Monday, 29 March 2021

The future of audit and corporate reporting (Part 1)

 


Governments love to get more power. Better still, they love to get more power but still be able to avoid the consequences if something goes wrong.
 

So we have a body such as the Financial Reporting Council which oversees corporate reporting and auditors and which doesn’t appear to get fined for bad supervision when financial reporting or auditing goes wrong.  And now, at long last, we have a study – more than one – as to what has gone wrong, and surprise, surprise, the solution is to give a regulator a new name and more powers. 

The contradiction in thought is no more apparent than in those new powers.  It is proposed that ARGA (The Audit, Reporting and Governance Authority) is have full supervisory powers over all work that accountants do, rather than just audit, including in the words of Report : “all aspects of the chartered bodies’ regulatory functions, including training and qualifications, licensing, practice assurance, complaint handling, disciplinary procedures, and governance arrangements.”  It is also proposed that ARGA should set ethical standards.

So in one power grab, ARGA will become the body in charge of examinations, admission to membership, standard setter, investigator and disciplinary body.

The argument in favour of setting up the Independent disciplinary structure within ICAEW, which we were pushed to do and have done, was that one body should not be in charge of setting standards, qualifications, investigation and discipline.  Nonetheless, those are the powers that ARGA looks like getting. 

What applies to accountants will also apply to directors, at least of PIEs and corporate reporting under these proposals. 

It’s rather as if Parliament was allowed to act as lawmaker, police, judge and jury.  And that is never a good system.

As yet, giving all these powers to a single body, let alone an appointed quango, has yet to be challenged.  But it needs to be.

If we look into further contradictions in the approach, recall the powers that are being given to ARGA in respect of the accounting profession.  Then consider that the Brydon Review also recommended that any new regulator should have powers to act against companies were there were reasonable concerns over a wide range of matters including issues with reporting, governance, audit and viability.  It was also recommended that there should be powers to step in when a company was in distress.

The Government’s response has been to reject those recommendations.  The argument is that “would be a radical shift away from the UK’s approach to corporate governance, in which best practice is encouraged through a principles-based approach and through disclosures to shareholders, rather than through regulation. This system is highly regarded around the world.”

Well, it would.  But that argument is not being used for the audit and accountancy profession.  In fact, quite the contrary.  What is being proposed is substantially more regulation.  This, despite the fact that our profession is highly regarded around the world.  Indeed, given that audit failures (of which there are few) only have an impact if there were governance failures, or bad business decisions, within the audited company first, one might argue that the approach being taken is not only inconsistent, but backwards.

It is, of course, easier to pile regulation onto the accountancy profession than it is to deal with any root cause of lack of trust in business, or the profession, if it actually exists or indeed is a problem. And it is far easier to avoid being blamed for anything that goes wrong, if you can pass that blame onto the accountancy bodies or to the shareholders.

That is not to say there is nothing that needs to be done or that there is nothing good in the BEIS Report.  It is a huge curate’s egg and I will dive into bits of that rather scrambled egg in future posts:  but a regulatory power grab is not the best way of improving audit.  Unless of course, you are regulatory centralist at heart.

Tuesday, 23 March 2021

So what do you think about tax administration?

Consultations seem to come like buses.  I've been a bit quiet here as I have been digesting 800 odd pages of planning consultations for my local borough (which I won't bore you with) and 232  pages of government consultation on restoring trust in audit and corporate governance (which I will be, later).

Reforming tax administration

But first, a heads up on one I've not even read yet which came out today (23 March) which is a Call for Evidence on the Tax Administration Framework Review.

The tax administration framework sets out how HMRC interacts with taxpayers and establishes basic principles for the collection of the UK’s taxes. The framework refers to the legislation, guidance and processes that underpin tax administration. 

 The Framework Review is, say HMRC in
their press release, "an opportunity to create a trusted, modern framework that is simpler, easier to navigate and responsive to taxpayers’ needs, and fits into the way people work, live their lives, and operate their businesses. It also aims to provide greater clarity and simplicity around areas of the law where practice has evolved over time."  

 This review is not just a case of exploring small tweaks to legislation. The framework - and the principles underpinning it – will need a fundamental refresh to better serve taxpayers. The Call for Evidence is seeking input from interested stakeholder groups and collating evidence on where the framework could better serve taxpayers. The Government will then consider how to progress reforms to the tax administration framework, based on its initial findings from this engagement.

