Why has the Criminal Finances Act been introduced?
The UK Criminal Finances Act, given Royal Assent on April 27, 2017, is arguably the most significant new anti-financial crime law proposed since the UK Bribery & Corruption Act 2010. It is intended to address some perceived weaknesses in the legal framework and strengthen the powers of law enforcement. Responding to concerns raised by regulated firms, there are also provisions to allow greater information sharing.
The recent spate of terrorist attacks keeps the political and media attention on the need to prevent similar incidents from occurring again—a large part of this includes clamping down on terrorist funding. The Act recognizes this and dedicates an entire section (part 2) to counter-terrorism financing (CTF) (see question below).
Finally, the infamous “Panama Papers” case involving law firm Mossack Fonseca demonstrated the extent to which individuals and companies could use international tax laws, havens and loopholes in their favour to build multi-layered company structures with a view to evading taxes while disguising their identities. The Criminal Finance Act is intended to hold companies automatically liable by criminalizing the facilitation of domestic and foreign tax evasion by means of not having “reasonable prevention procedures” in place to prevent their “associated persons” from facilitating it. In this respect it is similar to the UK Bribery & Corruption Act 2010.
This paper addresses some of the most common concerns regarding the UK Criminal Finances Act in a series of frequently asked questions (FAQs).
What are the key provisions of the Act?
The Act sets out two new offenses :
- Failure to prevent facilitation of a UK tax evasion offense
- Failure to prevent facilitation of a foreign tax evasion offense
These two new offenses criminalize three types of behaviour :
- A UK-based body failing to prevent those who act on its behalf from criminally facilitating UK tax evasion
- A non-UK based body failing to prevent those who act on its behalf from criminally facilitating UK tax evasion
- A UK-based body failing to prevent those who act on its behalf from criminally facilitating tax evasion overseas where such evasion is a criminal offense under local law.
How does the Act tackle terrorism?
To take into account proposed changes in counter terrorist financing law, a number of provisions that address money laundering will broadly apply to persons suspected of terrorist financing, or property that has been acquired with terrorist funds or where its intended purpose is to facilitate terrorist financing.
- Disclosure orders and further information notices : While this was once confined only to confiscation, civil recovery and exploitation proceeds investigations, disclosure orders may be issued by law enforcement to a regulated firm to obtain further information for money laundering and terrorist financing investigations. If a disclosure has already been made by someone, the UK National Crime Agency (NCA) may provide a regulated entity with a further information notice to obtain additional evidence about property or assets linked to terrorism. While an application for a disclosure is made through the Crown Court and a further information notice is more of an administrative protocol, there are penalties for not co-operating with either request.
- Information sharing : Intelligence about a person suspected of terrorist financing or a potential terrorist property can be shared by a regulated entity that has information it believes would be useful to another regulated entity. By disclosing information this way, regulated entities would have satisfied the requirements under section 21A of the Terrorist Act that makes it illegal to not disclose known or suspected information about an attempted or committed incident that came to the person in the course of business, as soon as is practicable. However, for matters that are wider than the disclosure request, entities would still have to make a disclosure under this clause.
- Seizure of cash and assets : Amending the Anti-Terrorism, Crime and Security Act 2001, terrorist cash may be retained for up to six months, an increase from three months, without the need for a court order—only a notice is required from a senior officer. Property (or an “illicit asset” as defined in the Act) may be seized if it was obtained through terrorism, used to hold terrorist resources and/or identified as terrorist property.
- Account freezing orders : If a bank or building society account is suspected to contain funds derived from terrorist financing, or that will be used to finance terrorism and an investigation has been triggered, the courts may issue an order to freeze the account to prevent the funds being dissipated.
We are a foreign-registered entity doing business in the UK. How will the Act affect us?
All organizations that have a presence in the UK must comply with the legislation even if they are headquartered abroad. In the case of the recognition of domestic or foreign tax crimes, it would still count as a criminal offense if the taxes evaded were non-UK. In other words, evasion of any taxes, regardless of their origin, by a business with a UK presence is a criminal offense under the Act.
What is the difference between tax avoidance and tax evasion? And how do we spot tax evasion?
While the distinction between tax evasion and tax avoidance continues to be politically sensitive, tax avoidance is still considered to be the lawful minimization of one’s tax burden—for example, taking legal tax deductions on expenses. On the other hand, tax evasion is the unlawful non-payment of taxes that are legally due to the government thus cheating public revenue—for example, intentionally misreporting taxable income in order to pay lower (or no) taxes. Official guidance on tax evasion will be issued by the UK Chancellor of the Exchequer in compliance with the Act. Signs can include: concealing assets such as using overseas accounts; failing to file a tax return; using false documentation; or deliberately suppressing taxable income.
What are “reasonable prevention procedures” for addressing tax evasion?
Draft government guidance puts forward six guiding principles as to what constitutes “reasonable prevention” : 
- Top level commitment : Senior management should be involved in forming prevention procedures although the extent depends on the size of the organization. For example, providing oversight of the design would be more proportionate in a larger organization than scoping out the detail. Management is also expected to communicate and endorse the firm’s views on preventing tax evasion, such as using a formal statement as suggested in the guidance.
