I’m all about the base, database, no trouble

By now everyone will have seen the headlines and heard the acronym many times, but in case you’ve been camped in a remote jungle for the last few months, major changes are coming to data protection rules in Europe through GDPR.  The General Data Protection Regulation (or GDPR) will be implemented into the UK through the Data Protection Bill 2017, which is currently going through the parliamentary processes.

What Changes?

Under the new rules, data subject will get enhanced rights providing increased control over the collection and use of their personal data.  There will also be further obligations on data controllers with a move towards greater accountability and additional record keeping.  However, the overall principles remain the same and the changes are essentially incorporating what could currently be described as “best practice”.

Does It Really Affect Us?

Recent figures suggest that a substantial number of organisations do not think they will be actually affected by the rule changes and (un?)surprisingly 1/3 are unsure on where their data is stored.  The reality is, however, that from 25 May 2018 any organisation that processes personal data will require to be GDPR compliant.  “Processing” is defined very widely and includes holding, collecting, recording, amending, storing, organising, altering, using and deleting personal information which essentially means anything done with personal data will be covered.

A further substantial change, and certainly the one that has made most headlines, is the increase in potential fines to £18m or 4% of global turnover (well up on the current £500,000 level).  It is important to note that this is the maximum level of fine, so not all businesses will be hit with that level of penalty.  But it is clear that the days of budgeting to cover any potential data protection fine are gone and businesses need to be looking at getting GDPR compliant.

Steps to Take

It is clear that this is not something that can be ignored or even pushed back to next quarter.  Organisations should start planning now and allocate resources (financial and organisational) to reviewing their databases.  The following are steps which can be taken and should help in becoming GDPR compliant.

Data Audit

To fully comply with the new accountability and record keeping requirements, organisations will need to do a data audit to understand personal data currently held.  It is important to identify all data sets held and organisations should consider looking at (i) what data it has, (ii) how it comes into the organisation, (iii) how it is used, (iv) who it is shared with and (v) when it is deleted or destroyed.  All other steps will follow on from this so it is a critical step in getting GDPR compliant and should be started as soon as possible to give time for the other steps to be completed prior to May 2018.

Basis for Processing

Once an organisation has completed a data audit, it should consider the legal basis for processing information.  Under data protection rules, there must be a lawful basis for all processing (either consent, contractual necessity, compliance with legal obligation, vital interests, public interests or legitimate interest).  Different individual rights will arise depending on the basis relied upon, so careful consideration should be given to which basis is best for an organisation.  As a general rule, consent should not be relied upon if possible to avoid any issues if an individual withdraws consent midway through processing.

Privacy Notice & Policies

The privacy notice will be one of the key pieces of information to be provided by any data controller, setting out what data is collected, how it is processed and who can access it.

Additionally, organisations will need to review policies and procedures to make sure they can respond to any requests within the given timescales (i.e. one month for access requests) and to monitor any breaches, deal with notifications within the short timeframe and mitigate any impact on data subjects.

Educate

Although final important step for initial compliance is to educate; there is little point getting all rules and procedures in place if those within the organisation are not aware or do not follow them.  Organisations should make sure all staff are aware of the relevant rules and the rules should be actively enforced.  Organisations might consider having someone designated to deal with data protection so staff know where to go to ask questions and to get answers.

Regularly Review

So it’s not strictly a point for initial compliance with the new rules but it is important going forward, an organisation will not be able to just review once and never again.  The above steps should be done regularly to see if there are any issues needing corrected or gaps needing plugged and check the current procedures in place remain fit for purpose.

Getting Help

For more information or help getting GDPR compliant, contact the Corporate Team at Blackadders.

 

Ruth Weir, Corporate & Commercial
Senior Solicitor
@CorpLawyerRuth
www.blackadders.co.uk

Why Lord Sugar isn’t sweet when Apprentices Mis-sell.

For those of us still hooked on the TV show, “The Apprentice”, you are bound to have noticed that nothing invokes the scorn of Lord Sugar more than when candidates describe their goods or services with a dash of creative licence. Whether it be organic burgers that aren’t so organic or French mussels which are more at home in Brighton than Brittany there is a real legal reason why Lord Sugar has to come down hard when candidates push the truth a little too far.