The consultation is open for 16 weeks and will close on 13 July.  Your chance to influence what needs to be done.  Happy also to continue a discussion on this below on in Linked-In.

Other new consultations

There are other consultations released today by HMRC as well - it's happy consultation day: so here they all are:

Call for evidence: on advantage and challenges of more frequent payment of self-assessment and corporation tax for SMEs (which HMRC calls "Timely payment").

Raising standards in the tax advice market

Exploring voluntary sign-up to Making Tax Digital for VAT

Exploring the costs and benefits of Making Tax Digital for VAT experienced by smaller businesses

Clamping down on promoters of tax avoidance

Tackling promoters of tax avoidance draft guidance

Call for evidence: tackling disguised remuneration tax avoidance

Discussion document: helping taxpayers get offshore tax right

Discussion document: preventing and collecting international tax debt

Hidden economy conditionality - Northern Ireland and Scotland

Effects of the off-payroll working reforms on employment agencies

Effects of the off-payroll working reform: education report

All can be found at the Spring 2021 HMRC consultation page here, and close on 15 June.

Enjoy the summer.

Wednesday, 10 March 2021

Are you ready for the next stage of Brexit?


 I have been asked by HMRC's EU Transition Unit for views on how ready importers and exporters are for the next staging post on the transition.

Their questions are below and I would greatly appreciate readers' input into the answers.  Do write comments below or email me (mgbacchusATbaccma.co).  It would be helpful, if you could provide details of the industry you are in and the approximate size (turnover or number of employees).  

If you email me, I will not pass on any identifying information to HMRC or retain that information (including email addresses) once I have summarised and anonymised your answers.  I will not, obviously, use your email address to contact you or pass it to anybody else.

Answers to the questions would be helpful both to the EUTU in formulating their approach to the remainder of the transition process, to the HMRC Administrative Burdens Advisory Board on which I sit and, in general, to trying to smooth out problems in  import/export processes.  So please take a few minutes to reply.

Thanks

Importers

1

Are you are importing controlled goods or choosing not to use SCC able to make Import Declarations (you or through or using an agent)

2a

Do you use SCC and if are you aware you need to make an Entry in Declarants Records?

2b

Are you ready to make supplementary declarations 175 days from point of import?

2c

Are you aware of the need for an EIDR authorisation or an agent who will allow you to use theirs?  

3

Are you starting to get ready to submit full Declarations either yourself or by using an agent from July?  

4

Are you talking to your hauliers to ensure they have an agreement in place to ensure the correct paperwork/ information accompanies your goods?

5

Do you understand where there are benefits and procedures of moving goods under transit, from the start to the end of the transit movement and what you must do to become an authorised consignee?

6

Do you have processes in place to pay / account for import duties?

7

Have you been engaging with your supply chain? And if so are they experiencing any problems?  

8

Are there any barriers you have identified to your readiness for July?

 

Exporters

1

Have you been able to make Export Declarations (yourself or using an agent) since January?

2

Are you talking to your hauliers to ensure the correct paperwork/ information accompanies your goods?

3

Do you  understand where there are benefits and procedures of moving goods under transit, from the start to the end of the transit movement and what you must do to become an authorised consignee?

4

Are you seeing any disruption to your chain? If so, how are you going about resolving these?

5

Are there any barriers you have identified to your readiness for July?

 




Tuesday, 23 February 2021

MTD For Corporation Tax: Compulsion Disguised As Benefits

 


Should you be forced to go digital or not?

That is one of the many over-arching issues with the government’s continuing expansion of its proposals for everybody to computerise.  

5 March sees the closure of the current consultations on Making Tax Digital for Corporation Tax.  This follows the introduction of MTD for VAT and its extension (which I have argued against here).

HMRC’s proposal is that all businesses, regardless of size, should:

  • maintain their records (e.g. records of income and expenditure) digitally
  • use MTD compatible software to provide regular (quarterly) summary updates of their income and expenditure to HMRC – there will be some entities
    who won’t need to do this
  •  provide an annual CT return using their MTD compatible software.

The benefits are said to be closing the tax gap through minimising errors in accounting, cost saving for HMRC, improving the resilience and flexibility of the tax system and, with the collection of more real time data “allow the government to assess changes to the economy, at small or large scale, as those changes are happening”.

