Operational tax risk – The blind spot of financial industry risk management
The central risk management functions within financial institutions often do not consider in a holistic manner operational tax risk. This is mainly due to the complexity of tax regimes and a misunderstanding of potential liabilities financial institutions can suffer in the case of incorrect application of those regimes. It is key for operations and risk management functions to align and include such risk into their overall risk assessment.
Operational tax risk is a complex topic by nature as it requires in-depth knowledge of both operations architecture as well as local and international tax regimes.
Operational taxes range from financial transactions taxes and indirect taxes to withholding tax and transfer pricing, to name a few. Operational taxes involve processes such as securities purchases, sales, transfers, coporate actions and services such as loan facilities, securities lending and tax reclaim. Certain intragroup activities can also fall within the scope of operational taxes.
Despite the risk associated with the handling of operational taxes, risk management functions often do not have a full view on the underlying risks. Morevoer, most financial organisations have scattered the responsibility for the tax topic within their insitution. As a consequence, no single department/person carries the overall responsibility for tax matters, thus creating a risk that certain tax subjects, and their related risks, are not properly managed.
What can organisations do to better manage operational tax risk?
Implementing clear tax governance
A clear and structured tax goverance facilitates a robust risk culture aligned with the ambition and strategy of the organisation. Goverance models should encompass (i) strategic directions and policies, (ii) oversight framework, (iii) accessible internal reporting channels, (iv) assurance plans, and (v) practical risks and controls.
Tax governance pillars
Deploying a tax control framework
Once the tone of governance is set at the top, organisations should deploy a control framework covering the full operational tax scope.
Building a tax control framework can be broken down into three steps: risk identification, risk assessment and risk management.
The first step, risk identification, often includes support from external sparring partners to test the completeness of tax subject matters identified. In our experience, even where an organisation has a control framework in place, risks have arisen because of blind spots on certain tax topics.
The second step, risk assessment, should consider both the probability of the risk materialising and the potential exposure, taking into consideration both the mechanics of the relevant tax regimes as well as their operationalisation.
The third and last step, risk management, should be approached holistically, embedded in the overall risk management processes as applied in the organisation rather than as a separate, isolated process.
Aside from helping manage risks, such a framework can bring value across the tax organisation and help raise the profile of the tax function as set out in the below diagram.
Value of a tax control framework
At Deloitte we have experience in guiding organisations in implementing tax governance models underlined by robust control frameworks across a number of tax subject matters. We would be happy to serve as a sparring partner on your journey to deploy an efficient operational tax risk management approach and advise you on the best solution to consolidate it within the overall risk governance of your organisation.
A report from The Institute of International Finance and Deloitte