The primary legislation governing this area is called the Consumer Rights Act 2015 and this lays out the various rights consumers in Britain enjoy when buying goods and services. When it comes to the description of goods, the law requires that every contract is deemed to have an implied term that the goods will match the description given by the seller. It doesn’t matter if the goods were available for inspection or if the seller later amends the description; if the original description is false then the buyer has certain legal rights.

In general these rights entitle a consumer who has been mis-sold a product to either reject the goods (subject to certain time-scales); obtain repair or replacement of the goods; or, have the purchase price reduced to reflect the mis-description.

The law further protects consumers by presuming that any mis-description discovered by the consumer within 6 months from when the goods were delivered existed at the time when the product was originally bought and it is up to the seller to prove otherwise.

In addition to these civil legal rights that consumers enjoy, Trading Standards Officers also have the power to bring quasi-criminal proceedings against those who have deliberately or recklessly mis-sold goods and services. Accordingly, it is hardly surprising that Lord Sugar keeps a careful eye on the activities of his candidates and hopefully this reinforces the point that mis-selling goods is no light matter.

If you have been mis-sold goods or services or have any questions arising from the contents of this blog please contact our Dispute Resolution Team who will be happy to assist you.

Alastair Johnston, Dispute Resolution
Senior Solicitor
@BlackaddersLit
www.blackadders.co.uk

 

 

 

Lord Alan Sugar: Photo by James Cronin, www.flickr.com, 2009

Why preventing tax evasion is now on the board agenda

 

The UK’s Government has again been busy creating new corporate crimes to help enforce its policy objectives.  This time it relates to tax evasion, or more accurately “failure to prevent the facilitation of tax evasion”.  Two new offences came into force on 30 September 2017 in the Criminal Finances Act 2017 – one for UK tax evasion and one for foreign tax evasion. As the HM Revenue & Customs (HMRC) press release says: “It is already a crime to evade tax, or deliberately help another person to do so, but on behalf of the majority of taxpayers who pay what is due, the UK government is taking an even firmer stance on corporate fraud in a move designed to drive a change in corporate culture.” Much like anti-bribery and corruption rules your company’s defence is to prove you have reasonable prevention procedures in place. HMRC has provided guidance  on this, which this blog summarises for you.

Who is this relevant for?

All companies and partnerships in all industries will need to put some prevention procedures in place. Higher risk sectors e.g. accountancy, tax advice, wealth management and legal services will need to do more.

What are the offences?

There’s three parts: (1) a taxpayer commits criminal tax evasion, (2) a person who is acting on behalf of your company or partnership commits an offence by “deliberately and dishonestly” helping the taxpayer evade tax (“facilitation”), and (3) the company failed to take reasonable steps to prevent this criminal facilitation.  Part (3) is the corporate offence and the only part that’s new. For the UK tax evasion offence the company or its business could be based abroad. For the foreign tax evasion offence only the company, its business or some of its staff needs to be based in the UK. It doesn’t matter whether the senior management / board were aware of the facilitation or not.

What’s tax evasion (illegal) and what’s tax avoidance (legal)?

This is not an easy question as the line is increasingly blurred but the HMRC guidance provides some examples of criminal facilitation of tax evasion:

·         A mid-size car parts maker operating in the UK and Europe, entered into a sub-contracting arrangement with an UK distributor. The senior managers of the UK distributor created a false invoicing scheme with the assistance of a purchaser, allowing the purchaser to evade UK taxes due on its purchase of the car parts in the UK.

·         As part of a large transaction an employee of a UK-based multinational bank knowingly referred a corporate client to an offshore accounting firm with the express intention of assisting the corporate client to set up a structure allowing the client to evade foreign income tax.

Existing procedures won’t cut it
Companies and partnerships who operate in the UK or deal with UK tax will need to put in place yet more compliance procedures – HMRC is very clear that your existing anti-bribery and corruption, fraud prevention or financial crime prevention procedures (if applicable) will help but aren’t enough on their own.

So what do you need to do? According to HMRC guidance every company and partnership needs to firstly undertake a risk assessment of the products and services it offers, as well as internal systems and client data that might be used to facilitate tax evasion. This includes “sitting at the desk” of employees and other associated persons, considering the motive, means and opportunity for facilitating tax evasion. When doing this you should consider typical fraud “red flags”, for example:

  • Are there staff who refuse to take leave and do not allow anyone else to review their files, or are overtly defensive over client relationships?
  • Do existing processes ensure that for higher risk activity at least a sample of files are routinely reviewed by a second pair of eyes?

