Handbook on Compliance Risk Management for Tax Administrations E-Book

Handbook on Compliance Risk Management for Tax Administrations

®2022, All rights reserved

Inter-American Center of Tax Administrations (CIAT)

Servicio de Impuestos Internos de Chile (SII)

International Monetary Fund (IMF)

English version, 2022

Original Spanish version published in 2020

ISBN: 978-9962-722-62-5

WORK TEAM

Inter-American Center of Tax Administrations (CIAT)

Technical and Logistics Coordinators:  • Raúl Zambrano  • Isaác Gonzalo Arias Esteban

Servicio Internos de de Impuestos Chile (SII)

Handbook reference and drafting:  • Fernando Barraza Luengo  • Eduardo Medel González  • Natalia Güenul Almonacid  • Jorge Bravo Albornoz  • Rodrigo Miranda Sáez

GIZ

This initiative was funded through a program organized by the cooperation entitled “Fighting Tax Evasion in Latin America and the Caribbean through CIAT”:  • Joerg Wisner

Servicio de Administración Tributaria (SAT) de México

Co-organizer of the Tax Compliance Risk Management Network meeting, where the structure of the Handbook was discussed, held in Mexico City in 2016

AECID and Inter-Bank American (IDB) Development

Co-organizers of the Tax Compliance Risk Management Network meeting, held in Antigua Guatemala, Guatemala in 2017, where the content of this Handbook was discussed.

International Monetary Fund (IMF) Department of Public Finance

1

Drafting of the section entitled “Comprehensive Risk Management in Customs Administrations”:  • Selvin Lemus  • Azael Pérez

1 The views expressed in this chapter are those of the authors and do not necessarily represent those of the International Monetary Fund or its policies.

Tax Administrations of CIAT Tax Compliance Risk Management Network countries that provided technical input based on their experience and feedback:

Australian Taxation Office

Australia

Barbados Revenue Authority

Barbados

Servicio de Impuestos Nacionales

Bolivia

Secretaría da Receita Federal

Brazil

Canadian Revenue Agency

Canada

Servicio de Impuestos Internos – Technical Coordinator

Chile

Dirección de Impuestos y Aduanas Nacionales

Colombia

Dirección General de Tributación

Costa Rica

Servicio de Rentas Internas

Ecuador

Dirección General de Impuestos Internos

El Salvador

Agencia Estatal de Administración Tributaria

Spain

Superintendencia de Administración Tributaria

Guatemala

Guyana Revenue Authority

Guyana

Servicio de Administración de Rentas

Honduras

Guardia di Finanza

Italy

Tax Administration Jamaica

Jamaica

Servicio de Administración Tributaria

Mexico

Dirección General de Ingresos

Nicaragua

Dirección General de Ingresos

Panama

Subsecretaría de Estado de Tributación

Paraguay

Superintendencia Nacional de Aduanas y Administración Tributaria

Peru

Her Majesty Revenue and Customs

United Kingdom

Dirección General de Impuestos Internos

Dominican Republic

Dirección General Impositiva

Uruguay

ACKNOWLEDGEMENTS

The CIAT Executive Secretariat would like to thank all the cooperation agencies and initiatives, organizations, tax administrations, and experts that made it possible to put together a Handbook on this subject, so necessary for our tax administrations nowadays.

We are especially grateful to Mr. Fernando Barraza Luengo, Director of Chile’s Servicio de Impuestos Internos (SII), for providing CIAT with his experience and a team of high-level professionals who acted as rapporteurs of the manual and shared the SII’s experiences within the framework of the Tax Compliance Risk Management Network meetings. We are also grateful to the support and leadership provided to this project for a long time by Mr. Víctor Villalón Méndez, former Deputy Director of Audit, during his time at the SII. Finally, we would like to point out the high level of commitment and dedication on the part of the SII’s professional staff, led by Mr. Eduardo Medel González, head of the Department of Tax Compliance Management, for drafting this Handbook.

We extend our appreciation to the SII’s professionals and managers, who contributed to the design and implementation of Chile’s Tax Compliance Management Model (MGCT) and who, from their distinct positions, supported the work of the drafting team and contributed examples and input to the content of this Handbook. We would like to highlight the work of: staff from the Department of Audit Systems of the Sub-directorate of Audit; Paula Acevedo Flores, head of the Department of Selective Analysis; Brandon Peña Villagra, head of the Division of Risk Analysis; Alejandro Díaz Galaz, head of the Division of Risk Management; Gonzalo Pavez Sepúlveda, head of the Division of Treatment Programming; Ximena Salazar Muñiz, head of the Division of Taxpayer Profiling; Rodolfo Bravo Bustos, leader of the Tax Compliance Management Plan (PGCT); and Carlos Manríquez, head of the Division of VAT Specific Risks.

The support of the United Kingdom’s Her Majesty’s Revenue and Customs and Australia’s Australian Tax Office in following the meetings of the Tax Compliance Risk Management Network and making recommendations regarding the structure and content of the Handbook should also be noted.

