Tax moral is shifting. More often what is (still) legally allowed may not automatically be accepted by the public opinion. Reputational damage is imminent. Both on direct and indirect taxation the tax authorities have set their priorities. The tax authorities not only want to receive more tax data, but also faster and more often.
In addition, there is a tendency to allocate the ultimate tax responsibility at the highest level in a company. Since last year in the United Kingdom the Board of Directors has to sign off the company's tax strategy and also publish the strategy externally.
Tax departments and the external auditors face due to these 2 tendencies new obligations. These tendencies could however also support change.
The new data requirements of the tax authorities have to be properly assessed and interpreted from a tax risk management perspective to see whether the data requested contain any uneforeseen and major tax risks. The outcome of such an exercise could also make clear that the company has to reorganize its business and tax processes.
When all tax disciplines (e.g. TP, indirect tax; etc.) work together a joint responsibility for the overall tax affairs of a company could be established. That might facilitate the buy-in for tax investments. When successful tax can take the place it deserves: an important part of a company's business strategy.
The auditor is not (yet) a risk analyst
The external auditor’s task is only to provide an opinion whether the annual accounts provide a true and fair representation of the company's affairs. He or she is not asked to provide a statement regarding the accuracy or the acceptability of the submitted return for corporate tax, income tax, VAT, etc.
The term materiality has many meanings and definitions. Boundaries of materiality are primarily determined based on personal estimations. This can be estimations by auditors, risk management departments, company directors, etc.
The term materiality, used as a quantitative norm, then serves as an approval boundary. Evidently, the materiality used to determine the tax risk appetite of businesses is significantly lower than the materiality used by the external auditor in the annual audit.
The external auditor’s task is only to provide an opinion if the annual accounts provide a true and fair representation of the company's affairs. He or she is not asked to provide a statement regarding the accuracy or the acceptability of the submitted return for corporate tax, income tax, VAT etc.
The examples of tax situations listed below should, however, also receive full attention from auditors. These stock market listed companies have after all, been obliged based on the SEC rules to report their risks to their investors:
- Google avoided €227 million in taxes in Italy. Google paid £130 million to the British tax authorities and agreed to pay higher taxes in the future. In France, the tax authorities demanded €1.6 billion from Google.
- Apple paid €318 million as a settlement to the Italian tax authorities after a two-year fraud investigation. Apple missed a deadline to pay €13 million in taxes to Irish authorities in the context of state aid. Due to the special treatment given by the Irish government, the effective tax rate was just 0,05%.
- Facebook (FB, Tech30) disclosed that the IRS conducted an investigation into the way it moved assets to an Irish subsidiary to avoid higher taxes. According to Facebook’s SEC filing, the amount totals $3 - $5 billion, plus interest.
- Coca-Cola was found to to owe the US tax authorities $3.3 billion, plus interest, based on an audit by the IRS. Profits were incorrectly recognized in foreign countries, rather than the US.
- In case these tax-related issues are considered individually per county and per company, it could be put into question whether these matters are also material for the auditor. Notably, the media also discuss the reputation of these companies. Any potential reputational damage and/or fiscal uncertainty might impact not only the share price but also external relations including that with the tax authorities.
The loss of tax income due to the movement of assets to low tax rate jurisdictions is conservatively estimated to total between $100 and $240 billion.
The amount of media attention, public indignation and political reactions these cases have received – including for instance that of US senator and (former) presidential candidate Bernie Saunders – emphasize the differences in tax morality. Why should ordinary citizens comply with tax obligations, while multinationals or soccer players are attempting to avoid paying a ‘fair share’ of taxes by means of tax-saving structures? Both media and politics have given a great deal of attention to cases such as the ‘Panama Papers’, ‘Lux Leaks’, ‘The Netherlands Tax Haven’ and ‘Football Leaks’.
In the context of an investigation regarding state aid, the European Commission states that providing tax rulings (advance pricing agreements; APA’s) should not result in situations in which some taxpayers pay less than other taxpayers under the same circumstances.
