The new tax fraud offence and CCO - how to manage the risks

15 November 2023

The Criminal Finances Act 2017 introduced the corporate criminal offence of failing to prevent the facilitation of tax evasion (CCO). We now have the Economic Crime and Corporate Transparency Act 2023 (ECCTA), which introduces a new "failure to prevent" regime addressing fraud, including cheating the public revenue. ECCTA received Royal Assent on 26 October and the new offence is likely to come into effect next year (once guidance is published).

How will the tax and fraud regimes interact and what steps should you consider taking to address them?

The similarities

The two regimes have much in common. Both are designed to drive better behaviours, and each includes a defence based on the taking of reasonable prevention measures. Both rely on associated guidance and, while this is not yet available under ECCTA, there is a statutory obligation on the Secretary of State to introduce it. This is expected next year.

The differences

There are important differences too. CCO looks at the facilitation of tax evasion and applies to all businesses, while ECCTA’s focus is on fraud and larger organisations only. Under ECCTA "fraud" includes the common law offence of cheating the public revenue, but other statutory offences too (e.g. false accounting and false statements by company directors under the Theft Act 1968, fraudulent trading under the Companies Act 2006 and fraud under the Fraud Act 2006). In addition, the "associate" involved must intend to benefit the organisation or others to whom it provides services on the organisation’s behalf (as with bribery) – and "associate" is widely defined. An organisation which was, or was intended to be, a "victim" of the fraud offence, however, will not be guilty. 

Some things to think about in the meantime

Fraud risk assessment

While the ECCTA guidance regarding "reasonable prevention procedures" is not yet available, it can be assumed that it’s likely to follow CCO principles. In all probability this will include the need for a specific fraud risk assessment.

CCO risk assessment

A robust CCO risk (or bribery risk) assessment should provide a helpful basis for this, although the scope will be broader in light of the statutory offences under ECCTA. A CCO risk assessment alone is therefore unlikely to suffice. Accordingly, now might be the time to prepare for a refresh of your CCO risk assessment (important anyway if there have been material changes to your business in the meantime) and to include ECCTA considerations at the same time. The statutory offences and the "associate" concept will merit particular attention here. 

Tax evasion policy and broader tax governance framework

If you have introduced a tax evasion policy of some kind this could usefully be reviewed in light of ECCTA. The same goes for specific procurement and tendering processes, and any broader tax governance framework. At the same time, you might want to dovetail existing CCO tax evasion and prospective ECCTA fraud processes with your ABC and AML procedures.

Board level commitment

CCO requires the right "tone from the top". This top level commitment is likely to be important under ECCTA as well. And of course the statutory offences here can attach to director behaviours. So the board will need to understand the scope of the new regime and to endorse the messaging.


CCO and other related training should be refreshed and widened to include ECCTA. Specifically, your training and associated internal guidance might usefully identify red flags relevant to both tax evasion and fraud.

Compliance certifications

If employees are required to give annual certification of compliance with firm policies and with any mandatory training, ECCTA should be included.

Contractual language

Contractual language amended for CCO might be reviewed to ensure that your "associates", in particular, understand their obligations from an ECCTA perspective too.

M&A due diligence procedures

Your M&A due diligence procedures are likely to include consideration of CCO, and ECCTA should be added to the checklist in due course.

And finally

HMRC publish statistics regarding the status of their ongoing, and completed, CCO investigations. They emphasise that the lack of CCO charges suggests that the desired behaviours are being adopted. However, HMRC also make the point that, while there may have been no CCO charges, some of their investigations have uncovered other tax and regulatory issues. Equally, if CCO investigations do in due course uncover instances of facilitation then HMRC may wish to publicise. And so robust CCO procedures are important in a wider context, and we would expect that similar considerations will be in point under ECCTA once it’s fully in force.

Get in touch