Internal Audit to Play a Leading Role in Tax Evasion Prevention

John Cassey, Director Protiviti Forensic, UK

UK authorities now have the power to prosecute any individual or company that fails to prevent the facilitation of tax evasion either in the UK or abroad. The new offence was introduced by the Criminal Finance Act – passed into UK law on 22 April 2017 – which strengthened the existing powers of law enforcement with the introduction of unexplained wealth orders and interim freezing orders. The Act also introduced changes to the suspicious activity reports (SARs) regime designed to ensure more effective communication between financial institutions when raising SARs.

The Act contains new clauses that  state that any business entity will be automatically liable if it fails to prevent the facilitation of tax evasion by an associated person, which can include employees, even if the entity was not directly involved in the act or was unaware of it.  Under the new rules, associated persons who facilitate tax evasion can include any employee, agent or other person who performs services for or on behalf of the business entity. Examples of facilitation would include when an employee is persuaded by a client to re-issue an invoice to a foreign/offshore company to avoid incurring VAT, or when a tax advisor approved by a financial institution to assist with a customer’s tax matters knowingly assists the customer to evade tax. There are many potential scenarios depending on the nature of the business and the type of transactions it conducts. All businesses are potentially at risk, although large, international corporations with complex, disparate business structures and operations are likely to be at greatest risk.

A prosecution for failure to prevent tax evasion could lead to a criminal conviction and unlimited penalties. Although businesses are not expected to be able to eliminate all conceivable risk of an associated person facilitating tax evasion, reasonable prevention procedures are considered to be a credible defence. HM Revenue & Customs have published guidance on complying with the Act, which includes recommended procedures; however, the real test for what’s reasonable for a company likely will rest with the courts.

The Role of Internal Audit

The internal audit function should play a leading role in securing the organisation against liability due to its unique knowledge of the firm’s risks, controls and its potential weaknesses. First, organisations should conduct a risk assessment to establish, with the support of tax specialists if necessary, any schemes, transactions or business arrangements in the UK and overseas that have been facilitated by associated persons. Firms should identify the types of tax evasion scenarios that associated persons could instigate that may impact the business; identify the network of associated persons; assess all potential risk areas (e.g., country, business sector, supply chain, etc.); and finally, establish the existing level of internal controls and assurance around the probity of people, schemes, transactions, business arrangements and tax advice facilitated by associated persons.

To minimise risk, organisations should implement certain risk mitigation actions, which may include creating new controls for high-risk areas, adding clauses to employee and third-party contracts requiring them to report tax evasion, conducting additional staff training to help recognise fiscal crime, encouraging whistleblowing, and regularly reviewing prevention controls.

Plan for Compliance

Protiviti has created a four-point plan to help businesses ensure compliance with the new rules:

  1. Understand how the new legislation affects your business and its commercial relationships: Many of the law’s provisions relate to increasing transparency and information sharing, preventing suspicious money trails from going any further, and tackling financial crime. These provisions are most likely to impact regulated businesses. Some businesses are likely to be more vulnerable to tax evasion, including those with complex and non-transparent company structures; those with tax planners serving private clients with large asset holdings in low-tax offshore jurisdictions; and entities such as religious organisations and charities, which may be used as a vehicle for money laundering.
  2. Review and update policies and procedures: Senior management need to ensure that policies and procedures are updated and communicated in a clear and practical way. Firms will be expected to demonstrate that they have “reasonable prevention procedures” in place to combat the facilitation of tax evasion and should consider whether new or additional procedures are necessary, including those for associated persons, depending on risk levels and potential exposure.
  3. Prepare and train staff: Identify staff likely to be impacted by the new legislation, such as customer-facing teams, and compliance and internal audit groups. Provide training to ensure that employees are aware of the legislative changes and the impact on their job roles. Circulate regular communications to reinforce the company’s policy and staff responsibilities.
  4. Review existing commercial relationships: Consistent with taking reasonable prevention procedures, firms should adopt a risk-based approach to dealing with the assessment of their existing relationships. This might include a review of associates or relationships that could expose the organisation to the risk of tax evasion. Regulated firms may already be covered, to some degree, as part of their periodic review of “know your customer” (KYC) information for anti-money laundering purposes, as KYC requires greater scrutiny of customer probity that may identify potential tax evasion. Nevertheless, all businesses, regulated or otherwise, should review their existing relationships to ensure potential risks are properly mitigated.

Add comment