GRI

Recommended approach to assurance

News Manufacturing & Supply Chain Guidance
Date: 16th Jan, 2025 Source: Her Majesty’s Revenue and Customs (HMRC) Country: United Kingdom Original Source

Brief

"On 16/01/2025, Her Majesty’s Revenue and Customs (HMRC) issued an update regarding Recommended approach to assurance. The document outlines key principles and activities for businesses to strengthen their supply chain assurance practices, highlighting the importance of due diligence, risk assessment, and risk management in identifying and mitigating potential risks."

Recommended approach to assurance

Information on principles and activities that businesses can use to help strengthen their supply chain assurance practices.

It includes practical examples of checks that can be done as part of due diligence processes, and information that can be used to inform risk assessments.

Your business will already have assurance practices in place to help you identify, assess and manage various risks across your supply chains.
HMRC recommends you review these and consider strengthening them. For example, consider adapting them to give you improved information about your labour supply chains (the businesses in them and the workforce they engage).
The diversity, scale and complexity of a larger business’s operations and supply chains mean each business must decide what to do, to assure itself of the ongoing integrity of its LSCs.
Key messages to be aware of are:

know the businesses that make up your supply chains, and how the workforce is engaged and paid
review your entire supply chains regularly to assess and manage the risks you could be exposed to
consider how you could design future contracts and simplify supply chains to minimise risk
robust supply chain assurance can provide long-term value, build supply chain resilience, and attract and retain contracts and investors

The guiding principles of robust supply chain assurance
Supply chain assurance is an ongoing cycle, involving the following activities:

due diligence
risk assessment
risk management
monitor and review

The cycle is supported by:

senior commitment
communication and training
integration with other risk management

Due diligence

Due diligence is defined as the appropriate reasonable care a business uses when entering trading relationships or contracts with other businesses. It involves checking information about those businesses.
Your business is connected to all other businesses within a supply chain through transactions and robust due diligence increases your knowledge when making judgements and decisions about these.
It is a business’s responsibility to determine what checks to make and what action to take, considering the information it has about its own supply chains.
Where you contract your supplier to undertake due diligence on the chain below, your checks should provide you with information that assures you of your suppliers’ contractual compliance and the integrity of the chain.
Checking only your ‘immediate’ suppliers and customers will not necessarily be enough to make sound judgements on the integrity of your supply chains, potentially leaving your business exposed.
You should:

get the information you need to understand how your chain operates and assess potential and find actual risks — this is important before and during the contract
repeat regularly during the contract, adapting your checks and actions as appropriate
verify information you gather, particularly when given by other people, as far as possible
keep records of the steps you have taken to inform your decisions about supply chains and associated transactions
act on what the information tells you, risk management practices

Examples of checks you can make as part of your due diligence

Understanding your suppliers — any supplier in your chain
These are examples of some of the recommended checks that can provide you with key information to assess risks.
These apply whether you are:

completing your own due diligence on your chains and the workforce
seeking assurance that your suppliers meet your due diligence requirements on their suppliers, any chain below, and workforce

Examples of checks may include:

business credentials — actively trading, directorship, trade matches services to be supplied
google search — online commercial presence
financial and insurance credentials
price quoted compared to market rate
contractual conditions that are in place relating to supply chains, assurance, tax compliance and sub-contracting
licence and accreditation status for example, security supply, food production
tax status relating to VAT and CIS

payroll arrangements
key information documents (KIDs)

Verify what you can by reviewing:

Companies House directorships, previous business failures — bankruptcies
timesheets, site records — expected numbers of workers, type of activity provided by the supplier
pay deductions in line with National Minimum Wage and Income Tax and National Insurance contributions requirements
deductions for accommodation, transport, loans and other non-taxable amounts
PAYE reference number is appropriate for supplier — where available
GOV.UK tools — VAT checker — do the names match and are they registered
check employment status for tax (CEST) status

CIS online service
Security Industry Authority (SIA), GLAA licence and accreditation confirmation
compliance with contractual requirements
accounts
HMRC’s published lists — defaulters and scheme promoters
evidence of PAYE and VAT returns to HMRC — where requested and provided

Understanding your supply chain
Examples of checks include:

chain length — how many businesses sit between you and the workforce
supplier’s compliance with contractual terms and conditions, code of conduct
credentials of businesses your direct supplier has sub-contracted
who provides the workforce for example, are workers providing services through an intermediary
who pays the workforce — if this is different or the workforce is not employed
quality of work

Verify what you can by reviewing:

copies of contracts for example your direct suppliers’ contract with sub-contractors to check if your requirements are being met
evidence of sub-contractor compliance
payslips and KIDs

