Colin Graham, Global Financial Services Tax Leader, PwC UK explores how and why tax poses operational risks and how these risks should be high on the agenda of the Chief Risk Officer (CRO), who remains a critical stakeholder.
Traditionally, tax risk consideration would have been the exclusive preserve of the tax function of an organisation and would not have been high on the agenda of the Chief Risk Officer (CRO). However, due to several developments in the external and internal environment in which banks operate there are signs that this is starting to change.
The nature of tax risk and its impact on the operational realm
According to the Basel Committee ‘operational risk’ is “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.”(1)
Viewed through a traditional lens, tax risk would not seem to fall squarely within this definition as it would generally be regarded as a risk of a loss arising from a failure to properly apply the relevant tax law (e.g., the tax authority’s successful challenge of the interpretation of its rules, failure to identify a relevant tax law change, etc.) In other words, primarily a technical risk relating to an incorrect application of the tax law and therefore a risk which properly fails to be managed by subject matter experts in the tax function.
However, due to changes in the nature and requirements of tax law; the approach of tax authorities and the way in which banks are managing their tax affairs, the nature of tax risk is increasingly moving beyond the technical into the realm of operational. Whilst this risk has arguably always been present, these changes are causing the operational aspects of tax risk to come into sharper focus.
“Against a global backdrop of continuing fiscal deficits and emerging populism, tax is likely to remain an emotive and politically sensitive issue and any tax related compliance failures by a bank will continue to carry the inevitable reputational consequences.”
Examining these changes in a little more detail:
- The nature and requirements of tax law: As part of a global clampdown on tax avoidance and tax evasion in the aftermath of the global financial crisis, there has been a proliferation of new tax rules requiring banks to both report data to the tax authorities regarding their customer’s affairs (e.g., FATCA, Common Reporting Standard, the recently introduced EU DAC 6, etc.) and to implement proper controls for managing both their own tax affairs and their tax related interactions with customers (e.g., the SAO regime, Code of Practice on Taxation for Banks and the Corporate Criminal Offence regime in the UK would be leading examples). By their nature, ensuring compliance with these rules is primarily an operational matter requiring effective process and controls to be in place well beyond the tax function.
- The approach of tax authorities: The combination of the various customer tax reporting regimes referred together with other tax reporting requirements, such the Country by Country reporting requirements for transfer pricing purposes pursuant to the OECD’s BEPS initiative, means that tax authorities will be in possession of a vast amount of data regarding a bank’s tax affairs. Access to this data coupled with use of sophisticated technology, such as Big Data analytics, means that tax authorities will increasingly focus their tax audit approach on the data and systems aspects of bank’s tax compliance affairs. Evidence of this systems-led approach is already visible in the sector of indirect taxes.
- How banks manage their tax affairs: As banks continue to pursue their transformation journey to drive operational efficiency, tax functions are reassessing their mandate to determine how to deliver on this in a technology enabled way. This process is likely to lead to more tax related processes being undertaken outside the tax function (e.g., in Compliance, Financial Crime, Operations, etc.) in an automated manner. This will mean that a bank’s compliance with its tax obligations will depend increasingly on the quality and accuracy of its data and the robustness and resilience of its systems.
The role of the CRO: a critical stakeholder
Against a global backdrop of continuing fiscal deficits and emerging populism, tax is likely to remain an emotive and politically sensitive issue and any tax related compliance failures by a bank will continue to carry inevitable reputational consequences.
“…due to changes in the nature and requirements of tax law; the approach of tax authorities and the way in which banks are managing their tax affairs, the nature of tax risk is increasingly moving beyond the technical into the realm of operational.”
These macro trends are likely to continue to shape the tax landscape over the following years and will require a response from well beyond bank’s tax functions. The CRO - the critical stakeholder in this journey - should review the current state to ensure the roles and responsibilities of the multiple functions within the bank provide an operating model for compliance to cover these tax risks. If not, the CRO should consult with these functions and create a new target operation model for the emerging tax risks.