The ongoing COVID-19 pandemic has resulted in huge social and financial costs to individuals, businesses and the government. Part of the cost is a heightened risk of fraud as an unfortunate and inevitable consequence of the pressures on struggling businesses to cut and manage expenditure. Where this fraud happens in the supply chain there may also be a temptation for businesses to turn a blind eye if they are under financial pressure.
A recent survey has indicated that 20% of businesses cite suppliers as the source of their most disruptive external fraud. This could happen either where they are targeted directly or as a result of the supplier committing fraud against other parties for which they have some liability. During a recent HMRC webinar concerning CCO and the construction industry, 33% of attendees had either identified supply chain fraud themselves or been notified of supply chain fraud by HMRC.
Supply chain fraud was already an area of focus for HMRC even before any of us had heard ‘Covid-19’: in 2019, a number of letters were sent to businesses by HMRC’s Fraud Investigation Service stating that ‘HMRC is concerned that your business could be at risk of involvement in supply chains that are connected to fraud’.
However, the sting in the tail was that the purpose of these letters, other than a desire to clamp down on tax fraud, was to inform businesses that, under the CCO legislation, if tax fraud did take place in their supply chain they themselves could be prosecuted for having failed to prevent it.
Under CCO, a business can be prosecuted where it fails to prevent an ‘associated person’ from facilitating tax fraud. The definition of ‘associated person’ is broad and as a consequence there is a risk that the fraudulent actions of third party suppliers can put a business at risk of prosecution. Moreover, the potential liability continues through the extended supply chain and so a supplier some way removed from a business can still pose a risk to that business.
Your labour supply chain can also pose a significant risk if you use off-payroll labour, are switching to use more contactors post-Covid or simply outsource contracts for major projects. The off-payroll labour/IR35 rules take effect for private sector businesses from 6 April: the Government has confirmed that there will be no more implementation delays. The rules will put the onus on the end user of contractor labour to decide whether PAYE and NIC should be deducted from payments to contractors - even where an agency is involved. Apart from getting your own processes in place, if you have outsourced a project to a supplier, how certain are you that they will apply the rules correctly? If they don’t and fraud takes place, this creates a CCO risk for your business.
Protecting your business
The key question, therefore, is how does a business protect itself, not just from prosecution but also from potential supply chain disruption, commercial hardship and reputational damage if it is linked to fraud by one of its suppliers?
Doing ‘Due Diligence on Associated Persons’ is one of the 6 Guiding Principles of building a strong defence against potential CCO action by HMRC. As a consequence, even if there were to be tax fraud within its supply chain, a business should be protected if it can demonstrate that it had taken reasonable steps to ensure the integrity of its suppliers. This is why the HMRC letters referred to above included a request for a meeting with the business to give HMRC the opportunity to ‘assist you in making informed decisions about your due diligence procedures’.
And looking wider than the CCO, businesses are concerned about brand protection given that brand is a key driver of a company’s market value, wider reputation and ultimately its ability to win and retain revenue creating business. Ensuring the ethics and integrity of their supply chain is critical to brand protection.
There is also a wide range of legislation and regulation relevant to ensuring the integrity of the supply chain; with the Bribery Act, Modern Slavery Act, Minimum Wage and wage equality requirements all relevant.
It is vital, therefore, to have robust procurement and vendor management programmes. At a minimum, you must carry out an appropriate risk assessment on suppliers (also a key defence principle under CCO); communicate your expectations to suppliers, perhaps through a supplier code of conduct; and update contracts and supporting terms and conditions.
It is not simply a matter of protecting the business – ultimately it is about being able to show that you are doing the right thing.
For help and advice on understanding the risk inherent within your supply chain and to protect your business please contact Claire McGuigan.