01 June 2022

Susan Ball, tax partner at RSM Employer Solutions and president of the Chartered Institute of Taxation, Lee Knight, employer solutions director at RSM UK and Julie Moore, employment tax director at RSM UK provide an update on the areas Her Majesty’s Revenue and Customs (HMRC) is conducting compliance checks in, and share their top tips on how you can start to prepare

In recent years, HMRC has increased its employer compliance activity by adopting a range of approaches. A compliance review could now:

  • cover pay as you earn (PAYE) compliance in general
  • be an aspect review covering:
    • the coronavirus job retention scheme (CJRS)
    • national minimum wage (NMW)
    • off-payroll working (IR35) rules
  • be part of a business risk review for larger employers.

Since the beginning of the coronavirus pandemic, we’ve also seen an increase in HMRC’s use of a desk-top approach, by issuing initial letters containing a list of questions to establish if further interactions are needed.

When a full review is subsequently instigated, HMRC will often request details for the past three years instead of just one. This is an interesting development as, arguably, it changes the focus of the visit from a check to ensure an employer is compliant, to one in which HMRC is also actively seeking to identify areas where errors have been made in previous tax years. This could result in the recovery of underpaid taxes and National Insurance (NI) contributions.

Then, there’s the issue of who HMRC needs to speak with. For basic PAYE compliance checks, HMRC will want to speak to the people who deal with payroll, expenses and benefits, and often human resources, to talk about the processes and procedures in place. In smaller employers, this may be one person, but in larger employers, it’s likely to be at least three different people. In these circumstances, it’s important the employer is well-prepared, as any seemingly inconsistent or unclear information provided to HMRC in relation to a particular benefit or expense can lead to unnecessary complications.


Business risk reviews

HMRC is likely to engage with the top 2,000 of the UK’s largest businesses in ‘real-time’ via customer compliance managers. This is part of the updated business risk review (BRR+) process that aims to identify emerging tax risks across the taxes and encourage taxpayers to apply a lower risk approach to their tax affairs.

The new notification of uncertain tax treatments regime is expected to result in even more dialogue with HMRC. However, coming off the back of the need to ensure compliance with CJRS / furlough rules, arguably for many, this may result in less dialogue.

For 2019/20, the yield from HMRC’s large business directorate was £13.2 billion, but it decreased for 2020/21 to £8.6 billion, probably because of the pandemic and HMRC resources being moved onto other areas of work. See: http://ow.ly/EHyw30sm10U.

HMRC started its new approach to risk assessments in October 2019 and although BRR+ activity reduced due to the pandemic; we’re now seeing an increase in activity.

The risk assessment process now provides for four categories of risk, being:

  • low

  • moderate

  • moderate–high

  • high.

These categories apply for each tax regime, of which employment tax is one. Behavioural factors are assessed, and a risk rating awarded for each regime. Businesses are also allocated an overall risk rating.

HMRC considers three factors when assessing risk, namely:

1.) systems and delivery

2.) internal governance

3.) approach to compliance.

Several factors are therefore reviewed and are deemed important by HMRC when determining risk ratings, including procedures supporting compliance with:

The senior accounting officer (SAO) regime obligations

These require companies to appoint an SAO, who must take reasonable steps to ensure the company establishes and maintains appropriate tax accounting arrangements. They must also submit an annual declaration to certify whether the company had appropriate tax accounting arrangements in place throughout its financial year. HMRC generally expects to see appropriate documentation setting out the procedures and processes in place, and a penalty regime operates for failure to comply with the SAO requirements.


The business’s obligations to prevent the facilitation of tax evasion

This is by individuals working for, or on behalf of, the business under the so-called corporate criminal offence in the Criminal Finances Act 2017 – HMRC seeks to understand what risk assessment has been performed and the steps implemented to mitigate any relevant risks.

HMRC will also want to understand the internal controls a business has in place to manage employer tax compliance and if, and how, they have been tested, whether internally by the business or by a third party. In other words, it’s no use having a sound control framework on paper – you also must demonstrate that it’s effective in practice. As before the introduction of the updated BRR+ process, there are clear advantages associated with low-risk status which include fewer HMRC interventions.


