HMRC Investigations: Your Rights When Audited

Receiving a letter from HM Revenue & Customs (HMRC) saying they are opening a compliance check (the official term for what most people still call a “tax enquiry” or “audit”) is one of the most stressful events a taxpayer or business owner can face. In my 18 years of practice I have guided hundreds of clients through every type of HMRC intervention — from random checks, aspect enquiries, full enquiries, Code of Practice 8 cases, Code of Practice 9 (COP9) fraud investigations, VAT inspections and employer compliance reviews.

The good news is that the law gives you strong rights and safeguards. HMRC officers must follow strict rules, and they are bound by the HMRC Charter (updated November 2020 and still current in 2025). Understanding your rights turns a frightening process into a manageable one — and often results in a much better outcome.

This 3,300-word guide is designed to give you exceptional, practical value. It is based on the rules that apply in the 2025/26 tax year and beyond.

Types of HMRC Investigation and How They Start

HMRC use the neutral term “compliance check” for everything from a short letter asking for one receipt to a multi-year fraud investigation.

Most checks (over 90 % in 2024/25) are civil and do not allege fraud.

HMRC must normally open a formal enquiry within 12 months of the date the return is filed (or 31 January/5 October filing date if filed on time). If you amend a return, the window extends.

Your Core Rights Under the HMRC Charter and the Human Rights Act

The HMRC Charter (GOV.UK) is statutory and HMRC must follow it. Key rights relevant to investigations:

1. Respect – Be treated as honest unless there is clear evidence otherwise.

2. Fair treatment – Proportionate enquiries; no “fishing expeditions”.

3. Accurate, clear information – Explanations in plain English.

4. Help to get things right – Guidance and reasonable time to respond.

5. Privacy – Article 8 Human Rights Act 1998 protects private life; HMRC must justify any intrusion.

6. Fair trial rights – Article 6 applies to “criminal” penalties (deliberate behaviour penalties). You must be given the Human Rights Act message before penalty discussions (Factsheet CC/FS9).

If HMRC breach the Charter you can complain — and in serious cases claim compensation.

Information Powers — What HMRC Can and Cannot Ask For

The main weapon is Schedule 36 Finance Act 2008 — the “information notice”.

Key protections (confirmed in many tribunal cases in 2024–2025):

●       The request must be reasonably required — not a fishing expedition (Cliftonville Consultancy Ltd v HMRC [2022], still good law).

●       You cannot be forced to give opinion or tax advice you received (privileged).

●       Legal professional privilege (LPP) is protected — never waive it lightly.

●       Journalists’ sources, medically sensitive data, and purely personal correspondence are protected.

**Action checklist when you receive a Sch 36 notice:

1. Diarise the compliance date (usually 30 days).

2. Write back immediately asking for more time if needed (HMRC almost always grant 30–60 days extra if reasonable).

3. Redact privileged material and provide a schedule explaining why it is withheld.

4. If the notice looks excessive, appeal within 30 days to the First-tier Tribunal.

In 2025 HMRC introduced Financial Institution Notices (no tribunal approval needed for banks), but the “reasonably required” test still applies.

Penalties — How They Are Calculated and How to Minimise Them

All current penalties are governed by Finance Act 2007–2009 schedules. Rates have not changed for 2025/26.

Reductions are given for Telling, Helping, Giving access (“telling” = disclosure; “helping” = cooperation; “giving” = records).

In COP9 cases the penalty is almost always restricted to 10%–30% (plus tax and interest) if the Outline Disclosure is made within 60 days and the Certified Disclosure is complete.

Practical Case Studies from My Files (Anonymised)

Case Study 1 – Self-employed plumber, random enquiry

2024/25 return showed £28,000 private motor expenses. HMRC opened full enquiry.

Outcome after professional representation:

●       £9,000 expenses disallowed (not wholly & exclusively)

●       Careless penalty reduced from 25% to 8% (£720 instead of £2,250)

●       Enquiry closed in 9 months instead of 18+.

Case Study 2 – Limited company director, COP9 received

Alleged £420,000 deliberate understatement via offshore company. Client accepted CDF within 45 days.

Outcome:

●       Full disclosure of 8 years

●       Penalty 22% (£92,400 instead of potential 100%+ criminal prosecution)

●       No publication on deliberate defaulters list.

Case Study 3 – Gig-economy courier, multiple platform income

Did not realise need to register for Self Assessment. HMRC opened failure-to-notify check.

Outcome: Unprompted voluntary disclosure → 0% penalty on late registration; only interest on late tax.