Then consider tailoring existing processes and procedures accordingly to prevent and detect potential tax evasion facilitation – this could include:

Having a commitment to preventing the involvement of those acting on your behalf in the criminal facilitation of tax evasion, demonstrated by issuing a prominent message from the board of directors, partners or leadership team against all forms of tax evasion;

  • Having terms in contracts with employees and contractors requiring them not to engage in facilitating tax evasion and to report and concerns immediately;
  • Providing regular training for staff on preventing the facilitation of tax evasion;
  • Having clear whistle-blowing procedures;
  • Ensure your pay and bonus policy/structure encourages reporting and discourages pursuing profit to the point of condoning tax evasion;
  • Having regular reviews of the effectiveness of prevention procedures and refining them where necessary; and
  • Monitoring and enforcing compliance with prevention procedures.

These are merely the basics for SMEs and need to be tailored to the organisation’s specific risks. Larger or higher risk companies and partnerships will need to do more on top of this to comply but may have guidance from their sector regulator to help them.

When do we need to do this?

 HMRC is expecting you to be doing your risk assessments and initial staff communications now and to have a clear timeframe for putting the other procedures in place.

Getting help

For more information or help with complying contact the Corporate Team at Blackadders. Thanks to Sara Scott, our Regulation & Compliance Manager for input to this article.

 

Campbell Clark, Partner – Corporate and Commercial @CampbellJSClark

www.blackadders.co.uk

 

 

GDPR: Changes are Coming – Are you ready?

Most people will have by now heard the four letters which will change the landscape for data protection in Europe next year – GDPR. The General Data Protection Regulations, or GDPR, will apply automatically within the UK when they come into force on 25 May 2018. While it seems a long time until compliance with GDPR is required, the changes introduced represent a substantial challenge for businesses within the UK and steps should be taken now to limit any issues (or fines) in the future. In the first of several updates on data protection and GDPR, I have set out the main changes for organisations to be aware of (with greater detail to follow on certain key areas in subsequent blogs).

Key Changes

Jurisdiction

GDPR will have extra-territorial application. This means it will apply to all EU organisations processing personal data (whether the processing takes place within the EU or not) and to all organisations processing data of people residing inside the EU (whether the organisation is within Europe or not).

Fines

The current maximum fine which the ICO can impose is £500,000 (although the fines imposed are normally well below this figure). Under GDPR, the fines are substantially increased. Where an organisation has committed a breach of record keeping, contracting or security clauses, the maximum fine will be greater of €10,000,000 or 2% of worldwide turnover. If an organisation has breached one of the basic principles or Data Subject rights, the fine can be up to €20,000,000 or 4% of worldwide turnover.

It is important to note, most ICO fines at present would be subject to the lower fine levels which may signify a change in what is now important in data protection rules.

Individuals also have a right to claim compensation for damages cause by infringement of data protection rules. Going forward, damages will include non-material damages for distress etc (rather than simply proven financial losses).

Data Processors

The current rules generally cover data controllers only (ie those responsible for determining the purposes and means of processing personal data). The GDPR creates specific obligations on data processors (those engaged by a data controller to carry out the processing of personal data). These include (i) maintain adequate documentation, (ii) put appropriate security processes in place, (iii) carry out data protection impact assessments and (iv) comply with rules on international data transfers. Failure to comply with the new obligations could result in fines and potential claims for damages from individuals.

Consent

Going forward, organisations can still rely on consent to process personal data but will need to ensure such consent is freely given, specific and informed. Practically, this means organisations should not rely on opt-out or auto filled consent boxes. Instead, organisations should ensure requests for consent are clear and distinguishable from other matters with options to consent to different types of processing. It is also necessary to highlight consent can be withdrawn at any time in a quick and easy way.

Businesses will need to maintain evidence showing consent has been obtained and have appropriate mechanisms to deal with withdrawal of consent. Given that consent is only one basis for lawful processing of data, organisations may consider if there is another basis for processing which is more appropriate.

Breach Notifications

Under GDPR, any data breach which is likely to risk the rights and freedoms of the individual should be notified to the ICO without undue delay and within 72 hours of first becoming aware of the breach. Where the breach is likely to result in high risk to the individuals affected, the individual should also be notified.

A breach is defined by the ICO as “a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of or access to, personal data”.

