The prospect of an HMRC investigation into contractor arrangements generates significant anxiety for many organisations.
Headlines about multi-million pound settlements - Natural Resources Wales settled for £14.6 million (announced 2025), ITV set aside ~£61m as a provision (reported 2025), and £104m for the Post Office (reported 2026), for instance - create understandable concern.
But anxiety often leads to misunderstanding. Many organisations believe HMRC is hunting for individual determination errors, ready to impose penalties for every contractor incorrectly classified. The reality is more nuanced - and understanding what HMRC actually looks for can help you build genuinely defensible governance.
This article examines how HMRC approaches IR35 investigations, what triggers scrutiny, and how organisations can demonstrate the "reasonable care" that protects against penalties.
The Governance Focus
Contacts within the CoComply tax peer network agree on one thing: HMRC investigations and RFIs focus more on processes and governance frameworks that actually work at scale, not necessarily isolated individual determinations.
When compliance officers examine an organisation's contractor arrangements, they're asking systemic questions:
- Do you have a consistent process for making status determinations and monitor as engagements change?
- Is that process applied across all contractor engagements (direct, agency, through 3rd party service providers)?
- Can you evidence that you've taken "reasonable care" in reaching conclusions?
- Do your determinations align with actual working practices?
- Can you provide the data quickly and with accuracy?
An organisation with robust governance that occasionally makes borderline determinations looks very different to HMRC than one with no governance making widespread incorrect classifications.
Repeated non-compliance, systematic failures, or deliberate avoidance attract penalties. Documented good-faith efforts to get things right generally don't.
What Triggers an Investigation
Understanding investigation triggers helps organisations prioritise their compliance efforts. Common catalysts include:
Inconsistent or Blanket Determinations
If every contractor in an organisation is determined to be outside IR35, that's a red flag. If similar roles receive different determinations without clear rationale, that's another. HMRC looks for evidence of genuine, case-by-case assessment rather than rubber-stamping or one-size-fits-all approaches.
High-Risk Sector Activity
In practice, HMRC risk profiling tends to focus on areas with high contractor usage and complex engagement models. Media, IT/technology, financial services and engineering are frequently cited by advisers and market participants as sectors that attract scrutiny.
Industry Intelligence
Media coverage of contractor arrangements, whistleblower reports, or sector-wide concerns can prompt HMRC to examine specific organisations or industries.
Compliance Checks
When HMRC carries out an off-payroll working (IR35) compliance check, the early focus is often on governance, process and evidence, not just the wording of individual contracts. In practice, HMRC may ask for information showing how your organisation identifies relevant engagements, reaches Status Determination Statements (SDSs), and keeps records to support those decisions.
Initial information request
In HMRC’s off-payroll compliance “check letters”, organisations are commonly asked to provide details of the systems and processes used to determine whether the rules apply when engaging workers through intermediaries (such as PSCs).
Depending on the scope of the check, HMRC may also request supporting documents such as:
- Your internal status determination process, policies and governance (including training records)
- Status Determination Statements (and the record of reasons behind them)
- Relevant contracts and schedules (and any standard templates used)
- Evidence of the information relied on (for example, how working practices were established)
- Records of SDS disagreements/challenges and how those were handled (where applicable)
(Note: HMRC does not publish a single fixed checklist for every case; what is requested can vary.)
Evidence review: process vs reality
HMRC guidance emphasises keeping robust records to support decision-making in the event of a compliance check.
In practice, HMRC will often test whether your documented process was followed consistently and whether there is supporting evidence for conclusions reached - particularly where working practices may not match contract wording.
Targeted deep dives (case-dependent)
Where HMRC needs to understand how an engagement operates in reality, it may seek further detail about working practices and decision-making. The exact approach differs by case; organisations should assume HMRC may ask follow-up questions that go beyond contract terms and into operational delivery and controls.
Why governance failures scale exposure
As a matter of risk management, a single disputed determination can be contained. By contrast, systemic weaknesses (for example, missing population visibility, inconsistent processes, poor evidence, or weak challenge handling) can create broader exposure across multiple engagements - because the same gaps may repeat across the contractor population.
Demonstrating “reasonable care” and why it matters
HMRC’s penalty regime for inaccuracies is behaviour-based. Where a tax shortfall arises, the penalty position depends on whether the inaccuracy resulted from taking reasonable care (no penalty), carelessness (up to 30%), deliberate behaviour (up to 70%), or deliberate and concealed behaviour (up to 100%), subject to reductions for disclosure.
“Reasonable care” is not about guaranteeing HMRC will agree with every outcome. It’s about being able to evidence that your organisation took appropriate steps to reach and support determinations, using a consistent process and retaining records.
Practical indicators of reasonable care commonly include:
- Documented methodology: a written determination approach that is applied consistently
- Evidence-based inputs: determinations informed by working practices (not contract wording alone)
- Consistency and rationale: similar engagements treated consistently, with clear reasons for differences
- Disagreement handling: a documented SDS disagreement process and an audit trail of responses
- Review points: a governance trigger to re-check determinations when roles or delivery models change
(This is governance guidance; it does not guarantee HMRC agreement in any particular case.)
The penalty framework (corrected and tightened)
- Reasonable care: where reasonable care was taken but HMRC disagrees, a liability for tax/NIC and interest can still arise, but penalties may be nil.
- Careless (failure to take reasonable care): penalties are 0 - 30%.
- Deliberate: penalties are 20 - 70%.
- Deliberate and concealed: penalties are 30 - 100%.
The set-off / offset rule
From 6 April 2024, HMRC can apply a set-off mechanism that reduces the deemed employer’s PAYE/NIC liability to take account of certain tax/NIC/corporation tax already paid by the worker/intermediary on the same income - provided the legislative conditions are met (including the relevant “trigger event” timing and scope).
This change is aimed at reducing “double taxation” outcomes in non-compliance cases, but it does not remove exposure to interest and potential penalties where applicable.
Building audit-ready governance (kept, but slightly sharpened)
- Centralise the method: one documented approach across the organisation
- Maintain evidence: retain not only SDS outcomes but the “why” and the inputs (audit trail)
- Align contracts and operations: minimise gaps between written terms and actual delivery
- Handle disagreements properly: keep a clear record of contractor challenges and your response
- Review at change points: extensions, scope changes, delivery model changes
- Know your population: maintain visibility of all relevant engagements, including non-standard channels
Key Takeaways
- HMRC focuses on governance and process, not just determination errors
- "Reasonable care" is the standard that protects against penalties
- Common triggers include inconsistent determinations, complaints, and governance gaps
- Investigations often expand from initial samples if governance gaps are found
- Documented process, evidence gathering, and challenge handling demonstrate reasonable care
- The April 2024 offset rule reduces double taxation risk
What This Means for Your Organisation
HMRC investigation anxiety often exceeds actual risk - particularly for organisations that have invested in proper governance. The goal is a demonstrable, documented effort to get things right.
If you're confident in your processes and can evidence reasonable care, you're well positioned even if HMRC occasionally disagrees with specific determinations. If you're less confident, now is the time to strengthen governance - before an investigation, not during one.
If you'd like to assess your current governance against HMRC expectations, CoComply can help identify gaps and build audit-ready processes for your contractor population.