"'Failure to Prevent': The Implications for Global Financial Institutions"

by Skadden, Arps, Slate, Meagher & Flom LLP
Contact

Skadden, Arps, Slate, Meagher & Flom LLP

The U.K. government is set to introduce a new corporate criminal offence, based on the strict liability of the entity in question. It almost certainly will come into force in 2017, once the Criminal Finances Bill (Bill) is passed.

This new offence, known simply as Failure to Prevent, has an underlying component, namely preventing the facilitation of criminal tax evasion. It has extraterritorial effect, and it mirrors the U.K. Bribery Act by providing the corporate with an adequate procedures defence. All entities, whether or not based in the U.K., will have to demonstrate that they have implemented adequate and appropriate procedures to prevent the facilitation of criminal tax evasion. We anticipate, as with money laundering legislation, that this statute will become the “gold standard” for other governments seeking to meet public disquiet about the perceived levels of tax evasion. At the same time, the U.K. intends to consult on broadening the underlying component beyond preventing tax evasion to encompass most financial crimes, and at the time of writing, amendments have been proposed during the passage of the Criminal Finances Bill through Parliament, which broaden the component to include certain economic crimes.

We consider below the background to the new offence, as well as some of the specific implications for global financial institutions (GFIs).

Background to the New Criminal Offence

The Bill had its first reading on October 13, 2016. It introduces two new corporate offences; failure to prevent persons associated with the corporate — “associated persons” (Associated Persons) — from: (a) facilitating U.K. tax evasion or (b) facilitating foreign tax evasion.

This follows significant consultation by Her Majesty’s Revenue and Customs (HMRC) during the course of 2015 and the release of draft legislation and guidance for comment between April and October 2016. As stated by the Home Office in its press release accompanying publication of the Bill, the new offences are aimed at “sending out a clear message that anyone doing business in and with the UK must have the highest possible compliance standards.”

Basic Components HMRC’s draft guidance (updated in October 2016) makes clear that both offences are founded on three basic components:

(a) criminal tax evasion by a taxpayer (either an individual or a legal entity) under existing law;

(b) criminal facilitation of the tax evasion by an Associated Person of a “relevant body” (Relevant Body) (while acting in the capacity of an Associated Person); and

(c) the Relevant Body failed to prevent its Associated Person from committing the criminal facilitation act.

Where the tax evasion is in relation to foreign tax, two additional criteria must be met, namely:

(d) the Relevant Body must have a sufficient U.K. nexus (i.e., it must be incorporated or carrying on business in the U.K. or its Associated Person must have carried out the criminal facilitation in the U.K.); and

(e) there must be dual criminality (i.e., the conduct of both the taxpayer and the facilitator must be recognised as criminal offences in both the U.K. and the jurisdiction to which the foreign tax relates).

Key Concepts

Clearly, Relevant Body and Associated Person will be key concepts for the purposes of these new offences. Potentially problematic from a compliance perspective, however, is that both concepts are broadly defined.

A Relevant Body may be a body corporate or partnership (wherever incorporated or formed) or a firm or entity of a similar character formed under the law of a foreign country. Of similar breadth, a person will be acting in the capacity of a person associated with a Relevant Body where the person is: (a) an employee of the Relevant Body acting in the capacity of an employee; (b) an agent of the Relevant Body acting in the capacity of agent; or (c) performing services for or on behalf of the Relevant Body and acting in the capacity of a person performing such services. Circumstance (c) in particular, expands the definition of Associated Person to a significant range of entities and is likely to include third-party advisers and those delivering the “infrastructure” that enables tax evasion to take place (for example, virtual offices, invoicing services and IT systems all are targeted).

Primary and Secondary Offences

In order for either new offence to be committed, both a primary tax evasion offence and secondary “facilitation” offence must be committed, although neither needs to have been separately prosecuted successfully.

Current U.K. law contains various statutory tax evasion offences (usually requiring the taxpayer to have been knowingly concerned in or, in the case of certain taxes, knowingly taking steps with a view to the deliberate and dishonest non-payment of tax), as well as a more general common law offence of cheating the public revenue (i.e., carrying out deliberate and dishonest conduct (including omissions) with the intention of defrauding HMRC by failing to pay sums lawfully due). As currently drafted, the Bill allows for any of these offences to satisfy the requirement of a primary tax evasion offence.

