Guidance

HMRC inspections of ISA managers

Find out what inspectors will check, what records you need to keep and how breaches will be treated, if you're an ISA manager.

HMRC may undertake inspections to ensure that managers have met their obligations under the ISA regulations.

Auditors will:

  • review managers’ procedures
  • check the calculation of claims (both of claims to tax and claims for government bonuses in respect of Lifetime ISAs)
  • check the calculation of amounts due to the HMRC (for example, flat rate charges on interest on cash on deposit in stocks and shares ISAs paid before 1 July 2014 and withdrawal charges in respect of Lifetime ISAs)
  • check the evidence in relation to charge-free withdrawals from Lifetime ISAs
  • check the correct procedures have been applied regarding claims for and payments of government bonuses in respect of Lifetime ISAs
  • check the correct procedures have been applied in respect of withdrawals from Lifetime ISAs
  • check Lifetime ISA first time residential purchase procedures have been correctly followed
  • carry out sample checks on individual ISAs

Before the inspection

HMRC will issue a formal notice of an inspection at least two weeks before the date of the visit. This formal notice may be preceded by a telephone call if the Business is large and it is likely that a pre-inspection meeting will be needed.

The inspection

Auditors will visit the location at which the manager’s records are maintained. This is normally the manager’s own premises, but where the administration is carried out by a third party and the records are held by the third party, the inspection will be carried out at the third party’s premises. Records must be available for inspection in the UK.

Managers must show auditors certain records to demonstrate that the manager has operated the ISA scheme correctly. The records will include all documents, books, and other records which managers have or control containing information relating to any ISA.

The Code of Practice explains HMRC’s general approach to the examination of records. In relation to ISAs, auditors will want to check:

  • validity of application forms. This will not be a separate check but will be incorporated into the check of the targeted areas below
  • non UK addresses
  • excess subscriptions
  • missing or dummy national insurance numbers
  • care of and PO Box addresses
  • transfers in
  • breaks (gap years)
  • treatment on cash on deposit
  • bed and ISA
  • share options
  • death cases
  • HMRC void letters
  • interim and final claims
  • flat rate charge (for investments acquired before 1 July 2014)
  • government bonus claims and payments (Lifetime ISA)
  • evidence for charge-free withdrawals and closures of Lifetime ISA
  • withdrawal charges
  • Help to Buy ISA transfers to Lifetime ISAs
  • first time residential purchases where there has been a charge-free withdrawal from a Lifetime ISA

Auditors may need to see other records and check managers’ systems and procedures.

Although auditors will wish to inspect recent records, managers should retain all records for six years. Records include:

  • applications to subscribe, including transfer applications
  • correspondence
  • history and valuation records
  • annual claims and returns
  • interim and monthly claims
  • interest reports
  • life insurance policies

Where an account has been closed or transferred to another manager, records need only be kept for three years after the date of closure or transfer.

By 6 April 2008, a continuous ISA application form accepted on 6 April 2002 will have been kept for six years and a manager might conclude that the application could then be shredded. However, if the investor were continuing to subscribe (by monthly direct debit, for example), this would clearly be inappropriate. The ISA regulations require ISA managers to keep sufficient records to enable the requirements of the regulations to be satisfied. The application form is an essential record and HMRC therefore require managers to have application forms available for those accounts selected for audit. And auditors will seek recovery if an application form is not available; so shredding forms after six years will only be an option if the manager has a more up to date application form.

If an account is open and the investor is continuing to subscribe, managers should therefore proceed as follows.

If subscriptions are being accepted year on year under a continuous application made at the outset, the original application form must be retained

If subscriptions are being accepted year on year, but a fresh application is made each year, the manager must keep each application for six years (but see applications not in writing if the manager adopts the ‘non-written procedures’). After six years, the oldest application form could be destroyed. The manager would always have six forms on file.

Managers may hold the records (including applications) on computer or microfilm. Records held in this way must be:

  • retrievable
  • easily accessible by auditors

ISA managers are not required to retain recordings of telephone applications or copies of internet files, where investors have made applications other than in writing. However, ISA managers must be able to show the date that the declaration was created and ensure that their annual returns include the information given in the declaration. This will also apply where the manager receives written applications but then adopts the non-written procedure of issuing a declaration (see imaging application forms and written declarations).