The consultation paper claims “that it will make it easier for businesses to pay their taxes, allowing them to cut costs and devote more time and attention to maximising business opportunities.”

I have no problem with the introduction of IT either in HMRC or business, in fact I am all in favour of it where appropriate, but I have a huge problem with the idea that it has to be mandatory.

Put simply, businesses should be allowed to use what systems are best for them. If computerisation is of benefit, then business will adopt it (as many have done).  If they don’t see a benefit, then they won’t and shouldn’t have to. It is not up to Government, who seem to have a very sketchy idea of what business is all about, let alone HMRC, to tell business that adopting HMRC requirements will allow them  to devote more time to maximising business opportunities.

If those businesses think it will maximise their opportunities, they will surely adopt the system, so why force it down their throats?  What the proposal actually suggests is that Government knows full well that for many businesses it won’t do anything to improve their productivity – which is why they are mandating it.

There are many small businesses out there, including micro and hobby businesses, which do not need the added burden of reporting quarterly to HMRC. I am totally puzzled by how HMRC can think that this will help those businesses.   The claim that it will take less time overall is particularly spurious:  five returns a year cannot take less time than one return, particularly if these have to be done within one month of a period end rather than nine or twelve months after the period end as at present. 

As I have argued on VAT, however it is not so much the time taken as the added angst and worry of having to meet extra four extra deadlines a year with the undoubted threat of penalties if you don’t.   None of this will encourage people to go into business:  the burdens are enough without adding more.

Of course VAT registered businesses will already have much of the information required but it may require changes to their systems too. All businesses will need to report using the cost analyses required by HMRC. Now that is nothing new as far as the year end CT600 is concerned, but the corporation tax categories of expenses are often nothing like the ones which are best for managing one’s business. 

This means either manual analyses at the year end (which many of us have to do and all hate) will now be done quarterly or, hopefully, the IT system will do it for us. Except that none of the readily available low-end accounting packages allow for multiple cost codes. My fear therefore is that, unless the accounting software market radically changes its cheap options, smaller businesses will be “shoe-horned” into using accounting analyses which are good for the taxman but not at all appropriate for their business.  

There will, of course, be benefits to HMRC and, possibly to the Treasury - let us be under no illusions as to the reasons these changes are being proposed. But are we particularly worried about that? After all, as taxpayers, we pay for HMRC and it should be up to us to decide the cost/benefits to us of what they do.

Quarterly reporting and mandatory computerisation is going too far in a time when burdens on small businesses should be reduced. The country needs to encourage small businesses and remove regulation not add it. Time to say no: go digital, but do not mandate.

The full proposals are available here.

Respond to HMRC directly via their online questionnaire here or email makingtaxdigital.consultations@hmrc.gov.uk by 5 March.


(Malcolm Bacchus is an independent member of HMRC’s Administrative Burdens Advisory Board.  The views here are his own and obviously do not represent any official views.)

Thursday, 18 February 2021

Public Interest and the audit

 

The International Ethics Standards Board for Accountants (IESBA) has recently issued a consultation on the definition of a Public Interest Entity.


The debate around what should be regarded as a Public Interest Entity (or PIE) may sound esoteric but is hugely important as it defines what standards may be expected of businesses and, in the case of this paper, their auditors.   PIEs need to be held to higher standard of account purely because of that public interest element and the impact they have on all our lives.  Any advance in thought in this thorny area is welcome.

That said, on first read, the proposals in the IESBA paper seem not to have much effect on UK audits as UK standards incorporate a more stringent definition of a PIE than the proposed IESBA code.

The proposals will affect however audit firms who work overseas; could, if adopted in the UK, have some impact on UK legislation; and will probably influence the deliberations we expect from the UK review of audit now under way. 

More importantly, to my way of thinking, they seek to set a benchmark for other countries around the world.  We deal with those countries, their businesses are intimately tied up with our lives  – the establishment of a higher trust regime across the world is important to all of us.

Comments are due to IESBA by 3 May 2021 but please also feel free to send your comments to me in my role as chair of the ICAEW Ethics Standards Committee, even if you are not an ICAEW member.

