Skip to content
20 October 2021

Avoiding an investigation: How does risk assessment work – what do HMRC look for?

Last year apart, the number of tax enquiries is on the increase; the reason is not because more taxpayers are seeking to defraud the tax system but because advances in digital technology and data exploitation are enabling more efficiently targeted enquiries. For example, although HMRC undertook fewer stamp duty land tax investigations last year, the same amount of unpaid tax was achieved by targeting higher-value sales.

The more common type of enquiry for individuals or trustees focuses on entries made on a specific tax return. Such an enquiry must be opened within 12 months of the return’s submission, unless submitted late. HMRC will request information and documents to enable it to check any aspect of the return, comparing with information already held to ensure the return is complete. In some cases, HMRC’s Fraud Investigations Service may open a Code of Practice (COP) 8 or 9 investigation. COP9 is used for suspected fraud or deliberate errors cases whereas COP8 tends to be used for cases where fraud is not suspected so the problem is more likely to be a technical issue (e.g. whether a source of income is taxable in the UK or not). 

How investigations are triggered

Although many investigations are undertaken as a result of advice from a member of the public, over 90 per cent of cases are triggered by information and analysis generated by HMRC’s sophisticated data matching and risking tool named ‘Connect’, designed to process and analyse large volumes of data. The system incorporates many analytical tools and methods including predicting trends and individual behaviour patterns. Data is collated from government databases including Land Registry, local government planning consents, the Border Agency, the DVLA, Companies House, Council Tax, Business Rates, PAYE/corporation tax/VAT/CIS returns, import and export records and private sector financial information from credit card issuers and companies such as eBay, PayPal and Airbnb.

All credit and debit card payments made to UK businesses via the companies that process card payment transactions can be accessed to ascertain the value of transactions completed by a specific trader, the information is then used to compare card sales made by a business each month with the taxes paid. Any inconsistencies may be queried. The system also indicates where more in-depth investigations might be required, identifying “hidden” relationships between people, organisations and data that could not previously be identified.

The department dealing with the collation of data is the ‘Risk and Intelligence Service’ and by using ‘Connect’ it can automatically:

  • Obtain third party information from sixteen business categories including employers, banks, insurance companies, financial institutions, brokers, auctioneers, estate agents and charities
  • Review employment records, which can also assist in profiling a business as well as identify those operating by using persons who may be termed as ‘self employed’ but may really be employed
  • Connect taxpayers to companies/entities
  • Connect bank accounts
  • Collate social media information
  • Compare taxpayer/business profiles to identify those that are similar

Patterns in behaviour

Most importantly the computer programme can uncover patterns in taxpayer behaviour, cross matching the data with information already held (or declared on the tax return with such third party items). HMRC can use the data pattern to seek anomalies between bank interest, property income and other lifestyle indicators. It risk assesses business sectors in local and geographical areas, comparing similar businesses within the sector, cases for enquiry being identified as a compliance risk and sent to the appropriate local office for possible enquiry.

Post pandemic, HMRC is restarting tax investigations that had been paused and already over 100,000 compliance investigations have been opened in the first quarter of 2021, a 36 per cent increase from 75,000 compliance investigations in the last quarter of 2020. The number will only increase the more sophisticated the ‘Connect’ programme becomes.