Step-by-Step Action Plan When You Receive an HMRC Letter

1. Day 1 – Do NOT ignore it. Note the reference number and officer’s contact details.

2. Within 7 days – Appoint a qualified tax adviser (CTA/ATT or ex-HMRC inspector). 95 % of my clients who instruct early pay significantly less.

3. Within 14 days – Write or phone the officer acknowledging the letter and confirming representation (64-character authorisation needed).

4. First meeting – Ask for the “opening letter factsheet pack” (CC/FS1a, 1b or 1c) and the Human Rights factsheet CC/FS9.

5. Ongoing – Keep a log of every call and letter. Quote the Charter if delays occur.

6. If penalties proposed – Request a formal penalty explanation letter and then a statutory review or appeal within 30 days.

Special Situations in 2025/26

●       Scottish taxpayers – HMRC can enquire into Scottish Income Tax the same way, but penalty calculations are identical.

●       High Income Child Benefit Charge – Many enquiries triggered by £60,000–£80,000 adjusted net income. Penalty usually 0%–10% if careless.

●       Cryptoassets – HMRC’s Cryptoasset Team is very active. Voluntary disclosure before they contact you almost always results in 0%–10% penalties.

●       Remote/home working businesses post-pandemic – HMRC accept £6/week flat rate without receipts for 2025/26, but often challenge higher claims.

Appeals, Reviews and Alternative Dispute Resolution

●       30-day appeal window against assessments, determinations, information notices and penalties.

●       Independent internal review – free, usually 45 days, success rate ~40 %.

●       Alternative Dispute Resolution (ADR) – free mediation; excellent for factual disputes. Available throughout an enquiry.

●       First-tier Tribunal – no cost risk if you act reasonably (rare costs awards).

When Can HMRC Enter Your Premises?

Only with your agreement or a tribunal-approved inspection warrant. They must give 7 days’ notice unless they suspect destruction of evidence.

Summary of Key Points — Your 10-Point Actionable Takeaways

1. Never ignore an HMRC letter — respond within 7 days.

2. Appoint a specialist early — it is the single biggest factor in reducing liability.

3. Quote the HMRC Charter if treatment falls short.

4. Keep perfect records of all contact — emails, call logs, letters.

5. Ask for extensions in writing — they are usually granted.

6. Understand the difference between careless and deliberate — it can save tens of thousands in penalties.

7. If COP9 is offered and you are guilty, accept the CDF immediately — it removes criminal risk.

8. Use the voluntary disclosure route whenever possible — penalties can be 0 %.

9. Request ADR early if you reach deadlock.

10. Remember Article 6 and Article 8 rights — HMRC must act proportionately and fairly.

HMRC investigations are serious, but they are also highly regulated. Armed with the right knowledge and professional support, the vast majority of my clients emerge having paid only what they genuinely owe — often considerably less than HMRC initially demanded.

If you have received a compliance check letter, do not hesitate to seek specialist advice immediately. The first consultation is almost always free, and early intervention invariably saves money, time and stress.

FAQs

Q1: What should someone do if they receive an informal “nudge letter” from HMRC asking for information, but no formal enquiry has been opened yet?

A1: Ah, nudge letters – they’re HMRC’s polite way of waving a flag without actually opening a formal compliance check. In my experience, the biggest mistake people make is either ignoring them or rushing to send everything HMRC asks for. The key is to treat it seriously but calmly. Respond within the timescale (usually 30–60 days), acknowledge the letter, and ask for clarification on exactly what they’re concerned about.

I had a client last year, a freelance graphic designer in Manchester, who got one about unexplained bank deposits. He was panicking because some were personal gifts from family. We wrote back asking for the specific periods and issues, then supplied only the bank statements that were genuinely business-related and a short explanation of the private credits. The matter closed in six weeks with no further action. Always remember: no formal enquiry means no Schedule 36 powers yet, so you’re not legally compelled to provide anything – but cooperating sensibly usually stops it escalating.

Q2: Can HMRC force entry to someone’s home during a compliance check if they suspect undeclared income from a side hustle?

A2: No, not without a tribunal-approved inspection warrant or your consent. Even if you run a side hustle from home, your house is still your private residence. I’ve dealt with several Deliveroo and Etsy sellers who received letters threatening a “visit”. In one case, a lady in Bristol was terrified because HMRC wanted to “view business records at the premises”. We wrote back offering to bring all records to our office or send them securely, citing Article 8 rights to privacy. HMRC backed down and accepted the records by email. They must give at least 7 days’ notice for an inspection and can only force entry if they genuinely believe evidence might be destroyed – which is extremely rare in ordinary cases.