As a result of the Panama Papers, many Corporate Service Providers, shell corporations and advisors are interrogated by the Dutch parliament with regard to tax avoidance and tax evasion. These are companies without any significant assets or activities in the Netherlands that solely serve as a vehicle for shifting interest and royalties within international companies. Due to the application of tax treaties, this construction results in a significantly lower corporate taxes.
During his presidential campaign in 2008 Barack Obama illustrated the issue:
Evidently, we’ve entered a broader discussion, reaching beyond the question of what is tenable based on fiscal laws and regulations. Beside financial risks – that can be material – it concerns reputational damage, which can, as previously mentioned, negatively affect share prices.
Business operations can thus be fiscally appropriate, complying with tax laws and regulations, yet deemed unacceptable according to societal norms. This is a relatively new phenomenon in terms of reputational risks that affects the risk management from the overarching ‘business control framework’.
Questions that need to be asked include for instance: does the current business model still fit the ‘reconsidered’ business strategy?
In terms of tax revenues, a global trend is emerging shifting from direct to indirect taxes. The rates for VAT are increasing, whereas the rates for corporate tax are decreasing. An average multinational has over €5 billion in indirect tax flowing through the business. A mistake of one percent can make the difference between profit or loss. This is material, also for an auditor.
New legislation UK: Tone at the top
In an increasing number of countries, laws and regulations are established that force companies to be transparent with regard to their handling of tax risks, (fiscal) risk management, risk appetite – also in relation to tax planning – and the way of dealing with tax authorities.
This concerns the actual fiscal management, including the way in which the company makes tax decisions, for instance regarding distributed information about the systems and the means used for effective monitoring of fiscal risks.
The Finance Bill, that was established in 2016 by the United Kingdom, forces the Board of Directors of British multinationals not only to compose a tax strategy, but also to publish it. An important new aspect of this Finance Bill is that it obliges one person within the Board of Directors to be assigned the responsibility for the tax strategy.
The power of this legislation resides in the fact that it forces the Board of Directors to actually determine a position regarding the company’s tax morality. This is recorded in a public statement, which makes it an important criterion in measurement and evaluation of the performance of the Board of Directors itself (fiscal KPI).
Supervisory bodies such as the Supervisory Board (and auditors?) will have to evaluate whether the board indeed conforms to the formulated fiscal norm.
Moreover, as appears from the parliamentary history, it is expected that companies that have not published their business strategy are more likely to accept a higher risk appetite with regard to tax risks, compared to companies that have defined and formally published a strategy, both internally and externally.
There is a clear difference between this new legislation and existing initiatives such as the Senior Accounting Officer (SAO) regime in the UK. Whereas SAO is aimed at adequate tax accounting specifically, the new legislation goes beyond the SAO because it requires companies to provide insight into the business strategy with regard to taxes.
We think that this type of legislation realizes the objective measurability of the ‘Tone at the top’ in the fiscal domain. Without ownership and active involvement of the Board of Directors, the realization of vast changes or large investments is a hopeless mission when coming from change management.
By placing the responsibility for the execution of the fiscal strategy on the Board of Directors, the tax division will receive the tools required for adequate execution of its function – mandate, resources, budget etc. – much faster. This will be amplified when signals from external sources – the auditor and the tax authorities – that promote prioritizing of taxes, also reach the Board of Directors.
The assignment of accountability, the composition and publication of the tax strategy would be an improvement of the current ‘Horizontal Monitoring’ policy in the Netherlands, as it brings the fiscal responsibility to the Board of Directors.
In practice, the Horizontal Monitoring relies too much on the relation between the Taxpayer coordinator (account manager) of the Dutch tax authorities and the Head of tax of the company.
More attention for Transfer Pricing
Many countries nowadays implement the BEPS recommendations such as the ‘master’ and ‘local’ file and the ‘Country-by-Country’ report. In general, this not only leads to an aggravation of Transfer Pricing (hereafter: TP) compliance activities, but also results in the potential discovery of errors that were previously undetectable. Indeed, TP processes are generally not (yet) automated and analysis activities regarding TP are primarily executed manually.
This situation makes it challenging to have all relevant tax data provided in time. This applies to both the collection of the required source data, as well as the TP analysis itself. Often, the supplied formats and templates are unusable or have to be ‘manually’ modified in Excel in order to be used.
