It’s now three years since the Criminal Finances Act and the birth of the corporate criminal offence (CCO) - the offence of failing to prevent the criminal facilitation of tax evasion. Clearly HMRC has been busy in the meantime. They have recently indicated that they have 10 live CCO investigations and a further 22 under review, spanning 10 business sectors.

So whatever an organisation’s state of preparedness it’s probably time to reflect, given HMRC’s interest. Any initial CCO risk assessment could usefully be reviewed to ensure that recommendations have been implemented as they should have been, and that CCO procedures remain relevant to what the organisation now does. Changes to the business or to the operating model, for example, could impact that initial study and might call for a reassessment, and perhaps a good look at the supply chain for potential CCO risk. And maybe the preparation of a policy designed to manage CCO and tax evasion risk if one doesn’t already exist, or refreshing it if one does.

Management will play an important role in setting the right “tone from the top”, and will want some assurance that the messages are landing where they should, that they’re understood, and that they’re being followed. This is likely to involve a degree of awareness-raising, at the very least, and quite possibly some CCO refresher training too – especially important now as more and more conduct-related tax measures are introduced and the risk of associated “tax fatigue” increases, with the authorities at the same time demonstrating a real appetite for rigorous enforcement.