For a long time, many recruitment agencies viewed umbrella compliance as something sitting slightly outside their immediate control. This was ultimately manageable through supplier agreements, annual reviews and a degree of trust in the providers they partnered with.
In this article, Matt Fryer, Managing Director at Brookson Group, explains why that position has now changed completely.
The recent £1.1 million HMRC penalty issued against an umbrella scheme promoter is not just another headline about tax avoidance. It is part of a much broader escalation in enforcement activity that is rapidly reshaping risk across the recruitment sector.
And for IT recruitment agencies in particular, the timing could not be more significant.
Under the April 2026 umbrella reforms, agencies are now jointly liable for unpaid PAYE and National Insurance linked to umbrella companies operating within their labour supply chain. In simple terms, if something goes wrong further down the chain, recruiters may now find themselves carrying the financial consequences.
That changes the conversation overnight.
The risk landscape has changed
Historically, agencies could take some comfort in the fact that liability often sat elsewhere. There was a sense that if an umbrella provider presented itself professionally, held the right accreditations and completed the usual due diligence checks, the risk was relatively contained.
HMRC’s recent activity suggests those assumptions are no longer safe.
We are now seeing a far more aggressive enforcement approach involving tribunal penalties, Stop Notices and the public naming of scheme promoters connected to non-compliant umbrella arrangements. The message is becoming increasingly clear. HMRC expects agencies to understand exactly how workers in their supply chain are being paid and to take meaningful responsibility for compliance oversight.
For recruiters, that creates a difficult reality. Many existing compliance processes were simply not built for this level of scrutiny and traditional preferred supplier list reviews and annual questionnaires may once have been considered robust enough; today, they look increasingly outdated.
The problem is that non-compliant arrangements are not always obvious. Some providers continue to present themselves as credible, compliant businesses while operating payment models that carry significant long-term tax risk.
Recruiters need much greater visibility
Recruiters now need to move beyond surface-level checks and start asking much harder questions.
How are payments structured? Are deductions fully transparent? Does the payslip genuinely reflect standard PAYE treatment? Are there unusually high take-home pay claims being marketed to contractors?
These are no longer theoretical concerns. They are practical commercial risks that agencies now need to monitor continuously rather than periodically.
This is particularly important within IT recruitment, where contractor supply chains can be fast-moving, fragmented and heavily reliant on umbrella engagement models.
Agencies often place large numbers of contractors across multiple client environments, making visibility and oversight far more challenging.
At the same time, end clients are becoming more cautious themselves.
Large organisations are increasingly scrutinising labour supply chains and asking recruiters for stronger evidence around compliance governance.
No business wants to discover that workers operating within critical programmes or technology projects are linked to arrangements under HMRC investigation.
That client pressure is now feeding directly back into agency operations.
As a result, many recruiters are reassessing not only which umbrella providers they work with but also whether their broader contractor engagement strategies still make sense in the current environment.
We are seeing renewed focus on IR35 assessments, alternative engagement models and more detailed workforce planning discussions designed to reduce exposure where possible. It is worth noting, however, that the risk calculus between IR35 and umbrella has shifted. Since the introduction of the deemed employer offset, the financial exposure associated with IR35 non-compliance has reduced considerably. Umbrella risk, by contrast, has grown.
For agencies that moved to umbrella-only supply chains in direct response to IR35 reform, that tradeoff deserves a fresh look. Banning PSCs may have felt like a prudent move at the time, but it concentrates all contractor engagement through umbrella providers at precisely the moment when umbrella oversight carries the most scrutiny and liability.
Compliance Can No Longer Be Passive
None of this means umbrella companies no longer have a role to play.
Compliant umbrella providers remain an important part of the flexible workforce ecosystem, particularly in sectors like technology, where access to specialist contract talent remains essential; however, agencies can no longer afford to treat umbrella compliance as a delegated responsibility that sits entirely with a third party.
The recruiters adapting most effectively are the ones shifting towards far more active compliance management.
That includes real-time payslip verification, ongoing auditing of supply chain practices and deeper financial due diligence on umbrella partners. Increasingly, agencies want evidence of operational transparency, strong governance controls and genuine financial resilience rather than simply relying on annual certifications or assurances.
Financial stability is becoming especially important as enforcement pressure increases.
The reality is that parts of the umbrella market are likely to come under growing strain as HMRC activity intensifies. Providers operating on weak compliance foundations may struggle to survive in an environment where scrutiny is increasing and liabilities are becoming harder to avoid.
That is already contributing to consolidation across the market as agencies gravitate towards larger, more established providers capable of demonstrating stronger controls and long-term stability.
For recruiters, the risk is no longer purely regulatory. It is commercial and reputational too.
Any association with a non-compliant arrangement can damage trust with contractors and clients alike. In a highly competitive recruitment market, reputational credibility matters enormously.
Agencies cannot afford to be seen as complacent when it comes to workforce compliance.
The cost of waiting is increasing
The challenge is that many firms are still catching up. A significant amount of industry attention over recent years has focused on IR35 reform, while umbrella regulation has evolved more gradually through consultation and policy development. As a result, some agencies delayed reviewing supply chain risk in meaningful detail because the practical implications still felt distant.
Now that the reforms are live and liability has shifted directly onto agencies, the urgency has changed dramatically.
What happens next is unlikely to be temporary. HMRC has made it clear that labour supply chain compliance remains firmly under the spotlight and political pressure surrounding umbrella arrangements continues to build. For IT recruitment agencies, the question is no longer whether enforcement activity will continue. It clearly will.
The real issue is whether agencies are prepared to operate in a market where compliance failures can create immediate financial exposure and lasting reputational damage.
The recruiters who respond proactively now will put themselves in a far stronger position over the next few years. Those who continue to rely on outdated compliance models may find the cost of inaction becomes painfully clear far too late.
Top contractor accountants
- SG Accounting – First 3 months half price (£59.50 per month)
- Bright Ideas Accountancy – 5 stars on Google, from £109 per month
- Clever Accounts – IR35 FLEX. Take on any contract type
- Aardvark Accounting – Complete service from £89 per month
- Integro Accounting – Fixed fee – 6 months half price
We've worked with all of these firms for over 8 years. Always check current pricing and service details before signing up.