Regulatory Intelligence

Critical payroll compliance briefings

Authoritative analysis on IR35, Right to Work, and the Employment Rights Act to shield your agency from supply chain liability.

a man riding a snowboard down a snow covered slope

CIS Changes from April 2026

What's Changed

The 2025 Autumn Budget introduced tougher compliance obligations for businesses purchasing construction services under the Construction 
Industry Scheme (CIS) and granted HMRC enhanced powers to act on non‑compliance. Effective April 2026, these reforms add significant reporting complexity and 
financial exposure across construction supply chains — including recruitment agencies operating within them.

The key update aligns CIS with the “knew or should have known” test already applied in VAT fraud cases. If HMRC can demonstrate that a business knew or should have known it was involved in a transaction linked to fraudulent tax evasion by a supplier — such as a CIS umbrella or subcontractor further down the chain — HMRC may:

  1. Cancel the business’s gross payment status immediately, extending the re‑application period from one year to five years.

  2. Hold the end‑user liable for the unpaid tax, even if the invoice (including tax) has already been settled.

  3. Impose a penalty of 30% of the lost tax, chargeable to the business, its directors, or connected persons.

Why This Matters to Recruitment Agencies

Gross Payment Status allows eligible businesses to receive payments from contractors without deductions being made at source. If that status is withdrawn, CIS deductions will apply to every qualifying payment, creating an immediate and significant impact on cash flow. Under the updated rules, the loss of Gross Payment Status can last for up to five years, rather than the previous one-year period.

For recruitment agencies operating on tight margins, a five-year restriction is far more than an administrative issue—it can place considerable strain on working capital and, in some cases, threaten the long-term viability of the business.

When combined with the potential for joint liability on unpaid tax and penalties of up to 30%, which may extend to company directors in certain circumstances, the importance of robust compliance and thorough due diligence has never been greater. Taking proactive steps to assess payroll providers and maintain compliance is now a critical business priority rather than simply a matter of best practice.

Why This Has a Greater Impact on Recruitment Agencies

Gross Payment Status allows eligible businesses to receive payments from contractors without CIS deductions at source. If this status is lost, deductions apply to every qualifying payment, creating an immediate reduction in cash flow. Under the updated rules, the restriction can remain in place for up to five years, rather than the previous one-year period.

For recruitment agencies operating on tight margins, this is far more than an administrative issue. A prolonged loss of Gross Payment Status can significantly affect cash flow, limit business flexibility, and place considerable pressure on day-to-day operations.

When combined with potential joint liability for unpaid tax and penalties of up to 30% that may extend to company directors, the importance of carrying out thorough due diligence has never been greater. Proactive compliance is no longer simply best practice—it is an essential part of protecting your business.

What "should have known" looks like in practice

A subcontractor or umbrella with frequent, unexplained changes to bank account details

No VAT registration where the scale of activity would normally require one

Director histories with prior insolvencies, disqualifications, or links to other flagged entities

Onboarding checks done once at the start of a relationship and never revisited

A one-off check at onboarding won't meet the new standard. "Should have known" is a continuous test. HMRC will look at what a reasonably diligent business would have picked up over the life of the relationship, not just on day one.

What agencies should do now

  1. Confirm, in writing, which party in the chain is legally responsible for carrying out right to work checks on each placement.

  2. Check that any digital verification tool in use is on the Home Office's current certified IDSP list.

  3. Build a diary system for repeat checks ahead of time-limited permission expiry dates.

  4. Retain evidence of every check — not just the document copy, but who checked it, when, and how.

  5. Refresh consultant training on the current codes of practice, including the eVisa transition.

Don't assume the client's check covers you. If you're the legal employer of the worker, their process is not your statutory excuse — build and evidence your own.

Paying the invoice in full no longer closes the risk. From April 2026, what an agency should have known matters as much as what it actually did.

This newsletter is for general information purposes only and does not constitute legal or tax advice. Agencies should seek advice from a qualified tax adviser on their specific supply chain arrangements ahead of the April 2026 changes.

a man riding a snowboard down a snow covered slope

HMRC warns against "Bills of Exchange" as a JSL workaround

What's Changed

In 2026/27, Bills of Exchange are being promoted as a way for umbrella companies and recruitment agencies to circumvent the Joint & Several Liability (JSL) rules introduced on 6 April 2026.

