TaxSource Total

Here you can access and search:

  • Articles on tax topical matters written by expert tax professionals
  • These articles also feature in the monthly tax journal called tax.point
  • The articles are displayed per year, per month and by article title

The HMRC Business Risk Review – a new approach

Sarah Fitzgerald

By Sarah Fitzgerald

In this article, Sarah outlines the new approach HMRC is taking to the Business Risk Review, the mechanism by which HMRC engages with the UK’s largest businesses to assess their tax compliance.

Introduction

Over the last number of years, a swathe of new tax legislation has been introduced in the UK, increasing the compliance burden for many businesses.

Whilst some of those legislative measures apply to businesses of all sizes (for example the Corporate Criminal Offence legislation), the majority are directed towards large and international businesses (for example the legislation on Country by Country Reporting, Publication of UK Tax Strategy and Senior Accounting Officers).

As well as the introduction of new legislation, HMRC has also focused on a number of new principles (for example the Framework for Co-operative Compliance which outlines the principles that large businesses and HMRC should adhere to) and on 1 October 2019, following a consultation process, HMRC introduced a new approach to the Business Risk Review called the BRR+.

What is the Business Risk Review (“BRR+”) and who is it relevant to?

The BRR+ is the key mechanism by which HMRC interacts with the UK’s largest businesses and manages their compliance with UK tax legislation. The BRR+ is formally undertaken for companies allocated to the Large Business Directorate.

In general, businesses will be allocated to the Large Business Directorate if they have UK turnover of over £200 million or gross balance sheet assets of over £2 billion. It should be noted that businesses which do not meet the aforementioned criteria can also fall within the Large Business Directorate if they are considered to be a complex business – for example, multinational businesses with a UK footprint. Businesses looked after by the Large Business Directorate are allocated a Customer Compliance Manager (“CCM”) who acts as the link between HMRC and the taxpayer.

The CCM allocated to the business is responsible for periodically undertaking the BRR+ in which an assessment of the business’ risk profile is performed in order to allocate a particular risk category to the business. The BRR+ is designed to be a collaborative process and the outcome of the review will determine the level of compliance interventions the business receives from HMRC in the following years.

Whilst the formal BRR+ process is used for the UK’s largest businesses, it is worth all businesses being familiar with the principles as they are also those likely to be used by HMRC when considering the tax risk attached to larger companies within the Wealthy and Mid-Sized Compliance Directorate.

Why was there a need for change?

Since the introduction of the Business Risk Review over 10 years previously, the BRR+ had not undergone significant change. HMRC recognised that both UK tax legislation and the environment in which businesses operate had changed significantly and wanted there to be greater clarity and consistency for businesses around the BRR+ process by having a more standardised approach with clearer guidelines and expectations.

Consequently, in 2017, HMRC opened a public consultation into the process, offering an opportunity for businesses and advisers to engage with HMRC in order to ensure the process was fit for purpose.

The consultation closed in December 2017 and in 2018/2019, HMRC ran a pilot of a new approach as a result of which the BRR+ was formally adopted from 1 October 2019.

What does the BRR+ look like?

The BRR+ is intended to enable HMRC (through the CCM) to obtain both a holistic and granular understanding of how the business operates.

It focuses on all taxes which are applicable to the business and is being undertaken by various specialists across those relevant taxes with each specialist reviewing how the business approaches those areas and working together to generate the overall risk assessment of the business culminating in the awarding of a risk rating.

In order to secure a low risk rating businesses need to allocate appropriate resources to all areas of tax as, even if a business obtains a clean bill of health in one area, if it fails to meet the required standard in other taxes, its overall result under the BRR+ can be impacted.

The BRR+ looks at how a business manages tax risk through consideration of their behaviour in three particular areas:

  • Systems and Delivery
  • Internal Governance
  • Approach to Tax Compliance

Through the BRR+, HMRC will collect evidence of how the business addresses each of the above areas across a number of indicators. The risk rating awarded to the business will depend on how many of the indicators it can satisfy.

Whilst the three areas considered as part of the BRR+ are considered separately; it is interesting to note that there are many areas of crossover and some areas which are non-negotiable, i.e. without being able to explicitly demonstrate the work the business has undertaken in such areas, the business will not be able to attain a low risk rating.

Systems and Delivery

This area of the BRR+ considers the resources that the business allocates to the tax function, including whether there is an appropriately skilled team capable of ensuring that the business meets all of its tax obligations. If any aspect of the tax function is outsourced, HMRC will be keen to understand how the outsourcing arrangement works and is controlled by the business.

