Imke Gerdes is with Baker McKenzie in New York.
In this article, the author discusses the growing use of cross-border audits, examining their connection to the push for transparency and how they operate both within and outside the European Union. She addresses concerns about taxpayer secrecy, the potential benefits for both tax authorities and taxpayers, and discusses how taxpayers can prepare to face this new form of audit.
We live in a world of voluntary (and sometimes not-so-voluntary) globalization, yet many have underestimated the willingness (or the necessity) to go global. The omnipresent internet and the insatiable interest of computer-savvy people in secret data, combined with patchy or outdated security measures, has led to data leaks like LuxLeaks (2014) and the Panama Papers (2015) — events that shook the tax world and made many wonder about the safety of their financial information. These scandals occurred in the middle of the OECD’s base erosion and profit-shifting project, and they reinforced the need to take action against BEPS. The BEPS project has produced final reports on 15 action items, including the Multilateral Convention to Implement Tax Treaty Related Measures to Prevent Base Erosion and Profit Shifting and the four minimum standards that form the inclusive framework. One of these minimum standards is action 13, “Transfer Pricing Documentation and Country-by-Country Reporting.” Action 13 incorporates a key element that makes the implementation of the BEPS action items possible: a call for transparency.
Cross-Border Audits and BEPS
The BEPS action 13 report introduced CbC reporting, in accordance with which countries require multinational enterprises to annually report the information set out in the CbC template for each tax jurisdiction in which they do business. In addition to the CbC template, the action 13 report includes three model competent authority agreements that jurisdictions can use to facilitate the implementation of the exchange of the CbC reports. These are based on:
the Multilateral Convention on Administrative Assistance in Tax Matters (MCAA);
bilateral tax conventions; and
tax information exchange agreements.
The primary objective of most of these agreements is the exchange of information among tax administrations in different countries. Thus, BEPS not only resulted in worldwide tax policy changes, but also brought about a new era of transparency for taxpayers.
Why is this important? Because transparency and the exchange of information have brought about a new way of conducting taxpayer audits of MNEs. While the MCAA is not new — the OECD and the Council of Europe first developed it as a joint effort in 1988 and amended it by protocol in 2010 — BEPS brought it back into the limelight. To date, 124 countries are participating in the MCAA. Fifty-six of these countries ratified or approved the amended convention during or soon after 2014 — the same time that the BEPS project was gaining traction.
Article 8 of the MCAA explicitly mentions the possibility that countries might conduct simultaneous tax examinations, which means:
an arrangement between two or more Parties to examine simultaneously, each in its own territory, the tax affairs of a person or persons in which they have a common or related interest, with a view to exchanging any relevant information which they so obtain.
This wording might sound quite familiar to the reader. Very similar wording appears in Council Directive 2011/16/EU of February 15, 2011, on administrative cooperation in the field of taxation (EU administrative assistance directive). Article 12 of the EU administrative assistance directive states that:
where two or more Member States agree to conduct simultaneous controls, in their own territory, of one or more persons of common or complementary interest to them, with a view to exchanging information thus obtained, paragraphs 2, 3 and 4 shall apply.
Article 1(1) clarifies that the information obtained in these proceedings may only be exchanged if it is “foreseeably relevant to the administration and enforcement of the domestic law of the Member States.” With simultaneous controls, each country conducts its own domestic audit, but these individual domestic audits are embedded in the framework of a cross-border audit — an audit led by one country within which countries exchange information.
While countries have not yet made wide use of the simultaneous audit procedures under the MCAA, there is a fair amount of EU experience that one can draw upon.
Cross-Border Audits in the EU
Generally, member states must implement an EU directive into their domestic law by a deadline mentioned in the directive. If the deadline has passed and a member state has not duly implemented the directive, the core principles of the directive become directly applicable. In contrast, an EU regulation applies directly and does not require any implementation. Under its terms, member states had until January 1, 2013, to implement the EU administrative assistance directive. Thus, cross-border audits in the EU are based on the EU administrative assistance directive and the various domestic laws implementing it.