Finally, we would like to highlight the financial support of GIZ, which made it possible to promote this initiative and make it a happen, as well as the financial contributions, in kind and technical, provided by Mexico’s SAT, the AECID, the IDB, and the IMF.

WORDS FROM CIAT’S EXECUTIVE SECRETARY

It is a pleasure for me to have the opportunity to present this new Handbook, which joins CIAT’s collection of Handbooks on paramount issues for the proper functioning of tax administrations.

Tax Compliance Risk management is a crucial task for tax administrations. I always say that if taxpayer registries are tax administrations’ “soul” and the checking accounts their “heart”, risk analysis is the “mind” of today’s tax process, in which we must deal with huge databases and with ever fewer resources.

The challenge nowadays is to perform this task in a planned, systematic, and, whenever possible, centralized manner, making use of information technology and telecommunications. This is easy to say; however, at the CIAT, we understand the effort required of most tax administrations of developing countries to lay the foundations for the successful implementation of modern risk management systems. This involves not only staff training and investment in infrastructure, but also a change in organizational culture and the way things are done. Perhaps one of the most significant internal organizational effects of today’s risk systems is to reduce the level of discretionary decisions, thereby creating greater transparency and certainty in the actions of tax administrations. Similarly, an adequate risk management system also allows for the timely allocation of treatments, including those with preventive effect and in real time.

This Handbook covers all these topics in great detail and constitutes an example of coordination of efforts among tax administrations, cooperation agencies, and international partners, which fulfills most of the aspects that make up the Inter-American Center of Tax Administrations’ mission, among them: “To promote international cooperation and the exchange of experiences and information, and to provide technical assistance services, research, and training, thereby contributing to the strengthening of tax administrations in its member countries”.

I am deeply grateful to Chile’s SII for providing its experience as the technical basis for this Handbook, to Germany’s GIZ for supporting and funding this initiative, to the IMF for its technical contribution on customs aspects of risk management, and to Mexico’s SAT, Spain’s AECID, and the IDB for their contributions to materialize the meetings of the Tax Compliance Risk Management Network. Likewise, I thank all tax administrations of CIAT member and non-member countries that offered feedback and technical contributions for this Handbook.

