All employers that pay using BACS with their own service user number (SUN) have to include a hash in the data they send to HMRC RTI.
But what does this check? It checks no more than the submitter has access to BACS. The hash covers all sorts of data (sort codes, amount, etc) but all HMRC see is the hash and the amount (as confirmed by an FoI request). They check nothing more. They explicitly do not see any bank details!
To pass the HMRC tests, if you don't have a BACS SUN you do nothing, but if you do, all you have to do is make a payment matching HMRCs expectation and create the hash to submit. The payment can be to anyone (even yourself, which is perfectly valid as a BACS payment). The real payments to staff do not have to flag as payroll payments and so do not get seen by HMRC.
So, if you have any issues managing the hash and the payments you can fudge it making payments to yourself. Quite separately you can pay staff which may or may not match what and when HMRC expect. As long as the hash matches the RTI submission is valid.
The HMRC system for RTI makes it a nuisance to make adjustments at the last minute or retrospectively or even to commit some frauds. Well, it would, if the checking was not so trivially thwarted and pointless.
Anyone wanting to play the system for any reason, fraudulent or not, can do so. The only people actually caught out by this are those poor saps trying and failing to meet their requirements. Real fraudsters have no problem as it is simple for them to pass the tests for the hash.
So, how much has this crazy system cost? How much do HMRC pay VOCA? How much has BACS s/w changes cost? Payroll systems changes? Payroll bureaus? I am submitting another FoI for that,.
And what of companies inconvenienced by the changes even if we did not pay staff by BACS (we happen to do so), like us. Lloydslink pulled their BACS system as not HMRC RTI compliant - costing us a small fortune to re-work it all. That is a cost for this mad system and would apply to us even if we did not pay staff by BACS because we used Lloydslink for DD collections and were forced to change.
Why make a system that is so easily thwarted? Why make a system that is hard to code and comply with? Why make a system that costs lots of people money? Why?