What Is Joint and Several Liability for Recruitment Agencies?

There is a letter HMRC sends to recruitment agencies. It is not a long letter. It does not take long to read. But the number on it tends to be large, and the line explaining why the agency owes it — rather than the umbrella company that actually failed to pay the tax — is the line that tends to generate the phone call to a compliance advisor.

By that point, the options have narrowed considerably.

Joint and Several Liability — JSL — is a HMRC provision that allows HMRC to recover unpaid PAYE and National Insurance directly from a recruitment agency when the umbrella company it uses has failed to remit those taxes. It was introduced under the Finance Act 2024 and it means exactly what it says: the liability is joint, and it is several. HMRC can pursue either party. They will pursue the one more likely to pay.

That is often the agency.

How JSL Actually Works

The mechanic is straightforward, which is part of why it is so difficult to argue against.

An agency places temporary workers. Rather than employing those workers directly on its own payroll, it engages an umbrella company. The workers are employed by the umbrella. The umbrella invoices the agency. The agency pays the umbrella. The umbrella — in theory — pays the workers their net salary and remits PAYE and National Insurance to HMRC on their behalf.

In theory.

When the umbrella company fails to remit — through insolvency, fraud, deliberate avoidance, or simple mismanagement — HMRC's position is that the employment taxes are still owed. They were always owed. The umbrella's failure to pay them does not cancel the liability. It simply transfers it.

Under JSL, HMRC issues a notice to the agency. The notice specifies the amount. The agency has a limited window to appeal. The grounds for appeal are narrow. "We had a contract with the umbrella that said they'd pay it" is not a ground for appeal. "We didn't know the umbrella wasn't compliant" is rarely sufficient on its own.

The protection is not the contract. The protection is the audit trail.

The Due Diligence Question

Every agency should be able to answer the following questions about every umbrella company they use, today, with documentation to support the answer.

Is the umbrella on HMRC's published list of umbrella companies? HMRC maintains this list. Presence on the list does not guarantee compliance, but absence from it is a significant red flag.

Is the umbrella accredited by a recognised independent scheme? The Freelancer and Contractor Services Association (FCSA) and Professional Passport both operate accreditation schemes with compliance requirements. Accreditation is not a legal protection but it is evidence of due diligence.

Has the agency requested — and received — evidence of PAYE and NI remittance for the periods during which workers were placed? Not just a general assurance of compliance. Actual evidence. A sample of remittance reports, HMRC payment confirmations, BACS records.

When was this last reviewed? Onboarding due diligence done three years ago and not revisited is not due diligence. It is a historical record of a process that has since become irrelevant. The umbrella market has changed significantly. Compliance standards have tightened. Some umbrellas that were operating acceptably in 2021 are not operating acceptably in 2026.

The answer to most of these questions, for most agencies, is either incomplete or uncomfortable.

The Market That Created the Problem

The umbrella company sector in the UK is not regulated in the way that, say, financial services firms are regulated. Entry barriers are low. Exit is easy. The space attracted a significant number of operators whose business model was built around keeping worker net pay artificially high by misrepresenting tax liabilities — mini umbrella schemes, loan-based arrangements, disguised remuneration structures — that HMRC has spent years unwinding.

The effect for agencies: the umbrella market contains a meaningful number of operators whose compliance is either inadequate or deliberately structured to avoid it, and agencies that placed workers through them are now within scope of the recovery action HMRC has been running systematically.

The agencies that are best protected are the ones who, several years ago, did the due diligence work and built the documentation. The ones being pursued are the ones who selected umbrellas on price, or took a recommendation from a contractor, or inherited a supply chain arrangement and never reviewed it.

The lesson is obvious. The timing of implementing it varies.

What the Audit Trail Needs to Contain

An agency that can demonstrate adequate due diligence has a defensible position against a JSL notice. An agency that cannot demonstrate it does not.

The documentation that supports a defensible position:

Records of how each umbrella company was selected, including what compliance checks were done at the point of onboarding. The date of those checks matters — HMRC can determine whether an agency knew or should have known about compliance failures.

Annual renewal reviews, documented with evidence obtained from the umbrella at each review. Not an email saying "we're fully compliant" — actual evidence.

Records of any issues raised, any queries made, any responses received. If the agency identified a problem and took action, that action needs to be documented. If the agency identified a problem and did nothing, that is also documented — but it is not the documentation you want.

The workers placed through each umbrella, the periods they worked, and the payments made. In a JSL recovery action, HMRC will cross-reference these against the umbrella's PAYE records. The agency's own records need to support that cross-referencing.

The Operational Dimension

For agencies running a significant temp desk — placing dozens or hundreds of workers through multiple umbrellas across multiple clients — the administrative overhead of maintaining this audit trail is not trivial. It requires a process, not just a policy.

The process looks like this: umbrella onboarding checklist with compliance verification steps, annual review calendar with evidence collection requirements, records stored in a format that can be retrieved quickly if HMRC requests it, and a nominated person within the agency responsible for the compliance review.

That person needs to understand what they are looking for. A generic "compliance tick" against a list of questions is not the same as evidence-based due diligence. HMRC's compliance teams understand the difference.

bookd. works with recruitment agencies on the payroll compliance dimension of JSL exposure — documenting the compliance chain, reviewing umbrella arrangements, and managing the PAYE obligations for agencies that want to bring part of their worker payroll in-house.

If your temp desk has grown and your umbrella due diligence has not been reviewed since onboarding — the JSL provisions are not a future risk. They are a current exposure. The time to build the audit trail is before HMRC asks for it.