CONTENTS

Work Team

Acknowledgements

Words from CIAT’s Executive Secretary

Glossary

Methodology

Introduction

I General Aspects

1 Current Context of Tax Compliance Risk

2 Risk Management Model

2.1 OECD

2.2 European Union (EU)

2.3 The ISO 31,000 Standard of December 2009

2.3.1 Risk Management Framework Based on ISO 31,000:2009

2.3.2 Phases of the Risk Management Process

2.4 Risk Management approach in Tax Administrations

2.4.1 Definition of model Based on Risk Management in Specific Cases

2.4.2 Definition of model Based on Comprehensive Risk Management

II Aspects to Consider to Achieve Effective Risk Management

1 Taxpayer Risk Rating

1.1 Attributes for Risk Assessment

1.2 Calculation of Probability

1.2.1 Simple Frequency Model

1.2.2 Frequency Model with weights

1.2.3 Mathematical Modeling

1.2.3.1 Neural Networks

1.2.3.2 Decision Trees

1.2.3.3 Logistic Regression

1.2.4 Evaluation Models

1.2.4.1 Model Based on Taxpayer Perception

1.2.4.2 Model Based on Willingness for Tax Compliance

1.3 Calculating Consequences

1.3.1 Consequences Based on Revenue or size

1.3.2 Consequences Using Mining Techniques

1.3.2.1 Taxpayer Value

1.3.2.2 Clusters to Determine Group Membership

1.3.2.3 Consequence Calculation

2 Taxpayer Segments

2.1 Classification of Taxpayer Segments

2.1.1 Macrosegments

2.1.2 Economic Segments According to Business Rules

2.1.3 Other Criteria for Taxpayer Segmentation

2.2 Indicators of Characteristics

2.3 Reports

3 Obligations and Gaps

3.1 Obligations

3.2 Gaps

4 Information

4.1 Information Access

4.2 Availability of Information

4.3 Information Quality

4.4 Exploitation Tools

4.5 Analytical Competencies for Exploration

4.6 Importance of Information

5 Systems

5.1 Tax Compliance Management System

5.2 Data Exploitation and Viewing Systems

5.3 Case Management and Consultation Systems

6 Organizational Structure

7 Strategic Leadership

7.1 Strategic Map

7.2 Strategic Processes

7.3 Governance of a Risk Management Model

III The Risk Management Process

1 Stage 1: Risk Identification

1.1 Process and Sources of Risk Identification

1.2 Result of Risk Identification

2 Stage 2: Risk Analysis and Assessment

2.1 Risk Declaration

2.2 Risk Analysis

2.2.1 External Causes

2.2.2 Internal Causes

2.2.3 Characteristics of the Taxpayers

2.2.4 Behavior Pattern

2.2.5 Consequences of Noncompliance

2.2.6 Assessment of the Noncompliance Risk

2.2.6.1 Probability

2.2.6.2 Consequences

2.2.6.3 Examples of Noncompliance Risk Assessment

2.2.7 Treatments

2.2.7.1 Structural Treatment Actions

2.2.7.2 Preventive Treatment Actions

2.2.7.3 Corrective Treatment Actions

2.2.8 Treatment Allocation Policy

3 Stage 3: Risk Prioritization

3.1 Risk Prioritization

3.1.1 Risk Matrix

3.1.1.1 Identification of the Noncompliance Risk

3.1.1.2 Identification of Active Treatments

3.1.1.3 Value and Risk Exposure Rating Section

3.1.2 Examples of uses the Risk Matrix

3.1.2.1 Example 1

3.1.2.2 Example 2

3.2 Risk Consolidation

3.3 Treatment Allocation

3.4 Dispatch and Management of Stocks

3.4.1 Identification of Abilities

3.4.2 Projection and Programming

3.4.3 Workload

3.4.4 Follow-Up

4 Stage 4: Treatment

4.1 Resources

4.2 Design

4.3 Implementation

4.4 Criteria for Defining the Scope of Actions

4.5 Treatment Programs

4.6 Modes of Application

5 Stage 5: Evaluation

5.1 Evaluation of the Risk Management Process

5.2 Taxpayer Risk Evaluation

5.3 Noncompliance Risk Evaluation

5.4 Compliance Gap Evaluation

5.5 Treatment Evaluation

5.5.1 Simple Difference Method

5.5.2 Pre-Post Method

5.5.3 Difference-in-Differences Method

5.6 Evaluation of Macro Indicators

IV Specific Aspects

1 Managing Noncompliance Risks in the Massive Taxpayer Sector

2 Management of Noncompliance Risks in the Selective Taxpayer Sector

3 Managing Noncompliance Risks in Specific Economic Sectors

3.1 Construction Sector

3.2 Mining Sector

3.3 Banking Sector

3.4 Oil Sector

4 Risk Management in the Digital Economy

4.1 E-Commerce

4.2 Collaborative Economy

V Comprehensive Risk Management in Customs Administrations

1 General Context of Risk Management in Customs

1.1 Challenges faced by Customs

1.2 Agents who must intervene in Risk Management

1.3 Scope

2 Strategic Approach for Comprehensive Risk Management

2.1 Strategic Approach

2.1.1 Strategic Planning

2.1.2 Institutional Policy for Comprehensive Risk Management

2.1.3 Comprehensive Risk Management Committee

2.2 Tactical Approach

2.2.1 Compliance Risks

2.2.1.1 Traceability

2.2.1.2 Risk Prevention

2.2.1.3 Risk Mitigation

2.2.1.4 Control prior to Dispatch (Registration of Operators and Analysis of prior Information)

2.2.1.5 Control during customs Dispatch (Import, Export and Transit)

2.2.1.6 Post-Dispatch Control (A posteriori audit)

2.2.2 Institutional Risks

2..2.2.1 Case Study on Central America, Panama, and the Dominican Republic

2.3 Operational Approach

2.3.1 Segmentation and Classification of Commercial Operators

2.3.2 Analysis of Specific Risks

2.3.3 Implementation of Control Actions (Risk Treatment)

VI Appendices

Appendix I: Scenario in Select Tax Administrations

Appendix II: Attribute Template

Appendix III: Risk Template

Appendix IV: Obligation Map

Appendix V: DGC Qualitative Tool

Appendix VI: Classification according to efficacy level

LIST OF FORMULAS

Formula 1: Simple Attribute Frequency

Formula 2: Factor for Clustering

Formula 3: Compliance Stage

Formula 4: Assessment of Probability

Formula 5: Entropy

Formula 6: Gain

Formula 7: Logistic Regression

Formula 8: Equation as a Function of Revenue or Size

Formula 9: Gap in Relation to Real Compliance

Formula 10: Effective Noncompliance Gap

Formula 11: Risk Exposure Level per Treatment

Formula 12: Aggregate Risk Exposure Level

Formula 13: Calculation of the Indicators for Each Importer

LIST OF ILLUSTRATIONS

Illustration 1: OECD Risk Management Model

Illustration 2: European Union Risk Management Model

Illustration 3: Risk Management Process under ISO 31,000:2009

Illustration 4: Representative Scheme of the Risk Management Process - ISO 31,000

Illustration 5: Classification of Taxpayer Risks

Illustration 6: Probability of Contamination

Illustration 7: Frequency of Attributes with Weights

Illustration 8: Process of Clustering by Variable, Factor and Stage

Illustration 9: Knowledge Discovery in Databases (KDD) Process

Illustration 10: Knowledge Discovery in Databases (KDD) Process

Illustration 11: Neural Network Diagram

Illustration 12: Sample Decision Tree

Illustration 13: Sample Decision Tree

Illustration 14: Model Based on Taxpayer Perception

Illustration 15: Clusters Associated with Variables of Interest

Illustration 16: Clusters by Number of Companies Associated with Specific Economic Activities

