In an update to What does the Mandatory Disclosure Regime (MDR/DAC6) mean for UK banks?, published in early July, this article considers the typical steps that banks need to take to establish compliance with the MDR.
The guidance from HMRC published on 1 July 2020 specifically includes a section which addresses the establishment of reasonable procedures in order to mitigate penalties. This is covered at IEIM660100.
As a matter of practicality we expect that other EU member states will either explicitly recognise the need for reasonable procedures or will recognise them more informally in discussions with industry bodies.
Requirements of reasonable procedures
HMRC is clear in its guidance that “[t]here is no definitive list of what ‘reasonable procedures’ are” and that it will depend on the circumstances and how likely staff are to encounter a potentially reportable arrangement.
It also notes that “[p]rocedures do not have to be new or specifically designed to ensure the regulations are complied with” provided those procedures are considered adequate to meet the requirements of the regulations.
There are many ways to achieve compliance and many changes will simply be enhancements to existing processes within the bank. Nevertheless, compliance programmes established to date have typically included most of the following ten elements:
- A risk-based review of businesses, products or services to identify those which are likely to result in some reporting requirements. Such a review could be available to HMRC through the Business Risk Review, in the same way that HMRC now considers reasonable prevention procedures under the Corporate Criminal Offence.
- Based on the assessment, suitable controls are targeted to those businesses which are more likely to have reporting requirements and are proportionate to the volume and complexity of arrangements which may need to be reviewed. This might be supported by a suitable policy or process document to define roles and responsibilities.
- Ongoing training or communication targeted towards affected staff, recognising the level of skill and tax knowledge that may be expected by those people in their day-to-day roles (i.e. that the level of training for a wealth adviser would be higher than that for a relationship manager).
- A requirement for escalation based on ‘reason to know’ within the wider business, which reflects that the term service provider is a widely defined and will catch banks in most cases. This may be supported by guidance to support businesses day to day, including checklists or other ‘red flags’ type documentation.
- A suitable review process for transactions which are identified as potentially reportable. Ideally the escalation would trigger workflow and audit trail requirements to ensure the case is effectively and timely dealt with – but this is best practice and not a requirement. A more minimal solution might be appropriate in the short term, or for banks who expect very low volumes of arrangements to be reviewed.
Simplified escalation model

- A clear ‘audit trail’ of cases which are escalated for review to demonstrate outcomes which may specifically include either reporting or non-reporting of an arrangement after review, as well as cases in which another intermediary has reported.
- A ‘lookback’ exercise to cover the retrospective aspects of the Directive, looking for arrangements where the first step was entered into between 25 June 2018 and 30 June 2020, which is often built on the same model as the business as usual escalation process above.
- In most cases in which the bank is a service provider escalated cases can be dealt with most effectively by liaising with other intermediaries. This will be a critical part of cost-effective compliance, as initial indications based on our work with a range of banks are that 60-75 per cent of all reportable transactions could be reported by someone other than the bank. A client’s advisers will be better placed to report, and banks can rely on proof of the submission.
- An ability to respond in a timely manner to queries from a tax authority, either in relation to a transaction which has been reported or one where no report was made. UK regulations permit HMRC to request evidence for why a transaction was not reported to be made available within 30 days.
- Ongoing governance and oversight of the process designed to review the control environment and monitor ongoing compliance.
With the six-month deferral of reporting timelines, there is now more time available for banks to focus on strategic rather than tactical responses to MDR, ready for the first reporting to HMRC in January 2021.