From 6 April 2026, recruitment agencies become jointly and severally liable for unpaid PAYE and National Insurance contributions where an umbrella company in their supply chain fails to pay them correctly (GOV.UK TIIN, “Tackling non-compliance in the umbrella company market”). The liability applies even where the agency was not directly responsible for the error.
For agencies, the question is no longer whether to conduct due diligence on umbrella suppliers. It is whether they can demonstrate that due diligence on an ongoing, documented basis.
Accreditation is the foundation, not the finish line
Working with accredited umbrella companies remains a critical first step in any recruitment agency due diligence umbrella company framework. Accreditation provides assurance that a provider meets recognised standards for payroll processing, tax compliance, and contractual transparency.
But the new JSL rules ask agencies to go further. HMRC expects documented evidence of ongoing compliance monitoring across the supply chain (HMRC Policy Paper, December 2025). No specific standard is prescribed by the legislation, which leaves agencies to determine what “reasonable” due diligence looks like. That means building additional layers of verification on top of the frameworks already in place.
Adding continuous verification
This is where veriPAYE fits. Rather than replacing existing due diligence processes, it adds a continuous verification layer. veriPAYE audits every payslip issued by an umbrella company against HMRC data in real time. Each check is logged automatically, creating an audit trail that demonstrates ongoing oversight between formal review cycles, including RTI checks and Intermediary reports.
veriPAYE is free for recruitment agencies and employment businesses.
Centralised document management
Alongside real-time payslip verification, Diligence Hub includes the Diligence Exchange, a secure platform for sharing and managing due diligence documentation between agencies and their umbrella partners. Accreditation certificates, compliance reports, and supporting evidence can be held in one place with clear version control and access logs, rather than spread across email threads and shared drives.
Diligence Hub is Cyber Essentials Plus certified, ensuring that sensitive compliance data is stored and shared to a recognised security standard.
Strengthening what you already have
The strongest due diligence frameworks are layered. Accreditation establishes the standard. Continuous payroll verification and centralised document management build on that standard with the kind of documented, ongoing evidence that the JSL rules demand. Together, they give agencies a defensible position if HMRC asks how they satisfied their obligations.
To explore how veriPAYE and Diligence Hub can strengthen your existing due diligence framework, visit diligencehub.co.uk.
