What Home Office compliance officers review during a visit
During a sponsor licence compliance visit, Home Office officers review sponsored worker personnel files, cross-check SMS records against actual employment, verify that roles match Certificates of Sponsorship, interview workers and managers, and assess whether your internal processes are capable of meeting your ongoing obligations.
Compliance visits are conducted by UK Visas and Immigration officers who have authority to enter your premises, inspect records, access your SMS data, and interview any employee. Cooperation is not optional — obstructing a compliance visit is itself a serious breach of sponsor duties and will be treated as such in any enforcement decision that follows.
The structure of a typical compliance visit
Most compliance visits follow a broadly consistent structure, though the emphasis varies depending on what prompted the visit and what is found early in the process:
- An opening meeting with the Authorising Officer or senior HR representative to explain the visit's scope and purpose
- Review of personnel files for a sample of current sponsored workers — all workers where the total is fewer than ten, a representative sample where more
- Cross-check of SMS records against actual employment details — role title, salary, working location, and the SMS reporting history for each worker reviewed
- Individual interviews with one or more sponsored workers about their role, duties, working conditions, and employer
- Review of internal compliance policies and procedures — do they exist, are they current, and do relevant staff know what they require?
- A closing meeting summarising what was reviewed, any concerns identified, and the indicated next steps
Officers assess two things simultaneously: whether you have been meeting your obligations in relation to your current and past sponsored workers, and whether your systems are capable of meeting those obligations going forward. A business with clean records but inadequate systems will face scrutiny about future compliance risk, even where there are no current failures. A business with functional systems but a few historical reporting gaps will be treated differently from one with no systems at all.
Common compliance failures identified during visits
| Failure type | What it typically looks like | How common | Risk level |
|---|---|---|---|
| Incomplete personnel files | Missing passport copies, visa documents or BRP details; no UK contact address recorded; absent right-to-work documentation | Very common | High |
| Missed SMS reporting | Worker departure or role change not reported within the required 10 working days | Common | High |
| Role discrepancy | Worker performing duties materially different from CoS description; third-party or off-site working identified | Moderate | High |
| Salary non-compliance | Actual salary paid below CoS value or below the visa threshold for the occupation | Moderate | High |
| Outdated key personnel in SMS | Authorising Officer or Level 1 User has left; SMS still shows previous person; no active compliance management | Common | Medium–High |
| Right-to-work check not renewed | Initial check done at hire; not repeated when visa was extended or renewed | Common | Medium |
| No written compliance policy | Obligations managed informally; single point of failure when responsible person changes role or leaves | Very common | Medium |
| Attendance records absent | Where attendance monitoring is expected for the role, records not maintained | Less common | Medium |
The most common failure is the most preventable
Incomplete or inaccessible personnel files appear in more compliance visit findings than any other issue. This is not a sophisticated compliance failure — it is a filing and process gap. Organisations with a consistent, documented file structure and clear ownership of compliance records avoid this category of finding almost entirely. Setting up that structure before a visit costs a fraction of what managing a suspension response costs afterwards.
Record-keeping requirements — the full list
The Home Office prescribes specific records that must be maintained for each sponsored worker throughout their employment and for two years after it ends. These records must be retrievable quickly: compliance officers do not wait while documents are located or access requests are processed through IT.
Required records per sponsored worker
- Passport and visa documentation. A copy of the biographical page of the passport, plus the visa vignette, Biometric Residence Permit, or — for eVisa holders — a record of the share code check showing the worker's status at the time of checking.
- Right-to-work check evidence. The BRP number or share code used to conduct the check, the date the check was conducted, and confirmation it showed the right to do the work being offered. This check must be repeated when a visa is extended — an initial check that was valid at hire is not sufficient for the extension period.
- UK contact address. The worker's current home address in the UK. This must be updated whenever the worker moves. Workers in the care sector and hospitality sectors are particularly likely to change accommodation; maintaining current addresses requires an active process, not just a one-off collection at hire.
- National Insurance number. Once the worker has been assigned one.
- Copy of the Certificate of Sponsorship record. As it appears in the SMS — showing role title, SOC code, salary, and start date.
- Payroll evidence. Payslips or payroll records demonstrating that salary paid matches the CoS value and meets the visa threshold throughout the duration of employment — not just at the start date.
- Signed employment contract. For the sponsored role specifically.