The current trend is that increasingly more detailed information is necessary for specific products or services; ranging from who the order was placed by to details about the applied margins for service – and goods transactions and the conditions under which these took place. Timely access to such source data has thus become even more important.
This is also the ‘overlap’ with data required for the indirect tax function. Cross-border intercompany transactions form a risk area that will be included in the VAT risk matrix – risks that exceed the risk appetite – by every multinational and that requires efficient monitoring and checks.
More attention for VAT
The Big Four auditors emphasize in their Indirect Tax Surveys the increasing risks of reassessment, fines and reputational damage, as the importance of indirect tax amounts flowing through the accounts is increasing and the KPIs and effective monitoring is generally missing for indirect tax.
Apparently, according to them, there is a long way to go before the resources, processes and technology-strategies are embedded and the responsibilities assigned to control the global VAT/GST challenges adequately.
Within Europe, extensive fraud in indirect tax is observed. The VAT-gap can be defined as the difference between the actually received and the theoretically calculated VAT-returns. The European Commission mentioned in September 2015 that the total VAT-gap amounts to €168 billion. The VAT-gap has been of this material magnitude for years. As a result, the prevention of VAT fraud naturally is high on the priority list of the European Commission.
From the action plan of the European Commission and ’20 measures to tackle the VAT gap’, we have selected a couple of actions that demonstrate the arrival of vast future changes. These will also influence the operation of the tax functions:
- Improvement of collaboration between EU and non-EU countries;
- Improvement of effectiveness of the tax services, including research into the possibility for automated data provision that enable the tax authorities to develop an automated mechanism to trace and connect individual transactions, in order to signal fraud at an early stage;
- Development of a new way of data collection by collaborating with the EU countries in exchanging applications of ‘best practices’ and new ‘reporting’ and ‘auditing’;
- Improvement of collaboration between authorities and a joint procedure for detecting and handling fraud.
Tax authorities demand more, faster and more frequent data
The fierce debate on a fair distribution of tax revenues by governments has reached new heights. Tax shift due to risk allocation of transactions to low tax rate countries and even globalization itself are under political discussion. Protectionism is an important part of the strategic objectives of certain governments.
Additionally, the discussion concerning BEPS and state aid have caused fiscal uncertainties that force companies to reevaluate risks. In some cases this can even lead to changes in the business model. Current business models are put under a magnifying glass, but also the change of business models – for instance from commissionaire to limited risk distributor – will get attention from the tax authorities.
A reorganization in the Dutch Tax and Customs Administration has established the objective that routinely and labor-intensive, yet relatively simple control activities are to be taken over by automated processes. That is, modern technologies appear to substitute to role of the ‘traditional’ tax auditor.
The idea is that new computer systems and data analysis software will allow data files from different source systems to be connected, thereby enabling more efficient tax control and requiring fewer ‘traditionally educated’ employees.
The objective also holds that the tax authorities have earlier and faster access to relevant tax data and that this data is periodically provided by tax payers in a format that is prescribed by the government and that can easily be read and immediately reveal inconsistencies in fiscal activities.
Transfer pricing and/or VAT regulations are still not sufficiently taken into account in the development of VAT-automation regarding business processes. This makes that the data that is captured in a vast amount of financial administration, can ‘impossibly’ be compared with that which is stated on the tax returns.
SAF-T in an increasing number of countries
Other tax services are following the direction set out by the Dutch tax service. Often, the format developed by the OECD, the ‘Standard Audit File for Tax Purposes (SAF-T) is applied, in which specific ‘business accounting transactions’ from the ERP system are to be provided to the tax service in a prescribed format.
The OECD has described which processes in an ERP system are required in order to be able to take a stance regarding the reliability of the electronic data that is used for substantiation of tax positions – corporate tax and VAT.