Under the systems and delivery heading, the BRR+ process will also consider the accounting systems and processes the business has in place as well as the tax policies and procedures and how these are tested and maintained. HMRC will also assess how the business discloses errors to HMRC and whether there have been any interventions by HMRC, which have led to significant errors being identified.

Internal Governance

This area of the BRR+ considers how a business manages its tax risk and most notably will examine the behaviours exhibited by an organisation in respect of tax. This will include the level of accountability for tax within the business, including the focus it receives at Board level.

Under the internal governance heading, HMRC will focus on understanding how the business complies with their various filing, notification, reporting and publication obligations under the Senior Accounting Officer, Country by Country Reporting, Publication of Tax Strategy and Automatic Exchange of Information (under the Common Reporting Standard or FATCA) legislation.

Importantly, a BRR+ will also assess how the business has approached the Corporate Criminal Offence legislation including whether it has undertaken an assessment to enable the business to appropriately manage its risk of failing to prevent the facilitation of tax evasion.

Whilst non-compliance with each of these areas (where relevant to the business) carry their own potential penalties and consequences, not being able to satisfy HMRC that the business has sufficiently addressed these areas will also have an adverse effect on the risk rating afforded to the business as a low risk rating will automatically not be awarded.

Also relevant under the internal governance heading is how the business interacts with HMRC including how it keeps HMRC informed of the business structure, the geographies in which the business operates, the transactions the business undertakes which have significant tax implications or have significant uncertainties and how prompt and helpful the business is in responding to requests for information from HMRC.

Approach to Tax Compliance

As part of considering the business’ approach to tax compliance, HMRC will want to gain an understanding of their tax strategy, how that strategy has been implemented in the business, and how it influences business decisions. In particular, HMRC will want to obtain comfort that the business isn’t itself directly involved with illicit trades and that within its supply chain, it takes steps to mitigate such illicit trades.

Another area of focus is how the business maintains an open and transparent relationship with HMRC and that transactions undertaken by the business have a genuine commercial rationale and are not structured in such a way that gives a result which is contrary to the intentions of Parliament.

What are the risk categories?

Under the previous BRR+ process, businesses were simply identified either as low risk or not low risk.

HMRC recognised that under this binary regime, there was not sufficient distinction between “not low risk” businesses and so one of the key changes to the BRR+ process was to introduce four risk categories:

  • Low
  • Moderate
  • Moderate-high
  • High

The risk rating applied to a business will determine the level of interaction that the business will have with HMRC and the type of interaction. For example, a business with a high-risk rating can expect more in-depth compliance interventions to be instigated by HMRC.

One of the benefits of being assessed as low risk is that, whilst HMRC will keep in contact with the business such that they maintain an appropriate awareness of the business, the formal BRR+ process will be undertaken on a less frequent basis; generally, every three years and tax returns and declarations would not be routinely challenged. However, it is important to note that even where a business is classified as low risk, if HMRC considers that any serious breaches have occurred, the low risk rating can be immediately withdrawn and therefore it is essential that businesses continually operate with the BRR+ at the forefront of their mind.

Where a business obtains any other level of risk rating, whilst HMRC has indicated that it will work with such businesses to reduce the level of risk, it will likely be subject to an annual BRR+ and more regular review of tax returns and declarations.

What should businesses be doing in light of the BRR+?

A low risk rating should be within reach for any business; however, it is clear from HMRC guidance that in order to be assessed as low risk, there are a number of non-negotiable areas without which a low risk rating will not be achievable. Where a low risk rating is not achieved, HMRC will place a sustained focus on the business, and as a consequence, this will mean that the business will need to spend more time dealing with HMRC.

If you are a business which is currently within the Large Business Directorate or one that is experiencing growth or increased complexity such that HMRC’s Large Business Directorate might take on responsibility for monitoring the business’ tax affairs, it is critical that an understanding of the BRR+ process is obtained and planning is undertaken such that the business is ready for the next BRR+.

Investing time and resources in advance of the BRR+ is invaluable in ensuring you’re able to clearly articulate and evidence to HMRC how your business meets its tax compliance obligations. Achieving a low risk rating is very worthwhile and, in the long run, will allow the business to spend time focusing on strategic matters.

Sarah Fitzgerald is a Senior Manager in PwC UK and a Chartered Accountant and Chartered Tax Adviser. If you would like any further information on the items discussed in this article, Sarah can be contacted on +447889 642668 or by email at sarah.a.fitzgerald@pwc.com