- Attendance records where the role is in a sector or occupation where such records are standard practice, or where the CoS specifies the hours of work.
How long records must be kept
Records must be maintained during employment and for two years after employment ends. A file disposal policy that deletes records immediately on a worker's departure is non-compliant. Former sponsored workers' files must remain accessible and complete for two years after they leave, even after their visa has expired and the employment relationship has ended. See our sponsor licence application guide for full obligations overview.
SMS reporting duties — what triggers a report and when
Reporting obligations are among the most frequently breached sponsor duties. The timelines are short, the triggers are operational events that can easily fall between responsibilities, and the consequences of missing deadlines accumulate invisibly until a compliance visit reveals a pattern of failures.
| Event requiring report | Deadline | How to report |
|---|---|---|
| Worker does not attend first day of employment | 10 working days from the expected start date | SMS report |
| Worker absent for 10 or more consecutive working days without authorisation | 10 working days from when the absence becomes apparent | SMS report |
| Worker's employment ends | 10 working days from the last day of employment | SMS report |
| Worker changes job title, salary, or working location | Within 20 working days of the change | SMS update |
| Change to Authorising Officer, Key Contact, or Level 1 User | As soon as reasonably practicable | SMS update |
| Business changes its main address | Within 20 working days | SMS update or formal notification depending on type of change |
| Merger, acquisition, or significant ownership change | Notify UKVI as soon as reasonably practicable | Formal notification; may require new application |
The 10-working-day departure reporting deadline is the most commonly missed. In busy periods, worker departures are sometimes not actioned promptly — particularly in small HR teams where compliance reporting competes with operational priorities. Embedding a specific, named process for departure reporting — with a default assigned owner and a backup — is the most effective mitigation for this specific failure type.
Mock compliance audits — scope and purpose
A mock audit is an independent review of your compliance position against the current Home Office sponsor guidance. It replicates what a UKVI compliance visit assesses and produces a written findings report with specific, prioritised recommendations. Because it is conducted by an external adviser rather than a Home Office officer, it has no formal regulatory consequences — findings are addressed internally at the employer's pace, without enforcement risk.
What a Gateway compliance audit covers
- Review of personnel files for all or a sample of sponsored workers against the required record checklist — identifying what is missing, inconsistent, or out of date
- Cross-check of SMS records against actual employment arrangements — confirming that role titles, salaries, and working locations match what the SMS shows for each worker
- Review of SMS reporting history — confirming that reporting obligations have been met within the required timeframes for the preceding 12 months
- Assessment of internal compliance policies and procedures — do they exist, are they current, and do the relevant people know what they require?
- Review of key personnel records in the SMS — are the listed personnel current, and do they understand their compliance responsibilities?
- Discussion with the Level 1 User and Authorising Officer about their day-to-day management of the licence and their understanding of the obligations
- A written findings report rating each area as compliant, requiring attention, or non-compliant, with specific recommendations and suggested remediation timelines
What a mock audit cannot do
A mock audit identifies gaps at the point of audit. It does not prevent failures occurring after the audit is completed. It does not guarantee a positive outcome on a subsequent Home Office visit. And it does not fix the gaps it identifies — that remains the employer's responsibility. Audit findings that are documented and acknowledged but not acted upon are worse than no audit at all: they establish that the employer knew about a gap and chose not to address it.
When to commission a mock audit
The most useful timing for an independent compliance audit is in the 12 months following a new licence approval, when compliance processes are being established. Also valuable after significant key personnel changes; following a substantial expansion of the sponsored workforce; or when preparing a response to a suspension or enforcement notice. Commissioning one after a compliance visit has already identified problems has limited additional value — at that point, the issues are known and remediation is the priority.
Preparing for an announced Home Office visit
Announced visits give limited notice — typically a few working days. Unannounced visits give none at all. For the announced scenario, the following preparation applies in whatever time is available:
- Locate and organise all sponsored worker personnel files. Files should be in a consistent format and accessible without navigation delays. If records are held digitally, confirm that access permissions are working and that the relevant person can retrieve files quickly.
- Cross-check SMS records against actual employment. Check role titles, salaries, and working locations for every current sponsored worker against the SMS. Correct any discrepancies before the visit — an officer identifying a discrepancy you were unaware of is a worse outcome than one you have already corrected.
