Skip to main content

VAT GST risks

Unexpected costs are high and ‘above the line’

Measuring risks is often based on the balance between output and input VAT, not the total VAT/GST throughput (also called ‘VAT under management’).

The findings listed above are not surprising, as often the question is asked what risk management even has to do with VAT/GST. The reasoning behind this question is that VAT/GST is typically cost-neutral for most businesses: “a cash in and cash out” scenario. However, every indirect tax function knows that deductible input VAT and liable output VAT must be managed separately to avoid substantial VAT assessments, penalties, and interest payments.

It is a risky business to monitor only the balance between output VAT and input VAT. Neutrality can only be achieved – better is the word ‘earned’ – if specific formal and material requirements are met. It starts with the people in the organization becoming aware of the amounts at stake and the risks of something going wrong. 

Benchmark studies repeatedly create the same picture: too little control and too few KPIs. When a mistake is made in the control, it usually concerns large amounts of money.

Due to technological innovations, tax authorities have become increasingly better at executing their tax audits. The probability that the tax authorities will issue additional assessments and penalties soon increases by the day because errors in indirect tax are being detected. Tax authorities collect and analyze indirect tax data (e.g., SAF-T and e-invoicing for VAT).

The focus is on timely and accurate VAT reporting and whether an effective tax control framework exists in high-risk areas. Tax risk management methods are assessed.

Due to regulations, a tax trend is that companies will have to become transparent about their attitude to tax risk, appetite, and approach to their relationship with tax authorities. It will cover the governance framework describing how a business makes decisions on taxation, including information on the systems and controls in place to manage tax risk.  

It is therefore essential that your (automated) tax control framework be documented and that a logbook—risk register—is kept of all identified inconsistencies. This logbook should always give the internal tax function insight into the areas for attention. Tax managers can set the right priorities and take measures on time.


Let’s dive into an engaging exploration of AR and AP

Failures in VAT-critical systems and processes can result in VAT overpayments that represent a real cost to the business, or under-declarations that threaten penalties and reputational risk.

The tax authorities check the correctness of VAT reporting only afterward. Non-compliance could result in an assessment (depending on the country’s assessment period: NL is five years), including interest and increased penalties, being levied over many years.

The penalties for incorrect invoicing can be a percentage of the turnover, so the amounts can quickly become material. In Europe, up to 27 percent VAT on the turnover, plus penalties.

Take, for example, the risk when the zero VAT rate is incorrectly applied. The supplier is responsible for meeting all the conditions for applying the zero VAT rate. If not, the tax authorities will seek to recover tax due from this supplier via a tax assessment levy. 

If the applicable VAT rate is 25%, the tax assessment will be 25/125 of the consideration charged. This assessment has to be increased with interest and penalties to determine the total tax burden.

Something as basic as a billing error leading to invoices issued in the wrong name could delay revenue receipt and result in nonrecoverable VAT. The penalties for incorrect invoicing can be a percentage of the turnover, so amounts can quickly become material, up to 27 percent VAT in Europe (Hungary 27%) on the turnover, plus penalties.

As written before, it is risky for businesses to monitor only the balance between output and input VAT. Neutrality can only be achieved - better is the word earned - if specific formal and material requirements are met.

In many countries, tax authorities do not audit indirect tax returns. Tax certainty about tax positions taken will exist once the statutory time limits are exceeded. That might change when digital audits' approaches are standardized and implemented as audit methods or other VAT fraud measures come into force.

A single operational failure in the systems and processes that manage the flow of Indirect Taxes through the supply chain can have significant consequences, including additional assessments, penalties, blocked VAT refunds, and delayed customer payments.

But do these taxes and tax planning opportunities get the attention they need, especially in light of increasingly complicated and globalized business models?

One common denominator that is too often missing from a financial transformation's strategic or planning elements is indirect tax. Although these tax considerations may not be among the issues that drive a financial transformation decision, tax can give rise to significant and costly challenges. That is particularly true of value-added tax (VAT), which hits many disparate points within the enterprise, such as finance, procurement, IT, or HR.


 Root cause examples:

  • A process failure (either within or outside the accounting system) to apply the correct VAT liability to a transaction (either not charging VAT when it should be, or charging VAT when it should not be)
  • A failure to identify a requirement to register for VAT within a jurisdiction (establishment is often unnecessary in creating an obligation – a mere sale of goods can be sufficient to create an obligation to register for VAT);
  • A failure to evidence the non-application of VAT to a transaction, e.g., lack of export documentation, etc.
  • A failure to account for VAT on intercompany transactions;
  • A failure to reconcile VAT turnover to AR;
  • A rejection of a VAT credit through AP because of invalid documentation, e.g., the purchase invoice to support the credit was missing or defective;
  • A failure to claim credit for VAT charged at importation;
  • A failure to self-assess VAT on receiving services from a non-resident or transferring goods from one EU Member State to another.

Tax objectives and current needs

The tax function needs to understand the business activities and objectives, including those related to research and development (R&D), and ensure alignment with other departments such as legal, HR, and IT.

The primary goal of the tax function is to mitigate risk and identify opportunities that can support a company's supply chain. Failures in systems and processes crucial for value-added tax (VAT) can lead to overpayments, which represent a real cost to the business, or under-declarations that expose the company to penalties and reputational damage.

The finance and tax departments require access to data showing how transactions are processed and how IT systems are configured. Data integrity is an operational risk when transactions are recorded in any country without proper evaluation for tax purposes.