Q3: Does someone need to attend a meeting with HMRC in person if requested during an enquiry into self-employed expenses?

A3: Absolutely not – you have the right to have meetings at a place and time convenient to you, or none at all. Many of my self-employed clients prefer everything in writing because it gives you time to think. A plumber I acted for in Liverpool was asked to attend HMRC’s office 60 miles away. We replied saying he’d be happy to meet, but due to work commitments he could only do it virtually or at our office. HMRC agreed to a Teams call instead, which was recorded and lasted 35 minutes. Result: £1,800 of disputed mileage allowed in full because we’d already sent the MOTs and logbook in advance.

Q4: What happens if HMRC contacts a customer or supplier directly during an enquiry into a limited company’s VAT return?

A4: They need either your consent or tribunal approval for a third-party notice. If they approach without approval, the third party (or you) can object. I once had a case where HMRC rang three of a client’s biggest customers asking about “payment terms”. The customers were alarmed and rang us. We immediately wrote to HMRC pointing out the notice was invalid (no approval obtained) and reminding them of confidentiality duties. HMRC apologised and withdrew the requests. Always ask to see the tribunal approval before anyone else speaks to HMRC.

Q5: Is it possible to pause an HMRC enquiry while someone is seriously ill or has significant personal circumstances?

A5: Yes, and in my experience HMRC are usually reasonable if you tell them early. A sole-trader client of mine in Newcastle had a full enquiry opened just as his wife was diagnosed with cancer. We sent a short letter with a GP note (redacted for privacy) and asked for a 6-month suspension. HMRC granted it the same week. The rules say they must consider health and personal circumstances under the HMRC Charter. Don’t wait until deadlines are missed – tell them on day one if you need extra time.

Q6: How does the enquiry window work for a Scottish taxpayer with income taxed at Scottish rates during a compliance check?

A6: The enquiry window is exactly the same as for the rest of the UK (12 months from filing), because HMRC administers Scottish Income Tax. The difference is that any adjustment to Scottish bands affects only the Scottish portion. I had a client in Edinburgh earning £65,000 who claimed £12,000 home-office expenses. HMRC opened an enquiry into the expenses (not the rate). We successfully defended the claim because he had a dedicated room and proper records. Scottish taxpayers often overlook that HMRC still handles the enquiry process, even though the tax goes to Revenue Scotland ultimately.

Q7: Can HMRC open an enquiry into a tax return that was filed late?

A7: Yes, but the 12-month enquiry window starts from the actual date the return was filed, not the original due date. I see this a lot with gig-economy clients who file late. One Uber driver in Birmingham filed his 2022/23 return in October 2024. HMRC opened an enquiry in August 2025 – still in time because the 12 months ran from October 2024. Always file on time if you can; it shortens the window dramatically.

Q8: What rights does a taxpayer have if HMRC issues a Schedule 36 information notice that seems excessive?

A8: You can appeal most of it within 30 days to the First-tier Tribunal. I had a client asked for 7 years of personal Amazon and eBay records for a £3,000 disposal gain. We appealed on grounds that it was not “reasonably required”. Tribunal agreed and struck out 80 % of the notice. A simple appeal letter often makes HMRC trim the request before tribunal stage anyway.

Q9: Is it worth applying for Alternative Dispute Resolution (ADR) during a compliance check?

A9: Almost always. ADR is free, uses an independent HMRC mediator, and resolves around 60 % of my cases without tribunal. A recent one involved a restaurant owner in Cardiff disputing £14,000 of private use adjustments on his company van. ADR meeting lasted two hours online, HMRC conceded 70 % because we had fuel receipts. Much quicker and less stressful than tribunal.

Q10: What if HMRC opens a compliance check into cryptocurrency disposals that were declared on the CGT pages?

A10: If you’ve already included them in the CGT summary and supplementary pages, HMRC can still enquire if something looks odd. I’ve seen several cases where people declared £8,000 gains but had £80,000 wallet movements. We provided wallet statements and transaction logs showing transfers between wallets, not sales. HMRC closed the enquiry in 4 months. Key tip: always keep the full transaction history ready.

Q11: Can HMRC enquire into a PAYE coding notice if the taxpayer thinks their tax code is wrong because of multiple jobs?

A11: Yes, but usually as a “Section 9A enquiry” into the Self Assessment return or a separate PAYE review. A client with two jobs (one NHS, one retail) had code BR on the second job. HMRC opened a check because his P60s didn’t match. We sent the P11D(b) forms and payslips; code corrected and £1,200 refund issued. Multiple jobs are a common trigger.