Auditors will risk assess the manager’s procedures. Where appropriate the auditor will select statistical samples. This will allow the auditor to extrapolate the results found in any samples across the total population. Where the sample is not statistically valid and errors are found, then the auditor may extend the sample, but more usually will ask the manager to carry out a 100% review of that particular area. The simplified voiding flow chart (PDF, 260KB, 1 page) will help explain the audit procedure if any errors are found.

After the inspection

Auditors will normally report their findings to managers within 28 days of an inspection visit. This is in the form of a written inspection report.

Where auditors are satisfied that tax relief has been obtained only where due and that any claims by the manager have been made correctly, they will advise the manager that no further action is needed.

Where auditors believe that incorrect tax relief has been given by a manager, or where the manager has submitted incorrect claims for tax relief, they will ask the manager to pay an amount based on the incorrect relief given or overclaimed. Where auditors believe that incomplete or inaccurate claims or returns for Lifetime ISAs have been made they will seek to recoup of any overpaid bonus or underpaid charge.

Default interest

Incorrect claims by managers attract interest under Section 86 Taxes Management Act 1970. Interest will be charged on amounts recovered both under the strict treatment of breaches in the ISA rules, and under simplified voiding. Interest will be calculated from the 31st January in each year of assessment covered by the audit settlement.

Penalties

Incorrect claims may also attract penalties where the claims were made fraudulently or negligently. Penalties may be charged on amounts recovered both under the strict basis, and under simplified voiding. HMRC will not charge penalties on the first audit of an ISA manager’s system except in the most serious circumstances.

Breaches in the ISA rules

Some breaches of the ISA rules affect managers alone. Examples are:

  • a failure to deduct a flat rate charge for interest paid on uninvested cash (before 1 July 2014) held in stocks and shares ISAs
  • an incorrect annual or interim claim
  • incorrect action on the death of an investor.

In such cases, HMRC will ask the manager to repay amounts incorrectly claimed, or to pay amounts that they should have deducted.

Some breaches of the rules may affect both the investor and the manager because the ISA is invalidated by the breach. Examples are:

For the following breaches, auditors will normally allow an invalid ISA to continue if:

  • personal information is absent from an application form provided and managers obtain the missing personal details from the investor within 30 days of the date of the audit report, the investor need not return any income or gains on his or her tax return
  • an ISA is opened inadvertently before the end of the withdrawal period
  • an ISA is in debt at any time, provided the investor settles the debt within the subscription limits
  • cash is not held in a designated account, provided the manager designates the account as an ISA account.

In other circumstances, a breach may lead to a void ISA. Some void ISAs can be repaired under the simplified voiding procedure. Others cannot be repaired, and must be dealt with strictly in accordance with the rules.

Strict treatment of breaches in the ISA rules

If a breach cannot be repaired under simplified voiding or if the manager wishes, the breach will be dealt with strictly in accordance with the rules.

Where auditors establish that a subscription is not valid, for example, because the investor is not eligible to make the subscription, they will ask managers to:

Where auditors establish that an investment should not be held or purchased in the ISA, they will ask managers to:

  • remove the investment and any income or gains arising from the investment from the ISA (see voiding and repairing policies of life insurance in ISAs for how this applies to insurance products held in an ISA)
  • repay amounts claimed (and make deductions where appropriate) arising from the holding of the invalid investment

If a statistical sample contains ISAs on which tax relief has been wrongly obtained, but the number of invalid ISAs found is not statistically valid, auditors will conclude that similar errors are unlikely to exist throughout the rest of the ISAs held. They will therefore ask managers to:

  • pay an amount equal to the relief given or claimed on the ISAs within the sample on which tax relief has been wrongly obtained
  • correct the individual errors identified, voiding invalid ISAs where necessary

Errors falling within irreparable breaches will also be treated in this way, irrespective of the statistical validity of the number of errors found.