Illustration 17: Model Based on Willingness for Tax Compliance

Illustration 18: Factors Involved in Calculating Consequence

Illustration 19: Sample Macrosegmentation

Illustration 20: Examples of Segments with Business Analysis Rules

Illustration 21: Examples of Operational Segments, Special Laws, Economic Sectors and Processes of the Tax Administration (TA)

Illustration 22: Prepared by the authors based on anonymous information

Illustration 23: Country-Level Report

Illustration 24: Segment-Level Report

Illustration 25: Regional-Level Report

Illustration 26: Segment Summary

Illustration 27: Tax Obligations

Illustration 28: Sample Gap Map

Illustration 29: Sample Global Approach to Gaps and Risks

Illustration 30: Information Sources

Illustration 31: Types of Data

Illustration 32: Data Warehouse (DW) Architecture

Illustration 33: Principles of Information Quality

Illustration 34: Data Warehouse and Data Mart Investigation Tools

Illustration 35: Sample Exploitation Software View

Illustration 36: Magic Quadrant for Scientific Data Platforms

Illustration 37: Influence of Information on the Organization

Illustration 38: Flow of the Tax Compliance Management System

Illustration 39: Traceability and Comparability

Illustration 40: Interface of the Audit Management System (SGF)

Illustration 41: Overview of Cases in SGF

Illustration 42: View of a Case in SGF

Illustration 43: View of a Case Search in SGF

Illustration 44: View of Management Reports in SGF

Illustration 45: SGF Case Report

Illustration 46: Organizational Structure of SAT Mexico's Parent Company

Illustration 47: Organizational Structure of AFIP Argentina

Illustration 48: Organizational Structure of Japan’s Tax Administration (NTA)

Illustration 49: Evolution of the Different Organizational Models

Illustration 50: SII Chile Institutional Strategic Map

Illustration 51: SII Process Map

Illustration 52: Risk Management Process

Illustration 53: Noncompliance Risks with a Tax Obligation

Illustration 54: Sources for Identifying Noncompliance Risks

Illustration 55: Risk Assessment Techniques

Illustration 56: 5x5 Matrix: Assessment Levels of Noncompliance Risk

Illustration 57: Sample Frequency Graph

Illustration 58: Example of “Incorrect Determination of the Income Tax Base” Risk

Illustration 59: Decision Tree Obtained for the Case under Analysis

Illustration 60: A Different View of the 5x5 Matrix (Currency Units)

Illustration 61: Treatment Allocation Policy

Illustration 62: Treatment Allocation Policy

Illustration 63: Example of Application of the Treatment Allocation Policy

Illustration 64: Risk Prioritization Subprocesses

Illustration 65: Noncompliance Risk Management Process

Illustration 66: Taxpayer Risk Rating Evaluation

Illustration 67: Movements in Taxpayer Risk Rating

Illustration 68: Probability Decrease

Illustration 69: Noncompliance Risk Rating

Illustration 70: Gap Reduction

Illustration 71: Sample Gap Analysis

Illustration 72: Examples of Gaps and Global Risk

Illustration 73: Sample Treatment Group vs. Control Group

Illustration 74: Sample Treatment Group

Illustration 75: Sample Control Group

Illustration 76: Difference between Treatment and Control Groups

Illustration 77: Identification of Sustained Behavior Changes

Illustration 78: Sustained Behavior Change

Illustration 79: Unsustained Behavior Change

Illustration 80: Application for Determining the FUT (SII – Chile)

Illustration 81: Error Messages when Loading Data Return No. 3,561 (SII – Chile)

Illustration 82: Evolution of B2C e-commerce (Spain)

Illustration 83: Payment Methods (Spain)

Illustration 84: Internal and External Commerce (Spain)

Illustration 85: European Union (EU) Compared to the Rest of the World

Illustration 86: Number of Americans Working in the Gig Economy (Spain)

Illustration 87: Distribution of Selectivity Channels by Economic Groups

Illustration 88: Strategic Approach for Comprehensive Risk Management

Illustration 89: Main Results

Illustration 90: Major Common Flaws Identified

Illustration 91: Distribution of the Risk Index

LIST OF MATRIX

Matrix 1: Examples of Risk Indicators for GRI Calculation

Matrix 2: Estimated Indicator Weights

Matrix 3: Ranking of Selected Subcategories

Matrix 4: Summary of Measurements per Tariff Subcategory

Matrix 5: Level of Participation of Importers by Subcategory

Matrix 6: Criteria for Determining Frequency Levels

Matrix 7: Classification of Operators according to the size of each Subcategory

LIST OF TABLES

Table 1: Scenario in Select Tax Administrations

Table 2: Types of Variables Used in Risk Models

Table 3: Scenario in Select Tax Administrations

Table 4: Scenario in Select Tax Administrations

Table 5: Segment Updating - Comparative Outline

Table 6: Segment Disclosure

Table 7: General Information about Segments

Table 8: Historical Information about Segments

Table 9: Segment Indicators

Table 10: Segment Compliance Indicators

Table 11: Segment Business Indicators

Table 12: Gap Table

Table 13: Tax Obligation Update

Table 14: Disclosure of Tax Obligations

Table 15: Basic System Requirements for the Risk Management Process

Table 16: Attributes for Risk Assessment

Table 17: Weights of each Attribute, with Ranges expressed in Currency Units (Chilean Pesos)