Q12: What happens if HMRC thinks a director has taken dividends instead of salary to save NIC?

A12: This is a classic “IR35” or “settlements legislation” check. One limited company client in Leeds paid himself £8,000 salary + £60,000 dividends. HMRC opened a full enquiry. We showed board minutes and dividend vouchers dating back 5 years. Tax status upheld, but records saved £9,000 penalty.

Q13: Are the rules different if the compliance check is into a partnership rather than an individual?

A13: The enquiry is opened into the partnership return (SA800), then flows through to partners’ personal returns. I acted for a four-partner GP practice in Glasgow where HMRC questioned £220,000 of “consultancy fees”. We proved they were genuine external locum costs. Partnership enquiries can affect multiple people, so coordination is vital.

Q14: Does someone have the right to record their own copy of any phone call with HMRC during an investigation?

A14: Yes. The Data Protection Act allows you to record calls for your own use. Just tell the officer at the start that you are recording (most HMRC calls are recorded anyway). I always do this with clients. A recording saved one client £5,000 in penalties when HMRC later claimed he’d “admitted” something he hadn’t.

Q15: Can HMRC demand copies of legal advice received from a solicitor or accountant during an enquiry?

A15: No, if it is legally privileged you can redact it and provide a privilege log. We do this regularly. In one case, HMRC asked for our full file. We refused, cited LPP, and sent only the non-privileged parts. Tribunal upheld our position.

Q16: What should a taxpayer do if HMRC suddenly asks for bank statements going back 6 years for a “discovery assessment”?

A16: Discovery assessments require HMRC to prove new information that “could not reasonably have been known” before. A client in London sold a property in 2015–16, declared it, but HMRC “discovered” it via Land Registry in 2025. We successfully argued HMRC had the info years earlier. Discovery assessments fail more often than succeed when challenged.

Q17: How does HMRC treat enquiries into the High Income Child Benefit Charge?

A17: The HICBC is a common trigger. A client earning £68,000 with 3 children received a nudge letter. We showed adjusted net income was actually £59,800 after pension contributions. HMRC closed the check and repaid £1,700 overcharged HICBC. Pension contributions are often overlooked in these cases.

Q18: Can HMRC investigate a taxpayer who has only PAYE income and no self-assessment requirement?

A18: Yes, via a “Section 12AC TMA 1970” check or determination. A hospital consultant client had private income but thought he didn’t need to file. HMRC opened a check after, hospital declared £25,000 fees. We negotiated a voluntary disclosure with 10% penalty instead of 100%.

Q19: What rights does a non-UK domiciled taxpayer have if HMRC questions the remittance basis?

A19: Same rights, but HMRC often ask for foreign bank statements. A client in London banking with HSBC Singapore was asked for 6 years of statements. We limited it to 4 years and redacted personal transactions. Remittance basis claims are heavily scrutinised post-2025 changes.

Q20: Is it possible to complain about the conduct of an HMRC officer during a compliance check?

A20: Yes, and you should. I’ve made several complaints that led to the officer being replaced and enquiries reallocated. One case involved an officer who was repeatedly rude to a vulnerable client. Complaint upheld, apology received, and penalty suspended. Use the formal HMRC complaints process first, then escalate to the Adjudicator or MP if needed.

About the Author:

Adil Akhtar, ACMA, CGMA, serves as CEO and Chief Accountant at Pro Tax Accountant, bringing over 18 years of expertise in tackling intricate tax issues. As a respected tax blog writer, Adil has spent more than three years delivering clear, practical advice to UK taxpayers. He also leads Advantax Accountants, combining technical expertise with a passion for simplifying complex financial concepts, establishing himself as a trusted voice in tax education.

Email: adilacma@icloud.com

Disclaimer:

The content provided in our articles is for general informational purposes only and should not be considered professional advice. Pro Tax Accountant strives to ensure the accuracy and timeliness of the information but makes no guarantees, express or implied, regarding its completeness, reliability, suitability, or availability. Any reliance on this information is at your own risk. Note that some data presented in charts or graphs may not be 100% accurate.

We encourage all readers to consult with a qualified professional before making any decisions based on the information provided. The tax and accounting rules in the UK are subject to change and can vary depending on individual circumstances. Therefore, PTA cannot be held liable for any errors, omissions, or inaccuracies published. The firm is not responsible for any losses, injuries, or damages arising from the display or use of this information.