See the ‘Understanding your suppliers — any supplier in your chain’ section for checking and verifying business credentials.
Understanding your workforce
Examples of checks include:

records of workers contracted
payslip information
contracts
site visits or records — attendance records

Examples of information from other internal records include:

complaints
health and safety records
training records
quality of work

Verify what you can by reviewing the:

umbrella company pay tool on GOV.UK
the employer named on payslips
deductions in line with National Minimum Wage and Income Tax and National Insurance contributions requirements
deductions for accommodation, transport, loans and other non-taxable amounts
employing business credentials — see the ‘Understanding your suppliers — any supplier in your chain’ section
timesheets
worker records, KIDs — where available
employment status — CEST and off-payroll working determination statements
nationality, National Insurance number, ID — where available

Check supply chain due diligence principles to find our more information on labour supply chain due diligence and examples of checks you can make.

Risk assessment

To assess risk effectively, you need to understand:

the labour supply chain risks that may be present in your chains
the potential implications and impact of those risks for your business
what indicators of risk you should look for.

This also applies to your supplier-selection process before awarding a contract.
Use the information, from due diligence checks and other sources, to identify and assess multiple LSC risks at the same time, throughout the contract.
For example, checking businesses who employ the workforce can inform your risk assessment of tax fraud, avoidance and the application of rules such as off-payroll working, as well as health and safety, modern slavery policies and other regulatory requirements.

Examples of information about your LSCs that are helpful for risk assessment

This is not a checklist but provides some examples of how information from your due diligence checks and other sources can be used to assess multiple labour supply chain risks simultaneously.
Online tools that you can use to check information about your supply chain include:

the UK VAT registration tool — checks can be done in bulk
CEST
CIS online service
umbrella company pay tool
Companies House
the published list of defaulters

the published list of promoters (avoidance schemes)

VAT registration status information of your direct suppliers and other businesses in your chain
Risks that VAT registration status information can help you assess are:

self-billing arrangements — ensuring your VAT treatment is correct throughout the contract
VAT fraud — assessing if your transactions could be connected
other fraud and avoidance risks — VAT risks can be present alongside other risks within fraud and avoidance models

Potential risk indicators are:

a business name does not match the GOV.UK tool

a VETO letter — notification of de-registration
a tax loss letter
an invalid VAT registration number (where there is no trace on the GOV.UK VAT Registration Checking Tool)
not being VAT registered but VAT being charge on invoice

CIS status information
The risks that CIS status information can help you assess are:

ensuring you are treating payments to sub-contractors correctly throughout the contract
employment status
fraud, as CIS risks can be present alongside other risks within fraud models

Potential risk indicators are:

the notification of change of status from HMRC
a status has changed on the CIS online service

Details of suppliers in the chain and the number of tiers
Information that is helpful to have:

business name, company registration number, VAT registration number
directorship
business address
accreditation, licence compliance
complaints — made to your business
health and safety records for example, site attendance, training, incidents
site visits and records
copies of contracts — supplier, sub-contractors and worker

This will help you assess the following risks:

fraud, including organised labour fraud — assessing if your transactions could be connected
disguised remuneration and avoidance schemes — assessing if you could be associated
credibility, reliability — assessing sustainability of labour provision, work quality, compliance with regulatory requirements such as landfill tax and waste disposal
health and safety risks

Potential risk indicators are:

more tiers between you and the workforce than expected
unknown suppliers in your chain
chains that seem long for no clear commercial reason
profit margins seem unrealistic given number of tiers in the chain
multiple layers of umbrella companies
supplier is reluctant or unable to provide information
change of bank details
change of directorship, multiple directorships, previous failures, bankruptcies
change of business name — subtle changes — similar names
business address on Companies House is registered as Companies House
prices seems ‘too good to be true’
payment requests received from 3rd party or offshore entities
new companies with limited trading history or where the service description is not associated with the supply required
supplier insolvency where new supplier continues supply of same workforce below
commercial feasibility or credibility of supply — particularly by smaller or newer businesses with new high-volume supply

Details about the businesses employing and paying the workers
Information that is helpful to have:

business name, company registration number
directorship
business address
number of businesses employing the workforce
accreditation and licence information

This will help you assess the following risks:

fraud, including organised labour fraud — assessing if your transactions could be connected
disguised remuneration avoidance schemes — assessing if you could be associated
credibility, reliability — assessing sustainability of labour provision, work quality, compliance with regulatory requirements such as landfill tax and waste disposal
health and safety risks
illegal workers
labour abuse and exploitation