Table 18: Categories Associated with Attribute Aggregation

Table 19: Distribution of Consequences (Currency Units)

Table 20: Noncompliance Risk Matrix. 5x5 Matrix

Table 21: Noncompliance Risk Rating

Table 22: Business Rules Used to Construct a Decision Tree

Table 23: Treatment Allocation Policy

Table 24: Risk Identification Section in the Risk Matrix

Table 25: Description of the Probabilities in the Risk Matrix

Table 26: Description of the Consequences in the Risk Matrix

Table 27: Rating and Value

Table 28: Section of Treatments Conducted in the Risk Matrix

Table 29: Section of Treatments Proposed in the Risk Matrix

Table 30: Efficacy Level Values in the Risk Matrix

Table 31: Efficacy Values in the Risk Matrix

Table 32: Risk Matrix Rating Values

Table 33: Value and Risk Exposure Section of the Risk Matrix

Table 34: Assessment of Risk Exposure

Table 35: Sample Noncompliance Risk Matrix

Table 36: Other Decision-Making Support Elements in the Risk Matrix

Table 37: Treatment Evaluation

Table 38: Estimated Costs for Treatment Actions

Table 39: Sample Noncompliance Risk Reduction Probability Table

Table 40: Direct Yield

Table 41: Compared Direct Yield

Table 42: Examples of Best Practices for Traceability of Goods in Customs

Table 43: Best Practices Related to Pre-Dispatch Control

Table 44: Initial Steps for Pre-Dispatch Risk Analysis

Table 45: Best Practices during Customs Dispatch

Table 46: Best IT Practices that Can Be Adopted during Customs Dispatch

Table 47: Best Practices during A Posteriori Audit

Table 48: Best Practices for Facilitating Legal Trade

Table 49: Scopes of Customs Coordination/Cooperation with Third Parties

Table 50: Scope of Each Element Related to Institutional Risk Management

Table 51: Major Common Flaws Identified

Table 52: Complete Risk Registry, Including its Treatments and Indicators

GLOSSARY

ADF

Action Differentiation Framework

AEMETIC

Association of Information Technology, Communications, and Electronics Companies

AMPO

Multifunctional Programmed and Objective Analysis

ARCH

Hydrocarbon Regulation and Control Agency

ATO

Australian Taxation Office

BEPS

Base Erosion and Profit Shifting

CAPTAC-DR

Central America-Panama-Dominican Republic Regional Technical Assistance Center

CART

Classification and Regression Tree

CEPAL

Economic Commission for Latin America and the Caribbean

CHAID

Chi Squared Automatic Detector

CIAT

Inter-American Center of Tax Administrations

COE

Risk Management Center of Expertise

CRA

Canada Revenue Agency

CRC

Taxpayer Risk Classification

CRISP–DM

Cross Industry Standard Process for Data Mining

CRM

Corporate Risk Management

CSMS

Case Selection and Management System

DECRED

Credit Card Transaction Return

DGC

Qualitative Taxpayer Information Collection Tool

DGII

Dirección General de Impuestos Internos - República Dominicana

DIMOB

Real Estate Activities Information Return

DIRPF

Annual Individual Income Tax Adjustment Return

DITR

Rural Territorial Property Tax Return

DPF

Department of Public Finance (FMI)

ENAMI

National Mining Company

EP

Petroamazonas EP

ERM

Enterprise Risk Management

EU

European Union

EUIPO

European Union Intellectual Property Office

GDP

Gross Domestic Product

GIZ

Deutsche Gesellschaft für Internationale Zusammenarbeit (International Cooperation Agency for Sustainable Development)

