The Criminal Finances Act 2017

The Criminal Finances Act 2017 (CFA) came into force on 30 September 2017.

Call 0161 703 2549 or email info@championcontractors.co.uk

The CFA contains two new criminal offences aimed at corporates - the failure to prevent the facilitation of UK tax evasion and the failure to prevent the facilitation of foreign tax evasion.

The new rules mean that the conduct of persons associated with a company i.e. its staff, customers, suppliers, contractors, agents and advisors could bring a strict liability for the company. This increases the importance of having a thorough knowledge of your business partners and having a well-developed system of risk management policies and procedures.

The provisions apply to every company and partnership entity in the UK. Entities who are found guilty under CFA will face unlimited financial penalties.

It is therefore imperative that an entity must have reasonable prevention procedures in place to guard against prosecution. This will be the only acceptable defence in the event that a tax evasion facilitation charge is brought against them.

Committing an offence

For an offence to be committed there must be:

  1. a criminal offence at the taxpayer’s level
  2. a criminal facilitation of this offence by an associated person (i.e. an employee of the company)
  3. a failure by the company to prevent its associated person from committing the criminal facilitation.

Facilitation is widely defined to include aiding, abetting, counselling or procuring tax evasion, as well as being knowingly concerned in, or taking steps with a view to, the fraudulent evasion of tax by another person.

Reasonable prevention procedures

Companies are now reviewing their existing policies and procedures, both in the UK and overseas, to ensure that they have reasonable prevention procedures to defend themselves from any potential prosecution.

HMRC guidance states that reasonable prevention is governed by six principles:

1. Risk Assessment
The business will need to urgently assess the nature and extent of its exposure to the risk of criminal facilitation of tax evasion in relation to its stakeholders.
2. Proportionality of Risk-based Prevention Procedures
Actions, if any, required from the risk assessment exercise will need to be balanced depending on the size and complexity of the business. HMRC is clear in its guidance that burdensome procedures with a view to eliminating all risks are not required.
3. Top Level Commitment
Messaging from the top should be timely and clear and this should be woven into the risk management fabric of the business. Top management should lead from the front to ensure that everyone working in and with the business is made aware of the risks and the consequences of non-compliance.
4. Due Diligence
Senior management should ensure that there are procedures in place to conduct appropriate diligence on persons who perform services for and on behalf of the organisation to mitigate potential risks.
5. Communication (including training)
Businesses should communicate the policies in relation to the facilitation of tax evasion and ensure these are understood throughout the organisation.
6. Monitoring and Review
Regular monitoring and review by top management and business leads should be built into the risk management framework. The results of the review should be documented and variations to and from the policies and procedures should be addressed.


Implementation may not necessarily be a time-consuming exercise but the very first step will be for businesses to understand the law and how this impacts their business.

If action is required, it needs to be immediate and policies and procedures de-risking the business from a potential prosecution will need to be developed and implemented at the earliest opportunity.

Senior members of the business should take ownership of the project to assess the risks and identify any existing gaps in policies and procedures that are currently in place. Policies around regular engagement with staff and contractors should also be implemented.

It is critical that any actions taken are properly documented – this will demonstrate work carried out and will help to mitigate risk by having the documents to hand.