HMRC has published its guidance on civil measures it can take to address non-compliance with AML requirements. The guidance looks at HMRC’s role under the 2017 MLRs and how it will use its powers under those Regulations and under the CTA. The note addresses civil measures, but HMRC stresses that it may treat any breach of the MLRs as a criminal matter.
The guidance sets out the powers open to HMRC, including issuing penalties, removing fit and proper status from an individuals, cancelling a business’ registration and prohibiting individuals from holding managerial roles.
Any penalty HMRC issues must be “effective, proportionate and dissuasive”. The guidance explains how HMRC will warn the relevant business or individual about the breaches and explain the actions it requires be taken. However, it will not send a warning letter if it feels the breaches are serious, deliberate, or business wide. Neither will it send a warning notice to businesses that have traded while unregistered or have failed to comply with an information requirement notice.
It will also normally (but need not) issue pre-penalty notices, explaining why it intends to issue a penalty and the penalty amount. The business will have the opportunity to tell HMRC any relevant information that it thinks should be taken into account. This will be followed by the penalty notice. Since July, HMRC has been entitled to charge a penalty administration fee on late payments.
The guidance explains the types of action in relation to which a penalty may be appropriate, such as trading while unregistered, failing to update HMRC of relevant matters or failing to comply with an information notice. Equally, there are circumstances in which HMRC will not issue penalties, such as when a firm has complied with guidance or where the breach is not its fault.
The guidance also addresses when HMRC will issue penalties directly to officers knowingly concerned in a breach.
It then discusses the circumstances in which HMRC may refuse or withdraw approvals, and how it will work with law enforcement agencies where it considers a breach should be treated as a criminal matter.