Payroll legislation is constantly changing and keeping fully up to date can be challenging. Our payroll senior manager, Eve Iunco, will present a comprehensive update and will guide you through all the recent legislative changes and those that will be coming up in the near future. She will also draw your attention to common problems and pitfalls that clients regularly need help and advice with.
This year, we will also be including a presentation from our Head of Cyber Security, Richard Wilding, who will provide an update on the latest ways to protect your business from cybercrime. This concise briefing will update you on the latest cyber scam trends and show you how you can act to protect your payroll and business data.
Topics covered will include:
Payroll update
•Legislation changes - recent and to come
•New student loan - postgraduate
•Payslip changes
•Right to work - potential risks
•General update
Cyber security briefing
•Current risks and threats
•ID theft
•CV/Employee history fraud
•GDPR
4. PAYROLL UPDATE
• Tax allowances and threshold changes
• National Insurance threshold and rates
• Employment Allowance
• Apprentice levy threshold and rates
• Statutory Payments
• New Student loan & Threshold changes
• Childcare vouchers under TUPE
• Payslip Changes
• Work Place Pensions– Rate changes & Proposed changes
• Re-enrolment/ Re-Declaration of compliance
• Right to Work – Checks & potential Risks
6. TAX CODES
• Employer Actions 2019/20 Year Start
• Drop W1/M1 codes
• L suffix codes + 65 points
• M suffix codes + 72 points (Recipient)
• N suffix codes + 59 points (Transferor)
• Apply any P9 code notifications
Check all prefix “S” coding notices!
Check all prefix “C” coding notices!
7. SCOTTISH INCOME TAX
Scottish taxpayers have five rates of tax -
Personal Allowance £12,500
* Assumes individuals are in receipt of the Standard UK Personal Allowance.
** Those earning over £100,000 will see their personal allowance reduced by £1 for every £2 earned over £100,000.
Starter Rate
@ 19%
Basic Rate
@ 20%
Intermediate
@ 21%
Higher Rate
@ 41%
Top Rate**
@ 46%
Thresholds £12,500* -
£14,549
£14,549 -
£24,944
£24,944 -
£43,430
£43,430-
£150,000
£150,001
and above
Bands £2,049 £10,395 £18,486 £106,570
10. EMPLOYMENT ALLOWANCE
Remains at £3,000. The allowance will reduce your employers’ secondary Class 1
National Insurance until the £3,000 has gone or the tax year ends (whichever is sooner).
Reminder - You can’t claim if:
• you’re the director and the only employee paid above the Secondary Threshold
• you employ someone for personal, household or domestic work (like a nanny or
gardener) - unless they’re a care or support worker
• you’re a public body or business doing more than half your work in the public sector
(such as local councils and NHS services) - unless you’re a charity
• you’re a service company working under ‘IR35 rules’ and your only income is the
earnings of the intermediary (such as your personal service company, limited company
or partnership)
11. APPRENTICESHIP LEVY
For employers with a ‘paybill’ in excess of £3 million per year
• Levy allowance of £15,000
• Allowance can be shared amongst a group of companies
• Charged at a rate of 0.5% on earnings that attract Class 1 secondary NICs
• Reports via the EPS
Your pay bill will be based on: The total amount of earnings subject to Class 1 secondary NICs.
Although earnings below the secondary threshold are not counted when calculating an employer’s
NICs, they will be included for the purposes of calculating the amount of levy the employer needs to
pay.
Earnings include: Any remuneration or profit coming from employment, such as wages, bonuses,
commissions, and pension contributions that you pay NICs on. Not included in the levy charge are
other payments such as benefits in kind, subject to Class 1A NICs.
12. STATUTORY PAYMENTS
National Minimum Wage – April 2019
• Apprentices – £3.90
• Under 18 - £4.35
• 18 to 20 - £6.15
• 21 to 24 - £7.70
• 25 and over (National Living Wage) - £8.21
• Accommodation offset - £7.55
• Voluntary Living Wage (Nov 18) - £9.00
• London Living Wage(Nov 18) - £10.55
14. STATUTORY PAYMENTS
Student Loans
• Plan 1
• Threshold £18,935 – 9%
• Plan 2
• Threshold £25,725 – 9%
• New from April 2019 - PGL (Postgraduate Loan)
• Threshold £21,000 – 6%
Only to be applied with a PGL1 notice issued by HMRC. The PGL will not appear on a P45 and there is no
need to include it as a question on the New Employee Starter Declaration.
