How poor governance can make businesses liable for employee fraud

02 May 2024

The European courts have ruled an employer liable for its employee’s fraudulent activity due to the company’s poor governance. We explore the key questions UK businesses should be asking about their own due diligence to avoid a similar scenario.

This case saw an employee fraudulently charging VAT using their employer’s tax registration number. In the UK, legislation requires any amount charged on an invoice purporting to be VAT, to be paid over to HMRC as a debt due to the crown. So, in this situation, who owes the debt, the fraudulent individual or the business itself? This case might seem clear cut, however, with the business having now been ruled liable, we know it’s not as straightforward as it appears. 

What happened with ‘Company P’?

While this case concerned a petrol station based in Poland, known only as ‘Company P’, the principles apply equally to the UK. The employee, now dismissed for misconduct, raised fake invoices to other businesses who reclaimed the VAT charged, but did not pay the business for any goods or services. The employee was given a kick-back for issuing the falsified invoices which were linked to actual transactions, making them difficult to reconcile. As the tax authority was out of pocket by over €300k someone had to compensate it, which led to an assessment against Company P for the loss of tax.

Company P objected to the assessment, but the case was upheld in Poland’s higher court. It regarded Company P had not exercised sufficient due diligence processes. The rogue employee was able to issue falsified invoices outside of the company’s accounting system without any form of approval or oversight. It was viewed the chair of Company P should have foreseen the possibility of fraudulent invoices being issued. Only when Company P was audited by the tax authority did the fraud come to light. For this reason, the employee could not be considered a third party vis-à-vis Company P.

A disgruntled Company P took their case to the European Court of Justice. The court, to an large extent, agreed with the Polish courts determining: ‘It is for the tax authority, or the court before which a case has been brought, to carry out an overall assessment of all the relevant information in order to determine whether the taxable person, whose VAT identification details were appropriated by its employee to issue fake invoices for fraudulent purposes, exercised the due diligence reasonably required to monitor the conduct of that employee. If such is not the case, that taxable person is liable to pay the VAT entered on those invoices.’

What does this mean for UK businesses?

The courts put a clear onus on businesses to have suitable processes and controls in place to mitigate against the risk of tax fraud. Where a business does not have sufficient checks, it can be held liable for any loss of tax or any amount purporting to be tax.

Following the UK’s introduction of the Corporate Criminal Offence (Criminal Finance Act 2017) it has been incumbent on businesses to take a proactive approach. This includes considering what internal and external safeguards they have in place to combat the evasion of tax. Any failures can result in an unlimited fine and negative publicity. For various reasons, HMRC has been hesitant to use these powers, but the ability for HMRC to simply assess for a tax loss is administratively much more attractive. HMRC may look to this case and gain confidence it can collect unpaid tax from VAT registered traders without having to engage in costly legal disputes.

What tax due diligence steps should businesses be taking?

This case is a useful reminder to all businesses to take tax risk governance seriously. Shortfalls can be costly and affect business operations and reputation. The questions to ask to evaluate your own position and establish what improvements could be made include the following. 

  • What tax processes are currently in place and are these sufficient for your business operations?
  • Are these processes mapped and documented?
  • What checks and controls take place and who independently assesses their application?
  • Are checks documented and reviewed by your internal audit function?
  • Is a tax risk register maintained and how does this feed into your wider risk register?
  • How much resource is expended on managing your tax function and are there any efficiency savings?
  • How are tax returns, processes and controls documented and could technology solution improve governance?

For more information on managing your own tax risk governance functions please contact Scott Harwood or one of our tax risk and governance specialists.