The short answer.
An HMRC customs audit is most commonly triggered by anomalies in import declaration data, sector- or commodity-focused compliance campaigns, scrutiny of preferential-origin claims, inconsistencies between customs declarations and VAT or Intrastat records, information from third parties, and post-Brexit compliance programmes. Some audits are also selected at random, so any importer can be reviewed.
A customs audit — formally, a compliance check by HMRC (His Majesty's Revenue & Customs) on your customs declarations — is a review of what you declared at import after the goods have been released. Clearance is provisional: HMRC can generally re-examine declarations for up to 3 years from the date of entry, and the same window applies to reclaiming any duty you overpaid.
How does HMRC decide who to audit?
Selection is risk-based and data-led. Every UK import declaration flows through CDS (the Customs Declaration Service), which gives HMRC line-level data on what was declared, at what value, under which commodity code, and with which reliefs or preferences claimed. With roughly 4.4 million declaration lines moving through UK customs every day, checks cannot be manual — declarations are profiled against risk rules, and the ones that stand out are the ones that get looked at.
There is plenty for those rules to find. Analysis of UK import data suggests around 17% of declarations contain errors — in classification, valuation, origin or procedure codes. Most are honest mistakes, but honest mistakes still show up as anomalies.
The practical consequence: you don't control whether you're selected, but you do control what an audit finds. That distinction shapes everything below.
What are the most common triggers?
Seven risk factors account for most selections — and none of them requires wrongdoing on your part.
Anomalies in your declaration data
The most commonly cited trigger. HMRC's systems compare declarations against the tariff and against each other: commodity codes that don't fit the goods description, duty outcomes that look out of line for the code used, unit values that diverge sharply from the norm for that commodity, or sudden unexplained changes in an importer's pattern of trade. A one-off keying error is unlikely to prompt a full audit on its own — but the same error repeated across hundreds of entries looks systematic, and systematic errors are exactly what risk profiling is built to surface.
Sector and commodity campaigns
HMRC periodically concentrates assurance work on sectors or commodities where compliance risk is understood to be higher — textiles and footwear have historically attracted classification and valuation attention, and goods with large duty-rate differences between neighbouring codes are a natural focus. If your goods sit in a campaign area, you can be reviewed simply because of what you import, not because of anything in your own record.
Preference-claim scrutiny
Preferential duty rates under FTAs (free trade agreements) — including zero tariffs on EU-origin goods under the UK–EU Trade and Cooperation Agreement — are claimed at the moment of import, but they only hold if the origin evidence behind them stands up. HMRC can ask for that evidence years after clearance, and preference verification is a well-established strand of audit activity. The gap between claiming preference and being able to prove it is wide: when BorderAudit analysed 2.3 million UK textile declarations, 53% of preference claims showed gaps in the supporting position. See the origin & preference audit page for how those claims are checked.
Inconsistencies with VAT and Intrastat records
HMRC holds your customs declarations, your VAT (Value Added Tax) returns and — for goods moving between Northern Ireland and the EU — your Intrastat statistical returns. Cross-checking them is straightforward. Import values that don't reconcile with VAT records, import VAT reclaimed that doesn't match the underlying declarations, or trade volumes that tell different stories in different datasets are all commonly understood to raise questions.
Information from third parties
Audits are sometimes prompted by information HMRC receives rather than patterns it detects. A check on another business in your supply chain — an agent, a haulier, a supplier — can surface your entries. Overseas customs authorities exchange origin-verification requests with HMRC. And, occasionally, information simply comes in from third parties. You cannot control any of this; you can only control whether your declarations withstand the look that follows.
Random selection
A proportion of compliance checks are selected without any specific trigger at all. Random selection keeps HMRC's assurance picture honest — and it means no importer, however small or careful, can assume they are invisible. It is also why "we've never been audited" is not evidence that your declarations are correct.
Post-Brexit compliance programmes
Since the UK's departure from the EU, many businesses have been making customs declarations for the first time — often through intermediaries, and often while transitional easements applied. HMRC has run compliance programmes reviewing post-Brexit declarations, including the use of those easements and EU-origin preference claims. Businesses whose customs obligations began in 2021 are a natural focus of this assurance work, simply because their declaration history has had less scrutiny than that of long-established importers.
Know what HMRC would find — before HMRC looks.
What does a customs audit involve?
The shape is broadly consistent, whatever triggered the check.
For the end-to-end process — timelines, information requests and how findings are settled — see how BorderAudit handles an HMRC audit. If the review surfaces overpayments, the duty reclaim route recovers them.
The 3-year window cuts both ways
Three years is how far back HMRC can re-examine your declarations — and how long you have to reclaim duty you overpaid. Every month, the oldest entries fall out of both windows.
How can you be ready before the letter arrives?
You can't remove yourself from HMRC's selection pool — random checks alone see to that. What you can do is make selection uneventful. Four habits do most of the work.
For the structured preparation route, see audit readiness and work through the customs audit checklist.
How BorderAudit helps.
Reviewing your own declarations the way HMRC would is exactly the work BorderAudit automates. It is an automated post-clearance customs audit platform: connect your customs data once and every declaration in your history is checked — classification, valuation, origin and reliefs — so anomalies are found and fixed on your terms, not HMRC's.
Used by 200+ businesses, it is freemium software with flat pricing (free to start, Premium at £149/month), never a success-fee service. Where the review finds underpayments, you can correct and disclose early; where it finds overpayments, the reclaim position is prepared while the 3-year window is still open. For what a review covers, see the post-clearance audit guide.
Audit triggers, answered.
Be ready before the letter arrives.
Connect your customs data once and every declaration in your history is checked automatically — classification, valuation, origin and reliefs — so you know what HMRC would find before HMRC looks. Free to start. Flat pricing. No success fees.