The main proposals of the IESBA paper are to:

  • introduce an overarching objective for additional independence requirements for entities that are PIEs;
  • provide guidance on factors for consideration when determining the level of public interest in an entity;
  • expand the extant definition of PIE to a list of categories of entities that should be treated as PIEs, subject to refinement by the relevant local bodies responsible for standard setting as part of the adoption and implementation process;
  • replace the term “listed entity” with one of the new PIE categories, “publicly traded entity”;
  • elevate the extant application material that encourages firms to determine whether to treat additional entities as PIEs to a requirement and include enhanced guidance on factors for consideration by firms; and to
  • require firms to disclose if an audit client has been treated as a PIE.

The main categories proposed for PIEs are:

  • a publicly traded entity;
  • an entity one of whose main functions is to take deposits from the public;
  • an entity one of whose main functions is to provide insurance to the public;
  • an entity whose function is to provide post-employment benefits;
  • an entity whose function is to act as a collective investment vehicle and which issues redeemable financial instruments to the public; and
  • an entity specified as such by law or regulation as such where the purpose of the legislation is to enhance confidence in the audit of their financial statements.


The last category is intentionally broad and allows governments to decide whether, for example, large charities, should be scoped in.   The detailed rules also allow governments to scope out certain entities in the list “for reasons relating to, for example, size or particular or organisational structure”: which could mean anything from small banks to large partnerships or maybe the whole defence industry.

Finally, audit firms are required to consider, for the purpose of their auditing and ethical standards, whether other clients should be scoped in as PIEs on the basis that a “reasonable and informed third party would be likely to conclude such entities should be treated as public interest entities”.

I can’t help thinking that all the options for scoping in and out means that users will still remain confused over whether a particular entity in a particular country is treated, in that country as a PIE or not.  At the worse, a country could adopt IESBA standards, scope out almost everything, and still comply with this proposal.  And to that extent, the proposal will have some, but limited, use in increasing public confidence.  To make this work, I would see a requirement for every audit report,  whether of a PIE or not,  should state whether the entity has been treated as a PIE or not and whether or not this is through the standard, additional local legislative additions or, most importantly whether an entity which would have been in scope of the standard has been scope out of being a PIE by local laws.

But what do you think?





Malcolm Bacchus is chair of the Institute of Chartered Accountants in England and Wales (ICAEW) Ethics Standards Committee.  The views expressed here are his own and do not necessarily reflect the views of ICAEW

 

Tuesday, 16 February 2021

UK Border Strategy: moving goods and people

 

The Government’s 2025 UK Border Strategy sets out how it plans to improve the way people and goods can move across international borders given Brexit and the longer structural changes in world trade.

As a welcome foretaste of what one hopes will continue, this is a pan-department strategy involving the Home Office, DEFRA and the Treasury/HMRC.

The strategy sets out the type of border which they would wish to create, the operating model for that border, the approach to working with the border industry and users to design and deliver this and the changes that will need to be made in government and industry to implement it.

It is a big ask and set out under six “transformations”:

  1. Develop a co-ordinated user-centric government approach to border design and delivery which works in partnership with industry and enables border innovation
  2. Bring together government’s collection, assurance and use of border data to provide a comprehensive and holistic view of data at the border
  3. Establish resilient ‘ports of the future’ at border crossing points to make the experience smoother and more secure for passengers and traders, while better protecting the public and environment
  4. Use upstream compliance to move processes away from the actual frontier where appropriate, both for passengers and traders
  5. Build the capability of staff and the border industry responsible for delivering border processes, particularly in an environment of greater automation; and simplify communications with border users to improve their experience
  6. Shape the future development of borders worldwide, to promote the UK’s interests and facilitate end-to-end trade and travel.

Written broadly like that, much seems just aspirational or even obvious “apple pie” but the strategy goes into further detail (otherwise it would be a boring 84 pages) and initial work on understanding what needs to be done is already under way.

It is not a small ask: 21 million people travelled through our ports and 255 million through our airports in 2019.  383 million tonnes of international freight were handled at ports with a smaller, but not insignificant, amount at airports and via the Channel Tunnel.

Reductions in red-tape can’t be done one sided: every export from the UK is an import somewhere else and vice versa.  But systems can be made easier and much of the strategy relies on better IT.  Key is simplifying systems where they can be simplified, ensuring that information does not need to be entered multiple times, better use of technology to track goods with information flow-through, “upstreaming” of information so that it doesn’t need to be entered at the ports and better guidance to the end-users.  None of this is impossible, much of the technology already exists and other countries such as Singapore and New Zealand are already leaders in this field.

