes (DOTAS) regime may shed some light on HMRC’s likely approach to the question of whether a reasonable excuse exists. According to HMRC’s DOTAS guidance, HMRC will consider a person to have a reasonable excuse if the failure to report is due to an unusual event that is either unforeseeable or beyond the person’s control (such as serious illness), and which is an insurmountable obstacle to timely compliance.
HMRC has also indicated that no penalties will arise for failing to comply with the regulations if that failure occurred due to a lack of clarity over the regulations’ application, where such lack of clarity occurred as a result of legislation or guidance having not yet been finalised, or where the interpretation of the regulations could not reasonably have been surmised from DAC6 itself or from previous draft legislation or guidance. HMRC has indicated that its yet-to-be-published guidance will provide more detail on how the penalty regime will operate in such circumstances.
Penalties may be mitigated in “special circumstances”, according to HMRC. There is currently no guidance on the meaning of “special circumstances”, but the rules state that such circumstances do not include the inability to pay, or the fact that a potential loss of revenue from one taxpayer is balanced by a potential overpayment by another. It is hoped that HMRC’s yet-to-be-published guidance will offer clarity, ideally with examples of what will and will not count as “special circumstances” for these purposes.
How should the “reasonable prevention procedures” under the CCO regime specifically address DAC6 issues?
HMRC has indicated that it will use the RCBA information reported “to better identify and challenge offshore non-compliance as part of the Government’s strategy to bear down on tax avoidance and tax evasion”. Although tax avoidance and tax evasion are not the same thing, it does seems to suggest that HMRC may use the CCO review process as an opportunity to identify instances of DAC6 non-compliance. For this reason, it has been suggested that HMRC might consider mitigating DAC6 penalties if an intermediary or relevant taxpayer can show that its organisation has “reasonable prevention procedures” in place to identify specific risks associated with DAC6, and how the organisation proposes to address them.
We therefore recommend that you include DAC6 risks as part of your wider CFA risk assessment, even though the CCOs and DAC6 regimes target different activities and non-compliance with the latter does not constitute a criminal offence. Should you decide to do this, you should consider applying the CFA principles and guidelines to DAC6 risks in the same way as you would for CCO risks (for further details, see our Special Report). For example, this could be achieved by risk-assessing your organisation’s activities as a whole and evaluating the extent to which they consist of cross-border arrangements involving at least one EU Member State (EU-connected cross-border activities), rather than the activities of your organisation’s employees or agents (since DAC6, unlike the CFA, does not have an “associated persons” concept).
Once you have identified your organisation’s EU-connected cross-border activities, you would then need to evaluate whether any of the hallmarks apply. For this purpose, a DAC6 decision tree or flow chart may be appropriate if, for example, your organisation regularly participates in cross-border activities of a similar nature and on a large scale. On the other hand, if your organisation participates in cross-border activities only occasionally and on a smaller scale, it may be more appropriate to seek bespoke advice on DAC6’s applicability to particular transactions on a case-by-case basis. Organisations that regularly participate in a wide range of different types of cross-border arrangements with an EU component may feel that a combination of both would be a sensible course of action.
Should you decide to include DAC6 risks when drafting your “reasonable prevention procedures” for CCO purposes, you might include, for example, a statement to the effect that your organisation uses a DAC6 decision tree and/or seeks bespoke advice on a case-by-case basis to help identify whether a cross-border arrangement is reportable. Such procedures might also include statements to the effect that staff are being trained appropriately to identify DAC6 risks, with internal reporting systems in place to enable the heads of tax or legal or other equivalent senior personnel to have the final say over whether a cross-border arrangement should be reported to HMRC, and to then direct compliance teams to act accordingly.
The McDermott Difference
CFA and DAC6 compliance matters are likely to come under increased scrutiny from HMRC. To discuss any or all of the following, please contact your regular McDermott lawyer or the contacts listed for this article:
Guidance on how to conduct CFA and DAC6 risk assessments
Drafting or reviewing reasonable prevention procedures with DAC6 risks in mind as well as CCO risks
Preparing a DAC6 decision tree or flow chart to suit your organisation