GRACO

Large Taxpayers

GRC

Governance, Risk and Compliance Systems

ICIJ

International Consortium of Investigative Journalists

ID3

Iterative Dichotomy 3

IMF

International Monetary Fund

INACER

Regional Economic Activity Gazette

INE

National Statistics Institute – Chile

ISR

Income Tax

ITBIS

Tax on Transfer of Industrialized Goods and Services

KDD

Knowledge Discovery in Databases

MODA

Analysis Model

NTA - 1

National Tax Administration – Japan

NTA-2

Net Transaction Amount

OECD

Organization for Economic Cooperation and Development

ONTSI

National Observatory of Telecommunications and of the Information Society

TLS

Tax Liable Subjects

OTAG

Manageable Active Liable Subjects

TAP

Treatment Allocation Policy

PGCT

Tax Compliance Management Plan

PNI

National Inspection Plan

POCT

Tax Compliance Operational Plan

PRICO

Main Taxpayers

PT

Transfer Pricing

RAIS

Annual Report on Social Information

RDF

Risk Differentiation Framework

RFB

Brazilian Federal Revenue Service

SAC

Sub-Directorate of Compliance Analysis

SAR

Servicio de Administración de Rentas – Honduras

SEC

Securities and Exchange Commission

SERPRO

Federal Data Processing Service

SET

State Sub-Secretariat of Taxation – Paraguay

SGC

Audit Management System

SGF

Audit Management System

SIF

Sistema de Gestión De Casos Denominado

SII

Servicio de Impuestos Internos de Chile

SNAT

National Tax Audit System

SPOT

Tax Obligations Payment System

SRI

Servicio de Rentas Internas – Ecuador

TAP

Treatment Allocation Policy

TBS

Treasury Board of Canada Secretariat

TET

Effective Tax Rate

UGGE

Regional Units of Large Company Management

USAID

U.S. Agency for International Development

METHODOLOGY

In January 2017, CIAT’s Executive Secretariat, Chile’s Servicio de Impuestos Internos (SII) and Germany’s GIZ signed a collaboration agreement for the development of a regional Handbook on Tax Compliance Risk Management. Under this agreement, a team composed of officials from Chile’s Servicio de Impuestos Internos (SII), with knowledge and experience in risk management issues, was created to work on the structure, development and drafting of the Handbook. This initiative was proposed at the first meeting of the CIAT Tax Compliance Risk Management Network (hereinafter “the network”), held in Mexico in 2016, whose aim was to create and supply tax administrations with a practical Handbook on how to develop risk management systems, without necessarily defining a specific model within the CIAT.

The structure of the Handbook was discussed by the network members and agreed upon before proceeding with its development. In the development stage, in order to provide such a practical approach to the Handbook, experiences were collected through questionnaires addressed to tax administrations, which were motivated to be shared at network meetings. Many of these experiences have been included in various sections of the Handbook. This Handbook also addresses the theoretical component, referring to the vast literature available on the subject.

In July 2017, the first draft of the Handbook was completed and submitted for review among the network countries. The content of the first draft and feedback from tax administrations were presented and discussed at the second network meeting, held in November 2017 in Guatemala.

Once the previous procedure was concluded, the work team proceeded to develop a second version of the Handbook, considering more details, the supplementary information proposed by the network and the experiences of other tax administrations. The CIAT’s Executive Secretariat accompanied the entire process and reviewed the text of the Handbook at each stage.

INTRODUCTION

Since its foundation, one of the main goals of the Inter-American Center of Tax Administrations (CIAT) has been to follow the evolution of tax administrations and identify issues of common interest that represent strategic priorities and where coordination of efforts could allow product development and peer assistance, so as to mitigate the gap in the development of its tax administrations.

Tax Compliance Risk Management constitutes a relevant issue of common interest to tax administrations, affecting most of their processes. All tax administrations manage risks; however, there is significant room for improvement, given technological advances, changes in context, and, in specific cases, the need to strengthen and integrate processes.

An efficient and effective risk management is indispensable to achieve the desired success in different fields of activity. The prompt identification of risks and their adequate treatment allows not only an efficient use of resources to optimize tax collection, - in other words, do more with less - but also provide a suitable treatment for each taxpayer according to their behavior.

Given the impact of customs activities on tax collection and the complementarity of many of its processes with those of tax administrations, this Handbook includes a specialized section on the comprehensive management of customs Compliance Risks.

Since there are common principles for the adoption of risk management by tax and customs administrations, that section focuses on complementary aspects for the implementation of a comprehensive risk management, considering the particularities of customs operations. It also considers practical elements that aim to contribute to establishing a comprehensive risk management strategy, as well as to conducting a self-diagnostic exercise by presenting good practices related to the implementation of risk management under the main customs control functions.

This Handbook is intended to become a useful tool for tax administrations of those countries that are considering the development of an integrated platform for tax Compliance Risk management. It presents the fundamentals of tax Compliance Risk management and details the most relevant components that constitute the essence of a risk management model, all from a practical perspective.

In this sense, the key agents related to the administration of tax obligations belonging to the managerial and operational arenas, such as tax experts and data analysts, can make use of this Handbook as a tool that will allow them to deepen on the possibilities offered by risk management, among them:

Understanding the different phenomena associated with tax compliance.

Defining structures, processes, systems, tools, and human and physical resources.

Identifying information sources and evaluating their quality.

Learning about the platforms and analytical skills of related professionals with an eye to the future. Technology increasingly influences business models and the transformation of tax administrations.

I GENERAL ASPECTS

1 Current Context of Tax Compliance Risk

Tax Administrations have necessarily had to modify and adapt their strategies following the dynamic trends generated through the relations with their taxpayers as a result of technological development and economic globalization. This scenario imposes challenges that imply continuous learning, greater innovation in tax matters and frequent legislative changes, and, in general, the need to develop initiatives to improve the effectiveness and efficiency of taxpayer compliance.