Similarly, current U.K. law provides a range of facilitation offences relevant to tax evasion, because facilitators may be caught both under the same statutory provisions as the primary taxpayer (as a person knowingly concerned in or, in the case of certain taxes, knowingly taking steps with a view to the deliberate and dishonest non-payment of tax by another person) or through the wider “aiding and abetting”-style criminal offences provided by the Serious Crime Act 2007 (i.e., by encouraging or assisting the tax evasion offence either intentionally or believing that the offence would be committed). Again, the Bill allows for any of these offences to satisfy the requirement of a secondary facilitation offence.

Once it is found that a primary tax evasion offence has been committed by a taxpayer and an Associated Person of a Relevant Body committed a secondary facilitation offence in relation to that primary offence (and, where the primary tax evasion offence relates to foreign taxes, the Relevant Body has a sufficient U.K. nexus and there is dual criminality), the Relevant Body is prima facie liable for the relevant new corporate offence as a matter of strict liability. Crucially, and unlike the Bribery Act, it is not necessary for there to be any intention on the part of the Associated Person to benefit the Relevant Body through committing the secondary tax evasion facilitation offence.

Reasonable Prevention Procedures Defence

The new provisions allow a defence if the Relevant Body can show reasonable procedures were in place to prevent its Associated Persons from committing any secondary facilitation offence (the Reasonable Prevention Procedures Defence).

The procedures must be those that it would be reasonable in all the circumstances to expect the Relevant Body to have implemented.

According to the current HMRC guidance for the new criminal offence (the HMRC Guidance), such procedures will depend on a range of considerations including the size, complexity, industry and risk profile of the Relevant Body in question. In any event, procedures should be informed by HMRC’s six Guiding Principles, namely: (a) risk assessment, (b) proportionality, (c) top-level commitment, (d) due diligence, (e) communication (including training), and (f) monitoring and review, all of which have been directly taken from the Ministry of Justice Guidance to the Bribery Act.

The Guiding Principles show the emphasis that these new offences place on top-level management taking responsibility for the actions of their Associated Persons, for promoting a zero-tolerance attitude to the facilitation of tax evasion and for developing appropriately geared and effective compliance structures within their organisations. This approach contrasts starkly with the current U.K. law on corporate criminal liability that was seen, during and since the Financial Crisis, as encouraging senior management to “turn a blind eye” to the criminal acts of their employees and to discourage internal reporting.

Prosecution and Penalties

While prosecution under either of these new offences first must satisfy a “public interest” test, in the current political climate we anticipate that GFIs will face particular scrutiny and may well be the first to be investigated and/or prosecuted for the criminal facilitation of tax evasion (think action taken against a number of large banks post the global financial crisis, the Swiss tax scandal and the Panama Papers). These industries also are regulated and should not only be anticipating attention from HMRC, but also from the Financial Conduct Authority (FCA) and, in the longer term, other similar regulators in other jurisdictions. Indeed in recent years the FCA has levied very significant fines against GFIs for failure to implement adequate bribery, corruption and money laundering controls, and there is no reason to believe it will not take the same approach when the legislation is in force.

Prevention of financial crime and anti-money laundering continue to be a core priority for the FCA (included in its 2016/17 Business Plan). There is every reason to expect a similar approach to preventing tax evasion offence.

Conviction carries significant penalties. Relevant Bodies face the possibility of unlimited financial penalties as well as other orders, such as confiscation or serious crime prevention orders, not to mention potentially significant reputational damage.

It is worth noting that the penalties on the entity itself are in addition to any penalties that may result from the primary and secondary offences for the actual taxpayer and facilitator involved.

Implementation

The Bill is currently progressing through Parliament and was given its second reading on October 25, 2016. While there is still a way to go before it receives Royal Assent, passage of the Bill thus far has been rapid, and there is speculation that it may come into force as early as spring 2017.

While the HMRC Guidance provides for an initial implementation period (during which a lower threshold should apply for the Reasonable Prevention Procedures Defence, it goes on to highlight that “[at] the same time the Government expects there to be rapid implementation, focusing on the major risks and priorities, with a clear timeframe and implementation plan on entry into force.”

Application of the Guiding Principles in Practice

The Guiding Principles are intended to be “outcomes focussed” and flexible and should be proportionate to the risk faced by the institution. The offence of criminal facilitation of overseas tax evasion, may be the most troubling for GFIs, given the divergent approaches taken in many jurisdictions to the payment of tax and the lack of a consistent international approach to criminal tax evasion. This undoubtedly will add a significant level of complexity and cost to an already complex compliance environment. The Guiding Principles make clear that it will be insufficient to simply add “tax” to the list of other procedures such as Know Your Customer (KYC), anti-bribery and anti-corruption policies.

