Being compliant is about as easy as sticking to the speed limit.
The limits change constantly and without much warning, there’s always the risk of getting an unexpected ticket and sometimes you have little choice but to breach it (however briefly) in order to overtake the slow movers.
How do you stay within business compliance rules?
It is never easy for a business to be fully compliant but as you grow there will be ever increasing demands that require you to keep your own house in order whilst meeting statutory obligations, satisfying regulators and upholding your reputation with the wider public.
It would be impossible to tell you everything you need to know about compliance and even harder for your business to fully achieve it, but a road map always helps.
Do you need a statutory audit?
These key criteria for determining whether you have gone from a small to medium or large business are:
- Turnover of £10.2m or more
- Total assets of £5.1m or more (and remember that asset value isn’t reduced by loans)
- 50 or more staff
If you are doing well and hit two of these then your financial statements must be audited.
What does this mean? It is an independent check that your financial statements are “true, fair and free from material error”. This involves tests carried out by an auditor that are designed to detect any irregularities and inconsistencies in your financial statements.
You can probably avoid an audit in the first year that you meet this threshold as exemptions apply. It may be that investment cash has led to you meeting the criteria but your business model is such that the cash has been spent by the following year and you no longer meet the threshold. Exemptions don’t apply for future years and so you should appraise annually and consider if a statutory audit is on the horizon as you grow.
Growing for exit? You might want to start earlier and voluntarily have an audit done to give any potential purchasers more comfort on your numbers.
Be careful where you are in a group or involved in more regulated activities like financial services. The rules on audit are more complicated and may apply even where the basic criteria aren’t met.
What freelance contractors and IR35?
It is common in many sectors, particularly the tech sector, for businesses to engage contractors, either as a sole trader or through an intermediary company, as a means of keeping the workforce agile and lean.
In many circumstances, that contractor is an employee in all but name. They provide a personal service solely to the business. Where they contract in this way, the hiring business is not liable to pay employment taxes (such as National Insurance and PAYE) as they would for an employee, and the contractor can pay themselves in the most tax efficient manner by way of a dividend.
When your business is no longer small and meets the same thresholds as for audit, then, from April 2020, all hiring businesses will need to carefully examine their contractor relationships and they will be required to make a determination statement as to whether contractors fall inside the IR35 regulations. Simply put, the question that needs to be asked is: is a contractor for all intents and purposes an employee when they take on work for the hiring company?
In some cases, they will be genuine contractors, but in other cases they will be employees in all but name, and unless the hiring company has issued a determination statement where they believe the relationship is one of employer/employee, then the hiring company will be liable for any employment-related taxes HMRC assesses as being owed. This could result in the hiring company being significantly out of pocket as HMRC will likely look at the value of the invoices paid by the hiring company and gross these up to calculate what HMRC perceives to be employment-related taxes.
Do you need a Data Protection Officer?
Your company will likely have data protection obligations from the moment it begins to trade.
These increase as you start to employ more staff and deal with personal data for commercial purposes. Impact assessments and addendums, retention policies and breach registers will become commonplace as you grow in size.
Where your business model involves processing personal data on a large scale then the appointment of a Data Protection Officer (DPO) may be required, particularly where special categories of data such as information on an individual’s health or ethnic origin is processed. Often a business voluntarily appoints a DPO to ensure compliance and avoid the potentially hefty fines out there.
Publish a modern slavery statement?
UK companies with a turnover of £36 million, or who are part of a group of companies with a global turnover of that amount, must publish a modern slavery statement.
Where you meet this threshold, you are required to publish a statement on your website setting out the steps taken to ensure slavery and human trafficking are not taking place in the business itself or any of its supply chains.
You may want to consider voluntarily publishing a modern slavery statement even where you do not meet the turnover threshold. The positive impact this has on brand and reputation is important and a statement may be required by larger companies that you engage with commercially, such as suppliers, regardless of your turnover.
Do you need to report gender pay gap?
Employers with 250 or more employees are required to publish statutory calculations every year showing how large the pay gap is between their male and female employees.
These reporting obligations are, much like the modern slavery statement, well-intentioned but ultimately a little toothless.
That should not diminish their relevance to your business as you grow.
The growing importance to various stakeholders and the wider community of ethical and sustainable practices means that a lack of transparency or discernible effort to improve with regards to issues like the gender pay gap can negatively impact your business as much as, if not more than, regulatory action.
And just because the enforcement actions under the regulations is perceived by many employers to be toothless, that does not mean they will remain that way. Already the Equality and Human Rights Commission (EHRC) have announced that hundreds of companies will face legal action over their failure to provide compliance gender pay gap data.