- Risk assessment : Although most regulated entities should have risk assessment procedures in place, the guidance advises that the assessment includes exposure to tax evasion, recommending that firms consider country, sector, transaction type, high value or multi-stakeholder projects, use of intermediaries, product and customer as risk factors. The guidance also recognizes that these risks, as with all others, will evolve as the firm’s model and customer base change.
- Proportionality of risk-based prevention procedures : Firms should assess what risks are associated with the services it provides. Procedures to address tax evasion can be standalone, depending on the nature of the firm but they must be part of a wider framework that includes AML, CTF, anti-bribery and corruption, among others.
- Due diligence : The guidance warns against simply adapting current due diligence procedures to a new type of risk (risk of facilitating tax evasion). In fact, a proportional approach to the risk should be exercised and procedures altered depending on the type of customer, if one group poses a greater risk than others. Due diligence may be conducted by the internal controls department or externally, such as with the use of consultants.
- Communication (including training) : Clear communication and training helps to disseminate the organization's’s procedures around preventing the facilitation of tax evasion. Communication should come from all levels of management, not just senior executives, and should be both internal (to raise employees’ awareness) and external (to deter potential criminals from abusing their services). Training, either incorporated into existing financial crime training or standalone, depending on which option would be more feasible, should aim to help people understand the scope and severity of the offense and associated risks. Employees with more exposure to tax affairs are at greater risk of being involved in criminal facilitation, suggesting that they should receive more detailed training.
- Monitoring and review : As risks evolve with the business, procedures should be reviewed periodically. The approach taken by organizations will be unique to the size and nature of their business and could involve anything from discussions with staff to a formalized feedback procedure.
. . . Reasonable Prevention Procedures
Top Level Commitment
Senior management should be involved in forming prevention procedures though the extent depends on the size of the organization—for example, providing oversight of the design would be more proportionate in a larger organization than scoping out the detail. They are also expected to communicate and endorse the firm’s views on preventing tax evasion, such as by a formal statement suggested in the guidance.
Although most regulated entities should have risk assessment procedures in place, the guidance advises that the assessment includes exposure to tax evasion, recommending that firms consider country, sector, transaction type, high value or multi- stakeholder projects, use of intermediaries, product and customer as risk factors. The guidance also recognizes that these risks, as with all others, will evolve as the firm’s model and customer base change.
Monitoring and Review
As risks evolve with the business, procedures should be reviewed periodically. The approach taken by organization will be unique to the size and nature of their business and could involve anything from discussions with staff to a formalized feedback procedure.
Proportionality of Risk Based Prevention Procedures
Firms should assess what risks are associated with the services it provides, to whom and how. Procedures to address tax evasion can be standalone, depending on the nature of the firm—it might make more sense if it is bigger—but they must be part of a wider framework including AML, CTF, anti-bribery and corruption etc.
Communication (Including Training)
Clear communication and training helps to disseminate the organization's’s procedures around preventing the facilitation of tax evasion. Communication should come from all levels of management, not just senior executives, and should be both internal (to raise employees’ awareness) and external (to deter potential criminals from abusing their services). Training, either incorporated into existing financial crime training or standalone, depending on which option would be more feasible, should aim to help people understand the scope and severity of the offense and associated risks. Employees with more exposure to tax affairs are at greater risk of being involved in criminal facilitation, suggesting that they should receive more detailed training.
The guidance warns against simply adapting current due diligence procedures to a new type of risk (risk of facilitating tax evasion). In fact, a proportional approach to the risk should be exercised and procedures altered depending on the type of customer, if one group poses a greater risk than others. Due diligence may be conducted by the internal controls department or externally, such as by using consultants.
What should we do if one of our customers is issued with an Unexplained Wealth Order (UWO)?
UWOs are issued when the NCA, or another enforcement agency, suspects that an individual’s income is not commensurate with the size and value of their assets and there is reasonable suspicion that the asset was obtained through the proceeds of crime. This “red flag” could signify money laundering activity and would justify the initiation of an investigation into how the assets were obtained.
This is more likely to affect an institution’s wealthier clients than their everyday retail customers. At present there is little information on the extent of involvement from financial institutions holding or managing the assets in question if a UWO is issued against one of their customers or clients. The enforcement body may use legal tools, such as disclosure orders, to obtain further information and evidence from the firm, or an order to freeze the assets, to prevent the assets being dissipated. Staff need to have clear procedures and adequate training in place to ensure the firm complies with its legal obligations and co-operates fully with law enforcement.
How do we deal with law enforcement if we receive a disclosure order or a further information notice? How can we make sure that we comply with the request in the best way possible?