From a business view point it all looks good in theory although whether it can made simple enough to attract more SMEs into international trade remains to be seen.  Simplification helps but simplification comes with a trade in choices that can be made by business.  “One-size-fits-all” is simple but hurts those where the size doesn’t fit, whereas a range of tailored solutions fits more, but at the expense of complexity.  This is a challenge which the process designers will need to face head on and it is welcome, therefore, that there is an undertaking to work with users (read: passengers and businesses) in realising the strategy.

One potential stumbling block will be the extent to systems can be integrated with other countries’ ports.   There is little in the strategy about this.  New systems will be most attractive if they not only ensure a freer-flow of goods at the UK end but also at the originating or destination ports at the other.  However, any such agreements between countries are slow in realisation and it may be that the only approach here is incremental. 

There is mention too of the Government’s commitment to ten new freeports.  Freeports haven’t really been that successful in the recent past.  The commitment was however made before the Brexit withdrawal negotiations were complete and I wonder is there is a bonded-warehouse type-solution possible here to the “Percy Pig” type issues.  After all, that debacle must strike everybody (apart from those collecting the tariffs) as ludicrous.

I can’t lose sight however of the fact that the strategy also covers passengers as well as goods.  I would be the first to admit that the systems here need to be improved: airports, in particular, are an experience which few people love.  It is quite possible to spend three times as
long in the airport as one does on the actual flight.  Watching old films, I am always amazed how passengers handed over their luggage at the Victoria Air Terminal, boarded their coach, had the passports checked on the coach whilst on the way to Heathrow, and the coach drove right up to the steps of the plane. It’s the sort of seamless journey one can only dream about now.

However, although I am quite in favour of the goods I am exporting being tracked by technology from cradle to grave, I have considerable worries over more technology (e-passports) being rolled out to track people.  This is, I appreciate, a particularly British concern and maybe a generational one.  But any strategy is going to have to cope with the in-built suspicions of the UK to the surveillance society.

The consultation on the strategy is closed, but there is a lot of input that the Government is going to need if the strategy is going to work.  The Government has said this is to a team-exercise:  it is up to you and me, as business and individuals, to frame it in way which suits us.


(Malcolm Bacchus is an independent member of HMRC’s Administrative Burdens Advisory Board.  The views here are his own and do not seek to represent any official views.)

Wednesday, 10 February 2021

How you can lose money to scammers even if you are not trying

 

It is a few years ago now and some of the people concerned caught and prosecuted, so here is a story about identity theft and fraud which happened to me.  It  is a long story, so bear with me.  I think it will frighten you and has the advantage of being true.

How it all started

For a few weeks a number of odd things had happened.  I received two new bank cards and a new PIN  which I hadn’t asked for.  I’d also some couple of telephone calls which just cut off and one apparently from the bank - they put the phone down when my wife answered.  Then, late on a Friday afternoon, I had a call, again purporting to be from the bank, which made me very suspicious.  They clearly had some details about me and about the new card I’d requested (I hadn’t), so, just to be on the safe side, I called the bank and asked for a stop on all my cards.  Luckily, as it turns out, I got a confirmatory text from the bank almost immediately and I kept a screenshot of that as well.  The bank asked me to call in on Monday (the local branch was closed on Saturday) and arrange for a new card.

Something odd also happened over the weekend which I didn’t think too much about at the time – my mobile phone stopped working.  All it meant was two calls to make on the Monday before work – first to the bank then to the phone company.

Waited half an hour (of course) to see somebody in the bank as I didn’t have an appointment.  But, it was important:  I wanted a new working bank card. Eventually I saw a member of staff, who checked my passport and address ID, then told me that I had already gone into another branch in North London (I live in South London) on Saturday (hello, what’s happening here?) and had the cards re-activated or new cards issued, I never found out exactly which.

Large alarm bells ringing, now.  They checked my main account – lots of large transactions for jewellery from West End stores had been made over the weekend.  But, said the staff member, after a few internal telephone calls, we checked with you over the telephone because they were such large transactions and you confirmed it was all OK.  (Now I think I understand why my mobile stopped working). 

Put a stop on everything again, I said, and I’ll be back.  Off to the phone shop now.  After a lot of checking  they told me that I had gone in to a branch on Saturday and convinced them that my phone was lost and I needed a new phone and SIM on my old number.   That so explained that.  Very worried now, I went back to the bank.  There was clearly some very good social engineering going on here coupled with, I could only assume, fake ID in my name.  “No problem”, said the bank, “call in on Wednesday and we’ll have a member of our fraud team here to work it out”.

