Connect with us

Wealth Management

SECURING THE EVIDENCE FOR VAT AND TAX

Filippa Jörnstedt, Senior Regulatory Counsel at Sovos

 

Businesses are almost entirely digital in their nature. With sophisticated technology now in the reach of most, the measurement and reporting of business transactions have transitioned from slow, manual processes to being automated, allowing finance teams room to breathe. However, alongside the positives of these advancements, there also comes a responsibility to understand the wide-ranging requirements of governments worldwide when it comes to financial transparency.

Recently, we’ve witnessed a shift towards more continuous transactional controls and reporting schemes carried out in real-time, as governments look to reduce their VAT gaps and discrepancies in their economies. Historically, the pressure was on businesses to report their own transaction data, but with the new formats being used, governments are beginning to take matters into their own hands. This makes logical sense, as there is far more complex real-time data being submitted by businesses that governments have access to.

Filippa Jörnstedt

The figurative stick that is VAT control reform is often introduced together with a carrot: removing the need to collate and submit periodic reports, such as VAT returns, to the tax authorities. Ideally, this means less pressure on businesses.  That is, until a problem surfaces, such as data being interpreted in the wrong way, or a dispute arising about the timing of a transaction. Often, these problems originate from reporting being mishandled or through the clearance of transaction data, so keeping a rigorously organised and in-depth record of financial information is imperative for businesses to avoid these problems. Aside from this, it allows them to substantiate any government reports and fix any issues. The difficult aspect, though, is how to build these archives in this way.

 

Digital paper trails

In previous iterations, financial employees were responsible for collating and archiving paper invoices, receipts and other data to provide evidence of their business activity. So, the process of archiving isn’t new, but it needs to reflect the digital times we find ourselves operating in. Simply put, this isn’t a manual task anymore, but many businesses have seemingly just moved to e-archiving without too much thought to just how crucial it is to get right. Modern tax authorities are asking for specific details behind each transaction, paying particularly close attention to time and date, so the archive cannot simply be moved to a digital filing drawer.

Looking at a recent example, India’s reporting requirements now involve invoice data to be sent to the authorities in real-time, for pre-approval and registration onto a state-operated platform.  The invoice will only be considered valid following the generation of a unique Invoice Reference Number by the same platform.

Looking at this from an audit perspective, if a business is later questioned on a transaction then they need to be able to quickly find the correct evidence of that particular transaction, as well as any government response message in relation to that transaction, or risk major fines. Alongside India, also countries closer to home such as Poland and Finland are shifting the way they operate with invoicing and reporting, following Italy’s successful system change last year.

And this is a clear trend; audits into business activity are only going to become more precise and closer to real-time as further governments see the benefits of adopting these methods of tax control. Real-time reporting and mandatory e-invoicing makes sense more widely as these systems have proven to be very effective at reducing VAT gaps, with evidence of this going back decades in areas of Latin America.

 

An authority shift

As outlined, with further countries adopting real-time reporting or variations of this, the tax authority is becoming more central to processes as they receive and gather details on VAT owed by businesses. Reporting in this way makes sense, but pressure on finance teams to keep incredibly detailed data-trails is more important than ever. Tax authorities are increasingly building rich data records of their own as they are receiving more and more granular data in real-time. As a result, the source-of-truth no longer primarily lies with the taxpayer’s financial records, but instead with the tax authority’s ledgers.

To keep pace with this, businesses can no longer simply file away invoices digitally, but also need to record as much data as possible to corroborate the authorities’ records of their transactions. By doing so, they are building an evidence base to be able to dispute any queries or wrong decisions to safeguard their activity. Keeping this front of mind will make the process of addressing any problems far easier than relying on old, less-detailed archives.

Throughout the EU, there are many variations in archiving laws that need to be adhered to. German requirements are set out in their GoBD principles, but in Italy the regulations are far more technical and detailed, reflecting their tax setup. This Italian model asks businesses to provide a documented description of their archives, an overview of its process, but also a delegation plan to show assigned responsibility for those processes. This isn’t an easy set of requirements, especially with laws frequently changing.

The whole aspect of archiving has long been important, but now the stakes are higher; it’s not simply a box-ticking exercise. A complacent, old-school approach to both invoice and transaction data archiving could now result in severe repercussions for businesses. A robust digital strategy is vital.

 

Managing archives to reflect the new normal

Digitalisation does have the benefit of taking some of the pressure off businesses, but this switch in data authority from the business to the tax authority doesn’t mean less work. Regardless of where information is stored, e-invoices must be now kept centrally and be available at any time for those that may need them. Storing these individually, including specific supporting transaction data will mean faster access to relevant evidence for any issues that may arise. Fortunately, technology is now available to do much of the heavy lifting.

