Introduction
Tax morale is shifting. More often, what is (still) legally allowed may not automatically be accepted by public opinion. Reputational damage is imminent. The tax authorities have set their priorities in both direct and indirect taxation. The tax authorities want to receive more tax data faster and more often. In addition, there is a tendency to allocate the ultimate tax responsibility at the highest level in a company. Since last year in the United Kingdom, the Board of Directors has had to sign off on the company's tax strategy and publish the strategy externally.
Tax departments and external auditors face new issues due to these two tendencies of new obligations. These tendencies could, however, also support change.
The new data requirements of the tax authorities have to be correctly assessed and interpreted from a tax risk management perspective to see whether the data requested contains any unforeseen and significant tax risks. The outcome of such an exercise could also make clear that the company has to reorganize its business and tax processes.
When all tax disciplines (e.g., TP, indirect tax, etc.) work together, a joint responsibility for the overall tax affairs of a company could be established. That might facilitate the buy-in for tax investments when successful tax can take the place it deserves: an important part of a company's business strategy.
The auditor is not (yet) a risk analyst.
The external auditor’s task is only to provide an opinion on whether the annual accounts accurately represent the company's affairs. He or she is not asked to state the accuracy or the acceptability of the submitted return for corporate tax, income tax, VAT, etc.
The term materiality has many meanings and definitions. Boundaries of materiality are primarily determined based on personal estimations. This can be estimations by auditors, risk management departments, company directors, etc.
The term materiality, used as a quantitative norm, serves as an approval boundary. The materiality used to determine the tax risk appetite of businesses is significantly lower than the materiality used by the external auditor in the annual audit.
The external auditor’s task is only to provide an opinion on whether the annual accounts provide a true and fair representation of the company's affairs. He or she is not asked to provide a statement regarding the accuracy or the acceptability of the submitted return for corporate tax, income tax, VAT, etc.
However, the examples of tax situations listed below should also receive full attention from auditors. These stock market-listed companies have, after all, been obliged, based on the SEC rules, to report their risks to their investors:
- Google avoided €227 million in taxes in Italy. Google paid £130 million to the British tax authorities and agreed to pay higher taxes in the future. In France, the tax authorities demanded €1.6 billion from Google.
- After a two-year fraud investigation, Apple paid €318 million as a settlement to the Italian tax authorities. Apple missed a deadline to pay €13 million in taxes to Irish authorities in the context of state aid. Due to the special treatment given by the Irish government, the effective tax rate was just 0,05%.
- Facebook (FB, Tech30) disclosed that the IRS investigated how it moved assets to an Irish subsidiary to avoid higher taxes. According to Facebook’s SEC filing, the amount totals $3 - $5 billion, plus interest.
- Coca-Cola was found to owe the US tax authorities $3.3 billion, plus interest, based on an audit by the IRS. Profits were incorrectly recognized in foreign countries rather than in the US.
- If these tax-related issues are considered individually per county and company, it could be questioned whether these matters are also material for the auditor. Notably, the media also discuss the reputation of these companies. Any potential reputational damage and/or fiscal uncertainty might impact the share price and external relations with the tax authorities.
The loss of tax income due to the movement of assets to low-tax rate jurisdictions is conservatively estimated to total between $100 and $240 billion.
The media attention, public indignation, and political reactions these cases have received – including, for instance, that of US senator and (former) presidential candidate Bernie Saunders – emphasize the differences in tax morality. Why should ordinary citizens comply with tax obligations while multinationals or soccer players attempt to avoid paying a ‘fair share’ of taxes through tax-saving structures? Both media and politics have given a great deal of attention to cases such as the ‘Panama Papers’, ‘Lux Leaks’, ‘The Netherlands Tax Haven’ and ‘Football Leaks’.
In the context of an investigation regarding state aid, the European Commission states that providing tax rulings (advance pricing agreements; APA’s) should not result in situations in which some taxpayers pay less than other taxpayers under the same circumstances.
As a result of the Panama Papers, the Dutch parliament interrogated many Corporate Service Providers, shell corporations, and advisors about tax avoidance and tax evasion. Without any significant assets or activities in the Netherlands, these companies solely serve as a vehicle for shifting interest and royalties within international companies. Due to applying tax treaties, this construction results in significantly lower corporate taxes.
During his presidential campaign in 2008, Barack Obama illustrated the issue:
We’ve entered a broader discussion, reaching beyond the question of what is tenable based on fiscal laws and regulations. Besides material financial risks, reputational damage can, as previously mentioned, negatively affect share prices.
Business operations can thus be fiscally appropriate, complying with tax laws and regulations yet deemed unacceptable according to societal norms. This is a relatively new phenomenon in terms of reputational risks that affects the risk management from the overarching ‘business control framework’.
