Home

HMRC internal manual

Economic Crime Supervision Handbook

From:: HM Revenue & Customs
Published: 26 May 2023
Updated:: 2 May 2024 - See all updates

Contents

ECSH64385 - Regulation 76 - Power to impose civil penalties: fines and statements

Category Heading	Description
The Law	https://www.legislation.gov.uk/uksi/2017/692/regulation/76
What it means	This provides HMRC with the authority to: a) impose a financial penalty b) publish a statement detailing the regulatory failures on a supervised business, including sole traders, or any individual within that supervised business (at the time of the offence) that has breached a relevant requirement. A relevant requirement has the meaning given in Schedule 6 (see further reading below). It also provides, that a financial penalty can be imposed on an officer of the Business if they were knowingly concerned in a breach. -Knowingly concerned means that they had knowledge of the relevant requirement, knowledge that the breach was occurring and failed to prevent the breach. -An ‘officer’ is defined under regulation 3 (see further reading below)
Purpose	Provides HMRC with a financial and/or reputational sanction to improve the behaviour of non-compliant businesses/individuals and to act as a deterrent to future non-compliance, including to other businesses/individuals. There are 4 different ‘types’ of financial penalties ECS can impose: Type 1 – Compliance breaches Type 2 – Carrying out relevant activity whilst unregistered Type 3 – Failure to notify HMRC of material changes Type 4 – Failure to provide information or access A financial penalty would be appropriate for businesses who have breached the Regulations as a way of sanctioning them to punish non-compliant behaviour and to encourage compliance going forward. The potential impact of Censure is significant in that it provides the opportunity to deliver three significant benefits: It will add significantly to the overall ignominy for a business in addition to the publication of other related sanctions. Publication of the ‘full story’ that lies behind the reasons for issuing a significant sanction will add to the ignominy by describing in detail the transgression that took place. Publication will also help to deter other businesses from non-compliance or, in more positive terms, incentivise them to do what is required to achieve compliance. Censure will add significantly to the incentivisation effect, showing the detailed story of how the specifics of non-compliance have led to a penalty (or other sanction). The Censure statement (CS) will act as a powerful learning tool for supervised businesses. By being able to read the story of transgression in detail, businesses (particularly in the same sector) will have a stark learning opportunity to see the sorts of things they want to be checking they are doing correctly.
Time Line	Reg 42 of MLR2007 establishes the power to impose a civil penalty Reg 20 of MLR2003 establishes the power to impose a penalty
What to establish	Has the Business/individual breached any of the relevant requirement under the MLRs? - 76(1) Who is responsible for the breach – the Business, an individual or both? If there has been a breach of any relevant requirement, HMRC may do one or both of; - Impose an appropriate penalty on the Business or the individual that breached the regulation - Publish a censuring statement (a public statement showing disapproval and condemning the actions of a business/person) Appropriate means it must be effective, proportionate, and dissuasive – 76(8)(a) If HMRC consider that an individual acting as an officer (at the time of the breaches) was knowingly concerned in a breach of a relevant requirement, then a penalty can also be imposed them as an individual – 76(3). This can be in addition to a penalty imposed on the Business - 79 Has the Business/person taken all reasonable steps to comply with relevant requirements and demonstrated due diligence in their attempt to comply? If so then HMRC must not impose a penalty under this regulation – 76(4) When deciding whether there has been a contravention of a relevant requirement, HMRC must consider whether the Business/person has followed guidance raised by the FCA, any other supervisory authority or any other (Treasury Approved) guidance – 76(6)(b) All relevant circumstances must be taken into account when determining whether it is appropriate to impose a financial penalty/publish a statement and whether the penalty amount is appropriate – 83(1), see further reading below. Before imposing a penalty or publishing a censure statement HMRC must check whether there are any criminal convictions – 83(1A)
How to test compliance and evidence to obtain	Confirm that relevant activity has taken place Check whether there have been previous breaches of a relevant requirement Identify the relevant requirements the Business/individual must comply with by using MLR 2017 and sector guidance Question the Business/individual to establish the relevant activity being undertaken and the specific business model Ascertain how high risk the relevant activity is. Consider the following non-exhaustive list: e-SIP HMRC published guidance The National Risk Assessments Sector risk digests and risk narratives Financial Action Taskforce (FATF) reports EU lists of high-risk third countries (up to 25 March 2021) Schedule 3ZA (from 26 March 2021) Note: Sch 3ZA tab is still there but the list was omitted from the MLRs on 23 Jan 2024, now use the FATF list of High-risk and other monitored jurisdictions - using this hyperlink in your browser - https://www.fatf-gafi.org/en/topics/high-risk-and-other-monitored-jurisdictions.html Sector TIPs Review the written risk assessment and policies, controls and procedures (PCPs) of the Business. By asking questions, identify whether any other risks have been identified/assessed by the Business or PCPs in place that aren’t detailed in the written documents. Identify any weaknesses and breaches in the risk assessment or PCPs Ask questions, test and record whether the Business has breached any relevant requirement, including but not limited to: Regulation 21 – Internal controls Regulation 24 – Training Regulations 27-38 – Customer and enhanced due diligence Regulations 39-40 – Reliance and record keeping Regulation 56- 57 – Registration Regulation 58 – Fit and proper test Ascertain what steps the Business/individual has taken to comply with the relevant requirements Establish what information or guidance has been taken into account in order to comply with the relevant requirements. Establish the roles and responsibilities of all individuals and officers of the Business. Establish whether any of the officers were knowingly concerned in a breach of a relevant requirement. Establish the duration of the breaches and seriousness of the breaches Obtain information surrounding income received and losses avoided due to the breaches, including losses to third parties, percentage of the Business that is relevant activity. Obtain information in respect of the financial situation of the Business, including: -Net and gross profit -Current assets/liabilities -Any debts to other law enforcement agencies