To keep up with continually shifting regulation and, importantly, keep compliant with it, businesses must examine how they manage their transaction data and how to ensure their VAT evidence locker is fully stocked. Because legislation may change, but compliance is always compulsory.

 

Wealth Management

HOW RESILIENT IS YOUR ORGANISATION’S SECURITY?

Kimon Nicolaides, Digital Services Group Head at MASS

 

Organisational security can be thought of like peeling the layers of an onion – with critical assets sitting in the middle protected by multiple layers, and if one layer is removed or breached, there’s another one underneath. At least that’s the way it should be – too often, however, we see a siloed approach to the different areas of security. In practice, physical, cyber and personnel security can be much more inter-related than many imagine.

The finance sector is arguably one of the more mature in terms of established security measures. However, it’s also vastly diverse, targeted by some of the most advanced threat actors, and one where even the smallest breach has the potential for significant impact, monetarily, or on market reputation, perception or confidence. Security measures should therefore be viewed holistically, led and understood by senior management, otherwise gaps for exploitation will be found by intelligent and experienced people, supported by an ever-growing arsenal of exploitation technology.

Here, we take a closer look at some of the things that comprise a holistic view of security – based on the approach we take with public sector and defence organisations.

 

Physical security

It may seem obvious, but the first layer to assess should be the physical access to your business. For all organisations, this step remains as true today as it ever has been – even for the finance industry where physical security principles have been established over many years.

This stage should go back to the basics of how an intruder could gain access, starting by reviewing the ‘perimeter’ controls. In fact, the first question is, ‘what is the perimeter?’. With the potential for distributed site facilities, linked remote assets, and supply chain dependencies, this simple question needs careful consideration.

Scenario-based analysis, using threat actor personas, motivations and objectives can really help by defining a where a ‘perimeter’ really lies. It’s also an invaluable methodology for exposing how an organisation could be exploited.

This stage should involve a review of physical controls such as fencing, access technology, CCTV coverage etc., including, their role in deterrence and detection of hostile reconnaissance activities.  Disrupting the planning cycle of attacks is often overlooked relative to direct prevention of unauthorised access.

Ultimately, security measures are only as effective as the people that apply them, so an understanding of human behaviours is essential. It’s important to consider how people’s actions affect overall site security and, why these actions occur.

Issues can range from the wearing of security badges in the street through to poor motivation and effectiveness of roving security staff or those monitoring CCTV. Simple and innocent human mistakes could form the seed of future security breaches.

 

Cyber security

The finance sector has progressed its cyber resilience considerably as it’s been dealing with threats for many years. But business sizes now range from the very large to the small and, as new forms of financial transactions evolve, protection becomes more challenging. There is an increased availability of cyber exploitation toolsets and associated managed services and coupled with a reduction in their cost – lowering the financial and technical barriers to advanced cyber-attacks.

This means that cyber security, even for the finance sector, needs to be taken to a new level and existing assumptions continuously challenged.

For example, while penetration testing regimes remain a vital tool in mitigating network cyber risk (including ‘CBEST’ which has been widely rolled out across the finance sector), these still remain a snapshot in time. While they deliver valuable depth of analysis within a network, they are often constrained in breadth of scope and can potentially leave vulnerability blind spots. Very frequent, lighter-touch cyber assessments can fill this gap as they offer a more dynamic view of ongoing vulnerabilities over a wider proportion of the estate, which could represent ‘low hanging fruit’ for the cyber actor. Assessments can be enhanced by applying modern threat intelligence techniques to rapidly identify existing compromises and potential weaknesses (including personnel and corporate digital footprint). This establishes a picture of cyber posture and vulnerabilities before any testing taking place.

Similarly, end-user device security is often viewed in terms of the encryption strength, keys etc.  However, modern methods of fault injection attack (a device’s response to artificially applied ‘fault conditions’ used to derive security credentials), can effectively sidestep assumed security measures, which would normally take decades to ‘crack’ using computer power. So, it makes sense to test a device’s vulnerability to fault injection, rather than assuming encryption alone will protect it.

For this reason, it’s crucial to examine the wider supply chain. In the finance sector, there is high dependence on suppliers of digital telecommunications and energy services, and when different systems are interconnected its challenging to pinpoint cyber resilience risks. Despite this, it’s possible to map complex information to establish risk, by identifying ‘hot-spot’ concentrations of dependencies that represent single-point failures within the complexity of the overall business operation.

 

The insider threat

The potential threat from insiders – those who might misuse their legitimate access to an organisation’s assets for unauthorised purposes – is often overlooked.

