Rob hyrons - Fotolia

IR35 reforms: Tech firms warned off relying on high-risk compliance workarounds

Several months have passed since the onset of the IR35 reforms in the private sector, but compliance with the rules remains an ongoing process, warns Brookson Legal’s Matt Fryer

Since the roll-out of the IR35 tax avoidance reforms to the private sector in April 2021, it is clear that the IT sector has a greater understanding of these rules than some other professions.

However, this can lead to a sense of false confidence, and HM Revenue & Customs (HMRC) has now sought to warn tech firms that some of the workarounds they introduced to meet the April 2021 IR35 compliance deadline may not be compliant or meet the threshold for reasonable care.

Under the terms of the reforms, end-user organisations are expected to individually assess the tax status of each contractor they engage with, and use “reasonable care” when deciding if they should be taxed in the same way as salaried workers (inside IR35) or as off-payroll employees (outside IR35).

End-user organisations that are found to have failed to use reasonable care when determining how their contractors should be taxed will become responsible for covering the worker’s income tax and national insurance liabilities, as stated in HMRC’s off-payroll guidance.

In an Employer Bulletin published in August, HMRC warned about the use of false IR35 workarounds that we are seeing being commonly used in the tech sector. These shortcuts are often deployed in response to IR35 compliance strategies being adopted by clients in other sectors – for instance, financial services firms enforcing blanket bans on the use of contractors.

This effectively cuts off a client’s access to a large proportion of the skilled flexible workforce at a time of high competition for skills, so it is natural that alternative routes to engage contractor talent are considered in order to deliver projects on time. But if these workarounds seem simple, it is quite likely because they are. In fact, many just bury this risk in the supply chain, putting both IT suppliers and end-hirers at risk of IR35 fines and tax bills at a later date.

The two alternatives routes that are most common in the sector are the use of a contracted-out service as a means to engage contractors indirectly, and the outsourcing of the statement of work (SoW) for contractors to an external supplier. Both provide the false impression that IR35 rules do not apply, but this is not necessarily the case.

The definition of the “client” for IR35 can move in the supply chain where a true outsourced service or SoW is provided. This effectively moves the “reasonable care” obligation to the “client”, transferring both the risk and responsibility of completing the IR35 assessment to the SoW provider. When investigating, however, HMRC may still decide that responsibility of the “client” rests higher up the chain.

The HMRC bulletin further warned: “You must make sure that you understand what constitutes a fully contracted-out service if you believe you may not be the client responsible for considering the off-payroll working rules, or if you are being asked to agree to these arrangements. If the true nature of the service being provided is a supply of labour, then any written terms will not change this fact.”

By passing the responsibility and risk down the supply chain, as an organisation it is assumed that the external supplier is taking a diligent and informed approach to IR35. However, the reality is that they are likely to be using an online or automated tool, such as HMRC’s own Check Employment Status for Tax (CEST) tool to make status determinations.

IR35 is complex piece of legislation and, like any automated tool, CEST is only as useful as the information put into it. CEST itself struggles with the nuances of IR35 and returns an undetermined status for about 20% of roles. These require a specialist and human-led approach to result in accurate IR35 status determinations.

There are several risks around this – most notably, meeting the definition of genuine outsourcing and of the party deemed by HMRC to be the “client” not meeting the legislative requirement for reasonable care. For IT companies and clients that have dealt with IR35 using this approach, the risks of hidden non-compliance and surprise tax bills or HMRC fines at a later date are high.

Read more about the IR35 reforms

One of the key learnings that can be taken from the recent high-profile public sector IR35 tax bills is that HMRC does not embark on enforcement action or prosecute non-compliance quickly. Instead, it may be months (or in some cases years) before HMRC takes legal action.

This allows unpaid tax and national insurance contributions to build up, in the case of the Department for Work and Pensions to the sum of £87.9m for the period 2017-2021. A substantial and unexpected bill – costs of this size for many private organisations could significantly affect growth and stakeholder confidence, and in some cases could alter the path of the business entirely.

There are several small but vital changes that can be made to make clear the distinction between employees and contractors. For example, having separate policies in place for both parts of the organisation’s workforce can help make it easier to identify roles that can be offered outside of IR35. If others are failing to make this distinction, you will have a competitive platform from which to attract the best specialist talent for your projects.

It is important to be aware that IR35 compliance is an ongoing task. The compliance procedures that many companies put in place in April 2021 are unlikely to be the right ones long-term. Job roles and specifications change as projects progress and evolve, so status determinations will need to be reviewed regularly to ensure ongoing compliance.

Putting these processes in place now will mean businesses can continue to make the most of flexible resource on projects, safe in the knowledge that they have a robust and compliant system that can adapt to changes in the market and will pass muster with scrutiny further down the line.  

Organisations should consider seeking support from an IR35 consultancy or legal firm to review their compliance processes, and also to produce the status determination statements and to review their supply chains to identify any hidden risks.

HMRC expect firms without sufficient internal knowledge, on what is a complex area of tax law, to seek external advice. In fact, their guidance states that “seeking the advice of a qualified, professional adviser” indicates that you have taken reasonable care. 

This may come at a cost, but it is a cost that can be budgeted for and is transparent and will go a long way to preventing significant surprise liabilities crystallising in the future. 

April 2021 signalled the start of the private sector’s IR35 journey, and the biggest hurdle is yet to be overcome – HMRC’s enforcement. Legal proceedings are still likely to be years away, but it is never too late for tech companies to review (or re-review) their approach to IR35 and to seek professional advice to ensure that reasonable care obligations are being met.

Read more on IT legislation and regulation

Data Center
Data Management