Overview of SAF-T data
The following countries within Europe have implemented SAF-T: Portugal, France, Lithuania, Luxembourg, Norway, Poland and Austria
It should be noted though, that every country has its own local requirements and interpretation. Thus, there is no coordination or standard approach (yet). In practice, this results in potential differences per country that need to be managed individually from risk management by the tax function. Expansion of the SAF-T initiative to more countries is highly likely and therefore a further increase of e-audits (electronic data audits) is to be expected. Moreover, increasingly more data has to be provided.
In most countries, the SAF-T data only has to be provided to the tax service in case an audit has been announced. Portugal, Poland and Lithuania however, also have an additional monthly SAF-T for VAT specifically.
In this SAF-T the VAT data must be monthly provided to the tax service. The tax service can for instance compare the numbers with the filed VAT return. Usually, the ERP data is saved in an Excel sheet, which is subsequently used for making VAT corrections, but crucially without feedback to the ERP system. When the Excel sheet forms the basis for the VAT return and the SAF-T solely uses the data from the ERP system, the numbers in the VAT return will not correspond with the VAT SAF-T. This can raise questions from the tax service and result in a higher chance of an audit.
In many countries, tax returns are not immediately assessed. This could mean that in the most extreme scenario – in case there has been no audit – there will only be certainty when the period for recovery and reassessment has expired. This could all be different with e-audits, as these involve data with which the tax service can actually check the positions in the returns.
The implementation of SAF-T requires that data is only provided upon request from the tax service or afterwards in an extra monthly VAT requirement. This is an improvement compared to the traditional audit, which in practice, came down to an audit once every five years.
In China and Mexico, however, data is already provided to the tax service in ‘real time’. In these countries, VAT only becomes deducible when the customers can prove that they identified their suppliers by means of a VAT identification number and that the invoice is paid, mentioning the bank account number of the supplier to whom payments are transferred. These measures appear to substantially reduce the opportunity for VAT fraud.
What about real time data provision in Europa? It appears be realized soon [note article was written May 2017!]:
- In Spain, a new VAT return systems has been introduced since July 1st, 2017. Companies are required to electronically submit all data of incoming and outgoing invoices in XML format to the Spanish tax service within 4 days after the invoice is distributed or booked. In the first 6 months, companies get 8 extra days as a transitional arrangement. So this is almost ‘real time’.
- Hungary takes it one step further and requires companies to ask permission from the tax service in advance in the case of sales invoices over 100.00 HUF (€ 322). The invoice software of the taxpayer has a direct connection with the Hungarian tax service. This means that data must be submitted real time.
With these measures, a new trend has been set. The other European countries haven’t made that much progression yet, we do also know, however, that ‘best practices’ are exchanged in order to fight VAT fraud.
In Czech Republic, Hungary, Lithuania, Estonia, Italy, Romania and Slovakia, additional terms are already applied for VAT returns. To this regard, Infosys has composed the overview that is displayed below.
The impact on in-house tax function
The topics that have been discussed in previous sections revolve around one central component: data. We mentioned investments by governments (and tax functions) in ‘data technologies and tools’.
In order to function optimally, it is essential that the tax function gains timely access to the relevant tax data. The benchmark studies form the Big4 show that investments are falling behind. The data is not only essential for tax returns but also for instance for analyses, pre-audits and tax planning.
A material tax risk arises when the tax terms under which a business model is supposed to operate are contradicted by its own financial and source data. For instance, the financial data might suddenly reveal new services, new goods transactions, different sales support, specific staff with a particular role and specialization.
A company is dynamic and the tax function should be timely involved in any changes. A tax control framework should thus take these changes into account and look beyond ‘compliance’ and financial risks.
Also consider the situation in which what is taken for a fact in a closed tax ruling, might then subsequently not correspond with the data that is (electronically) periodically provided to the tax authorities.
The same applies when the content of contracts does not correspond with the financial data. It thus also affects the control framework beyond taxes. The tax authorities receive increasingly more data over the years. The tax payer thus leaves a considerable audit trail.
One of the government’s objectives is to consociate cross-border individual transactions with each other, and to subsequently prevent VAT fraud. In case of a successful implementation, the scope and applicability might extend beyond solely VAT.
