Criminal Finances Act 2017: overview for a concerned contractor sector

First introduced in September 2017, the Criminal Finances Act 2017 (CFA) is still yet to claim its first prosecution, but that’s not stopping contractors, agencies, and umbrella companies all asking about it, writes Chris Mattingly, lead compliance specialist at WTT Consulting.

When the other shoe does eventually drop, and a prosecution under the CFA does finally emerge, what should we expect? And what might the contractor sector see?

What is the objective of the CFA?

To begin to offer some sort of answer, let’s first look at what the 2017 legislation is designed to do. 

In simple terms, the CFA is designed to punish those who fail to prevent the criminal facilitation of either UK or foreign tax evasion.

Modelled on the Bribery Act 2020, the CFA extends corporate liability beyond the commission or facilitation of tax evasion to include the ‘failure to prevent’ the commission or facilitation of tax evasion. 

What is a key point of the CFA?

The failure to prevent is a key point, in that the scope of liability is widened such that a corporate criminal offence can be committed by a party at one end of the supply chain for the actions of an associated party lower down the supply chain, regardless of that party’s knowledge that an offence has occurred. So, in one foul swoop, it is no longer possible for companies to turn a blind eye to the criminal actions of their associates.

With long and complex labour supply chains, the CFA looks particularly relevant to the UK contracting sector, and therein lies the concern and root of all the questions.

CFA: A contractor sector case study

For example, let’s say a client – we’ll call them Megabank plc, engages a contractor through their trusted recruitment supplier, ‘Gotu-a-job.’ However, on this occasion, Gotu-a-job struggled to find a candidate, so Megabank used an unfamiliar agency -- ‘x’, who in turn engages an umbrella company ‘y’ employing the contractor, ‘z’. Unfortunately, supply chain due diligence is poor, and the umbrella is in fact facilitating tax evasion through a scheme dressed up as tax avoidance. 

In this example, the CFA has the scope to punish any party in the supply chain (Megabank; Gotu-a-job; x, y or z), for their part in failing to prevent the criminal facilitation of tax evasion. That is -- unless the party can prove they took reasonable steps to prevent the crime, or that it was not reasonable to expect them do so. 

Now, let’s take a closer look at the legislation; conditions for liability and its key terms

The Corporate Criminal Offence: up close and technical

The UK tax evasion offence applies to all businesses worldwide and will also apply to any business with certain UK connections. 

For the UK corporate criminal offence to be committed there are three stages that must be met: 

1. The Crime -- the criminal tax evasion by a taxpayer (either an individual or a legal entity) under existing law; 
2. The Facilitation – the crime has been deliberately and dishonestly facilitated by an “associated person” (which can be either an individual or a legal entity) who is acting for or on behalf of a relevant body (meaning a body corporate or partnership wherever incorporated or formed); and 
3. The Failure to Prevent -- the relevant body failed to prevent its representative from committing the criminal facilitation act. 

Strict liability 

The corporate criminal offence is a strict liability offence, meaning that if the crime has been committed at stage one, with facilitation at stage two, the relevant body will have committed the corporate offence unless it can demonstrate it has established reasonable prevention measures to prevent the offence occurring in the first place; or it was not reasonable in all the circumstances to expect the relevant body to have any prevention procedures in place.

And how about the foreign offence? 

The foreign offence operates in a broadly similar way to the UK tax evasion offence, albeit it is slightly narrower in scope, in that only certain relevant bodies with a “UK Nexus” can commit the foreign revenue offence and, in relation to the criminal offence there is “dual criminality”. 

What is UK Nexus?

UK Nexus means the foreign tax offence can only be committed by a relevant body who is either incorporated under UK law, carrying on a business or other undertaking from a permanent establishment within the UK, or whose associated person is located within the UK at the time of the criminal act that facilitates the evasion of the overseas tax. 

What is Dual Criminality?

Dual Criminality means that in order to prosecute a foreign tax evasion facilitation offence, the overseas jurisdiction must have:

1. An equivalent tax evasion offence at the taxpayer-level, and it must be the case that the actions carried out by the taxpayer would constitute a crime if they took place in the UK; and  
2. An equivalent offence covering the associated person’s criminal act of facilitation, and it must be the case that the actions of the associated person would constitute a crime had they took place in the UK. 

The Defence: What are reasonable prevention measures? 

For both the UK and foreign offence, the only real defence is to establish and implement “reasonable” prevention measures.

“Reasonable” is of course subjective, but broadly-speaking it means that in the circumstances, could the relevant body be expected to have implemented measures that would have prevented the criminal facilitation of tax evasion, and would it have been reasonable to have expected them to do so?

Back to Megabank…

If we put this into the context of our case study above, it would be considered reasonable for Megabank plc to procure that its suppliers (including the unfamiliar agency ‘x’) take certain steps to secure their labour chain, with the effect that any umbrella (‘y’) is carefully vetted to a set of prescribed due diligence standards. And these standards would need to be continuously monitored. In such circumstances, it would be near on impossible for y to operate a tax avoidance scheme, but if it did, a defence could be established (by Megabank for example), to show that reasonable prevention measures had been implemented to prevent such a crime occurring. 

“Reasonable” can also be measured by the size of the relevant body. Megabank for instance will likely have substantial resources in its legal and compliance department compared to that of it suppliers, so Megabank cannot simply offload its responsibilities to its suppliers and hope for the best, nor could it rely of the presence of a third-party trade accreditation.

Rather, to create a robust defence, Megabank would need to demonstrate it has considered and implemented proportionate measures that both inform and monitor the continuous behaviour of its suppliers (including Gotu-a-job) -- and anyone acting on their behalf.

So what can we expect with the first CFA prosecution? 

Ultimately, the CFA sets a high bar for prosecution, so a conviction won’t come easily, with larger corporations likely to enter into a deferred prosecution agreement.

 But that must not stop companies from mitigating their risk! The penalties for the offence include unlimited financial penalties, and ancillary orders such as confiscation orders.

Beyond the financial consequences, the reputational risk from having their organisation outed in the media for facilitating tax evasion should be enough of an incentive for anyone to comply!

Compliance, cases, and case law -- very soon potentially

Eventually, these pressures will flow down the supply chain and compliance with CFA will be the only way to do business. 

And we may not have to wait too long. According to a response under the Freedom of Information Act released in June, HMRC had 28 potential CCO cases in progress, seven of which were ‘live,’ in additional to a further 21 cases in the pipeline.

But as mentioned, a prosecution won’t come easily, and HMRC will want to be on firm ground with their first case.   

Last but not least, what about contractors?

Contractors should ultimately benefit from the CFA. If the bad actors are squeezed out of the supply chain, the contracting world will be a better and safer place. That said, contractors should be mindful of any contractual indemnities that could place them on the hook or at risk from this corporate criminal offence. In 2023 and beyond, choose your business partners wisely.