Potential risk indicators are:

changes to who is employing and engaging the same workforce — particularly after insolvency of the previous employing business
extensive use of umbrella companies
no online presence
non-compliance with regulatory requirements
not accredited or licensed (for example, SIA, GLAA)
new company registration
multiple small businesses employing the workforce
trade description does not match supply
volume of supply required does not seem manageable
multiple directorships
changes to directorship (such as UK to foreign national)
history of dissolved businesses
overseas directors

Pay details and arrangements for the workforce
Information that is helpful to have:

employment status
contract details
payslip information — check against the umbrella company pay tool
key information documents — employment businesses and umbrella companies
evidence of compliance with PAYE scheme — if contractually required

This will help you assess the following risks:

correct application of the off-payroll working rules
ensuring what your responsibility is (if any) for calculations, deductions and payment to HMRC relating to employment status, Income Tax, National Insurance contributions and the apprenticeship levy. For example, where payment arrangements might affect your responsibility or possible liability for associated tax losses
fraud, including organised labour fraud — assessing if your transactions could be connected
disguised remuneration, avoidance schemes-assessing if you could be associated
off-record workers — such as illegal workers

Potential risk indicators are:

gaps between worker numbers, details, timesheets and payslips
non-taxable payments
employer, company name does not match your information or the key information document
pay does not reflect agreed rates
NET pay is more than the umbrella company pay tool
Income Tax, National Insurance contributions deductions have not been made or seem understated
discrepancies between payslips obtained from worker and the employing business
discrepancies in the key information document

Other information about your supply chain
These include:

complaints you receive
training records
quality of work
site and work records
audit reports

This will help you assess the following risks:

health and safety risks
compliance with other regulatory requirements

Risks of labour abuse and exploitation including:

pay below National Minimum Wage
illegal workers
modern slavery

Potential risk indicators are:

frequent changes to workforce
missing National Insurance number information
concerns over work quality gaps between worker details you hold and work records — site records, training records

Risk management

Managing risk includes deciding how to mitigate and reduce the likelihood of potential risks as well as addressing suspected or confirmed risks.
When you have assessed the potential risks presented by your chain and the likely impact of these on your business, decide what action is reasonable for you to take to reduce the likelihood of them happening. This will include considering the cost to the business of taking preventative or mitigating measures, and the potential cost to the business if the risk resulted in significant impact.
If you have identified a current risk, decide what action to take to address the risk and reduce reoccurrence.
Preventing and reducing the likelihood of risk
Good practices include measures that can help to prevent risk.
Where supply chains may be more complex and harder to monitor and prevent risk in real time, aim to limit the impact of any risks found.
For example:

make sure that your contracts enable you to manage risks in your chain effectively, including assuring your direct supplier’s compliance with your requirements
make sure that your systems and processes give you sufficient information to identify and report risk quickly

Enforcement procedures — addressing risk
Procedures that enable you to address an identified risk quickly and effectively can reduce the amount of money diverted through non-compliance within a chain. This also minimises the potential financial and reputational implications for your business.
For example:

ensure you have visible reporting procedures internally and externally
have enforcement procedures that enable you to take effective action for example, clear and enforceable terms and conditions in contracts

Monitor and review

Changes to supply chains during the contract can be a key risk indicator for multiple labour supply chain risks — for example, frequent changes to businesses in the chain.
Changes can happen due to genuine commercial reasons but can also be hallmarks of supply chain fraud models, tax avoidance and other risks.
Reviewing your chains
Monitoring your chains includes having systems and processes to record and report on, information about your chains during the contract, including any changes.
Reviewing your labour supply chains throughout the contract helps you to:

ensure your own ongoing tax compliance
assess if the behaviour and compliance of other businesses may expose you to risks
take prompt action to reduce the risk of potential financial and reputational damage

Businesses might consider involving internal or external audit functions to contribute to, or undertake, periodic reviews of the integrity of the chains.
Reviewing your practices
Regularly review your businesses’ assurance policies and practices to support your ongoing effective assessment and management of risk.
Your policies and practices relating to supply chain management should include how frequently your business will undertake due diligence on a chain during a contract and what information is needed. This might differ across types of contracts and supply chains.
Key events
In addition to your timetable of planned reviews during contracts, there are other key events that should prompt you to review your supply chains and practices. They are:

an identified risk — self-identified or notified by HMRC, a customer, supplier, or worker
an identified gap in practices
a change of supplier — anywhere in the chain
information from other sources that may indicate or help mitigate supply chain risk for example audit findings, off-payroll working rule reviews, complaints
changes to workforce requirements for example demand pressures, contract types
changes to legislation
changes to internal policies, governance, systems, processes that affect supply chain management
a new procurement or contract opportunity
a forthcoming acquisition and merger

Senior commitment

This underpins assurance practices and policies, ensuring there is oversight and accountability, particularly where changes may have cost and resource implications internally or across different departments. This might include the board commissioning, endorsing and reviewing appropriate policies relating to labour supply chains.

