Business Risk Reviews and Criminal Corporate Offences

28 January 2020

Liaison Financial

HMRC’s Business Risk Reviews have been carried out by HMRC for the last 10 years. In October 2019, HMRC re-launched this programme following a consultation exercise. The re-launch of Business Risk Reviews has brought renewed focus on Criminal Corporate Offences. The purpose of this article is to highlight how a Business Risk Review may impact on NHS bodies and to explain the potential exposure to a Corporate Criminal Offence.

Business Risk Review (BRR)

A BRR is an in-depth review by HMRC of all tax compliance and governance. The review will look at issues such as control measures that have been put in place to mitigate the possibility of errors occurring on a tax return (including VAT and PAYE). HMRC refer to delving into the granular detail to establish how an organisation works and establish the risk of tax non-compliance.

Although some of you may already have been exposed to such a review, it is important to note that a BRR will not apply across the whole NHS sector. A BRR will only be undertaken at the largest NHS Trusts and Boards and where HMRC has allocated a Customer Compliance Manager (CCM).

Corporate Criminal Offences (CCO)

One aspect of a BRR is to review compliance with the CCO Act 2017. This offence applies to any corporate body, no matter what its size and includes all NHS Trusts and Boards.

Since the CCO Act came into force, it has been a criminal offence to fail to prevent someone associated with a corporate body from facilitating criminal tax evasion.  CCO does not apply to legal tax avoidance.

A person associated with a corporate body includes an employee, agent or contractor that performs services for or on behalf of the corporate body. An offence is committed when a corporate body fails to prevent the facilitation of tax evasion by an associate. A fine of up to 100% of the tax evaded could be imposed. However, a defence to committing this offence is the corporate body being able to demonstrate that:

a) it has put in place reasonable measures and procedures to prevent criminal facilitation of tax evasion; or

b) that it was not reasonable to expect it to have prevention procedures in place.

In order to mitigate the risk of committing an offence, we recommend that you consider what preventative measures are in place and whether these need to be strengthened in any way. HMRC’s guidance highlights the following:

1. Risk Assessment to determine the nature and risk of exposure to the offence

2. Proportionality – prevention measures should be proportionate to the risk

3. Top level commitment – senior management should be committed to developing and implementing prevention measures

4. Due diligence measures should be applied to identify and respond to risks.

5. Communication – prevention procedures should be communicated and embedded throughout an organisation.

6. Monitoring and review – the prevention procedures should be monitored, reviewed regularly and improvements made as necessary


As with routine VAT inspections it is best to prepare well in advance for a BRR as the procedure can be onerous.  Liaison can assist with this preparation and VAT advisors will attend VAT inspections and BRRs where sufficient notice is given.

Should you require assistance with this or have any concerns regarding CCO compliance, please contact your Liaison VAT advisor.