Payer Due Diligence

What is "Due Diligence"?

In the context of umbrellas and agencies, this is the process of "looking into" the company to see if it's reputable, has solid financials and management, etc. The aim being that it should uncover any wrong-doing, or likely wrong-doing now or in the future.

The main reason for doing due diligence is to protect you against fraud or other crimes which will either affect you, or leave you liable for a large tax bill or whatever else. There is no such thing as a guarantee of honour or even success in due diligence, but it should give you a degree of comfort that you're not getting into something dangerous.

It is important to realise that due diligence is a "snapshot" in time, at the moment you perform it. It is possible that an organisation may have been fully legal and compliant for years, but, perhaps due to financial pressures or whatever else, decide to commit fraud the day after you completed your due diligence (or 6 months after you started work, or at any other time during your contract).

Due diligence won't protect you from problems directly. However, documenting what steps you take, and what conclusions you draw may come in handy if something does go wrong. It won't absolve you of your tax liabilities, but it may convince HMRC to be more flexible with regards to paying back the money. It may also provide good evidence in any legal proceedings, should any take place (although the way IR35/Offpayroll are structured, it's unlikely you'd have any routes to justice this way).

What To Look Into

You should look into the general health and "posture" of your chosen agency or umbrella. This means looking into how solid their financials are, and even to look at the Officers of the company to get a feel for how "upstanding" they are.

You can visit the Companies House Website and get some basic information on any company in the UK for free. Be aware that a company may have a different name than they use online, so you may need to ask for their company number or registered office address (which again may differ from any office location). The service only lists companies in England and Wales; for other countries look to other similar services.

A common "pattern" amongst unscrupulous companies is to occasionally close down and reform in a new name, be based overseas, or have Directors who do not live in the UK. Checking the incorporation date is easy enough, but whilst Directors must give a correspondence address, this does not necessarily indicate where a director actually lives.

It's also possible that an umbrella company tries to keep its turnover low (to take advantage of other benefits, such as flat-rate VAT). They sometimes do this by forming multiple companies, sometimes telling Companies House that they do different things (to try to throw off HMRC and others). Checking the "SIC" code, the shareholders and directors can show up these sorts of schemes.

Lastly, it is possible to check the brief financial accounts of companies at Companies House. An agency with a long history of reasonable profits, relatively low debts or other liabilities and a reasonable number of employees may suggest a more solid and "safe" company than one without some of these things. However, a short trading history, and even lack of profit or employees do not immediately indicate a fraudulent provider.

Umbrellas and Agencies may claim to have some form of accreditation from various organisations. Accreditation does not guarantee safety, but may provide a little additional "comfort" in a decision about an organisation. It is worth checking with the accrediting organisation that the accreditation is real, and is up to date (and what actually getting accreditation entails). Clearly, claiming accreditation but not having it would look suspicious, as would accreditation to an organisation that performs no checks before giving the accreditation.

Some organisations claim to be "compliant" (meaning they comply with all applicable laws). The claim is broadly meaningless, mainly because fraudulent companies claim the same thing. A good company should be able to explain exactly what they're actually complaint with, which laws, what that means to you, etc. You can then check to make sure that these things are what they say they are and that they are indeed relevant. However, saying that they abide by laws X, Y and Z doesn't necessarily mean they actually do.

Immediate "Red Flags"

There are some thing which should immediately raise suspicion. They do not guarantee problems, but they do indicate that more detailed checks should be performed before accepting them.

  • Offering ways to reduce the contractors tax bill (usually through special loans or expenses). This simply isn't possible to do legally with inside-IR35 working. Even if you don't use these schemes, if your agency/umbrella offers them, you should be very wary of them.
  • Umbrella/Agency based overseas. This means UK laws probably don't apply to it, and so it may not respect them as much as you need to.
  • UK incorporated, but all Directors based overseas. This may suggest that in case of trouble, they'll simply close the company and "disappear" abroad.
  • Recent incorporation, no/few financial filings, or low revenue, losses or only a little profit in recent years. This may indicate financial problems which may cause you issues getting paid.
  • Asking you to sign an Non-Disclosure Agreement that covers the umbrella/agency or their financials, ways of operating, etc. (NDAs for the job you're actually going to aren't a problem)
  • Asking you to opt out of the The Conduct of Employment Agencies and Employment Businesses Regulations 2003
  • Paying incentives to recruiters, hirers or others to get introductions, or to get onto hirers "Preferred Suppliers Lists" (PSLs)
  • Not providing a Key Information Document (KID) when asked
  • Attempting to include illegal deductions in the KID or on payslips
  • Deductions on payslips different to those on the KID
  • Failing to pay HMRC the tax they've deducted from income (once work has been performed)

There may be other warning signs not listed here.

HMRC Guidance and Tools

HMRC have offered some guidance in this area, and have produce a tool that encapsulates that guidance. It is our view that this tool is pathetically insufficient for the task.

The tool is here: https://www.gov.uk/guidance/check-if-you-are-at-risk-of-tax-avoidance

Beware:

  • The only outcomes say "you may..." - so there are no guarantees, or even assurances. The tool does not know good or bad umbrella companies, has no "red list" of convicted operators or anything else. You will gain no certainty from this tool - possibly only a false sense of comfort.
  • Nearly all of the questions are highly subjective and offer no clarifications to be able to answer accurately. Eg. "Have you been told your take-home pay will be higher than expected?" - what was "expected"?
  • The tool cannot check for all possible routes of fraud. Remember, an umbrella may appear to be fully legitimate, but just fail to pay HMRC the tax owed. That is still fraud, still makes the fraudsters a lot of money and is entirely ignored by this tool. Likewise other more nuanced and sophisticated frauds.

On a positive note, it does encourage the use of your Personal Tax Account which can show up a lot of the sorts of issues that fraud will present.

Payer IT systems, Data Privacy, Ransomware, etc.

There have been reports that even the bigger umbrella companies can suffer serious IT systems problems:

(Just because your chosen brolly hasn't been in the news doesn't make you safe!)

In one reported case, "suspicious activity" caused the (possible) loss of contractors personal and payment details, and caused the brolly to stop answering the phone or emails. There have been reports of payments to contractors being over 6 weeks overdue.

The point here is that if an umbrella company is your route to getting paid, then it becomes a critical part of your "supply chain". If the umbrella's IT systems get hacked, have bugs or fail then that could mean you don't get paid on time, or perhaps not at all.

Performing any meaningful due diligence on an umbrella company's IT systems and procedures is a very tricky undertaking. You can of course ask for any documentation or certifications, but they are under no obligation to supply them (and if they do supply them, you have to verify their authenticity and ascertain if they indicate "good" IT health or not).

Umbrella companies typically work on pretty small profit margins, so may choose to skimp on IT systems and processes as a way of saving some money. It's very hard to know if they spend "enough" on their IT, or if their IT is "good enough". This is sadly a risk that's hard to mitigate, and one that working through an umbrella makes unavoidable.

Also See