Communication and training

Ensure staff training includes risk indicators and that key messages about assurance practices, reporting procedures and policies are communicated internally and externally where appropriate. This should also include awareness of where there are associated legal requirements and implications.
Training should deliver outcomes that support the business to identify, report and enforce risks. For example, it supports:

raising awareness of risks internally — finance, audit and procurement teams are aware of risk indicators
making sure front-line staff know what to look for — staff on site, staff doing site visits, staff in contact with workers

Integration with other risk management

Relevant business risk management practices are strengthened by integrating information across multiple areas, supporting robust assurance. Examples of areas of information include:

tax compliance information
HR, payroll and finance information
health and safety
audit
regulatory requirements
modern slavery and other corporate reporting requirements around supply chains

Highlights content goes here...

Purpose
The purpose of this document is to provide a recommended approach to assurance, outlining principles and activities that businesses can use to strengthen their supply chain assurance practices. The goal is to help businesses identify, assess, and manage various risks across their supply chains, with a focus on labor supply chains.

Effects on Industry
The effects of implementing these recommendations will be significant for the industry as a whole. By strengthening supply chain assurance practices, businesses can reduce the risk of fraud, tax avoidance, and other illicit activities that can have far-reaching consequences. This, in turn, will lead to increased transparency and accountability across the industry, ultimately benefiting consumers and stakeholders alike.

Relevant Stakeholders
The following stakeholders are relevant to this update:

  • Businesses operating in various industries, including construction, manufacturing, and service sectors

  • Financial institutions and tax authorities, such as HMRC

  • Consumers and end-users of goods and services

  • Industry associations and trade organizations

These stakeholders will be impacted by the recommendations outlined in this document, as they are expected to implement new assurance practices and procedures to ensure the integrity of their labor supply chains.

Next Steps
To comply with these recommendations, businesses are advised to take the following steps:

  1. Review existing assurance policies and practices to identify areas for improvement.

  2. Develop a robust due diligence process to assess potential risks in labor supply chains.

  3. Implement regular monitoring and review procedures to ensure ongoing compliance and risk management.

  4. Provide training to staff on risk indicators, reporting procedures, and policies related to labor supply chains.

  5. Integrate information across multiple areas, such as tax compliance, HR, payroll, finance, health and safety, audit, regulatory requirements, modern slavery, and corporate reporting requirements.

Any Other Relevant Information
In addition to the above steps, businesses are encouraged to consider the following:

  • Senior commitment is essential in ensuring that assurance practices and policies are implemented effectively.

  • Communication and training are critical in raising awareness of risks and promoting a culture of compliance within the organization.

  • Integration with other risk management practices will strengthen overall business resilience and reduce the likelihood of adverse events.

  • Ongoing monitoring and review will be necessary to ensure that labor supply chains remain compliant and free from illicit activities.

Her Majesty’s Revenue and Customs (HMRC)

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested
Related Documents
Medical device salesperson reporting procedure guide
Date: 5th Feb, 2025 Source: Ministry of Health and Welfare (MOHW) Country: South Korea
News Healthcare & Pharma Guidance
​The EBA issues an Opinion in response to the European Commission’s proposed amendments to the EBA draft technical standards on conflicts of interests for issuers of asset-referenced tokens
Date: 5th Feb, 2025 Source: European Banking Authority (EBA) Country: European Union
News Financial services Guidance
Low risk waste positions: electrical equipment, including constituent parts and accessories
Date: 5th Feb, 2025 Source: Environment Agency (EA) Country: United Kingdom
News Environment Guidance

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Click here

Enter your Email

Enter your registered username/email id.

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
  • Designed for Growing Compliance Teams
$125 / month OR $1250 / year
Features
  • • Coverage for 20 jurisdictions
  • • Monitoring from 500+ regulatory authorities
  • • AI compliance summaries
  • • RaDa.ai : Single-Role
Best for: Researchers, Legal professionals, Academics
Subscribe Now
Enterprise Plan
  • Perfect for Global Enterprises
Contact for Pricing
Features
  • • Custom jurisdictional coverage
  • • Custom monitoring of regulatory authorities
  • • RaDa.ai : Customizable multi-role
  • • Custom reporting and dashboard capabilities
  • • API access for seamless integration
Best for: Law Firms, Corporations, Government Bodies
Contact Sales