Blackadders Rural Team Recap: RSABI Great Glen Challenge 2017

Challenges are often set to test the limits of one’s mental and physical capabilities. By pushing the limits, there is often great gratification and relief in conquering difficult circumstances. As we wrote earlier in the year, members of Blackadders Rural Team completed the Great Glen Challenge on the beautiful West Coast of Scotland from Fort Augustus to Fort William on 25 August 2017.

As the event has passed, we look back at the success of not only our competitive prowess but our fundraising effort. Challenges occurred before the event itself, as the team faced an initial hurdle with Captain Hazel Anderson succumbing to unfortunate sickness was to be unable to race. Luckily, without missing a beat, Blackadders Rural intern and now Trainee Solicitor, Blair Duncan, stepped into the shoes of Hazel and took the final place in the team. Blair proved an excellent addition and slotted into the Walking event, moving Aberdeen’s Ellen Eunson to compete in the Kayak section. Elizabeth Wilson kicked off the event for the team with the Mountain Biking section, and the team (including their support driver Rab Eunson and team mascot Scooby the chocolate labrador) all meeting at the finish line to see Dave Halligan complete the final leg of the Running race.

The team’s efforts led to placing a respectable 19th overall in the competition and were glad on all fronts to see the finish line. After the event, the team was glad to mingle with other teams at the following reception and award-giving along Neptune’s Staircase in Fort William.

As the team has mended their muscles from their events, we note that we could not completed the Great Glen without the generous support of our sponsors and donors. This of course was coupled kind words of encouragement, near and far.

In terms of fundraising, and as RSABI is a charity that aids those facing hardship in agriculture across Scotland, a cause that our department holds very dear to our hearts, and we are grateful that you helped us achieve our goal. The final tally for our fundraising was £1,535, which was £500+ above our set goal. In total, counting gift aid, Team Blackadders raised £1,831.25 for RSABI, which we believe is a huge success.

At present, there are no further athletic events planned for the Blackadders Rural team, however we feel confident that if called upon, our will, determination and success in the Great Glen Challenge would place us well in any challenge across the Firm.

This Challenge, of course, comes with the huge backing of the Blackadders Rural department with Partner Petra Grunenberg, Directors Gail Clarke and Gillian Gibbons who though were not in Fort William, were behind the team all the way.

Thank you to all those who supported us across our endeavour in this RSABI Challenge.

David Halligan, Trainee Solicitor
@RuralDavie
www.Blackadders.co.uk

 

 

 

Why preventing tax evasion is now on the board agenda

 

The UK’s Government has again been busy creating new corporate crimes to help enforce its policy objectives.  This time it relates to tax evasion, or more accurately “failure to prevent the facilitation of tax evasion”.  Two new offences came into force on 30 September 2017 in the Criminal Finances Act 2017 – one for UK tax evasion and one for foreign tax evasion. As the HM Revenue & Customs (HMRC) press release says: “It is already a crime to evade tax, or deliberately help another person to do so, but on behalf of the majority of taxpayers who pay what is due, the UK government is taking an even firmer stance on corporate fraud in a move designed to drive a change in corporate culture.” Much like anti-bribery and corruption rules your company’s defence is to prove you have reasonable prevention procedures in place. HMRC has provided guidance  on this, which this blog summarises for you.

Who is this relevant for?

All companies and partnerships in all industries will need to put some prevention procedures in place. Higher risk sectors e.g. accountancy, tax advice, wealth management and legal services will need to do more.

What are the offences?

There’s three parts: (1) a taxpayer commits criminal tax evasion, (2) a person who is acting on behalf of your company or partnership commits an offence by “deliberately and dishonestly” helping the taxpayer evade tax (“facilitation”), and (3) the company failed to take reasonable steps to prevent this criminal facilitation.  Part (3) is the corporate offence and the only part that’s new. For the UK tax evasion offence the company or its business could be based abroad. For the foreign tax evasion offence only the company, its business or some of its staff needs to be based in the UK. It doesn’t matter whether the senior management / board were aware of the facilitation or not.

What’s tax evasion (illegal) and what’s tax avoidance (legal)?

This is not an easy question as the line is increasingly blurred but the HMRC guidance provides some examples of criminal facilitation of tax evasion:

·         A mid-size car parts maker operating in the UK and Europe, entered into a sub-contracting arrangement with an UK distributor. The senior managers of the UK distributor created a false invoicing scheme with the assistance of a purchaser, allowing the purchaser to evade UK taxes due on its purchase of the car parts in the UK.