There may be instances where the financial data in the system does not align with the designed business model, or changes are not managed effectively. Accessing the relevant tax data necessary for reporting to regulators, investors, and tax authorities across all business units and countries presents a significant challenge.

Threats and opportunities: compliance failures, complex legislation, and new tax rules

Managing risk is about making decisions at all levels of an organization to limit the effect and likelihood of threats and to increase the effect and likelihood of opportunities. It is about taking the right amount of the right risk.

  • Review the categories of VAT risk the company faces, the likelihood of occurrence, its potential impact, and mitigation measures.
  • Review the company's risk appetite, risk tolerance, and how risks are measured.

Lack of the right resources or technology support due to change

Take for example a Shared Service Center. Historically, the activities around transactions giving rise to indirect taxes have been handled by in- country entities that are more familiar with local regulations and compliance requirements and accustomed to the rules and obligations for invoicing, liability, rates, accounting and reporting specific to each of the myriad jurisdictions.

But what happens when VAT and GST functions are transferred to an offshore SSC in a faraway location? How complex will the operational requirements be when one SSC deals with countless transactions that originate in multiple countries and languages and fall under the auspices of various cultures and authorities?

In the new situation, employee turnover is often high, and the local staff are made redundant.


A real-world example

A multinational company based in France decided to centralize and transfer functions to Switzerland. Not only did they neglect to document the processes and thoroughly analyze the VAT impact, they also lost staff familiar with the functions.

As a result, the company also lost access to the historical data for preparing VAT returns and had employees unfamiliar with the methods for preparing the returns or making manual adjustments.

When the VAT audit was announced, a major panic ensued, and the SSC staff had to work around the clock to obtain more insight into the original processes and collect information to reconstruct the VAT returns.

The company was at risk of the full VAT amount and penalties of up to 100% of the VAT owed. In short, the potential benefits of the SSC migration were largely overshadowed by the additional time and money spent on this emergency response and the disruption to orderly operations.

As MNCs move increasingly to the shared service model to meet their varied objectives, the responsibility for indirect taxes migrates with them, especially in the case of VAT and goods and services tax (GST). Also, complexity in managing these taxes increases exponentially when cross-border activities are involved, especially in today’s VAT environment, where controls are often external, processes are manual, and procedures are not documented.

One of the most common side effects of a migration that cannot be fully realized is invoicing. For example, many payable invoices are not correctly coded, so VAT is not deducted (in time).

Foresee future risks long before they manifest themselves.

One critical way to ensure that the company reaps the benefits is to anticipate possible problems at the planning stage before they arise in practice. A change in business model can create not only VAT risks but also commercial risks, such as logistics problems in getting goods into a country and delays and hold-ups of shipments, resulting in disruption of daily business. 

There are a couple of root cause examples: the company forgot to register for VAT or procurement forgot to agree with the supplier who was importing the goods.


Managing reputational risk

Reputational risk is a key element in tax risk management, as it considers individual tax risk and how it may influence positions in other areas, negatively or positively. If a company is associated with unacceptable behavior, suppliers or vendors may choose to change contractual relationships, which could impact shareholders' value. Management's objective is to predict the mindset of the public opinion.

Fraud and increased audit and reputational risk

A recent European Union study (2013) says the bloc's 28 member nations may lose almost 200 billion euros ($267 billion) annually in value-added tax revenues due to tax evasion and a lack of enforcement.

EU Tax Commissioner Algirdas Semeta said the number of revenues slipping through the governments' nets is "unacceptable, particularly given the impact such sums could have in bolstering public finances."

The study for the European Commission, the bloc's executive arm, found that member states lost an estimated 193 billion euros ($258 billion) in VAT revenues in 2011, or 1.5 percent of the EU's economic output. 

The European Commission and local governments actively prioritize combating VAT fraud. New measures are being taken, such as introducing individual liability for not remitting VAT if the buyer knew or should have known that he was buying from a fraudster. Demonstrating that sufficient control measures have been taken is essential to preventing this condition of liability.

It is reasonable to assert that the likelihood of a tax audit increases in countries that have experienced significant tax revenue losses due to VAT fraud. This should be considered when developing an audit defense strategy and could justify reassessing the company's indirect tax priorities.

One of the indirect tax function's responsibilities is promptly identifying legislation and regulation changes that may impact the group or its business. Several compelling reasons exist for prioritizing reviewing control measures to prevent such liabilities. Additionally, it’s essential to consider estimates of the VAT gap for each member state.


Personal liability

59 percent of respondents (53 percent in 2014) expect the personal liability of compliance officers to increase in 2015, with 15 percent expecting a significant increase. Compliance officers or their Executives at firms as diverse as Swinton Insurance, Bank Leumi, Bank of Tokyo-Mitsubishi, Brown Brothers Harriman, and Deutsche Bank (DB: VAT fraud) have been fined, banned, or jailed (or a combination).

Criminal charges and jail time

More often, tax and public prosecutors‘ offices file criminal charges for tax-related scenarios with consequences for the businesses' reputation and the executives and employees who could be jailed. Prosecutors said they were investigating 25 bank staff on suspicion of severe tax evasion, money laundering, and obstruction of justice. They searched the headquarters and private residences in Berlin, Düsseldorf, and Frankfurt. "Two of Deutsche Bank's Management Board members Juergen Fitschen and Stefan Krause are involved in the investigations as they signed the value-added tax statement for 2009," Deutsche Bank (DBKGn.DE) said in a statement.