This part of GOV.UK is being rebuilt – find out what beta means

HMRC internal manual

Compliance Handbook

How to do a compliance check: starting a compliance check: sensitive cases


These instructions apply to all Customer Compliance Group cases.

The sensitivity of a case depends on the level of risk it poses to HMRC and the likelihood of that risk occurring.

A case is sensitive if it is likely to generate significant:

  • ministerial interest
  • political embarrassment
  • reputational damage to HMRC
  • national media and social media coverage

Sensitive cases MAY involve the following factors:

  • a prominent or public figure, including celebrities, politicians, royalty and members of the military and diplomatic corps
  • a prominent or public institution, including HMRC and other government departments
  • a significant political issue or high profile departmental campaign
  • vulnerable persons
  • risk to life or safety
  • export licensing issues which involve military or strategic goods and UN sanctions
  • covert techniques which could, if allowed into the public domain, generate adverse publicity, (including sensitive intelligence gathering operations)
  • large tax losses or risk to the revenue which could have been avoided at the time
  • exceptionally lengthy or costly investigations, likely to be criticised as disproportionate to the offence
  • offering immunity from prosecution to a potential prosecution witness against whom there is sufficient evidence to support proceedings
  • commercial contracts which impact upon HMRC or other government departments
  • risk of being stayed or an appeal lodged because of procedural failure during the investigation, including incorrect application of the law - for example, significant disclosure failings.

Involvement of one or more of these factors doesn’t automatically make a case sensitive, if the interaction is routine or low-risk.

Cases which will NOT be considered as sensitive:

  • HMRC employees
  • complex or innovative legal procedures - for example, a case using a new piece of legislation or unusual liability issues

The designation of a case as ‘sensitive’ doesn’t mean that it’s marked for special treatment or that such a designation should be applied throughout the lifetime of the case. When the designation is no longer necessary it should be removed. If a case is ‘sensitive’ at the time of closure, it will retain this classification for file retention purposes.

If you are allocated a sensitive case or a case becomes sensitive while you are working it, you need to report it so it can be monitored.

How to report a sensitive case

It’s for the business to decide whether any operation should be reported as a sensitive case. This can be at any time during the compliance check, in line with individual directorate sensitive case management procedures.

Discuss the case with your manager and complete the sensitive case template which can be found locally. Send it to the tier 6 sensitive case manager. The report should include enough detail for a decision about the sensitivity of the case to be made.

Do not continue with the case until you receive a response to your report.

Monthly and exceptional reports

You may be asked to complete monthly reports.

You will need to make an exceptional report if something significant happens such as:

  • the case is reported in the media
  • the customer or their adviser says that they intend to make a complaint
  • you and your team leader believe the tier 6 sensitive case manager needs to know about an event or breakthrough in the case.

How sensitive cases are monitored

The tier 6 sensitive case managers keep a list of sensitive cases.

Cases may be:

  • monitored by the tier 6 sensitive case manager
  • monitored by the CCG deputy director
  • escalated to a sensitive case coordinator.

Escalated cases may be:

  • referred back to be monitored by the business
  • put on a register kept by the sensitive case coordinator.

Sensitive case coordinators in CCG provide monthly briefings on registered cases to customer group deputy directors or the CCG Director General, who chairs a monthly meeting of the Sensitive Case Board.

Extra security measures

You must follow the Department’s data security guidance and records retention policy in all compliance work, see Security Basics for All Staff.

For sensitive cases this means:

  • information is shared on a strictly ‘need to know’ basis
  • all papers must be kept securely under lock and key
  • all emails must be sent using the ‘Official – Sensitive’ security marking, with sensitive information sent as an attachment and password protected. For more information on security markings see Government Security Classifications.
  • you must password protect any additional electronic documents containing sensitive information
  • if a case is ‘sensitive’ at the time of closure, it will retain the ‘sensitive’ classification for file retention purposes.


If there’s a dispute during a sensitive case, you should inform your manager and the tier 6 sensitive case manager.

If the decision to resolve the dispute may have a significant and far reaching impact on HMRC policy, strategy or operations, a report should be made to the Tax Disputes Resolution Board.