Is DAC6 the next target for HMRC’s Corporate Criminal Offence (CCO) audits?

HMRC has stepped up their Corporate Criminal Offence (CCO) investigations. HMRC recently responded to a Freedom of Information request that showed that on 31 December 2019, HMRC had 9 live investigations and 21 further opportunities under review in various industry sectors. The results of these audits will be made public as soon as appropriate to do so. 

What is a Corporate Criminal Offence (CCO) audit?

The Corporate Criminal Offences (CCO) for the failure to prevent the facilitation of tax evasion were introduced by Part 3 of the Criminal Finances Act 2017. HMRC has made government guidance available. The UK government also plans to create a new Anti-Tax Evasion Unit within HMRC to step up the investigations for Corporate Criminal Offences.

What is DAC6?

DAC6 is a European directive aimed at reducing international tax evasion and promoting transparency. It requires lawyers, accountants, tax advisers, bankers and other “intermediaries” to report some aggressive cross-border tax arrangements. Multinational businesses might also be required to report transactions in circumstances where no external intermediary is able to report. These “mandatory disclosure requirements” (MDR) are for tax transactions that cross EU borders where it seems that the primary purpose of the transaction is a tax advantage.

Why might DAC6 be the next target for HMRC’s CCO investigations?

UK entities will be required to make relevant DAC6 reports to HMRC. These reports will identify specific hallmarks that have been identified as containing potentially aggressive tax planning arrangements. While the punishment for DAC6 non-compliance initially is a harsh penalty (initially up to £5,000), DAC6 non-compliance risk triggers will certainly draw the attention of HMRC.

What steps can you take?

HMRC have made it clear that they will take into account any processes and procedures that the partnership had in place before penalising for failure to report DAC6 related arrangements.

Reasonable procedures might include:

  • Adding DAC6 as part of your wider Criminal Finances Act Risk Assessment
  • Identify your firm’s cross border activities
  • A system in place to analyse all potentially reportable arrangements
  • A clear audit trail for all DAC6 decisions.

VinciWorks’ DAC6 and tax evasion compliance solutions

DAC6 reporting solution screenshot

VinciWorks provides the following tax evasion prevention and DAC6 compliance resources. Our training is fully customisable and is regularly updated as legislation is delayed or updated. Our DAC6 reporting solution has been built in consultation with over 100 leading international firms, international tax experts, HMRC and other regulators and features workflows designed and updated for the intricacies of each EU member state’s implementation of DAC6.

Our DAC6 and tax evasion compliance resources:

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.