Role reversal - how HMRC's IT team delivered the systems to allow the UK taxman to hand out money during COVID

Profile picture for user slauchlan By Stuart Lauchlan November 24, 2020 Audio version
Summary:
The UK's tax authority flipped its mission on its head and handed out money to people during the COVID crisis, but that needed a major collaborative effort to get the underlying IT systems in place.

robbery
(Pixabay)

Last week’s report from the Institute for Government (IfG) on the UK government’s digital response to the COVID crisis cited Her Majesty’s Revenue and Customs (HMRC), the country's tax gathering authority, as one of the success stories.

Specifically the IfG praised HMRC’s Coronavirus Job Retention Scheme, designed, built and launched in around four weeks and as of the report’s writing had paid out over £41.4 billion, covering 9.6 million furloughed jobs. 

It’s been a huge reversal of operational norms on the part of HMRC, flipping from demanding and collecting money from citizens to handing out payments instead. As Tim East, CIO, Customer Compliance Group at HMRC, puts it:

In essence, what we normally do through employers is we contact them to draw in tax that they deduct at source [via] Pay As You Earn [PAYE]. It also covers insurance for welfare payments and so on. What we've effectively done through the Job Retention Scheme initiative is to reverse that. So rather than using the Pay As You Earn network of employers to take tax in, we're using it to pay money.

What the scheme allows is for employers to furlough their staff if unproductive and it means that the state effectively pays those employees whilst they aren't working. It gives them the prospect of an income. It's up to 80% of their normal level of income, so it's not full recompense or what they would have earned whilst working, but it keeps them in a state of employment so that when the relevant business is able to open up again, they haven't disappeared and gone on to the unemployment market as they are still on the employers books and they can be re-engaged seamlessly to get the economy going again.

Timely response

At the height of the COVID crisis as national lockdown was imposed and many businesses were forced to shut down for the duration, time was of the essence, he recalls, with enabling IT systems delivered in a matter of weeks. In its own right, that required a change of approach on the part of the HMRC IT teams:

A lot of what we do has used the traditional waterfall approach. With large scale, 18 months or longer projects that's particularly true, where we need to engage with other participants in the tax system, whether that's employers or software houses and so on. So there's normally a lengthy period of consultation that goes on and it does mean that some of the biggest things that we do take a long time to come to get value. We have done our fair share of Agile, particularly around the user experience side of things, but I think it is fair to say that many of our new systems aren't fast to come into effect.

That couldn’t be the case in this crisis:

The whole thing was really done in three to four weeks end-to-end. Before we went live, we did go through a process of a private beta stage to test it out. Some of the key challenges for us were really around aligning the front end purpose of the system, which was to make an easy-to-use system for employers to claim and then to make sure they get their money so they can pay the people on their payroll who are furloughed, with the compliance needed. Like any organization that pays out money, we do see our fair share of attacks, particularly from organized crime. What we wanted to make sure is that we did the best possible job in terms of making sure we got money quickly to employers, but also make sure we protected ourselves against organized crime fraud and other other forms of high value fraud. Those two things aren't necessarily compatible, so you work through where you interrupt the processes. How you orchestrate the IT to do that is no mean feat, but we did do that.

The other big challenge identified by East was around data quality:

Bear in mind that many employers weren't operating from their normal offices. So the people who run the payroll would have been working at home as well as all of our staff who've built these schemes were working at home too. That meant that we were much less strict than we would normally be about things like data schemas. We enabled quite a broad range of different file formats for people to submit data to us. That brings its own challenges in terms of ingestion problems and compatibility problems. Had people really provided what we were asking for?

We already hold a fair amount of data about bad actors. We were able to use that to make sure we know what the indicators are with hijacked accounts. We were also able to use known good data, particularly about bank accounts, to help us work out whether they were a legitimate organization or an illegitimate organization and, if it were illegitimate, to stop it. We also used some of the data we already held about the operation of Pay As You Earn to help with the eligibility criteria and making sure that people were following the rules.

Team work

Successful delivery of systems to support the new scheme required a huge collaborative effort from people who drive policy, the HMRC IT community and third party partners in the tech sector, says East:

The most positive thing that we learned is the need to make sure that it is a collaborative effort and that we make sure we have the right mix in the team across policy, design, IT and all of the different characteristics in IT to make sure it works.

We got a huge amount of value from our business analysts in particular, because they were the ones who really sat down and thought about what the policy intent was, how we wanted to implement it and wrote it down in the form of user and system journeys. That synthesis between user journey and system journey was really important to understand. I can't really emphasize enough how much value came from that approach because it did speed up the whole development and deployment lifecycle.

One of the things that we've seen is that we've had all parties actually on regular calls, daily calls, both during the construction phase and during the run phase where we're focusing on any after the event incidents and problems, ready to get traction and move them through as quickly as possible and get the service working optimally.

The crisis has also advanced thinking inside HMRC on some long-standing questions, says East:

For the last few years, like many organizations, we've gone through, ‘Do we put all of our data or assets in one lake or how do we ingest and then model using data if we don't go through that approach?’. I think what I would draw out here is the establishment of a data engineering, data science profession. We've probably got something like 400 people in HMRC who we would really say are at the forefront of data science and data engineering, We couldn't have done this job without them,  particularly in working through how we target to make sure that we get the help to where it was most needed.

With vaccines in sight and the prospect of a return to some form of normality in the first half of 2021, it can be assumed that HMRC’s more traditional role of money gathering will return to the fore. For East, the purpose of his team is clear, albeit added to by learnings from the crisis response:

Promote good compliance, prevent non-compliance, respond to non-compliance, all of that stands. That's an enduring set of principles that we have in in the way we work and I don't think anything we've done here alters that, just reinforces it. What I think is interesting, and this is quite a narrow IT learning that I think we will be applying, is what we've learned is that with people largely working at home, we found that collaboration has become much more structured between people.

I think the other thing we found is working like we are today through [Microsoft] Teams, we found that's been a great leveller. It's actually meant that we've made everyone productive and where we've had concepts in the past of big workshops with a few people dialling into them and the peoplendialling in feeling disenfranchised, I think that's changed completely as a working methodology. Some of the enduring things will be much more about method, but actually the fundamentals of what we've been trying to do in our compliance mission won't really change.