2026 changes everything for umbrella company due diligence. Joint and Several Liability arrives in April, the Fair Work Agency launches, and agencies face direct financial liability for umbrella PAYE failures for the first time. Annual questionnaires and self-certification are no longer enough.

This checklist gives recruitment agencies a practical, actionable framework for umbrella due diligence in the JSL era. It’s based on FCSA’s 700+ point compliance standard — the most rigorous in the UK — adapted for the specific due diligence obligations agencies face.

1. Check FCSA accreditation status

Is the umbrella company FCSA accredited? When was their last annual audit? FCSA accreditation means they’ve passed 700+ compliance checkpoints assessed by independent third-party auditors. It’s the single strongest indicator of compliance available. Learn what FCSA accreditation involves.

2. Verify Companies House registration and filing history

Check the company’s registration status, incorporation date, director information, and filing history. Look for late filings, recent director changes, or anomalies in registered address. All of this data is publicly available and should be monitored continuously, not just at onboarding.

3. Review financial health via CreditSafe or equivalent

A credit score gives you an early warning of financial distress. An umbrella company under financial pressure may cut corners on PAYE compliance. Check credit scores at onboarding and monitor them continuously.

4. Check for CCJs and insolvency markers

County Court Judgements, winding-up petitions, or insolvency proceedings are serious red flags. An umbrella with unpaid debts may be failing to meet its tax obligations to HMRC — which is exactly the scenario JSL is designed to address.

5. Verify payslip calculations against HMRC rates

This is the core of JSL compliance. Don’t just check whether the umbrella claims to be compliant — verify their actual payslip calculations against HMRC’s published tax tables, NIC rates, and NMW thresholds. veriPAYE automates this entirely.

6. Request and review Key Information Documents

Every umbrella must provide KIDs to workers before assignments start. Request sample KIDs and check whether the calculations match veriPAYE’s validated figures. If KIDs promise one thing and payslips show another, that’s a compliance failure. Learn about KID requirements.

7. Check NMW compliance across all workers

Verify that no worker’s take-home pay falls below National Minimum Wage (£12.71/hour from April 2026) after all legitimate deductions. This is a common failure point for non-compliant umbrellas.

8. Review holiday pay methodology

Check whether the umbrella uses rolled-up holiday pay (included in each payment) or accrued holiday pay (paid when holiday is taken). Both are legal, but the methodology must be correctly applied under the Working Time Regulations 1998 (as amended 2024).

9. Confirm tax scheme compliance

Ensure the umbrella doesn’t operate disguised remuneration schemes, mini umbrella fraud arrangements, or any structure designed to avoid PAYE. If an umbrella promises unusually high take-home pay, that’s a red flag for tax avoidance.

10. Establish continuous monitoring

This is the most important point: due diligence is not a one-off exercise. Compliance can change overnight. A company that was compliant in January may not be in June. Establish continuous monitoring of every point above — not just an annual review.

The collapse of Honest Payroll was a wake-up call. Here was a company that appeared compliant on paper — but when it failed, workers were left unpaid and agencies scrambled. Point-in-time checks didn’t catch the deterioration because nobody was checking between reviews.

JSL changes the calculus. Under annual due diligence, an agency might discover an umbrella’s non-compliance 11 months after it began — by which time the agency has accumulated 11 months of potential PAYE liability. Under continuous monitoring, the agency discovers the issue in days or weeks, limits their exposure, and can take action immediately.

The difference between annual and continuous due diligence is the difference between discovering a fire alarm on your annual inspection and having a fire alarm that rings when there’s smoke.

The checklist above is designed for agencies. FCSA’s own accreditation standard goes much deeper — 700+ compliance checkpoints covering payroll accuracy, tax compliance, worker rights, financial stability, governance, contracts, and HMRC alignment.

What makes FCSA’s standard meaningful is that it’s assessed by independent, third-party auditors — not self-reported, not self-assessed. An umbrella company cannot mark its own homework. And accreditation must be renewed annually — it’s not a lifetime badge.

“The accreditation process is rigorous for a reason. Agencies and workers need to know that when they see the FCSA mark, it represents a genuine, independently verified standard of compliance — not a marketing exercise.”

— Andy Chamberlain, Director of Policy, FCSA

A 10-point checklist is only useful if it’s practical to execute continuously. That’s where Diligence Hub comes in:

• veriPAYE — Automates payslip verification against HMRC rates (checklist items 5, 7)
• Diligence Exchange (DEX) — Centralised compliance packs with Companies House, CreditSafe, FCSA status, and document management (items 1-4, 6, 8, 10)
• KID Generator — Generate HMRC-validated Key Information Documents (item 6)

All tools are free for recruitment agencies. Register at /360-compliance/registration/ to get started.