This is particularly true for financial businesses, where personal financial gain could be an incentive, or where security controls are so effective that hostile actors must exploit those with legitimate access to circumvent them. You can think of insider threat as the ‘grand master skeleton key’ of security, as there are few security measures that cannot be overcome by the right insider, or team of insiders.  Security compromises involving insiders can also have a disproportionately high business impact.

Yet many organisations consider insider risk to be mitigated simply by pre-employment screening and fail to recognise the spectrum of risks ranging from genuine human error, through to orchestrated insider activity by paid professionals. Insider cases frequently involve individuals who have been with an organisation for some years and have had some personal vulnerability exploited or exposed, or simply become disgruntled.

It’s a broad area to address. Internal governance, security culture, employee wellbeing, employment measures, corporate digital footprint, and perceived employee sentiment are some of the aspects that should be considered. When you have understood this for your own organisation, you should make the same assessment of your supply chain.

If the business is committed, it’s possible to use structured analytical methods to quantify your organisation’s maturity and assess where the key vulnerabilities and risks could lie. This understanding paves the way for improvement, and even small changes can make a big difference.

 

The hidden layers

Like an onion, there are hidden layers to security that may be overlooked so it’s important to consider physical, cyber and personnel security collectively, and to understand the dependencies you have as a business.

For example, your own environment may be protected, but if data is shared with your suppliers or partners, is it still secure? Similarly, if a supplier or partner has a security breach, what does it mean for your operation, your business continuity and your customers?

When assessing security measures, it’s essential to go an extra layer deeper and consider how a range of factors could impact your organisation and its readiness to respond to an incident.

At MASS, our security experts consist of professionals with extensive experience in preventing security breaches and performing assessments in accordance with Ministry of Defence processes, so that we can ensure our security analysis meets and exceeds industry best practice.

For more information, please visit: https://www.mass.co.uk/what-we-do/cyber-security/cyber-security-training/

 

Continue Reading

Wealth Management

HOW TO CATCH UP ON YOUR RETIREMENT SAVINGS

By Gerard Visser, Certified Financial Planner at Alexander Forbes

For many South Africans who were already finding it difficult to save for retirement, Covid-19 has created additional financial pressures which may take years to overcome.

If you stopped contributions to your retirement annuity, or took a payment holiday on your pension or provident fund, you might be worried about the shortfall created, and how you’re going to catch up.

Stop worrying and take action to avoid retiring with insufficient funds. There are many ways to contribute to your retirement, from employer and employee contributions to pension or provident fund, monthly contributions to a Retirement Annuity or a tax free savings account.

With many people having a reduced income due to the economic ramifications of Covid-19, it might be impossible to contribute a large monthly amount to catch up while having concerns such as debt to pay, but I recommend starting with your budget. This will aid you not only by freeing up extra funds to catch up your retirement contributions with, but could also create some peace of mind with an opportunity to pay debts off faster or save some discretionary money.

Gerard Visser

There are many reasons why it is important to follow a monthly budget. Besides reducing stress levels by keeping an eye on your spending habits, it also allows you to track your debts, finding opportunities to top up emergency funds or save extra towards your retirement. A budget goes hand-in-hand with setting and achieving financial goals.

A budget does create an additional administrative burden and requires time to update. I have my budget on an Excel spreadsheet and update it monthly when making EFT payments.

Costs for entertainment, groceries and petrol are variable in nature and change each month. You might end up not using all the funds set aside for these variable costs. Adding these leftover funds at the end of the month to your savings is a good habit to inculcate. The immediate impact might seem small but over time will make a positive outcome to both your retirement and the development of a savings mind-set.

When you are able to free up some money each month, start automating your savings. Instead of having a variable amount go towards savings, set up an automatic contribution, where you “pay yourself first”. Set up an automatic debit for your retirement savings and you’ll grow these funds without having to think about it.

One of the most important decisions you can take to help make your retirement comfortable is preserving your retirement funds when changing employer.

When starting new employment or if you are coming out of a payment holiday, try matching your employer’s monthly contribution toward your pension or provident fund, or if on a total cost to company structure, start on the maximum employee contribution percentage. By doing this as well as automating your savings, you get use to contributing those amounts and could potentially have a larger nest egg at retirement.

Remember that life happens, and your budget might come under strain – many of us have experienced this during the pandemic. If you have been going through a difficult financial time, it is time to reassess and ask yourself, what in your budget is necessary and what is actually a luxury?

It is never too late to start sorting out your finances, but the earlier you start, the better, and more achievable, the outcome will be.

 

Continue Reading

Magazine

Partner Events

Trending

Top 104 days ago

WHY INDONESIA IS THE WORLD’S NEXT DIGITAL PAYMENTS BATTLEGROUND

Kelvin Phua, Global Head of Payment Networks at PPRO   The COVID-19 outbreak has seen the e-commerce sector surge. Despite...