Nudge letters

Many businesses (and individuals) now receive letters from HMRC that fall outside the formal enquiry process, requesting detailed information about things such as the employment status of contractors or compliance with NMW.

This nudge approach makes recipients aware of potential problems, often providing the chance to correct errors without the expense and stress of more in-depth enquiries. It also enables ‘innocent’ taxpayers to confirm that all of their tax affairs are in order.

However, care should be taken when replying to these letters. First, you should consider the status of the information request – unless HMRC raises a formal enquiry, statutory rights aren’t engaged, so informal requests can allow HMRC to bypass taxpayer rights when asking questions. Second, you should take account of your responsibilities to third parties – if an engager provides HMRC with detailed information about a contractor, does it risk breaching general data protection regulation rules?

Unless, or until, HMRC changes its approach, recipients of nudge letters need to consider carefully how to respond. The best approach is to use the letter to think about whether there is a problem, and to respond, either by making a suitable full disclosure outlining the applicable circumstances using one of HMRC’s formal disclosure processes, or by confirming that, to the best of the organisation’s knowledge and belief, no action is required. Finally, it goes without saying that if in doubt, take advice before doing anything at all.


CJRS reviews

The CJRS provided grants to employers so they could retain and continue to pay staff during pandemic lockdowns and restrictions, by furloughing employees at up to 80% of their wages. 11.7 million employees were furloughed through the scheme, at a cost of £70 billion.

HMRC expenditure aimed at recouping money lost to CJRS fraud and error was increased in the March 2021 budget, with its new taxpayer protection taskforce. This brought with it an investment of £100 million and 1,250 staff members, representing one of the largest responses to a fraud risk by HMRC.

As of November 2021, HMRC had received approximately £408 million returned by claimants who, unprompted, found errors in their claims, and over £719 million was returned by claimants who were entitled to grants but decided, for a range of reasons, to repay them.

HMRC stated in late 2021 that the government expects to recoup £2.3 billion of CJRS grant money in the following months, and it’s clear HMRC expects employers to review their claims to ensure they’re correct, with any overclaimed CJRS grant amounts returned or reported as taxable on their tax returns.

HMRC also considers that CJRS compliance falls within the SAO regime. CJRS claims should therefore be considered when deciding whether SAO certification should be qualified or unqualified, noting that failures to meet the SAO obligations can potentially lead to personal liabilities for the SAO.

Employers may have received a CJRS compliance letter from HMRC, which sets a deadline for them to take certain actions. While most of these requests are based on an HMRC risk assessment, there may be some random enquiries as well. They’re largely desk-based reviews with HMRC requesting information that’s provided digitally.

These reviews can typically include requests for:

  • details on every employee for whom furlough support was claimed

  • the makeup of reference pay and the calculations, along with copy payslips, usually for a specific claim period / reference number (and sometimes including all subsequent claims).

Typically, only short timescales are provided for responses to be supplied. Employers receiving these detailed requests need to engage with HMRC.

If HMRC doesn’t receive a timely response to these requests, and there’s no good reason for the delay, it may issue a formal information notice to obtain the information that was requested. This attracts penalties and may increase the likelihood of CJRS penalties being

charged in scenarios where mistakes are also discovered.

Our experience is that HMRC has been supportive in extending the response deadline where employers engage with them proactively and, where hundreds or thousands of employees are involved, reducing the information that needs to be provided by agreement. We understand these reviews are currently taking an average of six months for HMRC to complete, which, considering the complexity of the rules, isn’t surprising.


Off-payroll working (IR35) reviews

Following the introduction of revised off-payroll working administrative rules for public sector engagers from 6 April 2017, the National Audit Office (NAO) has reported that HMRC started its compliance activity relating to these rules with an initial risk assessment of 16 public sector bodies

They range from government departments through to the National Health Service, fire, police and higher and further education bodies. For those bodies it considered to demonstrate high risk, it undertook more detailed reviews, and this activity was expanded as time moved on. It covered 59 public sector bodies by September 2021, of which 35 have been subject to detailed compliance checks.