Note: A PGL can be run concurrently with either Plan 1 or 2
Plan 1 – The default option where it is not clear which type of deductions to operate.
Effective April 2021 – Possibly ‘Plan 4’!
15. STATUTORY PAYMENTS – MATERNITY & PATERNITY
Rates effective from week starting
on or after Sunday 01 April 2018 07 April 2019
Earnings Threshold (LEL) £116 £118
SMP/SAP weekly rate for first 6
weeks
90% of AWE 90% of AWE
SMP / SAP weekly rate for up to next
33 weeks
SPP / Shpp weekly rate
Lower of 90% of AWE or
£145.18
Lower of 90% of AWE or
£148.68
SMP, SAP, SPP and ShPP optional
daily rates
£20.74 £21.24
Percentage of amount recoverable 92% 92%
Percentage of payment recoverable
(Small Employer’s Relief)
100% 100%
NI Compensation recoverable under
Small Employer’s Relief
3% 3%
Annual NICs threshold for Small
Employer’s Relief
£45,000 £45,000
16. CHILDCARE VOUCHERS
• No longer available to entrants – October 2018
• Existing scheme members will continue to benefit.
• The current 52-week rule still applies, this allows a
break in the voucher order for up to 52 weeks.
However, if there is no re-order before the 52-week
deadline, they will no longer be classed as an
existing scheme member and eligible to remain in the
Childcare Voucher scheme.
• TUPE regulations – If an employee’s employment
changes under TUPE, they are entitled to join the
scheme of their new employer.
• Tax Free Child Care Scheme – No employer
involvement
17. PAYSLIP CHANGES
• New legislation from April 2019
• Workers entitled to payslips
• Show hours on payslips
• Examples
• Enforcement
18. Earnings Trigger will remain at £10,000
Qualifying earnings thresholds will increase
Contribution rates to increase as of April 2019
WORKPLACE PENSION THRESHOLDS
Threshold 2018/19 2019/20
QEB Lower Limit £6,032 £6,136
QEB Upper Limit £46,350 £50,000
Employer
Minimum
Total Minimum
Staging – 5 April 2018 1% 2%
6 April 2018 – 5 April 2019 2% 5%
6 April 2019 3% 8%
Proposed Changes
• Lowering the age limit to 18 (currently 22)
• Removal of the link to the LEL – Meaning contributions will be
calculated from the first £ earned.
19. RE-ENROLMENT INTO WORKPLACE
PENSION
The basic rules for automatic re-enrolment:
• Employers must select a re-enrolment date – starting no more than 3
months prior and ending no more than 3 months after the original
staging date
• Employers need to complete a re-declaration of compliance - At this
stage TPR needs to be advised of the re-enrolment date
• Employers must automatically re-enrol eligible jobholders.
• Employers must write to re-enroled individuals (no requirement to
write to any worker already in the scheme).
• Employers must complete a re-declaration of compliance no later
that 5 months from the original staging date.
20. STORY TIME
Are you sitting comfortably? Then I’ll begin!
The story of Takenin Ltd
21. RIGHT TO WORK CHECKS
• “Statutory excuse”
• Specific document checks on recruitment
• List A – two documents in some cases
• Annual checks for workers with limited leave
• List B – two documents in some cases.
22. RIGHT TO WORK CHECKS
‘List A’
• List A contains the range of documents which you may accept for a person who
has a permanent right to work in the UK
• If you conduct the right to work checks correctly before employment begins, you
will establish a continuous statutory excuse for the duration of that person’s
employment with you
• You do not have to conduct any further checks.
23. RIGHT TO WORK CHECKS
‘List B’
• List B contains a range of documents which may be accepted for a person who has a
temporary right to work in the UK.
• If you conduct the right to work checks correctly, you will establish a time-limited
statutory excuse
• You will be required to conduct a follow-up check in order to retain your statutory
excuse.
• This will generally be when the permission to be in the UK comes to an end.