Also, the European Parliament and the Council of the EU adopted Regulation 1286/2013 of December 11, 2013, establishing an action program to improve the operation of taxation systems in the EU for the period 2014 through 2020 (Fiscalis 2020). Fiscalis 2020 is the successor to a multiyear program for taxation that applied before 2014 — a program the EU considered to be very successful in enhancing cross-border cooperation between tax authorities. The EU is already working on a program for the years 2021 through 2027. Under Fiscalis 2020, the EU funded projects — including cross-border audits (called bilateral, multilateral, or simultaneous controls), working visits, project groups (limited-term groups focused on a predetermined objective and precise outcome), and similar actions — with a €223 million investment. For the first quarter of 2018, the EU allocated a lump sum of €4.1 million to joint actions, such as multilateral controls. The funds can support travel expenses, daily allowances, accommodations, and experts’ fees. The EU can increase the amount in accordance with specific requests.
Lastly, in the discussion paper from the EU Joint Transfer Pricing Forum (JTPF) titled “Joint Audits for Transfer Pricing in the EU” and dated October 2015, the European Commission encourages the use of multilateral cooperation and coordination to remedy potential difficulties in transfer pricing cases. Because the EU funds and encourages multilateral controls, more member states are taking this opportunity and inviting other member states to join their audit activity. According to a progress report that the EU released in April, there were 131 multilateral controls in 2016.
How Do Simultaneous Controls Work?
In the EU, one member state conducting a domestic audit of a taxpayer initiates a simultaneous control by inviting other member state(s) to conduct audits in their jurisdiction of the same legal person or related entities with the goal to share the information gathered in the course of those domestic audits.
The country that initiates the audit usually takes the lead in organizing the audit and related meetings. Usually, the simultaneous control begins with a kickoff meeting between the participating tax authorities during which they exchange information they already have, define the objective of the audit, and discuss potential strategies. The taxpayer is not a mandatory party and does not have a legal right to be heard. However, the authorities often invite the taxpayer. It is highly advisable for the taxpayer to accept this invitation and present the tax authorities with information about the general business operations, in-country activities, and activities that take place in other countries that might have a bearing on the tax situation in the participating countries. It is important to ensure that all tax authorities receive the same information and participate in the discussion based on that information and a shared understanding of the taxpayer at issue. Likewise, it is sensible to identify differences between the taxpayer’s — and, in the case of MNEs, related companies’ — presence in the participating countries that might warrant a different tax treatment. In practice, taxpayers want to be careful about what information they share with the entire group, and what information they reserve for use in the local country audit that the countries undertake as part of the simultaneous control.
The initiating country is also responsible for maintaining contact with the taxpayer and sending out questionnaires on behalf of the participating countries. Usually, the taxpayer resident in the country that initiated the simultaneous control will be the main point of contact for information requests. Here, it is helpful to draw a distinct line between questions that benefit the entire group — questions that one group member can answer on behalf of all companies affected by the cross-border audit — and those that pertain to only one single company with no bearing on the other companies involved. It is important to keep the local country audit as separate as possible from the simultaneous control to avoid inadvertently sharing information that does not need to be shared. Ultimately, the efficiency of a cross-border audit depends heavily on the efficiency of the tax authorities leading the audit. Because the taxpayer has no legal right to actively participate in meetings between the tax authorities, it should actively seek this participation and should not shy away from voicing suggestions or concerns — for example, the taxpayer should express concerns if information may be shared with a country that might not have reliable taxpayer confidentiality protections.
At the end of a cross-border audit or simultaneous control, the initiating country will draft an anonymized report and submit it to the European Commission, which will make it accessible to every member state. The taxpayer should try to exert as much influence as possible on this report to ensure that its identity is not disclosed. Some taxpayers’ business models are so unique that even an anonymous report still gives away enough information to identify the company.
A simultaneous control does not necessarily need to end in a resolution for all countries involved. Ideally, that is the outcome. But, for example, participating countries could conclude that they all received sufficient information through the simultaneous control to enable them to bring their domestic audits to an end. In this event, there will not be one single result for all countries — rather, each country will separately close its own domestic audit. In all instances, the domestic audits must be finalized under the applicable domestic laws. Finishing the simultaneous control does not automatically close the domestic audits.
When Is a Cross-Border Audit Permissible?
Based on article 12 of the EU administrative assistance directive, a cross-border audit is permissible when the tax authorities agree to conduct an audit of “one or more persons of common or complementary interest to them.”
What does “one or more persons of common or complementary interest” mean? The directive is silent on this point. The first question is how to interpret “of common or complementary interest to them” (emphasis added). Should this be read as a common or complementary interest among the member states or among the persons audited? Comparing the German and French versions of the directive with the English version suggests that it refers to a common or complementary interest for the persons being audited — not for the tax authorities. Further, it seems logical that parties have a common or complementary interest if they enter into a transaction with each other. A typical transfer pricing case — when company A in country X enters into a transaction with the related company B in country Y — is clearly a case in which both parties share a common interest.