Organisations will need to have an appropriate process in place for identifying any breaches and preventing any further breach of data, assessing the potential impact of any breach and thereafter notifying appropriate parties.

Data Subject Rights

A data subject is the individual whose personal data is held by an organisation. The rights that a data subject has under GDPR are broadly similar to the current rules, although some have been expanded. These rights include the right to access information held (or subject access rights), requirement on organisation to rectify incorrect data and the right to be forgotten.

The GDPR has removed the right for organisations to charge a data subject for access to their personal data. If a request is made to an organisation (letter, email and via social media are all acceptable methods), an organisation should provide all information within one month.

Data Portability

A new right created under the GDPR is data portability where an individual can request data held by an organisation is transferred to another organisation. The transfer can be via the individual or between the two organisations directly and must be provided in a commonly used format which is machine readable.

The introduction of this new right will enable individuals to transfer between service providers quickly and easily. It may require organisations to introduce appropriate procedures for transferring data quickly and securely.

Accountability & Privacy By Design

Simply complying with GDPR will not be sufficient for organisations – they should be able to show compliance by having appropriate policies, procedures and training in place.

Organisations should look to keep detailed records of processing operations, perform impact assessments for high risk processing, keep comprehensive records of any breaches and take data protection risks into account from the start of any process, rather than as an afterthought. The key concept is that personal data is only processed where necessary, for a specific purpose and stored for no longer than required.

Data Protection Officers

Going forward, certain organisations will need to appoint DPOs to oversee the protection of personal data. The DPO should report to the highest level of management and will advise on all relevant data protection laws, monitor compliance with GDPR, deal with data protection impact assessments and liaise with the ICO. A DPO is required for all public authorities and bodies and where an organisation has core activities requiring (i) regular and systematic monitoring of individuals on a large scale or (ii) processing on a large scale of special categories of data (sensitive personal data) and data relating to criminal convictions.

There is nothing preventing other organisations appointing a DPO but if appointed, a DPO will have to comply with all relevant obligations under GDPR.

It is important that organisations are aware of the new rules coming into force so they can consider what impact these may have on their own policies and procedures and what changes might be required before May 2018. For more information on data protection or to discuss your GDPR requirements in more detail, contact the Corporate Team at Blackadders.

Ruth Weir,  Senior Solicitor – Corporate  :  @CorpLawyerRuth www.blackadders.co.uk

People with Significant Control

I reported earlier this year about the Government’s plans to introduce what were then being referred to as “registers of beneficial interests”. Each company will be obliged to maintain a register noting the beneficial ownership of shareholdings which are registered in the name of a nominee.

The registers have now been re-branded as registers of “people with significant control” (PSC) but the substance is the same. It appears to be the Government’s intention to push these reforms through as soon as possible and certainly to ensure that the legislative changes are made before the next general election.

The registers will be introduced as part of the Small Business, Enterprise and Employment Bill which is currently being debated in Parliament. However, the mechanics of how a PSC’s interest will be recorded in the relevant register and the matter of protecting certain pieces of data which are contained in the register are still to be determined. The latter point is something which requires consideration more generally; such as the suppression of the full date of birth of directors of companies to assist with the prevention of fraud.

In order to consider these points the government has issued a discussion paper.

Significantly the discussion paper also asks for views on the guidance which would be provided to ensure that companies (and PSC’s) understand their obligations under the act when it is passed. In my view the guidance needs to make it absolutely clear that (contrary to the headline grabbing title of “register of beneficial interests”) the registers should contain not just information pertaining to shareholdings, but also the ability to exercise voting rights or the ability to appoint or remove directors or similar powers held by an individual through another corporate entity.

We also note that it is proposed that the guidance will supplement that produced by Companies House. I wonder how the content of one set of guidance would vary materially from the other as I would expect the main aims of both to be to assist parties: (i) to understand what a PSC is; (ii) to correctly record all relevant information in the register once the format has been agreed pursuant to this discussion paper; and (iii) the consequences of failure to have and maintain the register.

We would hope that no more information is recorded in the register than is absolutely necessary. The members of a company may have chosen to enter into a shareholders’ agreement to reflect control arrangements precisely because they do not want them in the articles of association to maintain a certain amount of privacy.

Responses are sought before 9 December 2014.