- Confirm all reporting obligations are up to date. Review the reporting log. If any reports are overdue, submit them before the visit. Late is better than never, and submitting outstanding reports before the officer arrives demonstrates awareness of the obligation rather than concealment of a failure.
- Brief the Authorising Officer and Level 1 User. They should understand what the visit involves, what documents will be reviewed, and what questions they may be asked. They should not speculate about matters they are uncertain of and should not volunteer information beyond what is directly asked.
- Brief sponsored workers. Workers may be interviewed individually, separately from management. They should know who their sponsor is, what their specific role involves, and that this is a routine compliance check — not an enforcement action directed at them personally.
During and after the visit
During the visit: be cooperative and factually accurate. Do not volunteer information beyond what is directly asked — answer questions completely but without adding context that may raise new concerns. If you are uncertain about something, say so rather than speculating. Do not argue with compliance officers during the visit unless you have a specific, documented basis for disagreement. Note any concerns raised and the officer's closing summary, and keep a contemporaneous record of what was reviewed.
Outcomes following a compliance visit
- Satisfactory. No concerns found; no further action required. Continuous compliance before the visit is what produces this outcome.
- Minor concerns with action plan request. Specific gaps to be addressed within a stated timeframe, with written confirmation of completion.
- Licence downgrade (A to B-rating). Restricts your ability to sponsor new workers; requires a formal action plan to regain A-rating.
- Suspension. Triggers the 20-working-day response window detailed in our suspension support guide; the most serious pre-revocation outcome.
- Revocation. In cases of serious non-compliance identified during or following the visit.
Mock audit vs Home Office compliance visit — key differences
| Independent mock audit | Home Office compliance visit | |
|---|---|---|
| Conducted by | External adviser or regulated firm | UKVI compliance officer |
| Purpose | Identify gaps; prepare for regulatory scrutiny | Assess compliance; identify and record breaches |
| Outcome if issues found | Remediation recommendations with no formal consequence | Action plan, downgrade, suspension, or revocation |
| Notice | Scheduled in advance by mutual agreement | Announced (short notice) or unannounced |
| Worker interviews | Optional; usually document-focused | Standard practice; conducted separately |
| Consequence of findings | Employer addresses findings internally at own pace | May trigger formal enforcement action |
| Cost | Fixed fee paid by employer | No direct cost; regulatory consequences potentially significant |
Frequently asked questions
What is a sponsor licence compliance audit?
A compliance audit is a review of your record-keeping, reporting practices, and HR systems against the Home Office sponsor guidance. An independent mock audit has no formal regulatory consequences — it identifies gaps before a Home Office visit. A Home Office compliance visit is a regulatory inspection that can result in action plan requirements, licence downgrade, suspension, or revocation.
What triggers a Home Office compliance visit?
Visits can be triggered by a recent licence approval, a worker complaint or tip-off, SMS discrepancies, referrals from HMRC or CQC, or sector-wide enforcement campaigns. The Home Office also conducts routine visits without a specific trigger. Both announced and unannounced visits occur; the Home Office does not signal in advance which type is being used.
How much notice does the Home Office give before a compliance visit?
Announced visits typically give a few days' notice. Unannounced visits give no notice. Continuous compliance — rather than preparing specifically for a known visit — is the only reliable approach to both visit types.
What happens if the Home Office finds compliance failures?
Outcomes range from a satisfactory finding with no action, to a written action plan request, a licence downgrade from A to B-rating, suspension, or revocation. The outcome depends on the nature and seriousness of what is found, your compliance history, and your response to any concerns raised during the visit.
How often should I commission a mock audit?
For most employers, an annual review provides sufficient ongoing assurance. Employers sponsoring at scale, in high-enforcement sectors such as care, or following significant changes to key personnel or the sponsored workforce, may benefit from more frequent reviews. After a substantial expansion of the workforce across new roles or sites, an unscheduled audit is a reasonable precaution.
Do I need a mock audit if my HR team is experienced?
Not necessarily. Experienced HR teams with embedded compliance processes and a stable sponsored workforce may have limited need for external review. Mock audits add most value when the licence is recently granted, when key personnel have changed, or when the workforce has expanded significantly into new roles or locations that the existing processes were not designed to cover.
Need personalised advice?
This guide provides general information only. For advice tailored to your circumstances, speak to one of our immigration advisers.
BOOK A CONSULTATION →