What if company A and company B do not enter into any transactions, but they happen to belong to the same group of companies? What is the common or complementary interest? Also, would information obtained in a simultaneous control be foreseeably relevant to the other member state, as article 1(1) of the directive requires? The JTPF believes a simultaneous control as mentioned in the EU administrative assistance directive is something different than a multilateral control, and that the latter also captures situations in which company A and company B do not have a common or complementary interest. In this situation, whether the member states have a common or complementary interest appears to be decisive.
In section 1.2 of the joint audits discussion paper, the JTPF states:
When Simultaneous Controls (“SC”) and Multilateral Controls (“MLC”) are mentioned hereafter, they should be construed as defined respectively in the Directive on Administrative Cooperation (2011/16/EU Art.12) and the [Directorate-General for Taxation and Customs Union] Multilateral Control Management Guide (2012), i.e.:
In a Simultaneous Control (“SC”), two or more Member States agree to conduct a control simultaneously, respectively in their own territory, of one or more persons of common or complementary interest to them, with a view to exchanging the information thus obtained;
In a Multilateral Control (“MLC”), a co-ordinated control of the tax liability of one or more related taxable persons, is organised by two or more participating countries which includes at least one Member State having common or complementary interests. Multilateral controls may be organised simultaneously (i.e. as a SC), but this is not obligatory. [Internal citation removed.]
It is not clear how the JTPF draws the distinction between simultaneous controls and multilateral controls. The directive only refers to simultaneous controls. However, the regulation establishing Fiscalis 2020 specifically refers to multilateral controls as one of the actions eligible for funding, without drawing a distinction with the term “simultaneous control.” Even the OECD uses the terms “simultaneous control” and “multilateral control” interchangeably when discussing actions under the EU administrative assistance directive.1 If the directive does not provide a legal basis for multilateral controls as defined by the JTPF, how can the Directorate-General for Taxation and Customs Union’s Multilateral Control Management Guide — which is notably no longer accessible via the link provided by the JTPF2 — serve as a legal basis? It is neither primary nor secondary EU law, but merely a management guide.
However, in practice, tax authorities take exactly this approach. Member states have conducted simultaneous controls in accordance with article 12 of the EU administrative assistance directive when the companies in the respective countries have no direct relationship with each other — that is, beyond being part of the same group of companies — but merely, for example, carry out the same activities. The reasoning of the tax authorities is usually that, because the activities of the companies in question are the same or similar, it is more efficient to assess the facts for all companies at the same time and each country should apply the same taxation — for example, apply the same profit margin to companies carrying out the same functions. Hence, in the view of most EU members, a common or complementary interest exists and thus a simultaneous control is permissible. Whether a taxpayer can appeal the initiation of a cross-border audit depends on the local law. However, most European countries do not allow the taxpayer to obtain an injunction.
A separate question is whether the states must align the time period under audit. The directive does not address this point at all, so it is up to the tax authorities to decide whether that alignment is required. One could argue that aligning the years under audit is a prerequisite for having a common or complementary interest. While common sense suggests that having the same audit period enhances the efficiency and value of a cross-border audit, there have been cases in which the years under audit barely overlapped. This poses a challenge for the taxpayer as it must ensure that the information it gives to the authorities in response to an information request is valid for all years under audit. If the business model or the allocation of risks and functions are not the same for all years and for all companies, the taxpayer will have to decide whether to share this information with all tax authorities or request that some questions be answered bilaterally only — essentially, asking the receiving country not to share specified information with the other participating countries.
What About Taxpayer Secrecy?
According to article 16(1) of the EU administrative assistance directive, the obligation of official secrecy covers information communicated between member states in any form — including information exchanged during a simultaneous control — and the information enjoys the same protection that the national law of the receiving member state would extend to similar information. Under article 2(1) of the EU administrative assistance directive, officials may use this information to assess other taxes covered by the directive, which includes all taxes levied by, or on behalf of, a member state or its authorities. With permission from the competent authority of the member state providing the information, the information may be used for other purposes as well. Further, the first state may share information with a third member state if the communicating member state believes that this information is likely to be useful to this third member state when it assesses taxes. This is also true for information obtained from a third country. Likewise, article 24(2) of the EU administrative assistance directive permits the exchange of information from a simultaneous control process with third countries when the domestic law of the member state communicating the information allows for the exchange, the member state that the information originates from consents to the exchange, and the third country provides:
the cooperation required to gather evidence of the irregular or illegal nature of transactions which appear to contravene or constitute an abuse of tax legislation.