Tax authorities will demand increasingly earlier access to all relevant tax data, since this enables efficient, effective and (almost) real time audits. Real time data provision already prevails with respect to VAT. As previously mentioned, VAT and TP have considerable overlap with regard to relevant tax data.
Developments and innovations regarding taxes therefore shouldn’t be analyzed separately for each tax discipline when it concerns for instance tax risk management. The starting point should be considering what data is to be provided to the tax authorities and which in-house tax discipline will be affected.
Preaudit before submit
It is essential that the tax function does a risk analysis before the data is provided to the tax services. This sounds obvious, but doesn’t sufficiently happen in practice. Consider for instance compliance with SAF-T obligations.
The focus of Finance and IT is in practice on meeting the deadline of submitting the data as set by the tax authorities. Often, the application of the ‘audit defense protocol’ is lacking, which would have been done in case of a traditional audit.
In this protocol, the occurrence of unanticipated risks is first internally assessed and evaluated, before submitting the requested documentation to the tax authorities.
Subsequently, a copy of the document is made and archived. Currently, this process is often omitted when data is submitted electronically, even though not only a data audit trail is left, but there are also multiple data requests which can eventually be analyzed in connection with each other. Consider for instance SAF-T and all BEPS requirements.
The innovations and changes also demonstrate that solely technical knowledge is no longer sufficient. Developments should be anticipated early and current limitations must be translated into solutions.
This requires knowledge of change management, but also of technology and audit software and/or data analysis skills. A background in accounting seems more important than ever considering the innovations as well as the data requests from the tax authorities.
Possible analysis questions:
Concluding remarks: towards a shared responsibility
One of the questions refers to the reuse of data. In the paragraph TP, we described that in the future, increasingly more detailed information on individual transactions is required for analysis and planning.
Cross-border intercompany transactions appertain to the risk area of both TP and VAT. Applying the same source of information is thus not only efficient and effective but can also serve as an argument for substantiating new ‘shared’ investments towards senior management.
We also described that with respect to VAT, in spite of risks, there is a long way to go before the means, processes and technology strategies will be imbedded and the responsibilities are determined to adequately manage global VAT/GST challenges.
The fact is that both TP and VAT are lagging behind, yet are in the full spotlight of the tax authorities and often either have no budget for investments or lack manpower (size of the tax function) and internal skills (factor knowledge).
The outlined tax risks and the importance of managing the reputational risks not only affects the tax control framework, but also the overarching business control framework and this automatically implies a higher priority and required involvement of the Board of Directors.
The fact that in the UK, the Board of Directors already has final responsibility and the tax strategy must be published publically, can substantiate the internal sale of new investments from business plan perspective and realize more shared responsibility.
When everything is regarded as interconnected, acknowledging that also best practices are shared between governments, the chances of this final responsibility also being extended to other countries are highly likely.
It is indeed a joint objective of the EU members to exchange new ways of data collection, including ‘best practices’ regarding new ‘reporting’ and ‘auditing’ applications.
The external accountant and tax service can express this same message from outside to the Board of Directors in order to contribute to the development, which will in turn be of importance for their own (future) functioning.
Above is a translation of article published in Vakblad Tax Assurance
Written by Richard H. Cornelisse en Edwin van Loon
- Richard H. Cornelisse LLM, Tax Assurance Expert, managing director van de Key Group en Phenix Consulting
- Edwin van Loon RTAP, Tax Control Framework Coordinator ING Bank NV
Follow up articles
- VAT Control Framework: how to get from A to B
- Tax Risk Management - submitting tax relevant data to the tax authorities
- Being ready for GCC VAT introduction when operating SAP
Published by Richard Cornelisse
Richard advises multinational businesses in improving the efficiency and effectiveness of their Indirect Tax Function and Tax Control Framework.
He started his career as a manager at Arthur Andersen and then became a partner in EY where I led the indirect tax performance team for Netherlands and Belgium. Currently he is a senior managing director of Key Group.
Richard has over 20 years’ experience advising clients on international VAT issues. He is specialized in the tax aspects of financial transformations, shared service centre migration, and post merger integration work. Richard is also somewhat of a mentor, giving back to the profession. If you are interested in conversation and discussion, please feel free to contact him.