Other Small Business, Enterprise and Employment Bill changes

Anyone who has a burning interest in company legislation may have noticed that there will not be an obligation to file an annual return once the bill takes effect. I would suggest that you do not celebrate the removal of a piece of company administration just yet, as it is to be replaced with a “click and confirm” process. How this will differ in practice from submitting an annual return is unclear at present. Perhaps the process will be streamlined when Companies House website is incorporated into the wider www.gov.uk site, but this remains to be seen.

The Bill will also bring into effect the changes to the director disqualification rules which Ellis Walls reported on earlier this year and will abolish corporate directorship. There will be a period of 12 months to remove a corporate director currently appointed from the time the legislation comes into force.

Kelly Craig
Solicitor – Corporate & Commercial
www.blackadders.co.uk

Important Changes to Tenancy Law in Scotland

Background:

The Scottish Government is currently holding a consultation which aims to develop and modernise Scottish Tenancy Law. There are now over 368,000 privately rented homes in Scotland and it has long been apparent that the existing legislation, introduced over 26 years ago, is in drastic need of updating.

Introduction of a Private Rented Tribunal:

One of the most common criticisms from both Landlords and Tenants is the length of time it takes for a decision to be obtained from the court. This issue has become more pronounced due to the increased pressure on courts following the recent court closures and it is now common for cases not to be resolved until many months after the tenancy relationship has broken down.

This is in neither the Landlord nor the Tenant’s best interest and as such, the Scottish Government plans to remove Tenancy issues from ordinary court business and dedicate a special Private Sector Rented Tribunal (PRS). It is hoped that this measure will make it easier, cheaper and faster to resolve disputes.

Abolition of “No fault” eviction:

The law itself will also undergo modernisation to reflect the current market. Perhaps the most fundamental change will be the removal of the “no fault ground” for eviction. At present tenants can be removed from properties simply on the basis that certain statutory notices were provided before the commencement of the tenancy and that the tenant was informed 2 months before the tenancy end date that they would be required to vacate the property. The Court had no discretion to delay or prohibit eviction of the tenant on this ground and if this ground is abolished Landlords will need to demonstrate a specific reason for terminating the tenancy.

Abolition of discretionary grounds of eviction:

Currently, apart from the above mentioned ground there are 17 grounds for which the landlord may evict a tenant. Half of these grounds allow for the Sheriff to exercise some discretion as to whether the tenant should be evicted; whilst the other half bind the Sheriff to grant an order of eviction if they apply. It is intended to replace the 17 grounds with 8 grounds which do not allow the Sheriff to exercise discretion. These would be as follows:

  1. That the landlord wants to sell the home
  2. That the mortgage lender wants to sell the home
  3. That the landlord wants to move into the home
  4. That the property is to be refurbished
  5. That the use of the home is to be changed
  6. That the tenant failed to pay three full months’ rent
  7. That the tenant is anti-social
  8. That the tenant has otherwise breached the tenancy agreement.

It is hoped that with the removal of the discretionary grounds, cases will be more straightforward and faster as at present when discretionary grounds are used the individual circumstances of each case require to be carefully examined which can be  a time consuming process.

Modification of Notice to Quit periods:

The final major proposal is a modification of how the notice periods prior to eviction operate. Currently, a tenant may be asked to vacate a property after either 28 or 40 days. It is instead proposed that the notice period would vary depending on how long a tenant had stayed in the property. However, an exception is provided for when either ground 6, 7 or 8 applies.

Summary:

If implemented the Scottish Government’s proposals will have a dramatic impact on the rental market. Both the major and minor modifications aim to reduce the reliance on solicitors and courts throughout the tenancy relationship, from creation to termination. However, the effectiveness and viability of these measures are yet to be determined.

Alastair Johnston
Solicitor – Dispute Resolution
www.blackadders.co.uk

Online Sellers Beware

Businesses selling their goods and services online will need to update their terms and conditions and operating practices to fall in line with the implementation of new European rules, which came into effect on 13 June 2014.

Under the directive, online buyers are now given an extended 14 calendar day cooling-off period (previously 7 working days) in which to claim a full refund. Shoppers are not required to give a reason when cancelling their order. This includes purchases made through online auctions, although only to items sold by professional sellers.

The cooling-off period also now applies to the supply of digital content including music, eBooks and videos. Within the cooling-off period, a buyer cannot be supplied their digital content unless they have given express permission to receive it. If a buyer does gives their consent, they must also acknowledge the fact that they will lose their right to claim a refund once the digital content has begun to download.

