Loading...

New requirements for an internal control system are being prepared for companies that are subject to tax monitoring

Pepeliaev Group advises that a draft of the new requirements for an internal control system and of the forms and formats of documents to be provided by a company when disclosing information about this system[1] has been posted on the federal portal of draft regulatory acts.
 
As the Russian Federal Tax Service (the “FTS”) has indicated on its website, the new requirements will help increase tax authorities’ trust in internal control systems (ICS) of companies participating in monitoring.

If this Draft is adopted, the current requirements for an ICS (the “Requirements for an ICS”) (approved by Order No. 509[2]) will be repealed.

The structure of the Draft and those parts of it that do not regulate the content of the Appendices to the requirements repeat almost entirely the Requirements for an ICS.

However, out of the eleven Appendices to the Requirements for an ICS used currently, only one form is proposed to be transferred without change to the new order: the form establishing a functional connection between the volume of source documents to be provided in the framework of monitoring and the level of maturity of an ICS (Appendix No. 8 to the Requirements for an ICS; Appendix No. 9 to the Draft).
 
Amendments connected with the other Appendices may be divided into three categories.

Changes in the content

The Draft contains significant changes of the forms to be used by a monitored company to disclose to the tax authority information about risks, control procedures, results of control procedures, about how its ICS is organised and the level of maturity of it (Appendices Nos. 1, 2, 5. 9 and 11 to the Requirements for an ICS; Appendices Nos. 1, 3, 5, 10 and 14 to the Draft).
 
It is proposed to make insignificant amendments to Appendices describing the components of an ICS, organisational levels of an ICS and the list of measures to improve an ICS (Appendices Nos. 6, 7 and 10 to the Requirements for an ICS; Appendices Nos. 7, 8 and 12 to the Draft).
 

Removed Appendices

In accordance with the Draft, a monitored company will not have to submit to the tax authority a report on the analysis of control procedures, a risk matrix and a matrix of control procedures (Appendices Nos. 3 and 4 to the Requirements for an ICS).
 

New Appendices

The Draft leaves unchanged the list of areas of identifying risks. However, new Appendix No. 16 to the Draft assigns each area a four-digit code which the company must use when submitting risk-related information to the tax authority. Before the Draft was published, the same codes were sent in letter No. BV-4-23/13939@ of the FTS dated 31 August 2020 (as amended by letter No. SD-4-23/16001@ of the FTS dated 30 September 2020). However, these codes were only recommended for use.

Also, it is proposed to entrench the formats of information to be submitted concerning an ICS as new Appendices: it is being planned that a company will send information on its ICS to the tax inspectorate as XML files (Appendices Nos. 2, 4, 6, 11, 13 and 15 to the Draft). This procedure for submitting information is similar to the procedure which the FTS intends to establish in its other draft orders concerning tax monitoring[3].

comment.jpgThe amendments proposed by the Draft reflect the intent of the FTS to automate the checking of monitored companies’ documents. Beside the document formats described above, this desire of the FTS can be clearly seen from the fact that, according to the Draft, a lot of information in the forms to be submitted by companies will be provided as digital codes and not as text (as at present).

Below we describe in more detail some of the planned new developments.

1. Disclosing information on risks (Appendix No. 1 to the Requirements for an ICS, Appendix No. 1 to the Draft)

According to the new form, a company will need to submit to the inspectorate more detailed information on risks identifiable for the purposes of monitoring (the number of entries in the new form is almost twice as large as in the current one). Among other things, it is planned that a company will additionally send information on the code under the All-Russian Classifier of Types of Economic Activity (known by the Russian abbreviation ‘OKVED’) of the economic activity to which the risk relates; on the category of the risk (general, industry-specific, economic or another); detailed information on the transaction (operation) regarding which the risk has been identified (including about the contracting party, type of the transaction and details of the agreement); and information regarding the control procedure performed with respect to the risk.

It is being planned to adjust the entries about whether the risk arose in the past and about the likelihood, consequences and level of the risk. For example, information about whether the risk arose in the past will need to be specified in points for the five years preceding the period of the monitoring, the likelihood of the risk will be assessed as a percentage, the consequences in roubles and the level of the risk - in points (1 - low, 2 - average and 3 - high).

Instead of referring to legislation connected with the risk, it is proposed that companies specify the tax (or levy or contribution) to which the risk relates and the corresponding provision of the Russian Tax Code (with a level of detail down to the paragraph number).

On the other hand, it is planned to remove the entries of the current form about the source of the risk and about whether the level of risk has reached the acceptable boundary.

2. Disclosing information on control procedures (Appendices Nos. 2, 3 and 5 to the Requirements for an ICS, Appendices Nos. 3 and 5 to the Draft)

The volume of the new form for submitting information on control procedures (Appendix No. 3 to the Draft) is comparable with the volume of the currently used form (Appendix No. 2 to the Requirements for an ICS). However, it is proposed to change the content of this Appendix significantly.
 
In particular, it will be necessary to specify the tax (levy or contribution) regarding which the control procedure is being performed (as is done for the risks) and the level of control (all or only certain items). The new form has an additional focus on the data on the company's information systems in which the control procedures are performed: an entry is included to indicate whether the information system has a function of recording automatically the results of control procedures.

At the same time, the new draft form does not include certain data which a monitored company needs to provide currently: the area where risks are identified, the stage of the control procedure (a detailed description of the control procedure), the level of significance of the control procedure (key or compensating), the position of the person conducting the control procedure and the internal documents that regulate how the procedure should be conducted.
 