Business4 days ago

HELPING SMES ACCESS FINANCE IN EXTRAORDINARY TIMES

Tim Vine, Head of Credit Intelligence at Dun & Bradstreet   The closed doors of businesses have become a sadly...

Business4 days ago

DO MESSAGING APPS PUT THE FINANCIAL SERVICES INDUSTRY AT RISK?

Ashley Friedlein, founder and CEO, Guild   Accelerated by the coronavirus pandemic, the use of messaging apps for professional communications...

Business4 days ago

HOW PREVENTING AND MITIGATING FRAUD CAN IMPACT YOUR CUSTOMER RELATIONS

Matt Mascherin, Solutions Engineer, Enterprise Sales Americas, Syniverse   Texting has become a staple of modern life and is so...

Finance5 days ago

2020: THE YEAR OPERATIONAL RESILIENCE AND CYBER-RISK TAKE CENTRE STAGE IN FINANCIAL SERVICES

Miles Tappin, VP of EMEA for ThreatConnect, explores how financial providers can build a cyber security strategy that enables operational...

Wealth Management5 days ago

HOW RESILIENT IS YOUR ORGANISATION’S SECURITY?

Kimon Nicolaides, Digital Services Group Head at MASS   Organisational security can be thought of like peeling the layers of...

News5 days ago

INTERNATIONAL BANKING NETWORK EXPANDS AS IT WELCOMES STANDARD CHARTERED BANK

IBOS Association (IBOS), an international banking network, is delighted to announce its newest member to the group, Standard Chartered Bank....

Wealth Management5 days ago

HOW TO CATCH UP ON YOUR RETIREMENT SAVINGS

By Gerard Visser, Certified Financial Planner at Alexander Forbes For many South Africans who were already finding it difficult to save...

Technology6 days ago

ARTIFICIAL INTELLIGENCE AND FUTURE OF TECHNOLOGY

Ashish Jain, CEO, Future FX   Artificial Intelligence refers to machine intelligence that is programmed to think like humans and...

Finance6 days ago

GROWTH OF FINANCIAL MARKETS AND TECHNOLOGY

Ashish Jain,CEO, Future FX   The economic development of any nation completely depends on its financial structure both in long...

Banking1 week ago

NO SAFE HARBOUR FOR DIGITAL BANKING

by Konstantin Bodragin, Business Analyst and Digital Marketing Officer at Bruc Bond   At the beginning of 2020, the future...

Business1 week ago

CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?

By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow   It’s no secret that the financial...

News1 week ago

ARE MIDDLE EAST ENTERPRISES PREPARED FOR THE FUTURE?

Deloitte releases 2020 tech trends report   Deloitte’s 11th annual report on technology trends captures the intersection of digital technologies, human...

Wealth Management1 week ago

ONLINE STOCK BROKERS ARE BENEFITING IN 2020

2020 has changed our lives in dramatic ways. Thanks to COVID-19, many of us now work from home. Rather than...

AI AI
Finance1 week ago

COULD COVID-19 BE THE CATALYST FOR DIGITAL TRANSFORMATION IN FINANCE?

By Simon Bull, Sales Operations & Business Development Manager at Aqilla   We are all now living in a new...

Banking1 week ago

WHY OPEN BANKING SHOULD BE EVERY MARKETER’S BEST FRIEND

By Kathryn Wright, CSO, Upside   To date, Open Banking has been mainly utilised to help consumers with account switching...

Finance1 week ago

TOP TECHNOLOGY TRENDS FINANCIAL INSTITUTIONS SHOULD INVEST IN TO BRIDGE THE GAP IN REMOTE WORK

Chirag Shah, Senior Vice President, Fintech & Innovation Lead, Publicis Sapient   More than ever before, technology is critical to...

Business2 weeks ago

TOP 5 LINKEDIN PROFILE OPTIMIZATION HACKS FOR ASPIRING BANKERS

According to Firmex, finance professionals cannot afford to be not on LinkedIn. A significant number of organizations acquire talent in...

Wealth Management2 weeks ago

TAPPING INTO THE DATA GOLDMINE: THE FUTURE OF DATA-DRIVEN CREDIT MANAGEMENT

Willand Brienen, product owner at Onguard   Data, and the insights it reveals, can offer organisations a vast number of...

Finance2 weeks ago

ENLISTING TECHNOLOGY TO HELP FIGHT FINANCIAL CRIME

By Rachel Woolley, Director of Financial Crime Fenergo   Million-dollar properties, private jets and parties on luxury yachts with celebrity...

Trending