A brown envelope arrives with HMRC printed on the front. Most business owners feel their stomach drop before they have even opened it. The immediate assumption is that something has gone wrong, that penalties are coming, and that the next few months are going to be expensive and stressful. That reaction is understandable but it is also rarely accurate. Experienced tax investigation advisors will tell you the same thing: an HMRC compliance check is not automatically a sign of wrongdoing, and how you respond in the first few days matters far more than most people realise. This guide explains why compliance checks happen, what HMRC is actually looking for, and how to protect your business both before and after that letter arrives.
Why HMRC Compliance Checks Matter?
HMRC’s approach to compliance has changed significantly in recent years. The days of purely random selection have not disappeared entirely, but the majority of compliance activity is now data-driven. HMRC uses sophisticated analytics, cross-references information from multiple sources banks, Companies House, land registries, digital platforms and compares your filings against industry benchmarks and third-party data it already holds.
That means even well-run businesses with clean records can attract a compliance check through no fault of their own. A data mismatch between what you reported and what a third party reported to HMRC can trigger contact regardless of whether the underlying figures are correct.
Compliance Check vs Tax Investigation
| HMRC Compliance Check | Tax Investigation |
| Routine review of specific areas | Deeper examination of overall tax affairs |
| Often focused on a single issue | Can cover multiple taxes and multiple years |
| Frequently preventative in nature | Usually triggered by identified concerns |
| Typically shorter in duration | Can run for one to three years or more |
A compliance check can escalate into a full investigation if HMRC finds material discrepancies, discovers records are incomplete, or identifies behaviour that suggests the problem runs deeper than a single filing period. That escalation is not inevitable but it is avoidable, and the way you respond determines which direction the process goes.
Why HMRC May Contact Your Business?
Selection is not always what people expect. Some reviews are sector-specific; HMRC runs targeted campaigns against industries it considers higher-risk, which means a perfectly compliant business in construction, hospitality, or e-commerce can receive a compliance letter simply because of its sector classification.
Other triggers are more specific. Unusual expense claims relative to turnover, VAT return figures that fluctuate significantly between periods, payroll inconsistencies, repeated late filings, and mismatches between income declared and lifestyle indicators visible through third-party data are all known selection factors.
Online income is a growing area of focus. HMRC now receives data from digital platforms eBay, Etsy, Airbnb, Amazon under updated reporting requirements, and any business or individual with significant online sales that does not appear on a self-assessment return or corporation tax filing will eventually attract attention.
The honest answer to “why me?” is often simply this: a data point somewhere did not align, and HMRC wanted to understand why.
What HMRC Is Really Looking For?
Understanding the focus areas helps businesses prepare genuinely useful responses rather than producing mountains of paper that do not address the actual question.
Income reporting is the starting point. HMRC wants to confirm that all income has been declared including cash income, income from secondary sources, overseas income, and digital platform income. Business expenses come next, with particular focus on whether claimed expenses are genuinely business-related and properly evidenced.
VAT accuracy is one of the most frequently reviewed areas, especially for businesses with complex supply chains or mixed VAT liability. Payroll compliance covers PAYE deductions, benefits in kind, National Insurance treatment, and whether contractors have been correctly classified. Director loan accounts attract specific scrutiny because they are frequently misunderstood and often create unexpected tax liabilities.
Record-keeping standards underpin all of it. HMRC cannot assess figures it cannot verify, and a business that cannot produce supporting documentation for its claimed figures is in a significantly weaker position than one that can.
The First 48 Hours After Receiving an HMRC Letter
This is where most unforced errors happen, and most of them come from reacting too quickly rather than too slowly.
Step 1: Read the letter carefully. Identify precisely what HMRC is asking which tax, which period, and exactly what information has been requested. The scope matters enormously. A compliance check on a specific VAT period requires a very different response than one covering three years of corporation tax.
Step 2: Stay calm. Panicked responses that volunteer information beyond what was requested, or that make assumptions about what HMRC already knows, consistently create problems that a measured response would have avoided.