Originally governed by the Bills of Exchange Act 1882, these instruments function as formalised IOUs. Promoters now claim they can be used to settle PAYE liabilities outside conventional banking channels and to avoid deemed‑employer status under the new umbrella legislation.

However, HMRC’s 13 May 2026 alert makes its position clear: it does not recognise Bills of Exchange or similar “private instruments” as valid payment of tax liabilities.

 How the schemes are marketed

⚠️ References to obscure, historic legislation to lend false credibility
⚠️ Claims that mainstream accountants and banks "don't understand" the process
⚠️ Offers to manage the whole process, including drawing up affidavits and dealing with HMRC directly
⚠️ Claims the instrument has been "approved by King's Counsel"

The knowledge point

Before this year's rulings and warnings, participants might have argued they misunderstood the risks, or relied on assurances from promoters. That argument is fast disappearing.

"These arrangements do not remove risk from recruitment agencies; they transfer it and concentrate it. Following the High Court's decision, it will be increasingly difficult for agencies to argue the risks were not apparent."Employment lawyer commentary, C2E Law

Continued participation after such clear public warnings raises difficult questions around deliberate behaviour, governance failures, and whether reasonable due diligence was carried out before entering into, or continuing with, the arrangement.

What agencies should do now 

  1. Review any current or proposed use of Bills of Exchange or similar "private instruments" in connection with HMRC liabilities

  2. Brief directors and finance teams on the HMRC alert and the Halifax RLFC ruling.

  3. Carry out, and document, enhanced due diligence on umbrella companies and other supply chain partners, particularly on how PAYE is actually being paid.

  4. Treat any claim that a scheme "avoids" the new JSL legislation as a red flag. HMRC has expressly rejected this.

  5. Seek independent professional advice before engaging with any arrangement claiming to reduce or eliminate tax liabilities through unconventional means.

Employment businesses should ensure they are working with a reputable, accredited umbrella company, and should carry out their own extensive due diligence, rather than relying solely on assurances from the umbrella or promoter.

Businesses being offered these arrangements are, in effect, being sold magic beans. HMRC has made its position clear: anyone who continues to use them does so at their own risk.

This newsletter is for general information purposes only and does not constitute legal or tax advice. Businesses concerned about existing arrangements, or approached by promoters of similar schemes, should seek advice from a qualified professional without delay.

Where the risk actually lands

f an umbrella relies on a Bill of Exchange, no valid payment has been made; the underlying PAYE liability remains outstanding. Under Chapter 11 ITEPA, where PAYE isn't properly operated in the supply chain, an agency can be treated as the deemed employer. HMRC typically pursues the most solvent party in the chain, usually the agency.

HMRC has expressly rejected the KC-endorsement claim.

A KC constructing a defence says nothing about whether it would succeed. There is no arrangement so unlawful that a lawyer couldn't attempt to defend it.


a man riding a snowboard down a snow covered slope

The Employment Rights Act 2025:
what agencies need to do now

The ERA 2025 signals a material shift in operational obligations, risk allocation, enforcement exposure, and contractual frameworks for the recruitment sector. Below is what's changing, why it matters, and what to put in motion this quarter.

01 ENFORCEMENT

A new enforcement environment: the Fair Work Agency

Agencies and employment businesses fall directly within the enforcement scope of the new Fair Work Agency (FWA), expected to be established in April 2026. It will enforce the Employment Agencies Act 1973 and the 2003 Conduct Regulations, alongside wider labour market law — a move toward proactive, consolidated enforcement and sharper inspection readiness.

02 CONTRACTS

Update your contracts now

Guaranteed hours offers, a two-week initial information duty, reasonable shift notice, and cancellation compensation are coming — with commencement expected in 2027 following 2026 consultation. Contract suites should be refreshed now, with placeholders for thresholds still to be set.

Supply chain split: hirers offer guaranteed hours; agencies pay cancellation compensation, with recoupment routes back to hirers.

Pre-existing arrangements: a two-month window from 18 Dec 2025 to review and preserve recoupment terms already in place.

Action: freeze or tightly control amendments to existing recoupment arrangements while this review is underway.

03 SHIFT RISK

Protect yourself operationally on shift cancellations

New rights to reasonable notice and compensation for cancelled, moved, or curtailed shifts are coming, with short-notice parameters set by regulation. Compensation is payable up to a worker's original remuneration and is taxable as employment income — pricing and margin models with hirers should be adjusted accordingly.