The structures of Tax Administrations and the characteristics of their work teams have evolved over time as a consequence of the approach to tax compliance management used. A few decades ago, Tax Administrations used to follow a tax- and function-based design. Later, a segmental approach focused on taxpayer size was introduced. Thus, work team structures were established under related designations, such as “Income Tax Department or Unit” or “Small Taxpayer Unit”. Today, some Administrations have introduced process-based management, including a matrix approach, whereby units are arranged according to key and supporting functions. It is important to note that none of these approaches have been abandoned, but, in practice and after several years, they have been accumulated and harmonized, considering progressively higher levels of digitalization, automation, and advanced analytics. In this context, risk management models are starting to be introduced: some of limited scope, for the selection of audit cases, and others of comprehensive scope, aiming to manage structural levels of tax compliance based on different actions or measures. Regardless of the approach used, the management team of a Tax Administration is expected to have the appropriate tools that allow it to take a strategic view on the short- and long-term performance of the institution in managing tax compliance. In this sense, it is important to be able to identify and analyze the actions that are losing their initial effectiveness and those necessary to keep up with the evolution of society and persons’ behavior. In relation to this last aspect, we highlight the rise of the digital economy, which has changed behavior patterns in the supply and demand for goods and services, making it necessary for the tax system to guarantee acceptable levels of efficiency, effectiveness, proportionality, and collection. This means that management teams must be able to understand and envisage in a timely manner the implications within their organization of the changes caused by these approaches when foreseeing initiatives aimed at materializing significant reforms.

Therefore, the Tax Administrations of developed countries have migrated from a controlling and formalistic model to one that seeks the highest possible levels of tax compliance on the part of taxpayers, by performing control functions only in cases where there are greater signs of noncompliance. Similarly, technological advances have allowed for better and greater access to information, as well as a greater ability to process it. This, in certain cases, increases the compliance cost for taxpayers, but also their demands on the level of facilitation of their tax compliance through the information concerning them. Some examples of facilitation would be: computerization of platforms, the greater use of online systems, more intensive use of so-called ‘social media’2, among other aspects. In the wake of this change, it becomes necessary to understand and deepen the tax and economic aspects, and even the sociological and psychological aspects of taxpayers that cause or motivate such behavior or conduct, and the measures to be adopted in each specific tax situation. This is how some strategies proposed in this line of thought influence the relationship between Tax Administration and taxpayers, allowing a scenario characterized by greater mutual trust, better assistance, high levels of education, clearer information policies, greater transparency, better quality and service, and stricter and more rigorous audit in case of noncompliance with tax obligations. Thus, exemplary actions can be exercised in the eyes of taxpayers.

Consequently, Tax Administrations have developed ways to understand and approach taxpayers and their environment according to the level of tax compliance. Most of them seek to increase their comprehensive and systematic knowledge of taxpayer behavior and their surroundings in order to analyze the possible risk factors that may manifest themselves associated with noncompliance, with emphasis on the causes or factors that determine the existence of such risks. In this way, treatment actions can be promoted through comprehensive programs that can eliminate, prevent, or correct them, ensuring proper tax compliance.

In conclusion, increasing taxpayers’ compliance levels should be the result of better services to facilitate compliance and adequate forms of control. The focus of these services is closely related to improving the quality of the products offered and to reducing the compliance cost - eventually arising from noncompliance itself - by creating a tax culture among taxpayers. As for control, it should begin at the assistance phase, by gradually incorporating contrasted tax data. Furthermore, the number of taxpayers subject to tax compliance should be increased and improved, with the aim of strengthening audit actions and increasing the perception of control, thus boosting the level of voluntary compliance by taxpayers.

2 Risk Management Model

The concept of a model is widely defined and documented. Notwithstanding, it has been established that a model is “a conceptual, graphical, or visual representation of a given phenomenon or process.” Thus, a model, within the present topic of analysis, makes it possible to determine a result from input data, as well as to process that data.

Two definitions of the risk-based management model will be presented below. One is that proposed by the Organization for Economic Cooperation and Development (OECD) and the other by the European Union (EU). Their main objectives and scope will be indicated, in addition to what is established under ISO-31,000:20093.

2.1 OECD 45

The context or starting point provided by the OECD model is in taxpayers’ compliance with tax obligations, classified into four broad categories:

Registering in the system.

Submitting the required tax information on time.

Communicating information precisely and accurately.

Paying tax liabilities in due time.

If a taxpayer fails to comply with some of the obligations, it will be necessary to establish distinct levels of noncompliance, based on what is described or interpreted from law and administrative norms.

Risk-based compliance management becomes relevant when establishing a methodology that allows its management in a comprehensive manner. It constitutes a structured process that allows for the systematic identification, assessment, classification, and treatment of identified tax risks, as shown in the following illustration, which represents the model in question.

The model presented involves improvements in the decision-making process and focuses on the following areas:

Responding promptly to changes in context (legislative, regulatory, among others).

Applying treatment actions considering factors of priority, timeliness, compliance, and success.

Optimizing audit and collection actions.

2.2 European Union (EU)6

The starting point of the EU model is the collection of all taxes and taxpayer liabilities as stated by the tax laws of each country. Some taxpayers - through ignorance, misunderstanding of the rules and/or procedures, or deliberately - do not fully comply with their obligations. Therefore, Tax Administrations permanently develop strategies to deal with tax compliance and hope to improve the perception of tax compliance effectiveness and satisfaction.