It is important to note that the tax secrecy rules of the receiving member state apply. What if the tax secrecy practices of the receiving member state are less strict than the tax secrecy of the member state that shares the information? Article 17(4) of the directive provides that the exchange of information:
may be refused, where it would lead to the disclosure of a commercial, industrial or professional secret or of a commercial process, or of information whose disclosure would be contrary to public policy.
One might argue that exchanging information with a country that applies less stringent taxpayer secrecy rules is contrary to public policy. Tax authorities have rejected this argument, however, pointing to the secrecy obligations under double tax treaties and the directive and arguing that a mere potential breach of this obligation is not a sufficient reason to deny an exchange of information. This response misses the point: The issue is not that a country might violate its domestic or treaty secrecy obligations, but rather that the country might not have similar taxpayer secrecy protections and thus might allow a disclosure that would be impermissible under the laws of the communicating member state.
Under EU case law,3 states do not need to provide a legal remedy that allows the taxpayer to prevent the information exchange; they only need to provide the taxpayer the ability to contest a monetary fine that the state might levy for not complying with an information request. Thus, the member states must grant the taxpayer an avenue to appeal a fine and, as a part of this appeal, the competent court must evaluate whether the information obtained was foreseeably relevant to the other member state. Presumably, the question of whether the exchange of information violated public policy would be part of this analysis, although the Court of Justice of the European Union has not explicitly confirmed this. This means that absent a monetary fine, taxpayers might not have the right to have a court review the initial information exchange request. This, of course, depends on the local law.
Benefits for the Tax Authorities
So what (if anything) is there to gain from a cross-border audit?
The benefit for the tax authorities is plain: One country’s tax authority basically runs the show and does the work. The participating tax authorities can weigh in and get the initiating country to send their questions on related matters to the taxpayer. However, if they feel they are not adequately represented, they can always ask questions in the context of their domestic audit. All countries get the same information at the same time and gain insight into the other countries’ views. They can align the tax treatment and negotiate with joint force, perhaps coming to a conclusion more quickly and reaching a better result than they would have reached alone. They may be able to ensure that no country gets a better deal than they do and that all countries achieve the same result.
However, a simultaneous control might not have a common result for all participating countries. Countries might disagree with the result that other countries reach. Or the participating countries might agree that the point of the simultaneous exercise is information gathering and sharing, opting to individually negotiate the final outcome with the taxpayer and thus not necessarily yielding a uniform result. Also, the simultaneous audit might not be as efficient as the participating countries hoped — something that is highly dependent on the organizational skills of the initiating country.
Benefits for the Taxpayer
For the taxpayer, potential benefits are less obvious. Depending on the geographic composition of the simultaneous control, a country that is usually more passive might get inspired by a more aggressive member of the group or might simply tag along. Also, being subject to a simultaneous control does not mean that there is only one audit. Rather, the company must deal with the simultaneous control on top of the domestic audits. This can put tremendous strain on the taxpayer’s resources and requires centralized oversight of all audits.
That said, it is always wise to implement a centralized oversight of all audits given that tax authorities across the world have embraced information exchange. Therefore, the taxpayer must ensure that information handed over to tax authorities is consistent whether it occurs in the context of a simultaneous control or mere domestic audits. Obviously, safeguarding tax secrecy must be one of the taxpayer’s top priorities in a simultaneous audit. Depending on the countries involved and their domestic legislation, the taxpayer might have to take a firm stance to avoid having its information shared with a country that does not apply the same tax secrecy standards that other countries do.
However, if a simultaneous control is well organized, it can offer a streamlined resolution of pending audits and perhaps lead to beneficial outcomes that might not only affect the years under audit, but might also serve as a guideline for future years, thus potentially limiting the future tax exposure.
Impact on Non-EU Countries
While the EU administrative assistance directive does not allow non-EU countries to participate in a simultaneous control, the MCAA does. Given the resounding success of simultaneous controls in the EU (at least in the opinion of the member states) and the desire to align taxation with value creation, the BEPS project is likely to lead to enhanced cross-border cooperation.
The recent launch of the OECD’s International Compliance Assurance Program (ICAP) is only one example.4 The pilot program launched January 23 with eight countries: Australia, Canada, Italy, Japan, the Netherlands, Spain, the United Kingdom, and the United States. It encourages the participants to engage in multilateral cooperative risk assessment regarding transfer pricing and permanent establishment issues. One of the drivers for the ICAP was the advance in international cooperation in tax administration. Therefore, performing cross-border audits is not a big leap from the ICAP.