24. BREXIT – POSSIBLE IMPLICATIONS FOR
FOREIGN CITIZENS WHO ARE WORKING IN
THE UK
Effects and obligations of the tax and national insurance
implications under the various Brexit scenarios and steps
should be considered to mitigate the effect on the employee
and the employer.
Contact PKF Francis Clark tax advisers:
Scott Campbell
scott.campbell@pkf-francisclark.co.uk
Kayleigh Everson
kayleigh.everson@pkf-francisclark.co.uk
29. THE THREAT IS REAL!
April 2017:
Payday loan
Wonga’s data
breach is believed
to have affected
up to 245,000
customers in the
UK. The firm is
currently
investigating
illegal and
unauthorised
access to the
personal data of
some of its
customers.
Data breach
suffered by
TalkTalk in 2015
lost the company
over 95,000
customers.
TalkTalk was fined
a record £400,000
for their security
failings.
The NCA
estimates that
the cost of cyber
crime to the UK
is billions of
pounds per
annum - and
growing.
Jan 2017 Crime
Survey of England
and Wales identified
5.1 million online
frauds and 2.5
million cyber crimes.
In 2016, the
LinkedIn data
breach was one of
the biggest to have
happened. Over
117 million
usernames and
passwords of
LinkedIn users
were found to be
up for sale by the
hacker that stole
the data.
UK Government has identified CYBER SECURITY as a Tier 1 threat to the UK, alongside Terrorism,
War and Natural Disaster.
30. A LOCAL SNAPSHOT
Avon & Somerset
Cornwall & Devon
Dorset
Wiltshire
Gloucester
Number of reports of Q1 2017
Total loss (£)
724
707
322
354
213
1,043,062
1,137,922
684,180
1,409,605
898,614
31. CYBER CRIME AND SME’S – SOME SHOCKING STATS!
SMEs suffer around
7 million
cybercrimes a year
37%
of SMEs believe they are
too small to be of interest
to cyber attackers
You’re
20 times
more likely to be the victim
of cybercrime than you are
to be mugged
60%
of SME employees use the
exact same password for
everything they access
95%
of security breaches involve
human error
Only
41%
of SMEs have a secure
WiFi router
32. TWO TYPES OF CYBERCRIME
Cyber-dependent Cyber-enabled
Crimes which can only be committed by using
a computer or other form of Information
Communication Technology (ICT) e.g.
hacking, spread of viruses
‘Traditional’ crimes which requires an
internet connection for its success e.g.
fraud, identity theft
33. THE ATTRACTION?
o Present at the crime scene
o One offence at a time
o High risk/low reward
o Local enquiries
o Victim reports to Police
o Not present at the scene
o Multiple offences at the same
times
o Low risk/high rewards
o International enquiries
o Victim reputation
Traditional crime Cyber crime
34. WHAT WE ARE SEEING
REGIONALLY
o Insider threat
o Social engineering - leading to
scams
o Phishing attacks
o CEO spoofing
o Ransomware
o Viruses
o Fraud
o Identity theft
o Revenge porn/sextortion
o DDOS attacks
o Dating/romance fraud
o Bullying
o Pension fraud
o Hacking
o Online extremism/hate crime
o Computer service fraud
o Grooming
o Stalking
35. PHISHING, VISHING & SMISHING
PHISHING is the attempt to obtain sensitive information such as
usernames, passwords and credit card details (and, indirectly, money) by
disguising as a trustworthy entity in an email.
VISHING (voice phishing) scams, callers impersonate legitimate
companies to steal money and personal and financial information.
SMISHING (SMS phishing) uses cell phone text messages to deliver
the bait to induce people to divulge their personal information.
...spot the signs...
A bad day ‘phishing’ beats a good day working!
36.
37. AND IT’S NOT JUST EMAILS…
…not just by SMS…
…phone numbers can be spoofed too!
38. INVOICE REDIRECTION
Spot the fraud:
o Invoice redirection fraud happens when fraudsters identify key
relationships between businesses
o A bogus instruction is created - via email, letter or by
telephone
o You are asked to settle all future invoices to a new sort code
and account number
o Funds are paid straight to the fraudster when the next invoice
is due
o The original debt to the genuine supplier still stands
Fraudsters pose as a supplier or creditor who will
advise you that their bank details have changed.