It is proposed to add to the report on the results of control procedures (Appendix No. 5 to the Requirements for an ICS, Appendix No. 5 to the Draft) information about the total number of transactions (operations) during the quarter, the number of transactions (operations) checked by the company, the number of source accounting documents and of agreements for these transactions (operations).

Also, it is planned to remove the entry concerning documents confirming that a control procedure has been conducted (apparently, because similar information will be provided in the form for submitting information on control procedures).

comment.jpgUnlike the Requirements for an ICS, the Draft does not include an obligation of a monitored company to submit a report on the analysis of control procedures, a risk matrix and a matrix of control procedures (Appendices Nos. 3 and 4 to the Requirements for an ICS). This has resulted from the content being expanded of the forms described above concerning risks and control procedures.

3. Disclosing information on how an ICS is organised (Appendix No. 10 to the Requirements for an ICS, Appendix No. 14 to the Draft)

In the information about how its ICS is organised, the company discloses to the tax authority general information on its internal control system: the control environment, the risk management system, the control procedures, information systems and the monitoring of the ICS.
 
The Draft does not add any significant changes to the structure of information on the ICS. It is being proposed to make some additions to the title page (the code of the tax authority and the period of monitoring will need to be specified), to the section on the risk management system (the procedure for documenting risks will need to be set out in this section) and to the section on the monitoring of an ICS (a new item will be added - a checklist for the company to assess the level of maturity of its ICS).
 
The only section whose structure has been revised significantly is the section on the information systems of the company. Instead of six items it is planned to keep only two in this section: the information on the procedure for an audit of information systems and the description of the standards and rules used in the area of information security.
 
The main changes affect the form in which information about how an ICS is organised will be submitted and the content of the sections.
 
The Draft assumes that companies will submit this form not as text, as at present, but as tables. The content of the tables is provided in the annexes to the draft report on how an ICS is organised, and the content of the remaining items is more detailed that the current Appendix No. 10 to the Requirements for an ICS.

comment.jpgPreviously, the tabular form of presenting information about how an ICS is organised was recommended for use in Letter No. BV-4-23/13939@ of the FTS dated 31 August 2020. However, this form is very different from the form set out in the Draft.

The tabular format of presenting information about an ICS is similar to the format which the FTS plans to use for another document which companies currently submit as text, the information exchange regulations[4].

To prepare these documents using the new form, a company will need to fill in the appropriate cells in a table, which is likely to simplify the process of preparing these materials.

Much interest is excited by the new item of information regarding how an ICS is organised - the checklist to assess the level of an ICS. This checklist is a questionnaire including 55 questions on all components of an ICS to which a company will need to answer ‘yes’ or ‘no’ and in certain cases provide information on how often certain activities happen and on the details of internal documents.
 
Presumably, companies will be able to use this checklist for self-assessment and to check the level of maturity of their ICS. In addition, it will demonstrate to the tax authority in the most illustrative format the condition of the company’s ICS.
 

What to think about and what to do

According to the federal portal of draft regulatory acts, the date when the new requirements for an ICS are planned to come into force is April 2021, the same as for other draft orders of the FTS regarding tax monitoring which have been published.
 
The Draft includes no provisions on a transition period or the date when the new requirements will begin to apply; therefore, it is very likely that companies that enter monitoring in 2022 will need to adhere to the new requirements for an ICS while those that are subject to monitoring at present will need to start using the new forms and formats this year.
 
Both those companies that are already subject to tax monitoring and those that only plan to adopt this form of control are recommended to watch closely the planned changes in the regulation of monitoring: the companies that are subject to monitoring need to do this in order to be able to promptly amend documents they have adopted and their ongoing processes; companies that only plan the transition need to do this to use the updated requirements as they enter monitoring.
 

Help from your adviser

Pepeliaev Group's team is constantly monitoring the changes in the legal regulation of tax monitoring and is happy to offer assistance in advising on various issues related to entering monitoring and being subject to this form of control. In particular, we offer: the assessment of the current internal control and risk management system and developing recommendations on how it can be updated taking into account the current requirements of the Russian Federal Tax Service; the preparation of documents to enter tax monitoring and providing support during this process; and an analysis of whether the documents already used by a monitored company need to be updated taking into account the changes in legal regulation. 



[1] The Draft Order of the Russian Federal Tax Service “On approving the Requirements for an internal control system and of the forms and formats of documents to be provided by organisations when disclosing information about an internal control system”, Project ID: 02/08/09-20/00108491.
[2] Order No. ММВ-7-15/509@ of the FTS “On approving the Requirements for organising an internal control system” dated 16 June 2017.
[3] See draft Orders of the FTS “On approving forms and formats of documents used in tax monitoring and requirements for them” (Project ID: 02/08/09-20/00108489) and “On approving forms and formats of documents used when a well-grounded opinion of the tax authority is drafted, and requirements for them” (project ID: 02/08/09-20/00108490).
[4] See the draft Order of the Federal Tax Service “On approving forms and formats of documents used for tax monitoring, as well as requirements for them”.

Отправить статью

04.12.2024
30 experts of Pepeliaev Group have received acclaim in 17 categories of the 2024 rankings by Rossiyskaya Gazeta
Read more
21.11.2024
Pepeliaev Group’s delegates went on a business mission to China in November 2024
Read more
10.10.2024
Pepeliaev Group's team has visited Ehrmann
Read more