Criminal Finances Bill Update – what are your reasonable procedures?

Individual being handcuffed for facilitating tax evasion

UK criminal finances bill

The Criminal Finances Bill, the government’s attempt to call time on the sunny shores of tax evasion, is due to pass through its final stages in the Lords at the end of April. There is some debate as to whether the bill will actually pass before parliament is dissolved. Jason Collins, a tax expert at Pinsent Masons believes that it will, while Osborne Clarke believes that it will not.

Update: the Bill received royal assent on 27th April to become the Criminal Finances Act.

If it does pass, it will come into force by the end of September 2017.

The most significant part is the new offence of corporate failure to prevent tax evasion, both in the UK and overseas.

The Bill will effectively make a business vicariously liable for the criminal acts of its employees and other persons ‘associated’ with it leading to the facilitation of tax evasion, even if the senior management of the business was not involved or aware of what was going on. This is true wherever in the world the tax is owed, and the Bill targets businesses based in the UK or abroad.

Whether it’s a small high-street firm turning a blind eye to a client under-reporting their tax obligations, or a major firm helping a multinational company stash profits overseas, the Criminal FInances Bill aims to make it far more risky to engage in those practices.

If prosecuted, the business that helped the client evade the tax could itself be found guilty and may lose its licence. Concurrently, the Finances Bill 2017 is bringing in new penalties for the tax avoidance supply chain, enabling fines of up to 100% of the tax owed.

Learn more: Criminal Finances Act training

What is the UK Criminal Finances Act?

According to the UK Parliament site, the UK Criminal Finances Act is “a Bill to amend the Proceeds of Crime Act 2002; make provision in connection with terrorist property; create corporate offences for cases where a person associated with a body corporate or partnership facilitates the commission by another person of a tax evasion offence; and for connected purposes.”

Latest updates on the bill

The report stage of the bill is scheduled for 25th April (after 2:30pm), with a third reading shortly after. It will then be sent to the ping pong stage and is slated for debate in the House of Commons on 26 April. The only major amendment to be debated is a cross party amendment in the names of the Crossbencher Baroness Stern, Labour’s Lord Rosser, the Lib Dem Baroness Kramer and the Conservative Lord Kirkhope, to require a register of the beneficial ownership of companies based in UK overseas territories like Anguilla, Bermuda, the British Virgin Islands, the Cayman Islands, Montserrat and the Turks and Caicos Islands – which they argue will improve transparency and help clamp down on money laundering.

Update: As of April 26, the bill passed the Lords, without the amendment above, and the Commons will consider the Lords’ amendments on April 26.

Timeline for implementation

The Bill provides for commencement of the provisions from a date to be appointed by the Treasury. It is expected that this will be from September 2017, to coincide with the start of the first exchange of information under the Common Reporting Standard.

It is unclear whether the implementation date will be affected by the dissolution of parliament.

The importance of carrying out risk assessments

Undertaking a risk assessment, particularly for small and medium enterprises who may see this kind of activity as beyond them is vital. Companies might decide they don’t need specific procedures in place because the risk is so low, but there needs to be evidence that a prior risk assessment has determined this.

If files are not being routinely reviewed by a second pair of eyes or some client relationships are too closely tied to certain staff, then it might be more difficult to mount a defence of having reasonable procedures in place.

Providing regular training for staff on how to spot the signs of tax evasion and what to do if they suspect something isn’t right is just as vital as having stated policies against tax evasion from senior level management and regularly reviewing the effectiveness of procedures.

The final report stage of the Bill in the Lords will take place on the 25 April, and unless there are significant delays in finalising its passage through Parliament, it should be on the statute books by the summer.

Time to prepare for Criminal Finances Bill

Businesses need to prepare now. The defence of reasonable procedures is more effective the quicker companies have these in place. Being caught up in corporate facilitation of tax evasion will be damaging and expensive, but having confidence that staff would be able to identify and report potential wrongdoing is priceless. 

VinciWorks’ Criminal Finances and Tax Evasion training

Training on tax evasion is a requirement of The new Criminal Finances Bill. VinciWorks’ upcoming e-learning course on preventing the facilitation of tax evasion will teach employees how to spot tax evaders, and the reporting procedures required of them.

Our tax evasion training suite brings together gamified, customisable and relevant learning to form the ultimate tax evasion compliance solution.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.