Beta This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Compliance Handbook

How to do a compliance check: starting a compliance check: sensitive cases


(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

If you are allocated a sensitive case or a case becomes sensitive while you are working it, you need to report it so it can be monitored.

Each directorate has its own process. This guidance is for caseworkers in ISBC and WMBC. 

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)

Sensitive case coordinators in ISBC and WMBC are available for advice.

How to report a sensitive case

Discuss the case with your manager, complete the sensitive case template and send it to the tier 6 sensitive case manager. The report should include enough detail for a decision about the sensitivity of the case to be made.

Do not continue with the case until you receive a response to your report.

Monthly and exceptional reports

You may be asked to complete monthly reports.

You will need to make an exceptional report if something significant happens such as

  • the case is reported in the media
  • the customer or their adviser says that they intend to make a complaint
  • you and your team leader believe the tier 6 sensitive case manager needs to know about an event or breakthrough in the case.

How sensitive cases are monitored

The tier 6 sensitive case managers keep a list of sensitive cases.

Cases may be

  • monitored by the tier 6 sensitive case manager
  • monitored by the ISBC or WMBC deputy director
  • escalated to a sensitive case coordinator.

Escalated cases may be

  • referred back to be monitored by the business
  • put on a register kept by the sensitive case coordinator.

Sensitive case coordinators in ISBC and WMBC provide monthly briefings on registered cases to customer group deputy directors or the CCG Director General, who chairs a monthly meeting of the Sensitive Case Board.        

Extra security measures

You must follow the Department’s data security guidance and records retention policy in all compliance work, see Security Basics for All Staff.

For sensitive cases this means:

  • information is shared on a strictly ‘need to know’ basis
  • all papers must be kept securely under lock and key
  • all emails must be sent using the ‘Official – Sensitive’ security marking, with sensitive information sent as an attachment and password protected. For more information on security markings see Government Security Classifications.
  • you must password protect any additional electronic documents containing sensitive information
  • if a case is ‘sensitive’ at the time of closure, it will retain the ‘sensitive’ classification for file retention purposes 


If there is a dispute during a sensitive case, you should inform your manager and the tier 6 sensitive case manager.

If the decision to resolve the dispute may have a significant and far reaching impact on HMRC policy, strategy or operations, a report should be made to the Tax Disputes Resolution Board.