The directive also involves rules regarding additional credit card charges, which must be clearly set out from the start of the transaction, and the rate of charge of phone calls from customers. As a seller, you will not be able to charge any more than the going local rate for customer phone calls relating to complaints or post-purchase inquires. However, calls made by customers purchasing goods or services over the phone can still be charged at a higher rate.

Sellers will have to make it clear to the purchaser who is to bear the cost of delivery when returning goods. Purchasers have to be clearly informed if they are to bear such costs; otherwise the seller will pay for delivery by default.

When offering additional goods or services during an online purchase, sellers are now prohibited from using pre-ticked boxes which force the purchaser to manually untick boxes in order to remove the extra goods or services.

Businesses should ensure that they are being pro-active; if you have not already done so, make sure to follow the guidance above. If you are still unsure on how, or if, these changes will affect your business, we will be happy to advise you.

Ellis Walls
Trainee Solicitor – Corporate & Commercial 

Digital Times They Are A Changin’ – Impending Changes to the Permitted Use of Copyright Works

Come 1 June 2014, you will finally be able to copy your CDs onto digital platforms such as iTunes without falling foul of copyright infringement.

The UK Government has finished considering whether to extend copyright exceptions. The aim of which is for the law to keep pace with the changes in technology to the public’s ever growing use of digital media. However, progress is being made at a fairly slow pace; progressive recommendations to keep up with the digital age were made three years ago in the Hargreaves Review. The report encouraged governments to adopt legislation which would allow private individuals to exploit every exception under EU law.

CD-ROM

There are a number of changes to the exceptions of copyright but those of most significance involve the following:-

Personal copies for private use

Private individuals will be able to make copies of media (such as CDs, eBooks or videos) in order to change its format (ie physical CD to mp3) or to act as a backup. Such copies cannot be used by anyone else. Businesses will be able to legally manufacture technology or create programs that allow individuals to make private copies. It is worth noting that copies cannot be made for direct or indirect commercial use; a business would not be able to make copies of protected works for their employees.

Parody

Unlike in previous legislation, individuals will be permitted to make use of copyright material for the purpose of parody. Such use will only fall under the exception if it is limited. For example, a few lines of a song in a comedy sketch would be deemed reasonable but the use of a whole song would not be.

Quotation

Individuals will be given greater freedom in using quotations that are taken from copyright works without permission. Again, as with parody, the use to be reasonable and proportionate so quoting a substantial part of, or whole book will not be justifiable. The use of quotation, in order to be a permitted act, must be accompanied by sufficient acknowledgement of the author – unless it is practically impossible to do so.

Research and private study

The copying of protected works for the purpose of private study is to be extended to include sound recordings, films and broadcasts – previous legislation only included the likes of literary works. Libraries and universities will also be able to provide on-site access to users for private study of recordings, broadcasts, literary works etc.

Further to the extended and additional copyright exceptions, legislation will provide rules to prevent copyright holders from being able to contract out of copyright exceptions. Such provisions will ensure the end-user’s rights, as licensee, are protected. However, these provisions will not prevent copyright holders from adopting DRM (Digital Rights Management) or TPMs (Technical Protection Measures) in order to protect their content from unauthorised copying, which will inadvertently create barriers to permitted copying. An individual will be able to raise their concerns over obstructive DRM/TPMs, preventing permitted acts, to the Secretary of State who will have the power to limit or override these restrictive measures in order to facilitate permitted copying.

The likelihood is that aspects of permitted use and the exceptions of copyright will develop over time and be shaped by case law. For the time-being, it would be wise to remain cautious and seek legal advice if in doubt regarding the new exceptions.

Ellis Walls
Trainee Solicitor – Corporate & Commercial

For Whose Benefit?

My colleague, Ellis Walls, recently reported on the expected changes to director disqualification law. In the same response paper, the government proposes to introduce so-called “registers of beneficial interests”. Mr Cable’s introduction to the paper notes that these registers are the proposed remedy to many commercial ills, including; a lack of trust in the system, incomplete transactions, averting money laundering, tax evasion and terrorist financing.

Under the new rules to be introduced, each company will be obliged to maintain a register noting the beneficial ownership of shareholdings which are registered in the name of a nominee. This information must also be provided to a central registry.