Questions that need to be asked include: Does the current business model still fit the ‘reconsidered’ business strategy?
Regarding tax revenues, a global trend is emerging, shifting from direct to indirect taxes. The rates for VAT are increasing, whereas the rates for corporate tax are decreasing. An average multinational has over €5 billion in indirect tax flowing through the business. A mistake of one percent can make the difference between profit and loss. This is material and also for an auditor.
New legislation UK: Tone at the top
In many countries, laws and regulations have been established that force companies to be transparent about handling tax risks, (fiscal) risk management, risk appetite – also concerning tax planning – and dealing with tax authorities.
This concerns fiscal management, including how the company makes tax decisions, for instance, regarding distributed information about the systems and the means used to monitor fiscal risks effectively.
The Finance Bill, which was established in 2016 by the United Kingdom, forces the Board of Directors of British multinationals to compose a tax strategy and publish it. An important new aspect of this Finance Bill is that it obliges one person within the Board of Directors to be responsible for the tax strategy.
The power of this legislation resides in the fact that it forces the Board of Directors to determine a position regarding the company’s tax morality. This is recorded in a public statement, making it an essential criterion in measuring and evaluating the performance of the Board of Directors (fiscal KPI).
Supervisory bodies such as the Supervisory Board (and auditors?) will have to evaluate whether the board indeed conforms to the formulated fiscal norm.
Moreover, as appears from the parliamentary history, it is expected that companies that have not published their business strategy are more likely to accept a higher risk appetite concerning tax risks than companies that have defined and formally published a strategy internally and externally.
There is a clear difference between this new legislation and existing initiatives, such as the UK's Senior Accounting Officer (SAO) regime. Whereas SAO is aimed at adequate tax accounting specifically, the new legislation goes beyond the SAO because it requires companies to provide insight into the business strategy about taxes.
We think this type of legislation realizes the objective measurability of the ‘Tone at the top’ in the fiscal domain. Without ownership and active involvement of the Board of Directors, realizing vast changes or large investments is a hopeless mission from change management.
By placing the responsibility for executing the fiscal strategy on the Board of Directors, the tax division will receive the tools required to execute its function adequately – mandate, resources, budget, etc. – much faster. This will be amplified when signals from external sources – the auditor and the tax authorities – that promote prioritizing of taxes also reach the Board of Directors.
The assignment of accountability and the composition and publication of the tax strategy would improve the current ‘Horizontal Monitoring’ policy in the Netherlands, as it brings fiscal responsibility to the Board of Directors.
In practice, horizontal monitoring relies too much on the relationship between the taxpayer coordinator (account manager) of the Dutch tax authorities and the company's head of tax.
More attention to Transfer Pricing
Many countries nowadays implement the BEPS recommendations such as the ‘master’ and ‘local’ files and the ‘Country-by-Country’ report. In general, this leads to an aggravation of Transfer Pricing (hereafter: TP) compliance activities and results in the potential discovery of previously undetectable errors. Indeed, TP processes are generally not (yet) automated, and analysis activities regarding TP are primarily executed manually.
This situation makes it challenging to provide all relevant tax data in time. This applies to the collection of the required source data and the TP analysis itself. Often, the supplied formats and templates are unusable or have to be ‘manually’ modified in Excel to be used.
The current trend is that increasingly more detailed information is necessary for specific products or services, ranging from who the order was placed by to details about the applied margins for service – and goods transactions and the conditions under which these took place. Timely access to such source data has thus become even more important.
This also overlaps with data required for the indirect tax function. Cross-border intercompany transactions form a risk area that will be included in the VAT risk matrix – risks that exceed the risk appetite – by every multinational and that requires efficient monitoring and checks.
More attention to VAT
The Big Four auditors emphasize in their Indirect Tax Surveys the increasing risks of reassessment, fines, and reputational damage, as the importance of indirect tax amounts flowing through the accounts is increasing, and the KPIs and effective monitoring are generally missing for indirect tax. According to them, there is a long way to go before the resources, processes, and technology strategies are embedded and the responsibilities assigned to control the global VAT/GST challenges adequately.
Within Europe, extensive fraud in indirect tax is observed. The VAT gap can be defined as the difference between the received and the theoretically calculated VAT returns. The European Commission mentioned in September 2015 that the total VAT gap amounts to €168 billion. The VAT gap has been of this material magnitude for years. As a result, preventing VAT fraud is naturally a high priority on the European Commission's list.