The NAO also reported that five government bodies have alone settled, or expect to settle, demands from HMRC totalling £263 million due to non-compliance with the revised IR35 rules. There were problems with the completion of status checks, based on contract wording only, and not a review of the full facts and circumstances of the engagement.

The revised rules were extended to medium-sized and large private sector businesses from 6 April 2021, with HMRC agreeing to provide a light touch to penalties in the first year the regime applied to these businesses. This period has now ended.

Even before the first year of the new regime ended, HMRC started carrying out its first compliance checks among private sector businesses, in October 2021. There was a focus on oil and gas companies, banking and financial services businesses to start with. We’re now seeing more activity across other sectors.

Often HMRC uses an initial letter approach, which might include wording like:

“I’d like to talk about the systems and processes your organisation uses to apply the off-payroll working rules.

This is for the [current tax year/tax year ended 5 April xxxx]. Initially, I’d like to understand your organisation’s:

hiring process for contractors who work through their own intermediary, such as a personal service company (PSC) – this could be either directly or using an agency or other labour provider;

process for deciding the employment status of these workers; and

process for deciding if any services you outsource are fully contracted out.

If at any point you realise you have made a mistake in applying the rules, please let me know straightaway. I can work with you to put it right.”


NMW reviews

HMRC enforces the NMW and national living wage on behalf of the Department for Business, Energy and Industrial Strategy (BEIS). In 2020/21, HMRC undertook almost 3,000 NMW investigations, identifying almost £17 million of NMW arrears for over 155,000 employees. Penalties of more than £14 million were issued to 575 employers in relation to these investigations.

Emerging from the coronavirus pandemic restrictions, the NMW team now has an annual enforcement budget of almost £30 million and a team of around 450 inspectors nationally. This demonstrates HMRC’s commitment to continue promoting compliance and ensuring employees receive at least the NMW for each hour they work.

Many employers have fallen foul of the rules and failed to pay the NMW due to technical errors – for example, by taking a deduction from an employee’s pay in exchange for what many would regard as a benefit, such as a savings club contribution. Due to the widespread employer frustration caused by these issues, HMRC introduced an NMW education team that has focused on improving online technical support for employers. This team has hosted several online training webinars over recent months and has added some worked examples to its online manuals on some common NMW risk areas. The education team has also issued letters to some employers outlining common risk areas, such as changes to NMW rates, apprentices and capturing working time. In addition to these employer letters, HMRC has tried to raise employee awareness of their NMW rights via advertising campaigns and / or letters to workers. These advertising campaigns and employee letters provide contact details for the Advisory, Conciliation and Arbitration Service and / or HMRC, for employees to contact if they have any concerns regarding their pay.

HMRC is legally obliged to undertake a full review where an employee complaint has been made. Employers may therefore wish to consider ensuring their workforce understands their pay and how it has been calculated to mitigate the risk in this area.

For employers, in addition to the financial implications where NMW arrears are identified, there’s a significant reputational risk, as any arrears identified of more than £500 will likely be shared with BEIS for ‘naming and shaming’. Only where the arrears relate to salary sacrifice arrangements will naming and shaming not be considered in the first instance.



We’ve recently seen an increase in the number and types of employer compliance interventions initiated by HMRC and this is likely to continue for some time. It’s equally clear that employers should not take these visits or letters lightly, as the financial and reputational consequences could be  potentially significant.

Our top five tips for dealing with them are:

1.) don’t ignore any HMRC contact and don’t panic – manage HMRC’s expectations if you cannot provide information within the deadline suggested

2.) consider what support you need to help you internally and, if necessary, externally

3.) prepare – collate all the information that’s needed, and ideally review it before providing to HMRC

4.) don’t forget that if you know you have an issue, it’s better to raise it before HMRC undertakes a review, but if HMRC activity has prompted it, any disclosure, even on the day of the review, will be better from a penalties perspective than leaving it for HMRC to find

5.) if asked a question you don’t know the answer to, agree to go away and check – no one is expected to know everything and it’s much better to answer correctly than to give the wrong information. 


Featured in the July-August 2022 issue of Professional in Payroll, Pensions and Reward. Correct at time of publication.