Build playbooks now: who issues notices, how communications are documented, and how costs are shared and recovered.

04 RECORDS

Strengthen compliance and record keeping

The FWA can require attendance, answers, and documents, and enter premises to inspect records. Map, retain, and be ready to produce evidence of shift offers, notices, cancellations, and compensation calculations.

Working Time annual leave and pay records now carry six-year retention expectations.

Notices for exceptions or withdrawals within the guaranteed hours framework must be retained for audit.

05 CLIENT RELATIONSHIPS

Manage client relationships to mitigate risk

Review master services agreements and call-off terms to address responsibility splits, cancellation and curtailment decision rights, evidence sharing, and indemnities aligned to Schedule A1. Build in service credits or indemnities where hirers fail to relay required worker notices on time.

06 TRIBUNAL EXPOSURE

Prepare for tribunal exposure and longer limitation

Time limits extend to six months for certain claims, with dedicated remedies for failures to offer guaranteed hours, provide information, give notice, or pay compensation. Automatic unfair dismissal protection without a qualifying period applies in relevant circumstances, and tribunals may add financial penalties for aggravating conduct.

07 DATA & INVESTIGATIONS

Data sharing and investigations readiness

Disclosures to the FWA are permitted without breaching confidentiality, subject to data protection obligations. Update governance policies and client terms to allow lawful information sharing during investigations while keeping proper safeguards in place.

Need the paperwork to match the plan?

Get in touch for template clauses for hirer contracts, a worker terms addendum, or a shift-cancellation SOP aligned to the ERA 2025 framework.

Royal Assent
18 Dec 2025

Fair Work Agency live
April 2026 (expected)

Zero/low hours regime
2027 (anticipated)

a man riding a snowboard down a snow covered slope

IR35: where the agency's risk actually sits

What the rules actually require

Since 6 April 2021, medium and large private-sector clients have been responsible for deciding whether an engagement falls inside or outside IR35, and for issuing a Status Determination Statement (SDS) to every party in the labour supply chain. Public sector clients have carried this duty since 2017.

Where the engagement is inside IR35, the fee-payer — usually the agency, or an umbrella company further down the chain — must operate PAYE and National Insurance on payments to the worker's intermediary, as if the worker were an employee.

The rules are deliberately designed so liability can move. If the client fails to take reasonable care in reaching its determination, or fails to pass the SDS down the chain, liability can sit with the client. But once an agency has received a valid SDS, responsibility for acting on it correctly — and for deducting the right tax — sits with the agency.

Reasonable Care — What It Really Means

Clients must exercise reasonable care when making a status determination. What qualifies as reasonable care isn’t fixed — it depends on how complex the engagement is and how robust the decision‑making process appears.

"A determination made without considering the individual's actual working arrangements — or one changed at the last minute close to contract renewal, without a documented reason — is difficult to defend as reasonable care if HMRC ever asks the question."

For agencies, the real exposure lies less in whether the client’s call was correct and more in whether there’s a clear, documented process for collecting, verifying, and acting on the SDS for every engagement.

Paper terms don't override working practice. If a contract says "outside IR35" but the day-to-day reality looks like employment — fixed hours, supervision, no real substitution — HMRC will look at what actually happens, not what the contract says.

Practices worth a second look


⚠️ Blanket "inside IR35" determinations applied across a role or contract type, without individual assessment

⚠️Relying solely on HMRC's CEST tool output, without considering factors like mutuality of obligation that CEST doesn't fully capture

⚠️No SDS on file for an engagement, or an SDS that was never actually passed down the chain by the client

⚠️ Contract paperwork that doesn't reflect how the engagement actually operates day to day

What agencies should do now

  1. Confirm there's a valid, dated Status Determination Statement on file for every current inside-IR35 engagement.

  2. Build and document a process for the statutory client-led status disagreement route, so disputes don't stall.

  3. Review the umbrella and payroll chain behind every placement — who is the fee-payer, and can you evidence it.

  4. Audit contract templates against actual working practices, not just against the CEST output.

  5. Train consultants to flag status changes, scope creep, or blanket determinations before they become a liability.

The fee-payer carries the deduction risk, and the fee-payer is very often the agency. A documented process beats a confident assumption every time.