Step 3: Gather relevant records. Pull together the documentation that relates to the specific period and area under review. Organise it chronologically and review it before you send anything.
Step 4: Look for inconsistencies yourself. Before responding, review the records to identify whether there are any discrepancies that HMRC might find. Discovering a problem yourself, before HMRC raises it, almost always produces a better outcome than waiting for them to find it.
Step 5: Create a response timeline. HMRC’s deadlines are not flexible. Missing one signals disorganisation at best and non-cooperation at worst both of which give HMRC reasons to look harder.
Step 6: Decide whether you need specialist support. For a straightforward, single-issue compliance check with clean records, a prepared business owner can often manage the process adequately. For anything more complex, the equation changes.
Hidden Errors HMRC Frequently Finds
Compliance checks often surface problems the business owner was not aware of not because of dishonesty, but because of misunderstanding or poor process.
Incorrect expense claims are the most common. Personal expenses coded as business costs, a family dinner claimed as a client meeting, home utility bills put through the company are visible to HMRC through lifestyle data and frequently appear in compliance checks. Director loan accounts are another consistent finding: amounts drawn without correct documentation, without interest charged where required, or without repayment arrangements that would satisfy HMRC’s requirements.
VAT calculation errors on mixed-supply businesses catch many firms off guard. A business selling both standard-rated and exempt supplies that applies the wrong apportionment methodology may have been filing incorrect returns for years without realising it. CIS deductions the Construction Industry Scheme generate frequent compliance issues around contractor versus subcontractor classification and the correct deduction rates applied.
Poor supporting documentation is the thread connecting most of these. A figure on a tax return without a receipt, invoice, or contract to support it is not a figure HMRC has to accept.
How to Reduce the Risk of HMRC Scrutiny?
Prevention is considerably less expensive than response. Several practical steps reduce the likelihood of compliance contact and, if contact does happen, put the business in the strongest possible position.
Reconcile accounts regularly monthly at minimum. Discrepancies identified and corrected during the year are far less damaging than ones that accumulate unnoticed into a pattern HMRC finds in a compliance review. Maintain VAT accuracy by reviewing each return before submission rather than treating it as a mechanical process. Keeping business and personal finances strictly separate is a common area of failure for sole traders and owner-managed companies alike.
Retain supporting documentation for every material transaction. HMRC expects records to be kept for at least six years for companies and five for individuals. An internal compliance review conducted annually comparing filed figures against underlying records identifies issues while correction is still straightforward.
File returns on time, every time. Repeated late filing creates a compliance profile that attracts attention, and the penalties accumulate faster than most businesses expect.
The Mistakes That Make Compliance Checks Worse
Several behaviours consistently escalate what could have been a routine, resolvable check into something considerably more serious.
Ignoring HMRC correspondence is the worst. HMRC does not interpret silence as an answer.it interprets it as non-cooperation, which gives the authority grounds to use more formal powers. Missing a response deadline can convert a compliance check into a formal investigation with significantly expanded scope.
Sending information without reviewing it first is a close second. Documents that contradict each other, or that raise new questions HMRC was not previously asking, extend the timeline and expand the scope of review.
Guessing figures rather than verifying them creates inconsistencies in the record that are harder to explain as the process develops. Assuming small errors do not matter is a version of the same mistake HMRC’s systems are designed to detect patterns, and small consistent errors often indicate a systematic problem rather than an isolated one.
Waiting too long to seek advice is a pattern that experienced practitioners see repeatedly. By the time a business owner realises the compliance check has become something more serious, some options that were available earlier have already closed.
What Happens During an HMRC Compliance Check?
The process follows a broadly consistent structure. Initial contact arrives by letter, identifying the area under review and requesting specific information within a defined timeframe. An information-gathering stage follows, during which HMRC reviews what has been provided and may ask follow-up questions. In some cases, HMRC requests a site visit to inspect records directly; these are not mandatory to accept without prior agreement, and the scope of any visit should be clarified before it takes place.