From the action plan of the European Commission and ’20 measures to tackle the VAT gap’, we have selected a couple of actions that demonstrate the arrival of vast future changes. These will also influence the operation of the tax functions:
- Improvement of collaboration between EU and non-EU countries;
- Improvement of the effectiveness of the tax services, including research into the possibility of automated data provision that enables the tax authorities to develop a computerized mechanism to trace and connect individual transactions to signal fraud at an early stage;
- Development of a new way of data collection by collaborating with the EU countries in exchanging applications of ‘best practices’ and new ‘reporting’ and ‘auditing’;
- Improve collaboration between authorities and a joint procedure for detecting and handling fraud.
Tax authorities demand more, faster, and more frequent data
The fierce debate on a fair distribution of tax revenues by governments has reached new heights. Tax shifts due to risk allocation of transactions to low tax rate countries and even globalization itself are under political discussion. Protectionism is an integral part of the strategic objectives of certain governments.
Additionally, the discussion concerning BEPS and state aid has caused fiscal uncertainties that force companies to reevaluate risks. In some cases, this can even lead to changes in the business model. Current business models are put under a magnifying glass. Still, the change of business models – from commissionaire to limited risk distributor – will get attention from the tax authorities.
A reorganization in the Dutch Tax and Customs Administration has established the objective that routine and labor-intensive yet relatively simple control activities are to be taken over by automated processes. That is, modern technologies appear to substitute the role of the ‘traditional’ tax auditor.
The idea is that new computer systems and data analysis software will connect data files from different source systems, thereby enabling more efficient tax control and requiring fewer ‘traditionally educated’ employees.
The objective also holds that the tax authorities have earlier and faster access to relevant tax data and that taxpayers periodically provide this data in a format that the government prescribes, which can easily be read and immediately reveal inconsistencies in fiscal activities.
Transfer pricing and/or VAT regulations are still not sufficiently considered when developing VAT automation regarding business processes. This means that the data captured in a vast amount of financial administration can ‘impossibly’ be compared with that stated on the tax returns.
SAF-T in an increasing number of countries
Other tax services follow the direction the Dutch tax service set out. Often, the format developed by the OECD, the ‘Standard Audit File for Tax Purposes (SAF-T), is applied, in which specific ‘business accounting transactions’ from the ERP system are to be provided to the tax service in a prescribed format.
The OECD has described which processes in an ERP system are required to be able to take a stance regarding the reliability of the electronic data that is used for substantiation of tax positions – corporate tax and VAT.
Overview of SAF-T data
European countries have implemented SAF-T: Portugal, France, Lithuania, Luxembourg, Norway, Poland, and Austria.
It should be noted that every country has its own local requirements and interpretation. Thus, there is no coordination or standard approach (yet). In practice, this results in potential differences per country that need to be managed individually from risk management by the tax function. Expansion of the SAF-T initiative to more countries is highly likely, and therefore, a further increase in e-audits (electronic data audits) is to be expected. Moreover, increasingly more data has to be provided.
In most countries, the SAF-T data only has to be provided to the tax service in case an audit has been announced. Portugal, Poland, and Lithuania, however, also have an additional monthly SAF-T for VAT specifically.
In this SAF-T, the VAT data must be monthly provided to the tax service. The tax service can, for instance, compare the numbers with the filed VAT return. Usually, the ERP data is saved in an Excel sheet, which is subsequently used for making VAT corrections, but crucially without feedback to the ERP system. When the Excel sheet forms the basis for the VAT return, and the SAF-T solely uses the data from the ERP system, the numbers in the VAT return will not correspond with the VAT SAF-T. This can raise questions from the tax service and result in a higher chance of an audit.
In many countries, tax returns are not immediately assessed. This could mean that in the most extreme scenario – in case there has been no audit – there will only be certainty when the period for recovery and reassessment has expired. This could all be different with e-audits, as these involve data with which the tax service can check the positions in the returns.
SAF-T implementation requires that data is only provided upon request from the tax service or afterward in an extra monthly VAT requirement. This is an improvement compared to the traditional audit, which, in practice, came down to an audit once every five years.
In China and Mexico, however, data is already provided to the tax service in ‘real time’. In these countries, VAT only becomes deducible when the customers can prove that they identified their suppliers by means of a VAT identification number and that the invoice is paid, mentioning the supplier's bank account number to whom payments are transferred. These measures appear to reduce the opportunity for VAT fraud substantially.
What about real-time data provision in Europe? It appears to be realized soon [note article was written May 2017!]:
- A new VAT return system in Spain has been introduced since July 1st, 2017. Companies must electronically submit all data of incoming and outgoing invoices in XML format to the Spanish tax service within 4 days after the invoice is distributed or booked. Companies get eight extra days in the first 6 months as a transitional arrangement. So this is almost ‘real-time’.
- Hungary takes it one step further and requires companies to ask permission from the tax service in advance for sales invoices over 100.00 HUF (€ 322). The taxpayer's invoice software directly connects with the Hungarian tax service. This means that data must be submitted in real time.
