Reasonable Precautions: Do You Know Where Your Data Is?

By The Enforcd Team

A tax company has warned that many advisers may be ‘sleep walking’ into criminal prosecution if they cannot show that they have taken reasonable precautions to prevent tax evasion from their clients.

It’s a warning which shows the importance of managing data and demonstrating all the steps you’ve taken to deliver compliance. In other words, it’s not just about obeying the rules but being able to show what you have done to ensure you can deliver compliance. .

The warning relates to the Criminal Finance Act 2017 which places the onus on financial advisers to prevent tax evasion from their clients. However, they will avoid prosecution if they can demonstrate that they have taken all reasonable precautions to prevent that evasion. This starts with risk assessment to check the potential exposure and enhanced due diligence procedures. Crucially, firms must maintain a clear data trail to demonstrate that they have made every reasonable effort to comply with the regulations.

This is a common issue with financial companies. The reasonable precautions provision crops up time and time again in many different regulations. You’ll see it in GDPR where you’re required to ensure that every measure has been made to safeguard client data. The penalties for those firms which cannot do this can be severe.

As such, if you do suffer a breach, you need to be able to demonstrate that you have done everything that could reasonably be expected to keep it safe.

Controlling data

The key when managing compliance is to be able to have control of the data. This starts with understanding your obligations under the law, which is where an alarming number of companies fall down. A study from Ipsos Mori found that 74% of companies surveyed had not heard of the Criminal Finances Act. You could make the same point about GDPR and other regulations. Even after its implementation businesses were still struggling to get set up. MiFiDII continues to present considerable challenges to businesses more than a year after its implementation.

Keeping up with the pace of regulatory change can be challenging. New rules are coming to the market all the time, and it’s easy to lose sight of what’s required. A constant stream of up to date regulatory information, then, is needed to give compliance teams everything they need to keep operations on the straight and narrow.

Data and reporting

Beyond that, companies must keep a tight grip of their transactional data and reporting. Firms need to be able to quickly demonstrate to any investigation the steps they have taken to ensure they can make the reasonable precautions defence work. Intent is crucial. Where regulators can see that the intent has been to comply with regulations, they will be much more lenient. If they can’t see that trail, they will be more likely to assume the worst.

Data management, is an important and growing issue and it’s one which some companies are doing better than others. Those who have control of their data gain advantages across the board. It reduces the time and money they spend auditing their processes and also reduces their risk of non compliance. Those who do not, risk sleep walking into serious regulatory issues.