“It’s all sorted out”

Two anxious days later, I called into the bank.  No fraud team there.  “It’s all sorted out,” they said, “Your wife called and explained that she had made the transactions on your card.”  What?  We have separate accounts and she is not a signatory to my account.  Plus the fact that you put a stop on the cards and you told me on Monday that I had been shopping.  “Did you give her your PIN?”, they said.  “No I did not.  Nor did she go into the West End on Saturday.”  My wife, when I told her, was outraged.  Not only had I been impersonated in person, she had now been impersonated on the phone!


Whilst in the bank, we looked at my accounts again.  Since the bank had unlocked my account again, my current account had now been entirely cleared out.   Money had also been transferred from my other accounts into my current account and taken out of that.  Worse (if it can get worse) they had got into two other community accounts with which I was associated and withdrawing money from there by transferring that into my current account.  On one of those accounts, I had read only access and was not a signatory; on the other I was a signatory but only jointly with a second party and telephone/online banking had not been implemented.  I still do not know how this was done … but it was. 

Now I had no bank cards and no cash, and some difficult explanatory calls to make.  One of the two community organisations had wages to pay and no money now either; so I borrowed some money to re-imburse them, allowing them to do that, and a bit more for myself.  And then settled down to three months of letters, meetings, and statements to the police.

Why me?

The bank eventually refunded everything – we were talking six figure sums – they really didn’t have much of a defence having clearly been conned into disobeying my stop instructions twice.  However an additional £50 compensation for the weeks of inconvenience caused was just a little bit mean.

Some time after it was all over, the police came back and took another statement as they had (I think from what they implied) tracked the gang down.  I learnt a bit more about the methods involved.  It looks as if, a while before it all started, my card was cloned: I think I can now guess where.  After various attempts to get my PIN (hence the duplicate cards and the telephone calls) they decided on the fake identity route.

“Why me?“ I asked the police.  Apparently professional people, particularly if also company directors, are good targets.  They are likely to be moderately wealthy and therefore worth putting in a bit of effort for and there is likely to be quite a bit of information about them on line.  If your name is “John Smith”, you are probably safe as it is difficult to identify which John Smith you might be simply from the name on the card – but if you have an unusual name (and Malcolm Bacchus is an unusual name) it is much easier for fraudsters to find out sufficient information about you to produce at least some credible faked documentation.

What lessons were there?

So that it’s it.  Clearly it is impossible for an individual to prevent fraud on their bank accounts when the bank’s processes are at fault and I am assured by the bank that their processes are tighter now than when this happened.  Companies House too have stopped putting your full date of birth for all to see. But what can one learn from this?  Obviously there are the all normal things such as not giving out your PIN, not writing passwords down, being alert for suspicious telephone calls and not clicking on any unknown links on your computer, but I was fine on all of these and still got caught.  So here are my additional take-aways from the story:

  • Split your funds across accounts with more than one bank
  • If possible, don’t allow your bank to associate the various accounts you might have access to on their system in one place – it’s good for them but good for fraudsters too
  • Again, if possible, and most of the time it isn’t, be careful about who you give copies of your ID to (everybody asks for them these days and whether they store them safely is anybody’s guess)
  • Use invented answers to the security questions on all websites  – not your real first school or first pet (it didn’t happen in my case as far as I am aware, but I was warned that fraudsters are good at extracting that sort of information by social engineering
  • For the same reason, don’t use the same answers or the same passwords on multiple sites
  • Investigate anything odd on your account as soon as it happens: don’t assume it is a mistake
  • Keep documentation on every contact with your bank, even if it was a short telephone call.

And what to do if it happens to you...

Obviously, always contact the bank as soon as you are suspicious.


If you are an ICAEW accountant you can get guidance for you or your clients on the New ICAEW Fraud Advisory Helpline on 01908 248 250; if you are a business speak to your accountant;  and, whether it was you or your business affected, always report the fraud to ActionFraud at actionfraud.police.uk or
0300 123 2040 (England and Wales only – otherwise your local fraud prevention organisation or the police). 

If you are an accountant you might also have to report on a SAT to the National Crime Agency and, as a business or accountant, for cyber crime, to the Information Commissioner’s office.