Data Usage Agreement: exploring differences in company accounts
Published 19 October 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/exploring-differences-in-company-accounts/data-usage-agreement-exploring-differences-in-company-accounts
This Data Usage Agreement for exploring differences in company accounts filed between Companies House and HMRC was agreed and put in place in 2018.
1. Conditions of disclosure of information by HMRC
Companies House (The Registrar of Companies) statutory account and disqualified director data is already accessed and retained by HMRC by virtue of the Companies Act 2006, section 948 (3) (with reference to schedule 2 - specified persons, descriptions of disclosures). HMRC will match, compare and analyse Companies House statutory account and disqualified director data with the equivalent HMRC companies statutory account information. Where accounting discrepancies that indicate fraud are identified, the results of this will be disclosed to Companies House by virtue of section 56 of the Digital Economy Act 2017, for the purposes of ‘combatting fraud against the public sector’, and to the Cabinet Office (anonymised) for analytical purposes by virtue of section 74 of the Digital Economy Act 2017.
Note: this pilot is defined as using personal data as company names may indirectly identify a natural person (data subject) and will use company director and disqualified director information.
1.1 Purpose
Companies House surmise that, in a number of instances, a company will file differing accounts between Companies House and HMRC, thereby increasing creditworthiness whilst simultaneously lessening tax burden. Specifically, Companies House would like to explore if HMRC data matching and analysis could lead to the more efficient identification of fraud and error in company accounts in the following instances:
-
where companies are overstating their position with Companies House with a view to gain credit/grants etc. and understating with HMRC in order to reduce their tax/VAT burden (fraud by misrepresentation)
-
companies filing with Companies House but not filing anything with HMRC, such companies often have links to a substantial number of others who are using this as a fraud device, these companies are likely to be of interest to the Insolvency Service, this is fraud by omission (creating undeclared tax liabilities) as well as fraud by misrepresentation (when a company is not generating revenue in the way that it supposes to be)
-
disqualified directors running companies (fraud risk indicator)
-
mini-umbrella companies claiming multiple employers allowances (company tax avoidance)
-
company directors receiving consulting fees for their own company (company tax avoidance)
Where accounting fraud is suspected, Companies House will undertake network analysis to identify related companies, directorships, accountants and auditors to understand if there is evidence of organised crime or systematic fraudulent abuse of the account filing process and, where a further tax liability is identified, share this insight with HMRC by virtue of the Companies Act 2006, section 948 (3).
This proof of concept will explore the opportunities between HMRC and Companies House to support these areas of assessment, and to quantify instances of potential fraud by omission and misrepresentation. The outcomes of this pilot would inform the further investigation of a strategic solution, business processes and policy changes and defined a set of predictive fraud risk indicators.
In some cases, Companies House will onwardly disclose HMRC data to the Insolvency Service. This would be done on a case by case basis. The disclosures would be made by Companies House. The onward share was approved by HMRC CoDE policy on 6 February 2019 and HMRC Security and Information Business Partner on 13 February 2019.
1.2 Data specification
Annex A contains the data specification for Companies House
Annex B contains the HMRC data specification and matching methodology
1.3 Data flow
An overview of the data flow is provided as per Annex C.
1.4 Data security
HMRC and Companies House agree the following:
-
move, process and destroy data securely; ie in line with the principles set out in HM government Security Policy Framework issued by the Cabinet Office, when handling, transferring, storing, accessing or destroying information
-
only use it for the purposes that it has been disclosed for and ensure that only those with a genuine business need (linked to purpose) to see the information will have access to it
-
HMRC will store the data output (Annex B) in a secure Centralised Access Folder (CAF) with restricted access to members of the Risk and Intelligence Service (RIS) team and forensic and compliance accounting teams directly involved in the data share and only keep it for the time it is needed, and then destroy it securely on agreement of all parties
-
Companies House will destroy data once pilot complete
-
not onwardly disclose that information without the prior authorisation of HMRC other than provided for in section 57 of the Digital Economy Act
-
comply with the requirements in the Security Policy Framework , and be prepared for and respond to Security Incidents and to report any data losses, wrongful disclosures or breaches of security relating to information
-
mark information assets with the appropriate security classification and apply the appropriate baseline set of personnel, physical and information security controls that offer an appropriate level of protection against a typical threat profile as set out in Government Security Classifications and in particular as set out in the annex – security controls framework to the GSC
-
comply with ICO standards relating to data security breaches and follow due procedure when reporting and investigating breaches of this nature
-
security credentials of Illuminate - Illuminate has received all necessary HMRC security clearances required and has been approved by the HMRC data guardians as to its use
1.5 Data file transfer
HMRC and Companies House agree to:
-
ensure that the data match output file (Annex B) is sent by HMRC to Companies House, the data will be sent via Companies House whitelisted email domain, password protected, with the password sent independently of the data
-
ensure that the data match output file (Annex B) is sent by HMRC to Cabinet Office, the data must be anonymised and sent by secure email, password protected, with the password sent independently of the data
-
ensure that the network analysis output (Annex A) from Companies House file is sent to HMRC, the data will be sent via Companies House whitelisted email domain, password protected, with the password sent independently of the data
1.6 Data processer and data owner
HMRC and the Cabinet Office are acting as the data processors, and Companies House as the data controller and data owner of the data match outputs using definitions as set out in the Data Protection Act 2018.
