Personal Liability for Senior Accounting Officers Over Tax Accounting Arrangements— First Court Decision Provides a Cautionary Tale

by Shearman & Sterling LLP

The UK Senior Accounting Officer (SAO) regime was brought in by the Finance Act 2009 and requires large companies and groups to identify the individual who is responsible for certifying to the UK tax authority (HMRC) each year that “appropriate tax accounting arrangements” are in place. The SAO has personal liability to take reasonable steps to ensure that this is the case, with a breach of the rules resulting in a flat-rate personal penalty of £5,000. In Kreeson Thathiah v. HMRC, the SAO regime was tested in the courts for the first time and the judgment provides useful practice points as to what “appropriate tax accounting arrangements” might look like in practice. The judge cancelled the penalties HMRC sought to impose on Mr. Thathiah. SAOs should take some comfort in the common sense, pragmatic approach the judge took. What constitutes “reasonable steps” for an SAO to comply with the regime will depend on the size of the business and the resources available. While ultimately a victory for the SAO, the way that HMRC approached this case provides a cautionary tale for all SAOs.

The SAO Regime

The SAO regime aims to protect the tax yield by identifying a clear point of responsibility for tax accounting within large companies and groups, in the hope that the prospect of personal liability means that an SAO will adopt rigorous tax accounting policies and procedures resulting in fewer errors in tax returns.

The SAO regime applies in relation to each “qualifying company,” being a UK incorporated company which itself has, or which is a member of a group in which the UK incorporated companies have on an aggregate basis, a turnover of over £200 million or balance sheet assets of over £2 billion. A qualifying company must identify the director or officer who has overall responsibility for the company’s financial accounting arrangements (the SAO), and notify HMRC of his or her identity (failure to do so carries a penalty). Under paragraph 1 of Schedule 46 to the Finance Act 2009, the “main duty” of the SAO is to take reasonable steps to ensure that the company establishes and maintains appropriate tax accounting arrangements, to take reasonable steps to monitor those arrangements, and to improve them if appropriate. “Appropriate tax accounting arrangements” means accounting arrangements that enable the company’s UK tax liabilities to be calculated accurately in all material respects. The SAO must certify to HMRC each financial year that the relevant company had such arrangements throughout the financial year and, if not, give an explanation of the deficiencies. Failure to comply with the main duty at any time in a financial year results in a personal flat-rate penalty for the SAO of £5,000, unless the SAO can establish that there was a reasonable excuse.

The Case


Kreeson Thathiah v. HMRC[1], heard before the First-Tier Tribunal Tax Chamber (the Tribunal), was an appeal by Mr. Thathiah (the appellant), the former finance director of the Lenlyn group of companies. Lenlyn is a family controlled, unlisted group, including a UK incorporated company which was the VAT representative member for a currency exchange and other cash handling businesses. As with many financial services businesses, the VAT recovery position of the group was somewhat complex and would have been an obvious issue requiring careful attention from both the taxpayer company and HMRC. During his time with the group, the appellant provided unqualified certifications to HMRC as the SAO of a number of group companies for the financial years ending 2011 through 2013.

It was only following the appellant’s departure from the group (for unrelated reasons) that historic errors in the VAT returns of one of the group companies were uncovered by KPMG, the quantum of the errors being estimated at around £1.36 million. As is often the case, the errors came to light in the course of a vendor due diligence exercise for a potential sale to a third party. The errors themselves were various and related to VAT erroneously recovered on exempt supplies, VAT recovered twice on the same property, costs incorrectly allocated under the partial exemption special method and the incorrect application of the reverse charge mechanism. KPMG issued an error correction notice detailing the errors to HMRC. The appellant’s subsequent evidence was that he would have challenged at least some of the conclusions reached in the error correction notice if he had been given the chance. The appellant’s successor as SAO qualified the SAO certificate for the year Mr. Thathiah had left by reference to “one failing in internal control functions relating to the reporting and recoverability of VAT in respect of specific areas.”

At the request of HMRC, the appellant subsequently met with HMRC. As the appellant had left the group by this stage, he had not seen the written error correction notice provided by KPMG (and HMRC asserted that taxpayer confidentiality prevented them from showing it to him at this stage). The Tribunal did not consider that he was in a position to address the issues properly at the meeting. Following the meeting, HMRC made penalty assessments against the appellant of £5,000 each in respect of the financial years ended in 2012 and 2013. The appellant appealed the penalty assessments, ultimately to the Tribunal.

Reasonable Steps

Much of HMRC’s approach to the case was on the footing that there had plainly been a breach of the main duty, and focused on whether the appellant could show a reasonable excuse for his breach. However, the Tribunal noted that the existence of material or repeated errors does not necessarily signal that the main duty has been breached. For a breach to be established, it must be shown that there has been a failure by the SAO to take “reasonable steps” to ensure that the company establishes and maintains appropriate tax arrangements. This is not an absolute duty to ensure that the arrangements exist. Whether reasonable steps have been taken is not a “one size fits all” question. It will include consideration not only of the size and complexity of the business, but also of the resources available to the individual in question and his or her authority to bring about change.