In other circumstances auditors will:

  • seek to determine, by agreement with the manager, amounts to be paid (see calculation of tax relief recovery)
  • if appropriate, ask the manager to make a payment on account, while the correct figure is calculated

Where auditors have used a statistically valid sample, and the number of errors is also statistically significant, then the results of the sample will be extrapolated across the total number of ISAs held. Unless the errors are limited to the personal information listed, the auditors will ask the manager to carry out a 100% review of all unexamined ISAs which might have the same error, voiding any ISAs found to be invalid. If not carried out as part of the audit, this review should take place as soon as practicable after the audit is completed.

The manager must inform each investor whose ISA is voided to report details of the interest, dividends and capital gains and losses arising on their investment to their tax office. The investor may have further tax liability.

Calculation of tax relief recovery

Auditors will aim to agree with managers the amount of tax relief incorrectly given or claimed after discussion of the inspection findings. Where a 100% review has taken place, the amount can be calculated exactly. If auditors have reviewed a sample, they will normally extrapolate the agreed results of the sample across the rest of the ISAs held.

Where a manager is unwilling to rely on extrapolation of the sample results to quantify any settlement, he may review all ISAs to arrive at the correct amount. The auditors will agree how the manager will carry out the review, and will check the results of the review.

Where managers review all their ISAs, they must remove invalid ISAs, subscriptions, and investments from the scheme. In addition, auditors will seek monetary settlement from managers.

Auditors will also recover relief incorrectly given in respect of ISAs held within the previous four years but closed before the audit.

Simplified voiding

Under the strict statutory approach, breaches of the ISA regulations lead, in many cases, to voiding of the ISA. If an ISA is voided, auditors will recover from the manager any relief given to the investor by the manager, and the investor’s tax office will recover from the investor any capital gain or higher rate tax due.

Simplified voiding is an alternative approach for some breaches of the ISA regulations. Under simplified voiding, certain breaches can be repaired, with the permission of HMRC. This means that, provided the manager and investor take certain actions, the ISA is not voided. An investor with a repaired ISA will remain, in most cases, in the same position as if the breach had not happened. The investor may not even know that his or her ISA breached the regulations.

HMRC do not intend that simplified voiding should apply to breaches of the ISA regulations that have taken place deliberately or carelessly. HMRC will reserve it for breaches which are inadvertent, or which, despite the manager’s best efforts, have slipped through the checking procedures. HMRC reserve the right to treat any breach strictly in accordance with the ISA regulations, and the manager has the same right.

Simplified voiding is voluntary, and the manager can either ask that all repairable breaches to be dealt with in accordance with the simplified voiding procedure; or can insist on the strict treatment. A manager cannot use simplified voiding for some repairable breaches and not others – he must apply the procedure to all repairable breaches, or none.

The treatment of repairable breaches following audit under simplified voiding differs from the strict treatment.

Under simplified voiding, auditors will proceed as follows where they find a statistically valid number of breaches as a result of their examination of a sample of accounts.

If the breaches are not repairable, either because the breach itself cannot be repaired (irreparable breaches), or because the manager has elected for the strict treatment, the auditors will ask the manager to carry out a 100% review of the accounts, voiding any ISAs found to be invalid. They will then calculate a recovery as detailed in calculation of a tax relief recovery.

If the breaches are repairable, the auditors will not require the manager to carry out a 100% review.

If the manager does decide to carry out a 100% review, he must repair any breaches found. And the results of that review will form the basis of the audit recovery (see calculation of tax relief recovery).

If the manager decides not to carry out a 100% review, he must repair the breaches found in the sample. And the auditors will normally extrapolate the agreed results of the audit sample across the rest of the ISAs held to arrive at the audit recovery (calculation of tax relief recovery).

However breaches in accounts outside the sample (which will not been reviewed and repaired) may appear in the sample taken at the next audit. Where this happens, the auditors will seek a recovery for the tax relief incorrectly claimed or given in the ISAs that have not been repaired, from the date of the previous settlement up to the date of the current audit.

Simplified voiding and insurance policies held in an ISA

When an insurance policy held in an ISA is found (by HMRC auditors or the manager) to be in breach of the ISA rules, the breach can be repaired under simplified voiding.