·         As part of a large transaction an employee of a UK-based multinational bank knowingly referred a corporate client to an offshore accounting firm with the express intention of assisting the corporate client to set up a structure allowing the client to evade foreign income tax.

Existing procedures won’t cut it
Companies and partnerships who operate in the UK or deal with UK tax will need to put in place yet more compliance procedures – HMRC is very clear that your existing anti-bribery and corruption, fraud prevention or financial crime prevention procedures (if applicable) will help but aren’t enough on their own.

So what do you need to do? According to HMRC guidance every company and partnership needs to firstly undertake a risk assessment of the products and services it offers, as well as internal systems and client data that might be used to facilitate tax evasion. This includes “sitting at the desk” of employees and other associated persons, considering the motive, means and opportunity for facilitating tax evasion. When doing this you should consider typical fraud “red flags”, for example:

  • Are there staff who refuse to take leave and do not allow anyone else to review their files, or are overtly defensive over client relationships?
  • Do existing processes ensure that for higher risk activity at least a sample of files are routinely reviewed by a second pair of eyes?

Then consider tailoring existing processes and procedures accordingly to prevent and detect potential tax evasion facilitation – this could include:

Having a commitment to preventing the involvement of those acting on your behalf in the criminal facilitation of tax evasion, demonstrated by issuing a prominent message from the board of directors, partners or leadership team against all forms of tax evasion;

  • Having terms in contracts with employees and contractors requiring them not to engage in facilitating tax evasion and to report and concerns immediately;
  • Providing regular training for staff on preventing the facilitation of tax evasion;
  • Having clear whistle-blowing procedures;
  • Ensure your pay and bonus policy/structure encourages reporting and discourages pursuing profit to the point of condoning tax evasion;
  • Having regular reviews of the effectiveness of prevention procedures and refining them where necessary; and
  • Monitoring and enforcing compliance with prevention procedures.

These are merely the basics for SMEs and need to be tailored to the organisation’s specific risks. Larger or higher risk companies and partnerships will need to do more on top of this to comply but may have guidance from their sector regulator to help them.

When do we need to do this?

 HMRC is expecting you to be doing your risk assessments and initial staff communications now and to have a clear timeframe for putting the other procedures in place.

Getting help

For more information or help with complying contact the Corporate Team at Blackadders. Thanks to Sara Scott, our Regulation & Compliance Manager for input to this article.

 

Campbell Clark, Partner – Corporate and Commercial @CampbellJSClark

www.blackadders.co.uk

 

 

GDPR: Changes are Coming – Are you ready?

Most people will have by now heard the four letters which will change the landscape for data protection in Europe next year – GDPR. The General Data Protection Regulations, or GDPR, will apply automatically within the UK when they come into force on 25 May 2018. While it seems a long time until compliance with GDPR is required, the changes introduced represent a substantial challenge for businesses within the UK and steps should be taken now to limit any issues (or fines) in the future. In the first of several updates on data protection and GDPR, I have set out the main changes for organisations to be aware of (with greater detail to follow on certain key areas in subsequent blogs).

Key Changes

Jurisdiction

GDPR will have extra-territorial application. This means it will apply to all EU organisations processing personal data (whether the processing takes place within the EU or not) and to all organisations processing data of people residing inside the EU (whether the organisation is within Europe or not).

Fines

The current maximum fine which the ICO can impose is £500,000 (although the fines imposed are normally well below this figure). Under GDPR, the fines are substantially increased. Where an organisation has committed a breach of record keeping, contracting or security clauses, the maximum fine will be greater of €10,000,000 or 2% of worldwide turnover. If an organisation has breached one of the basic principles or Data Subject rights, the fine can be up to €20,000,000 or 4% of worldwide turnover.

It is important to note, most ICO fines at present would be subject to the lower fine levels which may signify a change in what is now important in data protection rules.

Individuals also have a right to claim compensation for damages cause by infringement of data protection rules. Going forward, damages will include non-material damages for distress etc (rather than simply proven financial losses).

Data Processors

The current rules generally cover data controllers only (ie those responsible for determining the purposes and means of processing personal data). The GDPR creates specific obligations on data processors (those engaged by a data controller to carry out the processing of personal data). These include (i) maintain adequate documentation, (ii) put appropriate security processes in place, (iii) carry out data protection impact assessments and (iv) comply with rules on international data transfers. Failure to comply with the new obligations could result in fines and potential claims for damages from individuals.