A resolution stage eventually arrives, resulting either in HMRC confirming that the matter is closed, issuing an assessment for additional tax, or in more serious cases escalating to a formal investigation. Throughout the process, the quality and speed of responses directly influences the timeline and, often, the outcome.
What HMRC Can and Cannot Do?
HMRC has significant powers, but they are not unlimited. It can request documents and records, require answers to written questions, conduct inspections, and in certain circumstances access bank account information. What it cannot do is demand information outside the scope of the inquiry, ignore a valid appeal, or bypass the legal procedures that govern its investigative powers.
Your rights during a compliance check include the right to professional representation at every stage, the right to challenge HMRC’s findings through an internal review process, and the right to appeal to the First-tier Tax Tribunal if internal resolution fails. Those rights are real and exercisable using them is not confrontational, it is appropriate.
Compliance Check Risk Assessment
| Situation | Risk Level |
| Complete, organised records | Low |
| Minor discrepancies with explanation | Low–Medium |
| Missing documentation for some transactions | Medium |
| VAT inconsistencies across periods | High |
| Unexplained income or transactions | High |
| Multiple filing errors over several years | High |
When Professional Support Becomes Valuable?
Most compliance checks are manageable for businesses with clean records and a clear understanding of what HMRC is asking. The situation changes when the review covers multiple years, when significant tax is potentially at stake, when the business operates in a sector HMRC targets specifically, or when an initial compliance check begins to look like it is heading toward something more formal.
Engaging experienced tax investigation advisors at that point rather than after the situation has developed further provides structured communication management, evidence preparation, penalty mitigation where applicable, and representation through any appeal process. The practical value of that support, measured in reduced penalties and shorter timelines, typically substantially exceeds its cost.
Frequently Asked Questions
My business always files on time and pays correctly. Why would HMRC still select me?
Because selection is not always about suspicion. HMRC cross-references data from banks, digital platforms, and third-party sources against your returns. A mismatch even caused by timing differences can trigger a check regardless of your compliance history. Sector campaigns are another route: if HMRC targets a particular industry, businesses within it may be reviewed simply because of their sector classification.
How long should a business retain financial records in case HMRC requests them?
Companies must keep records for at least six years from the end of the relevant accounting period. Sole traders need at least five years after the 31 January filing deadline for the relevant tax year. Digital records are acceptable and often easier to retrieve than paper. The key principle: if HMRC asks for documentation and you cannot produce it, the burden of proof shifts significantly against you.
Can HMRC visit my business premises, and do I have to allow it?
HMRC has the power to conduct visits, but most compliance checks involve written correspondence rather than physical inspections. Where a visit is proposed, you have the right to agree a suitable time, have a representative present, and clarify the scope beforehand. Accepting a visit without establishing those terms in advance is one of the more common mistakes businesses make.
If an error is discovered during a compliance check, should I disclose it or wait for HMRC to find it?
Disclose it. HMRC’s penalty framework explicitly distinguishes between voluntarily disclosed errors and those it discovers independently; penalties for proactive disclosure are considerably lower. Waiting to see whether HMRC finds the error, and then addressing it defensively, typically results in higher penalties and a longer process.
My accountant prepared the returns under review. Does that shift responsibility away from my business?
No. Legal responsibility sits with the taxpayer who submitted the return, not the preparer. That said, relying on a qualified professional in good faith may influence how HMRC categorises the error innocent versus careless which directly affects the penalty level. Any negligence claim against your accountant is entirely separate from your obligations to HMRC.
Conclusion
An HMRC compliance check is manageable when handled properly. Good records create confidence, early action prevents complications, and understanding your rights means you engage with the process rather than being overwhelmed by it.
Lanop Business and Tax Advisors works with UK businesses at every stage reviewing records before HMRC makes contact, managing correspondence, preparing evidence, and representing clients through enquiries and appeals.
Having the right support early rather than late consistently produces better outcomes. Lanop Business and Tax Advisors is here to protect your business before the problem develops, not after.