39. CEO AND SOCIAL ENGINEERING
CEO fraud, also known as ‘whaling’ where
one ‘big fish’ is targeted as opposed to
‘phishing’ which targets multiple people.
Fraudsters purport to be a company
director or CEO - encourage staff to act
under pressure.
Timing is everything!
Education is key - ensure all staff,
regardless of role, know about this
type of fraud.
40. HOW CEO FRAUD IMPACTS YOU
The start The phish The response The damage The result
Attackers see if
they can spoof
your domain and
impersonate the
CEO (or other
important people)
Social engineering
was successful,
giving hackers
access to what
they were after
The fallout after a
successful attack can
be highly damaging for
both the company and
employees
Bad guys often
troll companies
for months to
gather the data
necessary in
pulling off a
successful
attack
Target receives
email and acts
without reflection
or questioning the
source
I better get this
payment to the
new account!
It’s from the CEO
- I’ll take care of
this for him!
Sounds important
- I’ll send these
right away!
Spoofed emails
are sent to high risk
employees in the
organisation
Urgent wire transfer
request! Please send
$100,000 to new acct
#987654-3210
To: Finance department
Please pay this time-
sensitive invoice. I’m on
vacation and will be
unavailable, no need to
respond. – Your CEO
To: CFO
I need a PDF copy of
ALL employee W-2s for
the IRS ASAP!
To: Human Resources
Causing
fraudulent wire
transfers and
massive data
breaches
Resulting damage:
Money is gone forever in
most cases and only
recovered 4% of the time
CEO is fired
CFO is fired
Lawsuits are filed
Intangibles - tarnished
reputation, loss of trust etc.
So...think before you click!
41. RANSOMEWARE
o Ransomware attacks to businesses accounted for
41% of reported cyber crime in 2016.
o Ransomware scams cost the UK £4.5 million per
year.
o The UK was among the top 5 countries affected
by ransomware in 2015.
o Averages ransomware demand in 2015 = £500.
o Average ransomware demand in 2017 = £5000.
42.
43. PROTECT YOURSELF
Do not reply to, or click on links contained in, unsolicited
spam emails from companies or individuals you do not
recognise.
Ensure you have effective and updated
antivirus/antispyware software and firewall running before
you go online.
Don’t pay the extortion demands - there is no guarantee
you will get your files back.
Visit only websites you know to be reputable.
44. TOP THREE CAUSES OF CYBER
ATTACKS
The human factor
• Easy passwords
• Lack of training
• Accidents
Out of date systems
• No regular updates
• Patch installation or
mission-critical applications
Gaps in defences
• No authentication on new devices
• Unsecure WiFi
• Loss of passwords
45. PASSWORDS
o Why they really matter
• Authorisation - are you really allowed to do this?
• Authentication - who are you?
o They can be hacked!
o A password of 15 characters or more would take years to crack
o Use three random words, include a mixture of upper
and lower case letters, numbers and special characters
• e.g. ‘beach bucket spade’ - ‘B3ach&bUck3t+Sp9de’
o Do not use the same password for different accounts
o Consider a password manager
DO NOT GIVE THEM AWAY!
48. TWO TYPES OF CYBERCRIME
Use strong passwords
A strong password is your first defence
against hackers and cyber criminals
Install security software
Security software such as antivirus helps
protect your devices from viruses and
hackers
Download software updates
Software updates contain vital security
upgrades which help keep your devices
secure
49. REPORT IT!
0300 123 2040 actionfraud.police.uk
REPORTING
ANALYSIS
INTELLIGENCE &
INVESTIGATION intelligence helps
catch criminals
intelligence helps
to protect others
80%
of all cyber
crime is
preventable!
51. 01823 275925
Taunton
01803 320100
Torquay
01872 276477
Truro
Francis Clark LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or
inactions on the part of any other individual member firm or firms.
Eve Iunco
PAYROLL SENIOR MANAGER
eve.iunco@pkf-francisclark.co.uk
Richard Wilding
HEAD OF CYBER SECURITY
richard.wilding@pkf-francisclark.co.uk