Opportunities for tax functions as APRA raises the bar for risk management
Banking on Tax, Issue 11
APRA recently released draft Prudential Standard CPS 220 – Risk Management (CPS 220) and an updated draft Prudential Standard CPS 510 – Governance (CPS 510). The focus of the proposed standards is to ensure that there are designated and independent risk management capabilities to effect adequate and consistent monitoring and management of 'material risks' across the industry. The proposed standards will be finalised by the start of 2014 with compliance required by 1 January 2015.
Key requirements of the APRA draft standards
1. Reshape risk management frameworks
- A board approved risk appetite statement
- A risk management strategy that addresses, at a minimum, 'material risks'
- A business plan that links to the institution's risk profile
- A designated risk management function that is independent from business lines and centralised functions
- Fit-for-purpose management information systems that provide for accurate information, stress testing and appropriate escalation of issues concerning an institution's risk profile
- Internal and external processes for monitoring, managing and attesting to the adequacy of the risk management framework
- Board accountability to ensure a strong and robust risk culture.
2. Recalibrate risk governance
- Establish an independent risk management function controlled by a Chief Risk Officer reporting directly to the Chief Executive Officer and the Board Risk Committee (BRC)
- Establish the BRC, chaired by an independent director, to advise on the development and implementation of risk management frameworks
- The Board Audit Committee (BAC) to continue to focus on risk assurance matters
- Obtain BAC endorsement to appoint or remove external auditors and Heads of Internal Audit.
3. Refocus on fit-for-purpose risk settings and attestations
- Annual attestations as to the adequacy of an institution's risk management framework being fit for purpose
- Annual and three-year comprehensive external risk management reviews extended to Authorised Deposit-taking Institutions.
Opportunities for tax functions
While the draft APRA standards apply to all areas of a bank, for tax, where risks have traditionally been managed separately to the overall risk management framework of a bank, the changes represent a significant opportunity. By incorporating the tax risk management framework and governance in a bank's response to APRA's changes, a tax function can further raise its profile within the bank and concurrently respond to the ATO's focus on tax risk management and governance.
The ATO's focus will intensify over the coming years as it is currently consulting on how it will undertake reviews of corporate tax governance documents and procedures.
The ATO's expectations of tax risk management and governance, as set out in its large business and tax compliance booklet published in December 2012, include:
- A documented tax risk management policy
- A board-approved tax risk framework
- Accurate and reliable information systems.
Key APRA requirements in the draft standards which will have an impact on the tax function and questions for a tax function to ask as the APRA standards are finalised and implemented include:
- A board-approved risk appetite statement: Does this statement include a risk appetite statement for tax? Does this statement take into account the 'new environment' with the increased media focus on base erosion and profit shifting and responsible tax? Does the statement clarify to the business what transactions are appropriate from a tax risk perspective and when tax input needs to be sought?
- A risk management strategy: Have key tax risks been identified, not just within the central tax function but also across the bank (e.g. indirect tax risks in the finance function, employment tax risks in HR and payroll, etc.)?
- Fit-for-purpose management information systems: Have the systems been reviewed to ensure that they provide the appropriate information for tax? Systems should be reviewed for accuracy, but opportunities should also be considered to potentially identify and substantiate the tax treatment of particular income and expenditure
- Signed annual risk management framework declaration: Has tax been included in this review and sign-off process? In the UK, CFO sign-offs on tax processes to comply with the Senior Accounting Officer requirements have led to a greatly increased profile for the tax function in many organisations.
There are numerous cross-overs between the requirements of the ATO and APRA. Although the changes may require some effort in the short term, they represent a great opportunity for the tax function to further raise its profile in the organisation and get a seat at the table.