A disclosure order is issued by the Courts on application from an “appropriate officer” (e.g. constable, HMRC officer, NCA officer), to obtain further information and/or evidence regarding an investigation into suspected money laundering (or terrorist financing) activity from anyone at the regulated entity who might hold this information. A further information notice is issued directly from an “appropriate officer” either to an individual who has made a disclosure or an individual in the regulated sector to obtain additional information if a disclosure has already been made.
In both cases, steps should be taken to co-operate as fully as possible with the investigators and/or law enforcement body. This includes: responding all requests in a complete and timely manner; keeping senior management in the loop; carefully reviewing what information and/or evidence needs to be provided, in what form and by when. Firms could also consider appointing a single point of contact to manage requests, ensuring that requirements are met in full and acting as middle man between the investigator and the firm. Additionally, firms should ensure that the subject of the disclosure order is not tipped off i.e. they are not informed that an investigation is going on.
How do we avoid tipping off our client if we have filed a SAR and the moratorium period is extended?
Tipping off a customer is a criminal offense, carrying a maximum penalty of an unlimited fine and/or five years imprisonment, as it could prejudice a money laundering (or terrorist financing) investigation. Staff involved in the SAR filing—customer relationship managers, on-boarding staff, bank managers, etc.—should be made aware of the length of the moratorium period and their legal obligations not to tell the customer that they are being investigated and that their transaction(s) has been held back. If the moratorium period is extended, this should be communicated to the relevant staff as soon as possible.
We have information about a customer suspected of money laundering which might be of interest to another regulated entity. How do we avoid breaching data confidentiality rules?
The firm should have clear policies and procedures in place to respond to this. Legal advice should be sought to ensure that there is a clear understanding of the requirement to inform another regulated entity through a voluntary disclosure, without leaving the firm entity open to a potential data breach or a breach of trust. Ideally, there should be documented policies and procedures in place for sharing information with other regulated entities.
One of our customers has received an Account Freezing Order (AFO). What should we do?
As well as new powers to freeze “listed” UK assets such as precious metals and stones that may have been purchased using illicit funds, other amendments to the Proceeds of Crime Act (POCA) allow the courts to grant an account freezing order (AFO) on a bank or building society account, prohibiting the bank’s staff from dealing with the account if it is suspected that the account contains recoverable property (i.e. funds obtained illegally by money laundering) or the funds may be used for unlawful conduct.
If the AFO is notified to the bank, the order should be obtained and examined to understand why the account has been frozen and to check any requirements it needs to comply with. Reasonable steps should be taken to avoid breaching the terms contained within the AFO. No payments should be made from that account unless the order specifically mentions it. If the bank is adversely affected by the order, the terms may be negotiated with the courts.
What should my priorities be to get ready for the new legislation?
Protiviti has put together a four-point plan:
- Understand how the new law affects your business and customers : The scope of the Criminal Finances Act seems broad but many of its provisions relate to increasing transparency and information sharing, preventing the money trail from going any further, and to tackle financial crime, which now includes tax offenses within its definition. Customers likely to be the target of any kind of prosecution under this law include: corporate clients with complex company structures; individuals who use tax planners such as celebrities and politicians; wealthier private clients with large asset holdings and/or associations with low tax offshore jurisdictions; and entities such as religious organizations and charities, which may be used as a vehicle for terrorist financing.
- Review and update policies and procedures : Once senior management have articulated its position on tax evasion, this should be communicated through the firm’s policies and procedures in a clear and practical way. In particular, firms will be expected to demonstrate that they have “reasonable prevention procedures” in place to combat the facilitation of tax evasion and should consider whether new or additional procedures are necessary, including those for associated persons, depending on risk levels and potential exposure.
- Prepare and train staff : Identify staff likely to be impacted by the new legislation e.g. customer-facing teams, compliance, internal audit. Prepare and give tailored training to relevant employees to ensure that they are aware of legislative changes and the impact on their role. Circulate regular communications to reinforce the company’s policy and staff responsibilities.
- Review existing clients: Consistent with taking reasonable prevention procedures, firms should adopt a risk-based approach to dealing with the assessment of their existing customer base. This might include an immediate review of those customers considered to be at highest risk of tax evasion, while lower risk customers might be covered as part of their periodic review of Know Your Customer information for Anti-Money laundering purposes. Firms will need to plan and take action according to the risks presented by their existing customer base.
How Protiviti can help
Protiviti’s Risk and Compliance Team can provide assistance to businesses in a number of areas :
- Conduct a gap analysis between the Act’s requirements and the firm’s policies and procedures to identify areas where the firm is not fully compliant. This is imperative as firms must be able to demonstrate to law enforcement that they have sufficient procedures to prevent the facilitation of tax evasion.
- Developing a suitable risk-based approach, taking into account the various risk factors from the firm’s customer base, nature of business and business model.
- Review customer files and remediate if required to ensure that all relevant data points, which may be requested by law enforcement or required for filing a SAR, have been recorded whilst being compliant with local data protection laws such as the EU’s General Data Protection Regulation (GDPR).
- Provide training and assistance to compliance staff and senior management to respond to law enforcement investigations so that responses are prompt and complete whilst not tipping off the customer(s) involved.