Why complying with CCO should still be a priority during the pandemic

BLOG9th Feb 2021

The Pandemic

Many companies have had the best intentions of implementing or reviewing and updating their Corporate Criminal Offence (“CCO”) defence procedures. Despite these good intentions, the current unprecedented pandemic has left many companies on their knees, in ‘survival mode’ and struggling to keep the lights on. However HMRC are continuing to pursue a number of cases under the Criminal Finances Act 2017 and have made it clear that the COVID pandemic is not an excuse for not complying with the legislation.

The Legislation

The CCO legislation was introduced as part of the Criminal Finances Act in 2017 where by any business could be prosecuted if an “associated person” of the company was found to have facilitated tax evasion. In simple terms, if any UK taxes have been evaded anywhere in the world and that evasion is done deliberately and dishonestly by someone who acts on behalf of the business, then the business is automatically found guilty of failing to prevent that facilitation of tax evasion even if the company had no knowledge of it. The only defence a business has is to show that they had reasonable procedures in place at the time that would have prevented or detected the evasion.

The Risk

It is worth stressing that many businesses remain under the false illusion that the CCO does not apply to them when in fact the legislation applies to all businesses (including partnerships) and has no de-minimis level of trading. As the legislation came into effect over three years ago, businesses should be mindful that they cannot backdate their procedures once they decide to implement a CCO defence and should HMRC come knocking and uncover a tax evasion that took place during the gap between the legislation being enacted and the company implementing CCO procedures, the company will have little or no defence against a prosecution and could face limitless penalties.

This is particularly prevalent as we are still in the middle of the COVID pandemic and CCO compliance is likely to have fallen to the bottom of the priority pile as companies try to weather the storm.

What you should do

All businesses must do a risk assessment and identify all of their associated persons in order to determine what control procedures they have in place and whether they are considered robust enough to detect or prevent an associated person of theirs from facilitating tax evasion.

HMRC have provided an example of what may not be considered as a reasonable procedure, where by companies cannot simply ‘subcontract out of the legislation’ by requiring their suppliers to agree that they are solely responsible for their CCO compliance. To further this example, if a payroll provider who acts on behalf of a company is found to have facilitated tax evasion, the question could come back to the company as to what procedures they had in place in order to prevent and detect such a facilitation. As a rule of thumb, anyone acting on your behalf should be adhering to your standard of procedures.

HMRC have also been doing dawn raids on companies and challenging employees on what CCO procedures are in place as it is not simply enough for companies to have done a risk assessment and written up procedures in order to show HMRC in the event of an enquiry. HMRC require that the procedures are very much embedded within the company and the culture as a whole.


At AAB, our specialist CCO team have experience  of ensuring businesses are compliant with CCO and offer a range of packages to suit.

If you would like to discuss how your business is complying with CCO, please get in touch with Ruth MacNamee or your usual AAB contact.

Find out more about AAB’s CCO team here.