Consent

Going forward, organisations can still rely on consent to process personal data but will need to ensure such consent is freely given, specific and informed. Practically, this means organisations should not rely on opt-out or auto filled consent boxes. Instead, organisations should ensure requests for consent are clear and distinguishable from other matters with options to consent to different types of processing. It is also necessary to highlight consent can be withdrawn at any time in a quick and easy way.

Businesses will need to maintain evidence showing consent has been obtained and have appropriate mechanisms to deal with withdrawal of consent. Given that consent is only one basis for lawful processing of data, organisations may consider if there is another basis for processing which is more appropriate.

Breach Notifications

Under GDPR, any data breach which is likely to risk the rights and freedoms of the individual should be notified to the ICO without undue delay and within 72 hours of first becoming aware of the breach. Where the breach is likely to result in high risk to the individuals affected, the individual should also be notified.

A breach is defined by the ICO as “a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of or access to, personal data”.

Organisations will need to have an appropriate process in place for identifying any breaches and preventing any further breach of data, assessing the potential impact of any breach and thereafter notifying appropriate parties.

Data Subject Rights

A data subject is the individual whose personal data is held by an organisation. The rights that a data subject has under GDPR are broadly similar to the current rules, although some have been expanded. These rights include the right to access information held (or subject access rights), requirement on organisation to rectify incorrect data and the right to be forgotten.

The GDPR has removed the right for organisations to charge a data subject for access to their personal data. If a request is made to an organisation (letter, email and via social media are all acceptable methods), an organisation should provide all information within one month.

Data Portability

A new right created under the GDPR is data portability where an individual can request data held by an organisation is transferred to another organisation. The transfer can be via the individual or between the two organisations directly and must be provided in a commonly used format which is machine readable.

The introduction of this new right will enable individuals to transfer between service providers quickly and easily. It may require organisations to introduce appropriate procedures for transferring data quickly and securely.

Accountability & Privacy By Design

Simply complying with GDPR will not be sufficient for organisations – they should be able to show compliance by having appropriate policies, procedures and training in place.

Organisations should look to keep detailed records of processing operations, perform impact assessments for high risk processing, keep comprehensive records of any breaches and take data protection risks into account from the start of any process, rather than as an afterthought. The key concept is that personal data is only processed where necessary, for a specific purpose and stored for no longer than required.

Data Protection Officers

Going forward, certain organisations will need to appoint DPOs to oversee the protection of personal data. The DPO should report to the highest level of management and will advise on all relevant data protection laws, monitor compliance with GDPR, deal with data protection impact assessments and liaise with the ICO. A DPO is required for all public authorities and bodies and where an organisation has core activities requiring (i) regular and systematic monitoring of individuals on a large scale or (ii) processing on a large scale of special categories of data (sensitive personal data) and data relating to criminal convictions.

There is nothing preventing other organisations appointing a DPO but if appointed, a DPO will have to comply with all relevant obligations under GDPR.

It is important that organisations are aware of the new rules coming into force so they can consider what impact these may have on their own policies and procedures and what changes might be required before May 2018. For more information on data protection or to discuss your GDPR requirements in more detail, contact the Corporate Team at Blackadders.

Ruth Weir,  Senior Solicitor – Corporate  :  @CorpLawyerRuth www.blackadders.co.uk

Zero Hours Contracts

Zero hours contracts emerged as a hot topic during this year’s General Election and the new Government has already started making changes in this area of employment law.

Primarily used for casual workers, the general understanding of a zero hours contract is that an employer does not have to provide minimum working hours to the worker, whilst many contracts also expect workers to be available to work when it is offered.

For years zero hours contracts have allowed for a flexible workforce, traditionally for seasonal work or to cover short term staff shortages.  That said, there is now concern that zero hours contracts are being used in areas where they are not suitable, because they put workers at risk of missing out on benefits such as paid holidays and sick pay.

The Government has started to clamp down on zero hours contracts.  Since the end of May 2015, exclusivity clauses in zero hours contracts, which prevent an individual from working for another employer even if their contracting employer cannot offer them work, have been unenforceable under the Small Business, Enterprise and Employment Act 2015.

In addition, although the secondary legislation is not yet in place, the Act also allows the Government to introduce a protection from detriment for zero hours contract workers who take jobs under other contracts, and a guaranteed minimum pay level, below which exclusivity clauses will be unenforceable generally.

We will see if the Government goes these steps further.  In the meantime, employers who use zero hours contracts should review their contracts noting that any exclusivity clauses in them will no longer be enforceable.

Sarah Winter
Senior Solicitor – Employment Law 
www.blackadders.co.uk