In this instance, one might think that Mr. Thathiah had taken a good deal of trouble with his duties in mind. All the more so as the finance team was described by KPMG as “a relatively small one” and by the appellant as being “run on a shoestring”—he had on numerous occasions requested additional resources for the tax function (although these requests were not always granted).

In particular, the appellant had: (1) established an internal tax team of two people with whom he met frequently (an experienced accountant as financial controller, and a tax manager with a payroll tax background who received VAT training and on-going support from KPMG); (2) increased automation in an effort to reduce errors; (3) expanded the tax risk register; and (4) introduced a comprehensive group tax policy document. In addition, KPMG was engaged to conduct a yearly audit, which involved a substantive review of the VAT calculations and checking sample invoices against the returns. The appellant relied to a large extent on the work performed by his staff and KPMG although he retained the ultimate authorisation powers and conducted sense checks, which were essentially variance checks comparing VAT figures included in one return to equivalents in earlier returns to look for anomalies.

A difficulty for Mr. Thathiah, quite apart from errors having come to light after he had left the business, was that HMRC’s internal manual on the SAO regime included a specific reference to sampling. That is, it gave an example of a business in a complex VAT recovery position which conducted quarterly sampling of invoices, as a means of double checking whether services were appropriately classified for VAT purposes. The manual stated that this meant there were appropriate checks and controls, so that miscoding a small number of invoices through human error would not be regarded as a shortcoming in the tax accounting arrangements. HMRC’s case was essentially that Mr. Thathiah only performed variance tests against earlier periods, rather than sampling (he relied on KPMG’s annual audit for this), meaning that consistent errors would not be detected and would become embedded, and that for a business with complex VAT affairs this prima facie amounted to a breach of the paragraph 1 main duty.

Whilst the Tribunal agreed with HMRC that the company’s arrangements were not, in fact, “appropriate tax accounting arrangements,” the Tribunal concluded that the appellant had taken reasonable steps to establish and maintain appropriate tax accounting arrangements. Essentially, it agreed with his case that he had done what he could with the resources available. The team and company size were relevant considerations as to what amounted to “reasonable steps” in context, and the Tribunal considered that it had not been inappropriate for the appellant to rely on KPMG and his staff—one of whom had received full training and had access to ongoing support from KPMG, and the other, though not a tax specialist, was an experienced accountant. The Tribunal found that the appellant had put procedures in place, and that, whilst largely undocumented, in the context of a small team this was not necessarily problematic, so long as the procedures were well understood by those involved. While sampling would be desirable in principle, the Tribunal was not satisfied that HMRC had established a breach of the main duty due to its absence.

Discussion and Practical Points

Mr. Thathiah was in a rather invidious position—it seems to have been taken as read that there had been failures in internal control functions before he was even made aware that issues had been raised. Certainly “fairness” factors played a role in the judgment. The Tribunal noted the appellant was unrepresented and that he had no access to support or information from his former employer, and that the penalties could have a large impact on the appellant’s reputation and, potentially, future employment prospects, over and above the financial impact of the fine. Whilst the Tribunal noted there was no evidence that the appellant was “singled out” in this case, it stressed the importance of HMRC’s approach to such cases not only being fair, but also being seen to be fair. The Tribunal also observed that HMRC’s approach to the case had effectively been to assume that any qualifying company should be held to the same standard (seemingly, a standard set by HMRC’s internal guidance rather than statute) regardless of size or resource. The Tribunal disagreed with this approach, and considered that what constitutes “reasonable steps” will be dependent on the size of the business and available resources and other contextual factors. A major financial institution with a more sophisticated tax function will likely find its SAO held to a higher standard than that of the appellant in this case (on the basis that in such a scenario the SAO “may well have a more significant degree of control over resources”).

It is to be hoped that HMRC takes these points on board and applies the regime in a measured way going forward. The purpose of the SAO regime is to promote transparency by providing a clear point of responsibility for internal accounting systems—systems which, as the Explanatory Notes to the legislation rightly state, large companies should have in place in any event. It would be most unfortunate if the SAO regime itself becomes a disincentive to dealing openly with errors that inevitably arise in any business for fear of personal liability.

Nevertheless, the case underlines that SAOs need to bear in mind the requirements of the regime and that—based on the Tribunal’s judgment—its requirements will be more stringent for more sophisticated groups with access to greater resources. Particular difficulties can arise in relation to problems that come to light for prior years where the SAO has left the business. Certain key practice points emerge from the case:

  • The group’s internal tax policy should be written and robust, and internal tax accounting procedures and compliance measures should be clearly documented;

  • SAOs should periodically assess the suitability and efficiency of monitoring processes, and this assessment should also be clearly documented;

  • Additional tax resources (external advice, staff, training) should be requested in writing if needed;

  • SAOs should be alive to HMRC’s views in its SAO manual and elsewhere on procedures that should be adopted by particular types of businesses (for instance, sampling of invoices in relation to partially VAT-exempt businesses such as those in the financial services industry). Where these are relevant to the qualifying company, the SAO should ensure that these in particular are covered in written tax accounting policies and appropriately monitored; and

  • A departing SAO may find it prudent to take advice to protect his or her position should an issue emerge in future.

[1] [2017] UKFTT 601 (TC).


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Shearman & Sterling LLP | Attorney Advertising

Written by:

Shearman & Sterling LLP

Shearman & Sterling LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.