BRR – public sector shivers

01 November 2019

This article was featured in the November 2019 issue of the magazine. 

Tim Bridgett, employment taxes senior manager at PSTAX, reviews recent developments and discusses implications for public sector organsiations

Those of us who have been dealing with the public sector for many years will recall the concerns that HM Revenue & Customs (HMRC) had in relation to its dealings with large businesses, which culminated in the release of the so-called ‘Varney report’ in 2006 and the ‘Varney delivery plan’ which followed in 2006. In these documents, the nature of the working relationship between large businesses and HMRC was reviewed in detail emphasising “the need to establish more common ground in what constitutes unacceptable tax planning and behaviours”. After an extensive consultation exercise, this work was followed by the introduction of HMRC’s detailed framework for assessing the tax compliance risks presented by these large businesses.

Under this new approach, the volume of HMRC’s interventions in a company’s or organisation’s affairs – and the nature of the working relationship between the two – was determined by reference to a risk rating given to the company/organisation by HMRC. The lower the risk, the lower the expected level of HMRC involvement in the day-to-day workings of a business. These business risk review (BRR) ratings were confirmed as being ‘low risk’ or ‘not low risk’, with ‘low risk’ organisations benefiting from a ‘light touch’ approach by HMRC.

Together with the risk-based approach came the appointment by HMRC of a customer relationship manager for the largest and most complex businesses, including many public sector bodies, to act as a single point of contact across all taxes. From 2014, these became known as customer compliance managers, reflecting the shift in HMRC’s focus on improving overall tax compliance.

In September 2017, HMRC published a consultative document entitled Large business compliance – enhancing our risk assessment approach ( The consultation sought views on whether the efficiency and effectiveness of the BRR could be improved with the intention that these improvements would benefit both HMRC and large business. The consultation considered: the current BRR process; the aspects of risk to be assessed; the results of the BRR and how they are presented; and the outcomes and potential opportunities that existed for their use.

HMRC has defined a low-risk business as one that has an open and transparent relationship with HMRC, effectively manages its own tax compliance risk, and is trusted not to engage in aggressive tax planning. HMRC trusts such a business to raise issues to discuss in real time, and to pay the right tax at the right time. It regards all other large businesses as not low risk. There was a concern that this sub-division into two categories is too restrictive and does not accurately represent the significant differences across the large business population. 

Following this consultation and a pilot exercise, a new BRR process was announced by HMRC and was rolled-out to several Public Bodies Group customers, including some of our own local authority clients, with effect from 1 October 2019. So, what has changed? 

HMRC has advised that it wishes to provide greater clarity and consistency for customers around the BRR process, through greater collaborative working and by developing clearer guidelines and a standardised approach. The original two risk ratings have been replaced with four new ratings, which are: low risk, moderate risk, moderate-high risk, and high risk.

HMRC determines a customer’s overall level of tax compliance risk by direct reference to the sector in which the organisation operates, in terms of, for example, their size, complexity and the degree and pace of change they experience. By creating these four risk categories, HMRC confirms that they can more efficiently target resources to where they are most needed. 

For low-risk customers generally, HMRC has advised that it still expects BRRs for large businesses generally to be carried out every three years, as they were previously. Whether this is achievable for public sector organisations remains to be seen, as we do know that the HMRC Public Bodies Group has had some resourcing issues recently. What we can say is that it is more likely that for those bodies with higher risk ratings the more frequent and in-depth the BRRs will be. 

For customers that have been awarded moderate, moderate-high and high-risk categories, HMRC suggests that BRRs will usually be carried out on an annual basis. Again, whether this would be the case in the public sector is unclear, but the prospect of more frequent and in-depth reviews should provide incentive enough to address the relevant issues.

During the BRR, which is a collaborative process, HMRC determines how the customer mitigates tax risk through their behaviour, specifically in three areas. These are summarised below with emphasis on the required behaviour to help achieve a low-risk rating.

  • Systems and delivery – The organisation must be able to demonstrate that it has processes and suitable resources in place to deliver timely and accurate returns, declarations, payments and claims that are suitable for the size and complexity of the business. 

The organisation must maintain documented tax policies and procedures and share these on request from HMRC. 

All returns and payments must be submitted to HMRC on time. 

  • Internal governance – The organisation will have clear accountabilities up to and including the board for the management of tax compliance risk and tax planning and have appropriate tax accounting arrangements to enable accurate tax reporting.

The organisation must appreciate its potential liability under corporate criminal offence legislation and have taken steps to profile and manage the risk of failing to prevent the facilitation of tax evasion. It must also identify and promptly communicate to HMRC any significant uncertainties or irregularities.

  • Approach to tax compliance – The organisation is expected to maintain an open and transparent relationship with HMRC and be open with HMRC in real time about how tax compliance risk is managed across all relevant taxes and duties.

The organisation must not be involved in tax planning other than that which supports genuine commercial activity. 


So, what now? 

Clearly these are significant changes across the large business community generally and public sector bodies are very much part of that. We are aware that HMRC has already started, and finalised, a number of the new BRRs and we can expect the programme of visits to be stepped up in the coming months and years. 

As with any compliance process that is run by HMRC, it is advisable to pre-empt such reviews well in advance by reviewing internal processes and policies and considering the behaviour that underpin these. This could involve working closely with your advisers and ensuring that there is the right level of ‘buy-in’ within the organisation to help keep the risk rating low.