Year Four of the Criminal Finances Act – what now?

Tax evasion prison sentence

What you need to do now to prevent facilitation of tax evasion

We’re coming up to Year Four of the Criminal Finances Act. And while we haven’t seen a rush of prosecutions that many feared, the British authorities have been ramping up enforcement in recent months with 13 live investigations of the failure to prevent clause, and another 18 possible cases under review.

You’ve probably not thought about your reasonable procedures for a while, but with investigations ramping up, it’s crucial to review what your business has in place to ensure you have a legal defence should the worst happen. Just like the age old saying that your first payment of every month should be to the insurance company, the first task on Monday’s agenda should be to check that your company is doing enough to prevent facilitation of tax evasion.

Read more: VinciWorks survey reveals staff at 1 in 4 companies unaware of financial crime policies

How to start a reasonable procedures review

  • Form a review team that includes senior management involvement.
  • Adopt VinciWorks’ free tax evasion policy template and communicate this to all staff.
  • Ensure all contractors and third parties are aware of your tax evasion policy.
  • Review procedures for tax evasion focused due diligence of staff, third parties and clients.
  • Undertake a new and thorough risk assessment procedure of all areas of your business operations.
  • If you operate overseas or have a more complex corporate structure, ensure these are adequately reflected in the risk assessment.
  • Divide the outcome of the assessment into high, medium and low risk.
  • For high-risk areas, start to develop a mitigation plan – these are your reasonable procedures.
  • Create a detailed timeline for implementation and review of those reasonable procedures.
  • Assess your staff training programme, starting with staff in the areas most at risk of criminal facilitation. Staff should be trained at least once a year.
  • When implementing the Tax Evasion: Failure to Prevent course, ensure high-risk staff complete the 45-minute version and all other staff the 15-minute version.
  • Develop a mitigation plan for subsequent medium and lower levels of risk, and adopt a timeline to put these in place.
  • Regularly review all reasonable procedures and policies to ensure they are working.

Remember that reasonable procedures should be proportionate to the specific risks identified in the risk assessment.

No procedures at all may be considered reasonable. BUT this must be backed up with evidence from a risk assessment and be kept under frequent review.

If you are confident in your procedures…

  • Consider whether your completed or planned risk assessments take all aspects of the business into account.
  • Make sure you can evidence a top-level commitment to preventing facilitation of tax evasion.
  • Compare your Criminal Finances Act policy to the VinciWorks template.
  • Assess tax evasion focused due diligence measures for staff, third parties and clients, including the changes required to make to current procedures or policies.
  • Review the timeline for implementing reasonable procedures and ensure it is on track.
  • Ensure that staff are completing their training on the Criminal Finances Act.
  • Test that your reasonable procedures would successfully identify and expose an instance of facilitation of tax evasion.

Remember that you do not need to prevent all instances of facilitation of tax evasion by either staff or clients. Procedures that expose the wrongdoing in a timely manner will likely be found reasonable.

VinciWorks’ e-learning tax evasion course

VinciWorks’ interactive course Tax Evasion: Failure to Prevent, takes users through the “reasonable procedures” required under the Criminal Finances Act, providing examples of red flags to look out for. The course also contains interactive quizzes to help users review what they have learnt and is fully customisable.

We will soon be releasing a new international tax evasion course. The course takes a modern, fresh approach to tax evasion training with a focus on industry-specific guidance, role-relevant scenarios and an interactive, engaging approach to ensuring all staff have the skills and understanding they need to prevent the facilitation of tax evasion. To get updates on when the course will be release, simply complete the short form below.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.