The government has reached the following conclusions on various aspects of the registers:

  • Information must be gathered in relation to those individuals who ultimately own or control more than 25% of a company’s shares or voting rights, or otherwise exercise control over a company or its management;
  • If a beneficial interest is held through a trust, the trustees or individuals controlling the trust should be recorded as the beneficial owner. It is not yet clear in what circumstances the beneficiary would be recorded as the controller of the trust.
  • Both companies and limit liability partnerships will be required to gather the required information and provide it to the central registry.
  • There will be limited exemptions from the requirement to prepare and disclose a register for those companies that are subject to equivalent disclosure requirements as a result of having securities listed on a regulated market.
  • Obligations are placed on the company to make relevant enquiries concerning significant shareholdings. Beneficial owners will also be subject to duties to disclose their interests to the company.
  • The company’s register of beneficial interests will include the full name, date of birth, nationality, state of residence, residential address of the beneficial owner and the date(s) on which the beneficial interest was acquired.
  • This register must be provided to Companies House and updated at least once a year. Some of this information will not be available on the public register in order to reduce the instances of fraud. The government has yet to make a decision on which of these items of protected information may be made available to UK and overseas authorities.

Given the primary aim of the proposed register being to improve transparency and accountability, the government may be disappointed in the outcome. Some respondents to the consultation paper noted that there were simple means to evade the reporting requirement, which stems from the government’s introduction of the 25% shareholding threshold.

In light of these obligations, (and the criminal law consequences suggested for breach) company directors will require to be extra vigilant concerning the reasons given for shares being held in a particular way. Directors should consider whether the reasons provided make the best commercial sense, and if not, why is the most logical structure not being used?

We await the final legislation and decisions on the outstanding points of the consultation process. It is also to be hoped that the government takes appropriate action to limit the administrative burden on companies which may result from this proposed change.

Kelly Craig
Solicitor – Business Services

Director Disqualification – A Government Proposal

A recent Government response to a consultation paper, involving the transparency of company ownership in the UK,touched upon extending the scope of directors’ disqualification legislation, currently contained in the Company Director Disqualification Act 1986 (CDDA). The response described the role of a director as crucial and acknowledged that it “warrants a robust system” for removing those deemed unfit to occupy such a position.

Under the CDDA, a director can be disqualified from holding that position within any company for up to 15 years and any breach will constitute a criminal offence. Schedule 1 of the CDDA currently sets out the issues which a court must consider before granting an order for disqualification. The Government has proposed to replace the schedule with a “broader and more generic” provision to have regard to. It was suggested that any amendment should include the following additional factors:-

  • material breaches of sectoral regulations (for example in the energy, media or public sectors);
  • the wider social impact of the failed company;
  • the nature of the creditors and the level of loss suffered by them; and
  • directors’ previous failures.

If the proposal is passed by parliament, either the courts or an insolvency service (on behalf of the Secretary of State) will have to take these factors into account when deciding whether to disqualify a director, and for determining for how long.

"You're off" - Costly punishments for misfiring Directors.
“You’re off” – Costly punishments for misfiring directors.

The Government’s proposals go further than widening the scope of points within the schedule. The government Insolvency Service (on behalf of the Secretary of State) will also be empowered to apply for a disqualification order in respect of a director on the basis that they have been convicted of a criminal offence in relation to the operation of a company or otherwise been guilty of director misconduct in respect of companies located outside the UK. There is to be further consultation as to whether there can be a restriction on people who are disqualified in a different jurisdiction from becoming directors in the UK.

As mentioned above, the planned amendments are to broaden the provisions in order to increase the reach of the director disqualification regime. The scope of the information that the Insolvency Service can gather during investigation of a director’s conduct will be widened and such information will become easier to share with other regulatory and enforcement bodies. Specifically, the aim is to enhance collaboration between the Insolvency Service, the Financial Conduct Authority and the Prudential Regulation Authority, allowing cohesive investigation, and ensuring compliance with company law is fully integrated across the UK economy.

In order to increase the chances of action being taken against a director, third parties will be sold or assigned the power to pursue the case against a director. The Secretary of State will also be given the power to apply for compensation orders against disqualified directors in order to compensate creditors for identifiable losses attributed to directors’ misconduct.

Finally, the time period for proceeding with a disqualification case following an insolvency event, under section 6 of the CDDA, is to be increased from 2 to 3 years.

Ellis Walls
Trainee Solicitor