UK tax disputes set for further 'failure to prevent' corporate criminal offences

The new "failure to prevent fraud" offence, as set out in the Economic Crime and Corporate Transparency Act 2023, is finally expected to come into force in the first half of 2025, once the government has published the guidance prescribed by the legislation – this will be followed by an implementation period of at least six months.

The new fraud offence builds on the same "failure to prevent" approach adopted under the Criminal Finances Act 2017 (CFA) offences for failure to prevent the facilitation of tax evasion. We look at how these two sets of offences differ. We also consider the likely impact of the recent general election and what steps businesses should be taking now.

What is the new offence?

A relevant body, including a corporate or partnership, will be guilty of the new offence if one of its associated persons commits a specified type of fraud intending to benefit – directly or indirectly – the relevant body or a person to whom services are provided on its behalf.

For these purposes, an associated person includes (i) an employee, agent or subsidiary of the relevant body; or (ii) any person who otherwise performs services for or on behalf of the relevant body.

This is a strict liability offence meaning that, once the necessary components of the offence have been proven, the burden shifts to the relevant body to show that it had in place reasonable procedures designed to prevent its associated persons from committing the underlying fraud. It is not necessary to also prove any dishonest behaviour on the part of the relevant body itself.

Development of 'failure to prevent'

This "failure to prevent" approach was first adopted in the UK under the Bribery Act 2010 for bribery offences, followed by the CFA offences for failure to prevent the facilitation of tax evasion in 2017.

Previously, English law generally only permitted corporate prosecutions where the necessary dishonest behaviour could be attributed to the "directing mind and will" of the business; that is, members of senior management. The purpose of these new types of statutory offence is to make it easier for corporates to be prosecuted.

The new offence will only apply to "large organisations". Affected businesses will need to take steps to mitigate the risk that the new fraud offence presents ahead of UK government guidance before it comes into force next year.

CFA offences

Under the CFA, it is a criminal offence if a relevant body, including a corporate or partnership, fails to prevent its associated persons from facilitating tax evasion by third parties. These offences can apply to both UK and non-UK tax evasion. If it is UK tax evasion, it does not matter where the corporate entity is based or where the conduct of the relevant parties takes place. For non-UK tax evasion, the rules are complex but require some nexus to the UK.

Similar to the new fraud offence, the only statutory defence to the CFA offences is for the corporate to have had in place reasonable preventative procedures.

The new fraud offence covers different types of fraud, including tax evasion. There are, however, some important differences between the new fraud offence and the CFA offences.

Differences to the CFA regime

In particular, unlike the new fraud offence, the CFA offences apply to businesses regardless of their size. This means that small and medium-sized enterprises will need to focus on compliance with the CFA offences, while large organisations will need to consider both regimes.

The definition of a relevant body's associated persons is also broader under the new fraud offence, which, for example, means that a relevant body could be made liable for the actions of any subsidiary. In contrast, under the CFA offences, a subsidiary can only be an associated person if it is also performing a service on behalf of the relevant body (although, of course, from a risk perspective the group may not regard the point as important).

The new fraud offence includes a "benefit" requirement (see above) which is not present in the CFA offences.

There are further technical points that still need to be confirmed in the guidance. For example, no express provision is made in the legislation for territorial reach, although a previous government policy paper on the Economic Crime and Corporate Transparency Act stated that if "an employee commits fraud under UK law, or targeting UK victims, their employer could be prosecuted, even if the organisation (and the employee) are based overseas".

Labour government's plans

The Serious Fraud Office and the director of public prosecutions (DPP) have already stated that they intend to make early and full use of the new offence to tackle fraud more generally.

A similar approach is expected on tax, not least due to the likely impact of the new Labour government. In its "Plan to Close the Tax Gap", which was published shortly before the general election, Labour set an ambitious target of raising an additional £5.1 billion a year by the end of the Parliament from action on tax compliance – including proposals for an additional 5,000 HMRC compliance officers.

Labour's plans on tax compliance state that any additional resource for HMRC will be strategically focused to maximise returns, in particular on larger businesses where the scope and scale of any tax errors are invariably larger. The party's plans also make specific reference to the lack of prosecutions under the CFA offences and Keir Starmer's record on white-collar tax evasion in his former role as DPP. With plans to also introduce quarterly non-public reporting to relevant ministers on the volumes and nature of criminal powers deployed by HMRC, the prospects of a first CFA prosecution could be much higher under a Labour government.

The introduction of the new fraud offence can only provide a further impetus for HMRC to target corporates in relation to tax evasion.

Osborne Clarke comment

The only statutory defence to both the new fraud offence and the CFA offences is for the relevant body to have had in place reasonable preventative procedures. While the guidance on the new fraud offence is still awaited, it seems likely that any defences will need to be built around the same six pillars that underpin the guidance for the CFA defence (and the similar Bribery Act defence). By extension, businesses should assume that HMRC will want to consider these various offences together as a package – whether as part of active investigations or in terms of the Business Risk Review process (of which the CFA already forms part).

Businesses should be taking steps ahead of the new fraud offence coming into force to mitigate risk. In respect of tax, businesses will also want to ensure that this is combined with a review of any existing procedures for the CFA. In our experience, many businesses still do not have adequate CFA procedures in place, which includes those that may have inadequately implemented "off-the-shelf" procedures or businesses who have not since 2017 reviewed the effectiveness of their policies both generally and to reflect changes in the business.