HMRC’s new business risk review

19 October 2019

HMRC has over recent months been piloting a new approach to the way it evaluates the tax risk profile of large businesses. The new business risk review (BRR) encompasses a number of changes to assess risk and these changes will apply from 1 October 2019.

In more detail, HMRC Customer Compliance Managers (CCMs) (formerly Customer Relationship Managers) have previously conducted periodic risk reviews of the businesses they are responsible for, the output of which was a binary assessment, either non-low risk or low risk.  

New approach, new ratings

This business risk review process has now been updated so that, firstly, the review will be undertaken for each tax regime and, secondly, each type of tax will be allocated one of four ratings:

  • low risk;
  • moderate risk;
  • moderate-high risk; and
  • high risk.  

Furthermore, HMRC will take look at three specific categories when assessing risk, namely:

  • approach to compliance;
  • internal governance; and
  • systems and delivery.

A number of key factors will therefore be in point to determine a risk rating, including compliance with:

1. Senior accounting officer (SAO) obligations
The CCM is likely to review the documentation retained by SAOs of qualifying companies to support their submitted annual SAO certificates, to understand the processes and controls businesses have in place and consider the effectiveness of their governance and systems. The SAO legislation was introduced in 2009 and requires the SAOs of certain companies to monitor the company’s tax accounting arrangements and submit annual certificates stating whether the company had ‘appropriate tax accounting arrangements’ in place throughout the year. A penalty regime is in place for failure to comply with the SAO requirements.

2. Corporate criminal offence (CCO) obligations
The Criminal Finances Act 2017 makes it a criminal offence for incorporated bodies and partnerships to fail to prevent the criminal facilitation of tax evasion. The CCO took effect on 30 September 2017 and relevant bodies should have already taken action to establish ‘reasonable prevention procedures’ as non-compliance may result in criminal investigation by HMRC (UK offences) or the serious fraud office/national crime agency (non-UK offences) and subsequent prosecution. Businesses are likely to be reviewed to establish whether risk assessments have been performed and documented and to consider what steps have been put in place to mitigate the risks identified.   

Other measures of tax risk, such as the existence and extent of appropriate systems and controls, the resources deployed to deal with tax matters in light of the complexity of the business and the extent to which professional advice is sought on tax sensitive issues, will also be reviewed by HMRC. This will enable the CCM to understand what controls a business has in place and the extent to which those controls have been tested, either internally by the business or by a third party.

Be prepared, take advice

The new BRR approach and rating system means businesses should consider all of the above risk indicating factors and obtain professional advice on how they can be suitably prepared.

For more information please get in touch with Suze McDonald.

Related services