1. Risk Assessment

For GFIs, an appropriate risk assessment should involve a detailed and well-documented assessment of their employees, agents and other Associated Persons and ask whether they have a motive, the means and the opportunity to facilitate criminal tax evasion offences and, if so, how this risk might be managed. It also will mean a careful analysis of operations and functions carried out in higher risk jurisdictions, including a review of secrecy laws and whether the country subscribes to the Common Reporting Standard, sectoral risk, transaction risk, business opportunity risk, business partnership risk, product risk and customer risk. The Joint Money Laundering Steering Group (JMLSG), which provides guidance on high and low risk factors, also may provide useful direction for best practice.

Common themes will include an oversight of risk assessments by senior management, an allocation of appropriate resources, the identification of information sources to enable risk assessment and review, due diligence, the documentation of risk assessments, periodic reviews, and procedures to identify emerging risks and internal challenge to risk assessments. As part of this process, risk assessments should consider whether internal structures, procedures and ‘culture’ add to the level of risk. This might include a review of training and the compensation structure, and whether there are any deficiencies in submission of Suspicious Activity Reports (SARs).

2. Proportionality

What constitutes reasonable procedures for the purpose of the Reasonable Prevention Procedures Defence should be proportionate to the risk faced by the institution. This will depend upon the nature, scale and complexity of the entity’s activities. For example, tax advisory and private wealth management are identified as having particular high risk. Reasonable procedures are likely to include common elements, such as a clearly articulated risk assessment, top-level commitment, articulation of the approach to mitigating risks, overview of strategy and timeframe to implement policies, monitored and enforced compliance, procedures reviewed for effectiveness, clear pathways for reporting wrongdoing, protection for whistleblowers and commitment to compliance over profit.

3. Top-Level Commitment

Senior management will be expected to take responsibility for implementing prevention measures, to endorse the policy, to have responsibility for raising awareness, to engage with a Associated Persons and external bodies, to be responsible for certifying the assessment of risk, to implement and oversee disciplinary procedures and to commit to adequate whistleblowing processes. There is no individual offence directed at senior management, but for regulated firms, the top level commitment principle creates an additional level of responsibility on top of the FCA’s new senior managers’ regime.

4. Due Diligence

GFIs should ensure that due diligence procedures are capable of identifying the risk of criminal facilitation of tax evasion by Associated Persons and, if appropriate, to their own clients. This may mean that certain business groups may require increased scrutiny based on risk assessments.

The examples in the Guiding Principles state that for a low-risk business it may only be necessary to perform due diligence on counterparties rather than further along the supply chain. Given the examples stating that the financial services industry is higher risk, this suggests that consideration should be given to persons with whom GFIs deal indirectly as well as directly.

5. Communication (Including Training)

GFIs should seek to ensure that policies and procedures are communicated, embedded and understood throughout the organization, through internal and external communication, including by way of training. Internal communication should make clear that the organisation has a zero-tolerance policy and outlines the consequences of breach. Internal communications also should provide clear channels for employees to communicate any questions that they have. External communications can act as a strong deterrent to those who otherwise might seek to use the firm’s services to further illegal activity.

Appropriate training is likely to include an outline of the organisation’s policies and procedures, an explanation of when and how to seek advice and report suspicions, an explanation of what constitutes U.K. and foreign “tax evasion” and associated fraud, an explanation of the employee’s legal duties, a summary of the penalties, and an overview of the social and economic effects of failing to prevent tax evasion.

6. Monitoring and Review

The nature of the risks faced will change over time, and the firm should seek internal feedback, perform periodic reviews and work with representative bodies to review their procedures.

Conclusion

In light of recent, well-publicised instances of tax evasion, the scope of the Failure to Prevent offence is hardly surprising, and based on the scope of the HRMC Guidance there is every reason to expect that GFIs will be required to uphold high compliance standards and to actively monitor and manage the risks posed by employees, agents and other Associated Persons going forward.

Download PDF

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Skadden, Arps, Slate, Meagher & Flom LLP | Attorney Advertising

Written by:

Skadden, Arps, Slate, Meagher & Flom LLP
Contact
more
less

Skadden, Arps, Slate, Meagher & Flom LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.