This newsletter is for general information purposes only and does not constitute legal or tax advice. Some figures and dates may have moved on since publication — agencies should confirm current requirements with HMRC guidance or a qualified adviser before relying on this summary.

a man riding a snowboard down a snow covered slope

Right to work checks: who actually carries the penalty

What the law actually require

Under the Immigration, Asylum and Nationality Act 2006, employing someone without the right to work in the UK can lead to a civil penalty. Carrying out a compliant right to work check before employment starts gives the employer a statutory excuse against that penalty — provided the check was done correctly.

Civil penalties were significantly increased from 13 February 2024: up to £45,000 per illegal worker for a first breach, and up to £60,000 for repeat breaches — a substantial rise from the previous framework.

There are three routes to a compliant check: a manual document check, a digital check via a Home Office-certified Identity Service Provider (IDSP) for British and Irish citizens, and the Home Office online right to work checking service (using a share code) for those with digital immigration status.

Where the penalty actually lands

In a temp labour supply chain, it isn't always obvious who is legally the "employer" for right to work purposes — and that's exactly where gaps open up. The penalty falls on whoever employs the individual, which depends on the actual contractual chain, not on who happened to run the check.

Practices worth a second look


⚠️  Accepting an expired Biometric Residence Permit at face value, without checking current status online

⚠️ Using a digital ID verification app or service that isn't on the Home Office's certified IDSP list

⚠️ No diary system for repeat checks on workers with time-limited permission before it expires

⚠️ Relying on a client or umbrella's word that "the check's been done" without seeing the evidence

A share code isn't optional for digital status holders. A physical document alone no longer establishes the statutory excuse for someone with an eVisa — the online check has to actually be carried out and the output retained.

The evidence point

The statutory excuse depends on being able to show the check was done properly at the time — not on being able to say, after the fact, that the person turned out to be eligible to work.

"A copy of a document with no record of who checked it, when, or against what verification service, is a weak position to be in if the Home Office ever asks the question. The excuse is built on process, not on hindsight."

For agencies working through umbrellas or in multi-party chains, the practical priority is making sure it's contractually and operationally clear who is running the check, and that the paper trail proving it actually exists.

What agencies should do now 

  1. Confirm, in writing, which party in the chain is legally responsible for carrying out right to work checks on each placement.

  2. Check that any digital verification tool in use is on the Home Office's current certified IDSP list.

  3. Build a diary system for repeat checks ahead of time-limited permission expiry dates.

  4. Retain evidence of every check — not just the document copy, but who checked it, when, and how.

  5. Refresh consultant training on the current codes of practice, including the eVisa transition.

A £60,000 penalty per worker concentrates the mind. The statutory excuse is only as good as the process and paperwork behind it.

This newsletter is for general information purposes only and does not constitute legal or immigration advice. Penalty figures, certified provider lists, and transition dates can change — agencies should confirm current requirements with Home Office guidance or a qualified adviser before relying on this summary.

Immediate regulatory updates

Update • Jan 2025
Alert • Risk High
Briefing • Liability

ERA 2025 statutory shifts

Bills of exchange warning

IR35 off-payroll audits

Understanding the structural changes to worker status and collective rights under the new Employment Rights Act framework.

HMRC is actively targeting non-compliant payroll schemes utilizing outdated financial instruments. Protect your supply chain today.

End-client liability is increasing. Review our updated compliance checklist to ensure your contract placements remain fully aligned.

Technical Briefings

Deep-dive policy analysis

Our legal and compliance teams continuously monitor legislative shifts to ensure our accredited partners maintain absolute compliance.

Whitepaper • Risk: Critical

Whitepaper • Risk: High

Right to work protocols

Bills of exchange risk

Published: February 2025. This briefing outlines the updated statutory excuse requirements for remote worker verification, preventing severe civil penalties.

Published: January 2025. A technical breakdown of why alternative remuneration models fail HMRC spot-checks and how to identify hidden liabilities.

Key Action: Agencies must audit all digital identity service provider (IDSP) integrations immediately to ensure alignment with Home Office standards.

Key Action: Review your preferred supplier list (PSL) against our vetted, fully accredited payroll partner framework to mitigate risk.

Protect your agency today

Don't let shifting legislation threaten your margins. Schedule a zero-obligation payroll supply chain audit with our compliance specialists.