Since 2017, the UK’s Criminal Finances Act has created strict liability offences for firms that fail to prevent the criminal facilitation of tax evasion.
The law has never been tested in court, until now. HMRC has finally brought its first prosecution under this framework. Stockport‑based accountancy firm Bennett Verby is due to face trial at Manchester Crown Court, marking the first ever contested case under section 45 of the CFA. The charges relate to scrutiny over alleged £16 million in fraudulent R&D tax credits and Bounce Back loan claims. The firm insists it is a “technical regulatory offence” tied to procedural shortcomings.
This moment is more than just noteworthy. It suggests we’re on the cusp of a wave of failure to prevent prosecutions, especially given the upcoming failure to prevent fraud offence coming into force on 1 September 2025
Why cryptocurrency-handling firms are particularly vulnerable to failure to prevent tax evasion
Crypto complicates everything. While UK tax law doesn’t treat cryptoassets separately, in March 2021 HMRC issued its Cryptoassets Manual to clarify how general tax principles apply; capital gains tax can arise even on token swaps or gifts, and income tax can apply to crypto-based activities.
Capital gains tax can arise even where there is no obvious “cash out,” for example, swapping one token for another or gifting tokens to someone else. Income tax can apply to mining, staking, or receiving tokens via airdrops, particularly when these activities are undertaken as part of a trade.
Many investors fail to appreciate that a crypto-to-crypto trade can be a taxable event. Others assume that because transactions take place on overseas platforms or in decentralised environments, UK tax rules do not apply. The reality is that tax obligations often still arise, and deliberate or careless failure to meet them can amount to tax evasion.
Yet, nearly four years later, investor confusion and non-compliance remain widespread. HMRC has responded with thousands of “nudge letters,” a voluntary disclosure facility (launched in November 2023), and forcing crypto reporting onto the Self‑Assessment tax return since April 2024.
What is CARF and why it matters for tax evasion
CARF is an OECD‑designed global standard to enable automatic exchange of crypto transaction data between jurisdictions. The UK committed to implementing CARF, making it law from 1 January 2026. This compels Reporting Crypto‑Asset Service Providers (RCASPs)—platforms, brokers, exchanges—to track and report user activity.
By 31 May 2027, RCASPs must file their first annual report covering 1 January 2026 to 31 December 2026. UK providers must also register with HMRC’s online service and notify users that their data will be collected and reported by 31 January 2027.
For Reporting Crypto-Asset Service Providers (RCASPs), including exchanges, brokers, custodians, and even certain professional advisers, this is a warning sign. These firms act as gateways into the crypto economy. If one of their employees, contractors, or intermediaries facilitates a client’s tax evasion, the firm could face prosecution under the failure to prevent provisions of the Criminal Finances Act. It is no defence to say the misconduct was the investor’s fault; without robust prevention procedures, liability can attach to the firm itself.
This flood of data doesn’t just expose investors, it puts the platforms themselves in the crosshairs. Under the Criminal Finances Act, exchanges or professional service firms dealing with crypto may be criminally liable if an associated person facilitates tax evasion, unless they can prove reasonable prevention procedures were in place.
Why professional service firms are uniquely exposed
The failure to prevent the facilitation of tax evasion offence was drafted with professional advisers squarely in mind. Lawyers, accountants, and financial services professionals are often the intermediaries who design, execute, or advise on transactions that later form the basis of HMRC investigations. When crypto is involved, the risk profile changes dramatically.
Complexity breeds risk. Crypto transactions do not always resemble traditional financial events. Swapping one token for another may look harmless, but it can trigger a taxable disposal under UK law. Lending or staking arrangements may yield returns that count as taxable income. Even gifting tokens can have capital gains implications. A professional adviser who fails to spot these taxable events or assumes that they are exempt because no fiat currency changed hands can inadvertently facilitate their client’s under-reporting.
Silence can be culpable. Under the Criminal Finances Act, facilitation is not limited to actively helping a client hide income. Simply failing to inform a client of their UK tax obligations when you had the opportunity and duty to do so can, in some circumstances, amount to facilitation. For example:
- An accountant prepares year-end accounts for a client known to be active in crypto but omits any crypto transactions because “the client didn’t mention them.”
- A solicitor structures a commercial transaction involving payment in crypto without flagging the potential capital gains or income tax consequences.
- A financial adviser helps a client invest in crypto staking products but does not advise on how staking rewards should be reported to HMRC.
Crypto often involves platforms or counterparties in other jurisdictions. Advisers may wrongly assume that transactions executed overseas are outside UK tax scope, or that HMRC cannot obtain the data. With CARF coming into force in 2026, HMRC will soon receive detailed information from foreign exchanges as well as UK ones. This makes “we thought HMRC wouldn’t find out” an indefensible position.
The reputational risk is as serious as the legal one. A prosecution for failure to prevent tax evasion, even if it results in an acquittal, can damage a firm’s standing with regulators, clients, and insurers. With only one case since 2017, any investigation of failure to prevent tax evasion will deliver immediate scrutiny.
In practice, the risk boils down to two failings:
- Not recognising that a crypto transaction is taxable.
- Not warning the client about their reporting obligations and the consequences of non-compliance.
When those omissions occur within the scope of an advisory or service relationship, they can cross the line into criminal exposure for the firm under the failure to prevent provisions.
Will the crypto age herald more failure to prevent tax evasion cases?
The Bennett Verby prosecution illustrates how quickly the line between a “technical oversight” and a criminal offence can blur for professional advisers. The firm has argued that the allegations amount to a procedural lapse in its monitoring systems rather than deliberate wrongdoing. But under the Criminal Finances Act, intent is not the decisive factor. The offence is one of strict liability: if an associated person facilitates tax evasion and the firm cannot show it had “reasonable prevention procedures” in place, the firm can be convicted.
That distinction is critical for lawyers, accountants, and financial services firms. In many cases, what starts as an administrative oversight; failing to collect enough information from a client, not asking the right questions about crypto holdings, assuming a transaction had no tax consequences, could be interpreted by HMRC as facilitation. The Bennett Verby case shows that the regulator is prepared to test the boundaries of the law, even when the defence is that the problem was merely a systems or compliance gap.
This is where cryptocurrency adds another layer of risk. In traditional tax compliance, the contours of liability are relatively familiar, and professionals have established procedures to capture the right information. With crypto, the taxable events are more varied, often misunderstood, and can occur entirely outside the client’s main banking or business records. If those events are missed, the omission can look very similar to the alleged procedural failings at the heart of Bennett Verby, except that, under CARF, HMRC will soon have far more data to detect such gaps.
The lesson is clear: for professional services, the Bennett Verby case is not just a cautionary tale about R&D tax credits or Covid-era loans. It is a warning that any failure to anticipate, detect, and advise on taxable events. Especially in emerging sectors like crypto, these can be the spark for a failure to prevent prosecution. And once that prosecution is brought, the argument that it was “just a mistake” will not carry much weight if the prevention procedures were demonstrably inadequate.
Compliance steps to take now
- Implement tailored prevention protocols specific to crypto risks; generic tax-compliance programs won’t suffice.
- Map all “associated persons” employees, agents, third-party advisors, and embed controls to monitor their activities.
- Begin CARF readiness now: ensure data collection, verification, user notification, and timely reporting are operational by early 2026.
- Train staff and clients on crypto tax liabilities, swaps, airdrops, staking all trigger taxable events.
- Conduct internal audits on past crypto dealings and voluntarily correct any under-reporting before HMRC reaches out.