Best Practice	When recording what is said during meetings/conversations with the Business, it is important to detail who said what, to be able to later evidence knowledge of the relevant requirements, knowledge of the breaches and responsibility for those breaches. Use sector specific testing templates where appropriate and available. If the Business/individual refuses to provide information, consider a notice under Regulation 66 (note they must be registered or have carried out relevant activity to use this power). Is a criminal referral appropriate? If so, this must be completed before taking any civil action. Always ensure the sanction you intend to impose is the correct one for the case. Decide which sanction, or combination of sanctions will have the most impact and desired effect. Remember that a penalty will not necessarily address the current risk as it is in relation to historical activity. Regulation 79 details that any one or more of the sanctions in Regulations 76, 77 and 78 may be imposed by a supervisor in relation to the same breach. There should be checks carried out to ascertain if there are any schedule 3 convictions prior to imposing any sanctions or referring to Governance Panel (this is usually done by completing an R83 form). The decision notice must detail – 83(3): -The decision to impose a penalty and the amount of the penalty -The decision to publish a statement and the terms of the statement -The reasons for imposing a penalty/publishing a statement -The right to a review under Regulation 94 -The right to appeal under Regulation 99 -How and when the penalty should be paid -Details of how the penalty will be recovered if not paid The Technical Specialist team are available for any support/advice needed in drafting decision letter/paperwork. Submit the penalty paperwork timely (in line with the Terms of Reference – See further reading) to Governance Panel. Set a BF for 30 days after the pre-penalty letter has been issued in order to issue the Penalty Notice. Update Caseflow/RCM and trackers when any penalty correspondence is issued. Consider whether any referrals, including cross-tax are required. Any penalty should be added to the PDNC Grid, at the pre-penalty stage and then updated as necessary. For Compliance teams, a penalty input form must be completed and submitted to the AO Hub (once the Penalty Notice has been issued) in order that they can raise the penalty on ETMP and notify Debt management & Banking (DMB). (This process is subject to clarification). Record any penalty decision in the Decision Evidence Log, including a full Regulation 83 review. Currently, any penalty over £1 million must have deputy director sign-off in addition to being approved by the Governance Panel. If there are any other HMRC user interest in the business/case, notify them of any actions you plan on taking to discuss the impacts of any ongoing case.
AMP	No additional Best Practice.
ASP	If an ASP penalty is below £500, refer to Technical Team/Policy and discuss, as penalty likely to be changed to a Warning Letter.
EAB	No additional Best Practice.
LAB	No additional Best Practice.
HVD	No additional Best Practice.
MSB	Any penalties in respect of MSBs, whose relevant activity includes money transmission, must be notified to the FCA via the information requests Gateway team. This is due to the FCA’s responsibilities in relation to safeguarding of customer funds. The FCA should be notified at the pre-penalty stage and updated when the Penalty Notice is issued. If the Business has consistently failed to comply with MLR 2017 or if there is a risk that the Business may be used for MLTF, consider whether it is no longer fit and proper –see Regulation 58(4)(a)(i) and (b)
TCSP	If the Business has consistently failed to comply with MLR 2017 or if there is a risk that the Business may be used for MLTF, consider whether it is no longer fit and proper –see Regulation 58(4)(a)(i) and (b)
Further Reading	ECS Handbook - Sanctions guidance ECS Handbook Penalties Guidance Deciding on Sanctions - Handout 2 Sanctions/Publishing Details of the Non-Compliance Guidance Governance Panel SWI Governance Panel Terms of Reference Money Laundering and Terrorist Financing (High-Risk (Countries) Regulations 5 December 2023 National Risk Assessment Dec 2020 Relevant Requirement –Schedule 6 Interpretation - including meaning of officer – Regulation 3 Power to require information – Regulation 66 Power to impose civil penalties: suspension and removal of authorisation (FCA) – Regulation 77 Power to impose civil penalties: Power to impose civil penalties: prohibitions on management – Regulation 78 Imposition of civil penalties – Regulation 79 The Commissioners: disciplinary measures (procedure) – Regulation 83 Publication – Regulation 85 Offer of review – Regulation 94 Review by the Commissioners – Regulation 95 Appeals – Regulation 99 Appeals procedures – Regulation 100
FAQs	How to determine the relevant period? On a case by case basis, taking into account any instruction in the project document, eSIP and risks identified. Can you impose a penalty on a sole trader? Yes, a person is both a legal and natural person and therefore you can impose a penalty on a sole trader if they are a person who has contravened a relevant requirement imposed on that person. In respect of a sole trader, then it will follow in most cases that where a relevant requirement is required of the business, that it will apply to the sole trader. How to calculate a penalty for each type See MLR1 Penalties Guidance (linked above) Can a penalty and other sanctions be imposed at the same time? Yes, a combination of sanctions may be appropriate. Remember to consider what you are trying to achieve by the particular sanction. A penalty will address the historical breaches but won’t deal with any immediate risk of MLTF.