With these measures, a new trend has been set. The other European countries haven’t made that much progression yet, we do also know, however, that ‘best practices’ are exchanged in order to fight VAT fraud.
Additional terms have already been applied for VAT returns in the Czech Republic, Hungary, Lithuania, Estonia, Italy, Romania, and Slovakia. In this regard, Infosys has composed the overview displayed below.
The impact on in-house tax function
The topics discussed in previous sections revolve around one central component: data. In ' data technologies and tools ', we mentioned government investments (and tax functions).
To function optimally, the tax function must gain timely access to the relevant tax data. The benchmark studies from the Big4 show that investments are falling behind. The data is not only essential for tax returns but also, for instance, for analyses, pre-audits, and tax planning.
A material tax risk arises when the tax terms under which a business model is supposed to operate are contradicted by its financial and source data. For instance, the financial data might suddenly reveal new services, new goods transactions, different sales support, and specific staff with a particular role and specialization.
A company is dynamic, and the tax function should be involved in any changes on time. A tax control framework should thus consider these changes and look beyond ‘compliance’ and financial risks.
Also, consider the situation in which what is taken for a fact in a closed tax ruling might subsequently not correspond with the data (electronically) periodically provided to the tax authorities.
The same applies when the content of contracts does not correspond with the financial data. It thus also affects the control framework beyond taxes. The tax authorities have received increasingly more data over the years. The taxpayer thus leaves a considerable audit trail.
One of the government’s objectives is to consociate cross-border individual transactions with each other and subsequently prevent VAT fraud. The scope and applicability might extend beyond solely VAT in a successful implementation.
Tax authorities will demand increasingly earlier access to all relevant tax data since this enables efficient, effective, and (almost) real-time audits. Real-time data provision already prevails in terms of VAT. As previously mentioned, VAT and TP have considerable overlap with regard to relevant tax data.
Therefore, developments and innovations regarding taxes shouldn’t be analyzed separately for each tax discipline when it concerns, for instance, tax risk management. The starting point should consider what data will be provided to the tax authorities and which in-house tax discipline will be affected.
Preaudit before submit
The tax function must conduct a risk analysis before the tax services provide the data. Doesn’t sufficiently happen in practice. Consider, for instance, compliance with SAF-T obligations.
In practice, finance and IT focus on meeting the deadline for submitting the data set by the tax authorities. Often, the application of the ‘audit defense protocol’ is lacking, which would have been done in the case of a traditional audit.
In this protocol, unanticipated risks are internally assessed and evaluated before submitting the requested documentation to the tax authorities.
Subsequently, a copy of the document is made and archived. Currently, this process is often omitted when data is submitted electronically, even though not only a data audit trail is left, but multiple data requests can eventually be analyzed in connection with each other. Consider, for instance, SAF-T and all BEPS requirements.
The innovations and changes also demonstrate that solely technical knowledge is insufficient. Developments should be anticipated early, and current limitations must be translated into solutions.
This requires knowledge of change management, technology and audit software, and/or data analysis skills. A background in accounting seems more important than ever, considering the innovations and data requests from the tax authorities.
Possible analysis questions:
Concluding remarks: towards a shared responsibility
One of the questions refers to the reuse of data. In paragraph TP, we described that in the future, increasingly more detailed information on individual transactions is required for analysis and planning.
Cross-border intercompany transactions appertain to the risk area of both TP and VAT. Applying the exact source of information is thus efficient and effective and can also serve as an argument for substantiating new ‘shared’ investments towards senior management.
We also described that concerning VAT, despite risks, there is a long way to go before the means, processes, and technology strategies are embedded and the responsibilities are determined to manage global VAT/GST challenges adequately.
The fact is that both TP and VAT are lagging, yet are in the full spotlight of the tax authorities and often either have no budget for investments or lack manpower (size of the tax function) and internal skills (factor knowledge).
The outlined tax risks and the importance of managing the reputational risks affect not only the tax control framework but also the overarching business control framework, and this automatically implies a higher priority and requires the involvement of the Board of Directors.
The fact that in the UK, the Board of Directors already has final responsibility and the tax strategy must be published publically can substantiate the internal sale of new investments from a business plan perspective and realize more shared responsibility.
When everything is regarded as interconnected, acknowledging that best practices are shared between governments, the chances of this final responsibility also being extended to other countries are highly likely.
It is indeed a joint objective of the EU members to exchange new ways of data collection, including ‘best practices’ regarding new ‘reporting’ and ‘auditing’ applications.
The external accountant and tax service can express this same message from outside to the Board of Directors to contribute to the development, which will, in turn, be necessary for their own (future) functioning.