1.7 Freedom of Information (FOI)
If an FOI request relating to this information is made to either Companies House or the Cabinet Office their FOI team will engage with HMRC’s FOI team regarding the potential impact of disclosure.
Any disputes or security and data breaches relating to this information transfer should be reported to Companies House and, if not resolved, escalated to Companies House.
1.8 Subject Access Request (SAR)
If a SAR relating to this information is made to either Companies House or the Cabinet Office will engage with HMRC’s regarding the potential impact of disclosure.
1.9 Disputes
Any disputes relating to this information transfer should be reported.
2. Annex A
2.1 Companies House data specification (already retained by HMRC by virtue of the Companies Act 2006, Section 948(3))
Company account data
| Field name | Field format |
|---|---|
| Date accounts filed with organisation | (DD/MM/YYYY) |
| Accounting period | (DD/MM/YYYY – DD/MM/YYYY) |
| Type of accounts filed (medium, unabridged, etc.) | Character |
| Company name | Character |
| Company registration number | Numerical |
| Balance sheet items - assets | Value (£) |
| Balance sheet items - liabilities | Value (£) |
| Balance sheet items - capital and reserves | Value (£) |
| Profit and loss items, specifically gross profit | Value (£) |
| Profit and loss items, specifically other operating income | Value (£) |
| Profit and loss items, specifically turnover | Value (£) |
| Profit and loss items, specifically cost of sales | Value (£) |
| Profit and loss items, specifically profit before tax | Value (£) |
| Profit and loss items, specifically taxation | Value (£) |
| Any other text from the company account notes or polices that is identified as a fraud risk indicator | Character / free text |
Disqualified director information
| Field name | Field format |
|---|---|
| Disqualified director name | Character |
| Disqualified director name address | Character |
| Disqualified director name date of birth | (DD/MM/YYYY) |
| Disqualified director name nationality | Character |
| Disqualified director name last registered address | Character |
| Period of disqualification | (DD/MM/YYYY – DD/MM/YYYY) |
| The number of disqualifications | Numerical |
| Why they were disqualified | Character |
| The names of companies relevant to their disqualification | Character |
| Whether they have the court’s permission to continue to act as a director | Y/N |
Note: Where fraud is identified from the HMRC matching and analysis (Annex B), Companies House will undertake network analysis to identify related companies, directorships, accountants and auditors to understand if there is evidence of organised crime or systematic fraudulent abuse of the account filing process and, where a further tax liability is identified, this insight will be shared with HMRC in the format of this data specification.
3. Annex B
3.1 HMRC matching methodology and data output specification
Company account matching
-
match the accounts filed with Companies House to HMRC company data using company name, company registration number and accounting period
-
where a like-with-like match is identified, HMRC will provide details to Companies House of the accounts where there is a significant difference in the accounts that indicates suspected fraudulent accounting
-
an anonymised format (without company name and company registration number will also be provided to the Cabinet Office for fraud analysis purposes)
Company account matching data output specification
| Field name | Field format |
|---|---|
| Date accounts filed with organisation | (DD/MM/YYYY) |
| Accounting period | (DD/MM/YYYY – DD/MM/YYYY) |
| Type of accounts filed (medium, unabridged, etc) | Character |
| Company name | Character |
| Company registration number | Numerical |
| Balance sheet items - assets | Value (£) |
| Balance sheet items - liabilities | Value (£) |
| Balance sheet items - capital and reserves | Value (£) |
| Profit and loss items, specifically gross profit | Value (£) |
| Profit and loss items, specifically other operating income | Value (£) |
| Profit and loss items, specifically turnover | Value (£) |
| Profit and loss items, specifically cost of Sales | Value (£) |
| Profit and loss items, specifically profit before tax | Value (£) |
| Profit and loss items, specifically taxation | Value (£) |
| Any other text from the company account notes or polices that is identified as a fraud risk indicator. | Character / free text |
Disqualified director matching
-
match registered and active company director data to the disqualified directors list using a combination of name, date of birth and address
-
where a confirmed match is identified, HMRC will provide details to Companies House of the detailed of the active company director who is disqualified from a relevant company directorship
Disqualified director data output specification
| Field name | Field format |
|---|---|
| Disqualified director name | Character |
| Disqualified director name address | Character |
| Disqualified director name date of birth | (DD/MM/YYYY) |
| Disqualified director name nationality | Character |
| Disqualified director name last registered address | Character |
| Period of disqualification | (DD/MM/YYYY – DD/MM/YYYY) |
| The number of disqualifications | Numerical |
| Why they were disqualified | Character |
| The names of companies relevant to their disqualification | Character |
| Whether they have the court’s permission to continue to act as a director | Y/N |
| Company name | Character |
| Company registration number | Numerical |
4. Annex C
4.1 Data flow
This content has been withheld because of exemptions in the Freedom of Information Act 2000.