Back to Insights
Compliance

Corporate Criminal Offence: Failure to Prevent the Facilitation of Tax Evasion

Part 3 of the Criminal Finances Act 2017 created a corporate offence for failing to prevent the facilitation of tax evasion. Every business needs documented prevention procedures.

Sarfraz Chandio
9 min read

Buried in Part 3 of the Criminal Finances Act 2017 are two of the most consequential corporate offences enacted in the last decade: failure to prevent the facilitation of UK tax evasion, and failure to prevent the facilitation of foreign tax evasion. Often referred to as the Corporate Criminal Offence (CCO) or "failure to prevent" offences, they apply to every UK incorporated company and every body corporate or partnership carrying on business in the UK — regardless of size — and they impose strict liability subject only to a "reasonable prevention procedures" defence.

The structure of the offence

A "relevant body" commits an offence if a person associated with it commits a tax evasion facilitation offence in the course of that association. The architecture has three stages:

  • Stage 1: a taxpayer (third party) criminally evades tax. This must itself meet the criminal standard.
  • Stage 2: an "associated person" of the relevant body criminally facilitates that evasion, knowingly. Associated persons include employees, agents, and any other person performing services for or on behalf of the relevant body.
  • Stage 3: the relevant body failed to prevent that facilitation.

If stages 1 and 2 are proved, the relevant body is criminally liable at stage 3 unless it can establish the statutory defence.

The defence: reasonable prevention procedures

The only defence is that the relevant body had in place such prevention procedures as it was reasonable in the circumstances to expect it to have, or that it was not reasonable in all the circumstances to expect it to have any prevention procedures. There is no de minimis exemption: a one-person business is in scope, although the procedures expected will be proportionate to its size and risk.

HMRC's six guiding principles

HMRC's published guidance organises reasonable prevention procedures around six principles. The guidance is not law, but a body that aligns with the six principles is much better positioned to defend a charge:

  • Risk assessment: a documented assessment of how associated persons could facilitate tax evasion, across customers, products, transactions, geographies, and channels.
  • Proportionality of risk-based prevention procedures: controls calibrated to the assessed risk, not a one-size-fits-all checklist.
  • Top-level commitment: visible board or senior leadership ownership.
  • Due diligence: appropriate diligence on associated persons commensurate with the risk they present.
  • Communication and training: communication of policies to associated persons, with training that they will retain.
  • Monitoring and review: periodic review of prevention procedures and adjustment as risk changes.

Who is an "associated person"

This is wider than employees. It includes:

  • Employees, officers and directors.
  • Agents acting for the body.
  • Contractors and consultants performing services for or on behalf of the body.
  • Subsidiaries (where they act on behalf of the parent).

The wide definition matters because many tax evasion facilitation risks arise in the agent and contractor base — payroll providers, recruitment agencies, distribution partners, foreign sales agents.

Common risk areas

In practice, the elevated-risk facilitation scenarios include:

  • Payroll / employment intermediaries that miscategorise workers to avoid PAYE and NIC.
  • Cross-border invoicing structures that misallocate margin or VAT.
  • Cash-intensive supply chains where suppression of receipts is feasible.
  • Foreign sales agents in jurisdictions with weaker enforcement, where local tax fraud could implicate the UK principal.
  • Contractor introduction activities that could amount to enabling disguised remuneration.

Penalties

Conviction carries unlimited financial penalties, ancillary orders (such as confiscation of proceeds, debarment from public contracts), and the reputational consequences of a criminal conviction on the body. Individual associated persons commit the underlying facilitation offence separately and face personal criminal liability.

Documentation

Defending a charge requires evidence. The documentation most often relied upon includes:

  • The board-approved risk assessment, dated and version-controlled.
  • A written policy on the prevention of the facilitation of tax evasion.
  • Training records, ideally with completion certificates and refresher cadence.
  • Due diligence files on agents, contractors and high-risk associated persons.
  • Contractual provisions in supplier and agent agreements requiring compliance and audit rights.
  • Periodic review minutes showing the framework has been refreshed.

Implementation for SMEs

Many small and medium businesses initially assume the regime does not apply to them. It does. The proportionality principle means a five-person business is not expected to run the same framework as a multinational — but it is expected to have done a risk assessment, to have a policy, and to have communicated it to staff and contractors. The cost of a proportionate framework for an SME is modest; the cost of defending an unframed allegation is not.

Interaction with other regimes

The CCO sits alongside the AML regime under MLR 2017, the Bribery Act 2010's "failure to prevent bribery" offence (with its very similar adequate procedures defence), the SAO regime for large companies, and emerging "failure to prevent fraud" offences. The most mature compliance teams now treat these as a single "failure to prevent" governance framework with shared risk assessments and training. Our business advisory team frequently runs combined reviews of these obligations for clients who have grown into multiple regimes simultaneously, alongside their tax planning and annual accounts work.

Practical first steps

  1. Run a risk assessment identifying where associated persons could facilitate tax evasion.
  2. Document a written policy and circulate it to staff and contractors.
  3. Update agent and supplier contracts with compliance clauses.
  4. Deliver training proportionate to role.
  5. Diary an annual review with board sign-off.

If you would like help establishing or refreshing a reasonable prevention procedures framework, book a call or reach us via the contact page. The earlier the framework is in place, the stronger the defence will be if it is ever tested.

Share this article
LinkedIn Twitter Email

Ready to take control of your finances?

Join hundreds of UK businesses growing with PushDigits. Book your free discovery call today.

Book a Free Discovery Call
Book a meeting today
Talk to our AI advisor