HMRC’s new Business Risk Review process

As of 1 October 2019, HMRC has introduced the new business risk review (BRR) process which incorporates a number of changes to assess risk.

HMRC have always had some form of risk profiling for companies, but most of this is quite outdated and not considered fit for purpose in the modern world. Consequently, over recent months HMRC has been trialing a new approach to the way it evaluates the tax risk profile of large businesses.

Initially, the BRR will be applied to those companies within the Large Business Directorate, typically those with a HMRC Customer Compliance Manager (CCM). CCMs have previously conducted periodic risk reviews of the businesses they are responsible for, resulting in a rather binary assessment, either non-low risk or low risk.

New approach, new ratings

Whilst the fundamental approach to BRRs remains largely unchanged, this new process has now been updated in two ways. Firstly, the review will be undertaken for each tax regime (corporation tax, international aspects, VAT, PAYE and NIC) and, secondly, each type of tax will be allocated one of four new ratings:

  • Low risk;
  • Moderate risk;
  • Moderate-high risk; and
  • High risk

The stated intention is to get into more detail to enable HMRC to have a greater understanding of how businesses operate. Furthermore, HMRC will take look at three specific categories when assessing risk, namely:

  1. Approach to compliance;
  2. Internal governance; and
  3. Systems and delivery

There is a natural link between a BRR and a company’s compliance with other key statutory requirements. A number of key factors will, therefore, be in point to determine a risk rating, including compliance with 1) senior accounting officer and 2) corporate criminal offence obligations.

1. Senior accounting officer (SAO) obligations

The CCM would typically review the documentation retained by SAOs of qualifying companies to support their submitted annual SAO certificates. This is in order to understand the processes and controls businesses have in place and consider the effectiveness of their governance and systems. SAO obligations are required for the following:

  1. All UK incorporated companies with a UK turnover of more than £200m and/or balance sheet total of more than £2bn in the last financial year.
  2. All UK incorporated companies that are members of a group with aggregate UK turnover and/or balance sheet total that meet the same qualifying test above.

Where a company finds itself within the SAO requirements, they must:

  1. Notify HMRC who is the SAO for each financial year that the company is qualifying.
  2. Provide a signed certificate to HMRC either stating that:
    • The company had appropriate tax accounting arrangements throughout the financial year (‘unqualified certificate’), or
    • The company did not have appropriate accounting arrangements throughout the financial year and give details about the respects in which the arrangements were not appropriate (‘qualified certificate’).

2. Corporate criminal offence (CCO) obligations

The Criminal Finances Act 2017 makes it a criminal offence for incorporated bodies and partnerships to fail to prevent the criminal facilitation of tax evasion. This legislation was introduced on 30 September 2017 and relevant bodies should have already taken action to establish ‘reasonable prevention procedures’ as non-compliance may result in a criminal investigation by HMRC (UK offences) or the serious fraud office/national crime agency.

Given the unlimited fines and reputational damage risk of being prosecuted under the CCO legislation, companies are creating significant risk if they have not fully addressed this requirement. This involves putting in place reasonable prevention methods to prevent facilitation by associated persons.

Areas of focus

Businesses are likely to be reviewed to establish whether risk assessments have been performed and documented and to consider what steps have been implemented to mitigate the risks identified.   

Other measures of tax risk will also be reviewed by HMRC, such as:

  • The existence and extent of appropriate systems and controls;
  • The resources arranged to deal with tax matters in light of the complexity of the business; and
  • The extent to which professional advice is sought on tax-sensitive issues.

This intended to enable the CCM to understand what controls a business has in place and the extent to which those controls have been tested, either internally by the business or by a third party professional.

How we can help

The new BRR approach and rating system means businesses should consider all of the above risk indicating factors and obtain professional advice on how they can be suitably prepared.

Our tax specialists can help in assessing your business tax risk profile to form a view on a likely rating by HMRC, and ways to improve this, as well as carrying out risk assessments for CCO and help in establishing tax risk registers.

To find out more about how we can help your business, get in touch with a member of our tax team on 01903 234094.