The invalid insurance policy must be terminated when the breach is discovered. However, the manager can repair the breach by replacing the terminated policy with a new policy. The new policy must preserve the full value of the investor’s rights under the original policy. The proceeds from the terminated policy must be used to fund the new policy, and those proceeds will not count as a subscription to the ISA.

ISA managers may need to obtain the consent of the investor to the repair, and may wish to modify the contract for future policies to allow for an automatic replacement of a policy should repair be required.

HMRC may seek recovery from the ISA manager in respect of any ISA containing a repaired insurance policy (see calculation of tax relief recovery). The settlement formula figure for the repaired insurance policy will be the same as for the stocks and shares ISA.

Types of repairable breaches

No lost tax and investor not disadvantaged

This could cover, for example, administrative errors where the investor believes he has applied for a valid ISA, and where the account has otherwise been operated in accordance with the ISA rules. Technically, the administrative error will invalidate the ISA and HMRC has the power to recover the tax relief on the invalid ISAs, interest under s86, and a Schedule 24 FA 2007 penalty. However because of the unique nature of these offences HMRC will, in practice, not seek to recover the tax or interest in respect of these errors. Nor will the penalty be reduced in the normal manner. Instead:

  • it will firstly be reduced to an ‘administrative error penalty’ of a maximum of £1 per error - in line with the CTF penalty provisions for administrative errors. Secondly, it will be further reduced in the normal manner (reasonable care, careless, deliberate, deliberate and concealed), with further reductions for disclosure
  • where the annual information return is incorrect or incomplete, in addition to the ‘administrative error penalty’ HMRC will seek to recover a penalty under Schedule 23 FA 2011 in respect of the incorrect annual information return

In these cases HMRC would expect the institution to put correct processes, procedures and documentation in place in respect of any future subscription.

No loss of tax but investor disadvantaged

This could include administrative errors where the investor believes he has applied for a valid ISA, but the account has not been operated strictly in accordance with the ISA rules. For example, where the terms and conditions are defective and the provider has not complied with the transfer or withdrawal rules. Technically, the defective terms and conditions will invalidate the ISA and HMRC has the power to recover the tax relief on the invalid ISAs, interest under s86, and a Schedule 24 FA 2007 penalty.

The treatment here will be as outlined at A above except the further abatement for reasonable care etc will be less than that for errors that do not directly lead to a loss of tax and where the investor has not been disadvantaged.

Breaches leading to a loss of tax - simplified voiding

Treatment of these errors will continue to be based on the Simplified Voiding procedures that operate now. This category will cover, for example, subscriptions in excess of the limits, the holding of non-qualifying investments, or the failure to comply with an HMRC void notice. For these errors, HMRC will seek to recover:

  • the relevant tax (where appropriate using simplified voiding), interest and a Sch 24 FA07 penalty (equal to a maximum of the excess tax relief) reduced in the normal manner (reasonable care, careless, deliberate, deliberate and concealed), with further reductions for disclosure
  • a penalty under Schedule 23 FA 2011 in respect of the incorrect or incomplete annual information return

In these cases HMRC would also expect the institution to carry out a 100 per cent review to correct the ISAs for the future by removing excess subscriptions and non-valid investments, and complying with HMRC void notices.

Managers will often discover breaches outside an HMRC audit, for example, following an internal audit. If a breach is discovered, the manager should contact HMRC.

Examples of breaches that are repairable, and details the action the manager and investor can take to repair the breach.

An ineligible investment is purchased or held in an ISA

This breach can only be repaired if it is inadvertent. The manager can repair the breach by selling the ineligible investments. The proceeds can remain within the ISA and used to buy eligible investments. Auditors will seek a recovery for the period the ineligible investments remained in the ISA.

An investment that was eligible for an ISA on purchase later becomes ineligible

This breach can only be repaired if it is inadvertent. If the investments are ineligible at the time the breach is found, then the manager can sell those investments to repair the breach. The proceeds can remain within the ISA and used to buy eligible investments. If the investments are eligible at the time the breach is found, but have been ineligible at some time since purchase, then no action is required to repair the breach. Auditors will seek a recovery for the period that the investments were ineligible.

