VinciWorks survey reveals staff at 1 in 4 companies unaware of financial crime policies

Hundreds of thousands of workers in both regulated and nonregulated sector at risk of facilitating tax evasion

With the Criminal Finances Act now in full force, VinciWorks has been helping businesses prepare with their new course, Tax Evasion: Failure to Prevent. The new law doesn’t just affect the regulated sector; any business that doesn’t have reasonable procedures in place to prevent facilitation of tax evasion could find themselves prosecuted.

So just how prepared are we for the Criminal Finances Act? VinciWorks surveyed over 250 UK companies with a combined workforce of around 430,000 people to find out just how much tax evasion risk companies are exposing themselves to, and if they have started to take action to mitigate those risks.

Here are the key findings of the study:

Rewarding risk taking and dealing in cash

The study found that 20% of respondents said that their company’s bonus structure rewards risk taking. This risk-taking culture that appears to be the norm in many companies, especially financial services providers, increases the chances of facilitation of tax evasion. Further, 80% of respondents said that they deal with transactions of over £1 million in cash, massively increasing the risk of fraud.

four out of five respondents have outlawed a risk-taking culture in their company
Only four out of five respondents have outlawed a risk-taking culture in their company

Clear training, policies and procedures

Despite clear guidelines from the regulators, one in ten businesses in the financial services and legal sectors don’t have a clear whistle-blowing policy, and over 25% of businesses in total don’t have a clear no-tolerance policy on tax fraud from senior management. Thankfully, 75% of companies plan to train employees on how to identify tax evasion, which will be critical as 25% of companies don’t believe their staff are aware of their policies and procedures with regard to financial crime, including 20% of law firms.

Download a free tax evasion policy guide template here.

Recording financial crime breaches and spot checks

Chart showing the importance of modern slavery supply chain spot checks
75% of companies believe that a spot check of employees would show that at least a third are completely unaware of the laws and offences around tax evasion.

When it comes to mitigation measures, barely 65% of companies are even recording financial crime breaches that take place in their organisation. When it comes to satisfying regulators, or a judge, that reasonable procedures are in place, the majority of companies still believe they are lacking. The study also highlights how the majority of  companies, including half of law firms and over half of financial services, believe that many of their colleagues are completely unaware of the laws and offences around tax evasion.

Tax evasion survey shows worrying results

In summary, a significant number of businesses, and a worryingly large proportion of regulated firms, are still engaging in high risk behaviour for tax evasion, failing to put policies in place against it, and failing to properly train their staff to prevent it.

The Act is not only aimed at the regulated sector. All companies could be caught up in it. Criminal facilitation can occur even without the knowledge of the business. Guidance from HM Revenue and Customs says procedures that successfully detect and disclose wrongdoing would likely be reasonable. Timely self-reporting is also an indicator that reasonable procedures are in place.

While some businesses may feel that they aren’t at great risk or their employees would never do something like that, without reasonable procedures in place, the business remains wide open to possible prosecution. At minimum, a risk assessment would need to be completed to defend the decision of taking no additional action. Corporates may have even more reason to be concerned as most regulated sector businesses already have clear procedures in place around financial crime.

The Criminal Finances Act applies to staff as well as contractors, so it is critical that proper training be rolled out across the workforce, and specific tax evasion policies communicated from the top down. The government has said procedures that catch facilitation of tax evasion are likely to be found reasonable, so making staff aware of the red flags and training them to spot it can be critical defences should a business find itself in court for failing to prevent tax evasion.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.