The new tax fraud offence and CCO - how to manage the risks
How will the tax and fraud regimes interact and what steps should you consider taking to address them?
The similarities
The two regimes have much in common. Both are designed to drive better behaviours, and each includes a defence based on the taking of reasonable prevention measures. Both rely on associated guidance and, while this is not yet available under ECCTA, there is a statutory obligation on the Secretary of State to introduce it. This is expected next year.
The differences
There are important differences too. CCO looks at the facilitation of tax evasion and applies to all businesses, while ECCTA’s focus is on fraud and larger organisations only. Under ECCTA "fraud" includes the common law offence of cheating the public revenue, but other statutory offences too (e.g. false accounting and false statements by company directors under the Theft Act 1968, fraudulent trading under the Companies Act 2006 and fraud under the Fraud Act 2006). In addition, the "associate" involved must intend to benefit the organisation or others to whom it provides services on the organisation’s behalf (as with bribery) – and "associate" is widely defined. An organisation which was, or was intended to be, a "victim" of the fraud offence, however, will not be guilty.
Some things to think about in the meantime
While the ECCTA guidance regarding "reasonable prevention procedures" is not yet available, it can be assumed that it’s likely to follow CCO principles. In all probability this will include the need for a specific fraud risk assessment.
A robust CCO risk (or bribery risk) assessment should provide a helpful basis for this, although the scope will be broader in light of the statutory offences under ECCTA. A CCO risk assessment alone is therefore unlikely to suffice. Accordingly, now might be the time to prepare for a refresh of your CCO risk assessment (important anyway if there have been material changes to your business in the meantime) and to include ECCTA considerations at the same time. The statutory offences and the "associate" concept will merit particular attention here.
If you have introduced a tax evasion policy of some kind this could usefully be reviewed in light of ECCTA. The same goes for specific procurement and tendering processes, and any broader tax governance framework. At the same time, you might want to dovetail existing CCO tax evasion and prospective ECCTA fraud processes with your ABC and AML procedures.
CCO requires the right "tone from the top". This top level commitment is likely to be important under ECCTA as well. And of course the statutory offences here can attach to director behaviours. So the board will need to understand the scope of the new regime and to endorse the messaging.
CCO and other related training should be refreshed and widened to include ECCTA. Specifically, your training and associated internal guidance might usefully identify red flags relevant to both tax evasion and fraud.
If employees are required to give annual certification of compliance with firm policies and with any mandatory training, ECCTA should be included.
Contractual language amended for CCO might be reviewed to ensure that your "associates", in particular, understand their obligations from an ECCTA perspective too.
Your M&A due diligence procedures are likely to include consideration of CCO, and ECCTA should be added to the checklist in due course.
And finally
HMRC publish statistics regarding the status of their ongoing, and completed, CCO investigations. They emphasise that the lack of CCO charges suggests that the desired behaviours are being adopted. However, HMRC also make the point that, while there may have been no CCO charges, some of their investigations have uncovered other tax and regulatory issues. Equally, if CCO investigations do in due course uncover instances of facilitation then HMRC may wish to publicise. And so robust CCO procedures are important in a wider context, and we would expect that similar considerations will be in point under ECCTA once it’s fully in force.