Subscription limits breached

The manager can repair this breach by removing the excess subscription from the ISA. If the excess has been used to purchase investments then the manager can repair the breach by removing those investments and any related income from the ISA. HMRC will seek a recovery from the date the subscription exceeded the limit to the date of the audit report.

Incorrect allocation of dividends to an ISA

The manager can repair this breach by removing the dividend from the ISA. If the dividend has been used to purchase investments, the manager can repair the breach by removing those investments from the ISA. Auditors will seek a recovery from the date of the incorrect allocation to the date of the audit report.

Incorrect transfer of shares from a Schedule 3 SAYE option scheme, approved profit-sharing schemes, or Schedule 2 Share Incentive Plans

If the underlying investments are eligible, and the breach concerns a failure in the transfer procedure, the manager can repair the breach by correcting the error. If the underlying investments are ineligible, the manager can repair the breach by selling those investments. The proceeds can remain within the ISA and used to buy eligible investments. Auditors will seek a recovery for the period the ineligible investments remained in the ISA.

Irreparable breaches

Breaches that cannot be included in simplified voiding, and which must be dealt with in accordance with the strict, statutory, approach (see strict treatment of breaches in the ISA rules) are:

  • incorrect manager annual and interim claims
  • manager failure to deduct flat rate charge from interest paid on cash held in stocks and shares ISAs (for periods before 1 July 2014)
  • investor non-resident at the time of subscription or otherwise non-qualifying (the invalid subscriptions must be voided – see repairs and voiding and strict treatment of breaches in the ISA rules)
  • subscriptions by an investor to two or more ISAs of the same type (cash or stocks and shares) in the same tax year and the subscription limits have been breached (the second and later ISAs may be voided – see repairs – disallowed combination of ISAs)
  • ISA opened before the end of the tax year when the subscription is made after the end of the tax year (the ISA must be voided)
  • incorrect action on the death of an investor

Calculation of tax relief recovery

An investor with a repaired ISA should not inform his tax office of the breach. In most cases, the investor will not be aware that the manager has repaired the breach. Because HMRC has forgone the higher rate and capital gains tax that may have been recovered from the investor, HMRC will seek to recover an amount from the manager which will, on average, compensate HMRC for that tax. The recovery will also compensate for gross interest credited to the repaired ISA that the manager would otherwise refund to HMRC under the strict treatment.

If the manager chooses to apply simplified voiding to repair breaches then the recovery will be calculated in accordance with the settlement formula. A manager cannot choose to apply simplified voiding to only some of the repairable breaches found - he must choose to apply it to all or none.

Recovery arising from breaches that are not included in simplified voiding will be calculated as detailed in this section.

The figures to be used in the formula settlement are as follows:

Stocks and shares ISAs: The recovery will be £5 per year per £1000 subscribed. Cash ISAs: The recovery will be £10 per year per £1,000 subscribed.

The figures used in the settlement formula are based on estimates of the average yield for each type of ISA, and of the amounts invested by higher rate, basic rate, and non-taxpayers. The figures will be revised should the yields, and the amounts invested, change markedly from our initial estimates, but the figures are not expected to change more frequently than annually. The figures above will apply until HMRC notify you otherwise.

Recovery from a stocks and shares ISA is based on the amounts subscribed to the ISA, not the value of the investments held.

The settlement will be calculated up to the date of the audit report on the understanding that any repairs, where required, will be carried out as soon as practicably possible.

See worked example of what must be returned (PDF, 178KB, 1 page) .

Audit protection

HMRC’s Statement of Practice SP8/91 explains the circumstances in which HMRC will recover tax where a claim or an assessment has previously been settled by agreement. Briefly, they do not go back on an agreement unless the information on which that agreement was based was misleading. In line with this practice, HMRC do not seek to recover on claims made before the end of the period covered by the last inspection (whether or not that earlier inspection resulted in any recovery), unless either the:

  • settlement was based on misleading or incorrect information provided by the manager
  • settlement was based on computational errors which the manager could not reasonably believe were correct or intended
  • protection afforded by the Statement of Practice does not extend to claims made after the end of the period covered by the last inspection

Breaches outside audit

Managers will often discover breaches outside an HMRC audit, for example, following an internal audit. If a breach is discovered, the manager should contact HMRC.

Published 5 April 2018