The same procedural questions that arise under the EU’s simultaneous controls initiative will probably arise here: When is a cross-border audit permissible, what information can authorities share, and how should they safeguard secret information? However, the MCAA provides even less guidance than the EU administrative assistance directive does. Also, there is no central court like the CJEU that could decide some issues as a binding authority for all OECD countries. Rather, the courts of the respective countries must make these decisions. Considering the plethora of decisions various courts have handed down on whether commissionnaires constitute a PE — and the differing conclusions they have reached — it will be interesting to see how this develops.
Simultaneous controls under the MCAA would be more effective if the OECD published guidelines describing the process and addressing some of the procedural issues raised above. The era of simultaneous controls is here to stay. We should try to make the best of it — for all parties involved.
How Can Taxpayers Be Prepared?
The most important advice for any audit seems obvious: Know your company.
It is surprising how often the fact that a foreign subsidiary carried out some functions or activities unbeknownst to headquarters is revealed during an audit. In other cases, the notes to local statutory accounts include statements that one might consider exaggerations or even slightly misleading. The reason for those statements can be that the subsidiary is in a financially precarious situation and felt the need to paint the picture a little brighter. Sometimes, however, those statements come from local management that believes it is accurately describing the functions or the entity’s role within the group. If these inconsistencies come up during the audit and require an explanation, it puts the taxpayer in a defensive position from the start. Thus, it is very important that a designated group of people within the organization has full knowledge of the global operations and supervises issues like preparing statutory accounts on a global scale.
Companies should also periodically screen the social media accounts, such as LinkedIn or Facebook, of key employees. Tax authorities regularly browse the publicly available information before an audit and compare the duties of key employees as they describe them on social media with what the company states in transfer pricing documentation or in response to an information document request. Any inconsistencies can hurt the potential outcome of an audit.
For cross-border audits specifically, companies should ensure that they have systems in place that allow them to gather information quickly and reliably — without jeopardizing potential claims of domestic privilege. While privilege laws are probably more predominant in common law countries, whenever information is shared — especially across borders — the question whether sharing the information might voluntarily waive privilege and the potential ramifications thereof should be considered. A system of checks and balances is critical. This is another reason why the centralized audit management mentioned above is so important.
Taxpayers may also want to reconsider their approach to transfer pricing documentation. While in the past it was sufficient to establish transfer pricing documentation based on one transfer pricing methodology (usually a one-sided method), companies should now consider including a two-sided method as a corroborative analysis. This preempts a claim from the tax authorities that, for example, a profit-split analysis would come to a different result, thus requiring the authorities to rebut the taxpayer’s transfer pricing study on two different fronts. Another option that taxpayers might consider is including a value chain analysis in the transfer pricing study, even if this is not required under local law or based on the method applied. The decision to include a value chain analysis must be made carefully, however, as the taxpayer may open the door for more extensive information requests.
Lastly, entering into advance pricing agreements might avoid such audits altogether, especially bilateral or multilateral APAs. A taxpayer considering entering into an APA should bear in mind that whenever an EU member state is involved, the European Commission — and possibly other member states — will receive a copy; thus, to an extent, it will become a public document that could be subject to further information exchange. In other cases, a spontaneous exchange of information may occur within the framework of the OECD BEPS action 5. However, absent any concerns regarding the publicity of the document, an APA is a solution worth considering. It is also in line with the general objectives of ICAP.
Globalization is here to stay and it has given the tax authorities more tools to use in audits. MNEs cannot afford to close their eyes and ignore the potential of a multilateral audit. Instead, they should start taking steps to be prepared.
FOOTNOTES
1 OECD, “Sixth Meeting of the OECD Forum on Tax Administration: Joint Audit Report” (Sept. 2010).
2 The JTPF refers to the following link: http://ec.europa.eu/taxation_customs/resources/documents/taxation/tax_cooperation/fiscalis_programme/participating/guide_mlc_en.pdf, which no longer provides access to the document.
3 Jiri Sabou v. Czech Republic, C-276/12 (CJEU 2013); and Berlioz Investment Fund SA v. Directeur de l’Administration des Contributions Directes, C-682/15 (CJEU 2017).
4 OECD, “International Compliance Assurance Programme Pilot Handbook” (2018).
END FOOTNOTES