For this reason, most Tax Administrations in the European Union have incorporated a model called the Compliance Risk Management Model7 that considers the steps described in the following illustration.

The process occurs by establishing a strategy, correctly defining objectives, and considering the context of its development. These three elements are crucial to the process because methodological, legislative, or regulatory changes, scope, efficiency, among others, affect the results and subsequent decision-making.

Finally, this model seeks to positively influence taxpayers by generating positive effects on their conduct, improving the level of proactive compliance, reducing compliance gaps, and facilitating the definition of proportional treatment actions in light of the nature and consequences of the compliance gap, among other improvements.

In relation to the models described above, the model adopted by Chile’s Servicio de Impuestos Internos (SII) considers the best elements of those already listed, based on the reality and context in which the country operates and best practices of other Tax Administrations, e.g., the Australian Taxation Office (ATO).

2.3 The ISO 31,000 Standard of December 20098

This international standard recommends that organizations develop, implement, and continually improve a framework for action, the aim of which is to integrate the overall risk management process into the entity’s governance, strategy, planning, operational management, information processes, policies, values, and culture, so that it is an integrated process for the entire entity. In this way, risk management can be applied to an entire organization, extending to all areas and levels, as well as to specific functions, projects, or activities, at any time.

Organizations of all types and sizes face internal and external factors and influences, which generate some uncertainty about the achievement of the objectives they set and, where applicable, the respective timeframes for this to occur. The effect this uncertainty has on an organization’s objectives constitutes ‘risk’.

As organizations seek to manage risk to some extent, this standard establishes several principles that should be followed for risk management to be effective. This standard recommends that organizations develop, implement, and improve - on an ongoing basis - a framework for working towards integrating the risk management process with governance processes. According to the standard, governance process is defined as the system by which strategic and managerial decisions that influence an organization’s values and culture are developed and implemented.

Each instance of risk management, including those related to specific sectors and applications, implies individual needs, target groups, perceptions, and criteria. Therefore, one of the key points of this standard is the inclusion of “establishing the context” as an activity at the beginning of this generic risk management process. Establishing the context makes it possible to define the organization’s objectives, the environment in which these objectives are sought, the stakeholders, and the diversity of risk criteria. All these elements help to reveal and assess the nature and complexity of its risks.

The application of the theoretical framework of the risk management process must always be adapted to the entity and the sector to which it belongs. In this specific case, it is related to the Tax Administration.

Potential benefits of implementing risk management:

It improves the chances of achieving the organization’s objectives on the defined terms.

It increases the level of understanding of key risks and their implications for the organization.

It allows the internal identification and designation of responsibility for business risk management.

It allows the concentration of efforts on issues that are truly important to the organization.

It contributes to the reduction of unforeseen events and crises in the organization.

It increases the possibility of success in initiatives/projects and in implementing changes.

It improves the ability to take greater risks for greater social and economic rewards.

It generates more information and offers transparency about the risks identified and the decisions taken.

Each institution must determine its own strategy to accept, mitigate, or eliminate risks. This involves determining the maximum level of risk that it is possible to accept in order to fulfill its institutional mission and strategic objectives and provide quality service, adding value to users, beneficiaries, or the entire community.

For risk management to be effective, it is advisable to consider the following:

Risk management creates value by contributing to the achievement of the organization’s objectives and optimizing their execution. This would affect the levels of safety, regulatory compliance, citizen perception, quality of products and services, management, and efficiency of processes (operations) and projects, governance, and reputation.

Risk management is a comprehensive part of all organizational processes. It is not an independent activity, separate from the main activities and processes of the organization.

Risk management is part of decision-making at strategic and tactical levels. It facilitates informed decision-making by prioritizing actions and distinguishing alternative courses of action.

Risk management considers uncertainty, its nature, and how to manage it.

Risk management has a systematic, timely, and structured approach, which contributes to efficiency and consistent, comparable, and reliable results.

Risk management is based on the best information available: historical data, experiences, stakeholder opinions, observations, predictions, and expert opinions. It even makes it possible to analyze and manage situations where no information exists, since this absence is considered an anomaly of the issue under analysis (compliance).

Risk management is aligned with the external and internal context of the entity and its risk profile.

Risk management must consider human and cultural factors by recognizing the abilities, perceptions, and intentions of persons and situations that can facilitate or hinder the achievement of the organization’s objectives.

Risk management should be transparent and inclusive. Adequate and prompt involvement of stakeholders, particularly decision-makers, at all levels of the organization ensures that risk management remains relevant and up to date, that stakeholders are represented, and that their views are considered in determining risk criteria.

Risk management should start at the taxpayer assistance stage and be incorporated as a transparent system that encourages certain behaviors, taking into account the sources of direct and derived information made available to taxpayers when conducting their obligations.

Risk management is dynamic, interactive, and adaptable to change, as it must be flexible to adjust to different scenarios.

Risk management facilitates continuous improvement on the part of the organization, which must develop and implement strategies to improve the maturity of its risk management system, along with all other aspects of its management.

2.3.1 Risk Management Framework Based on ISO 31,000:2009

The success of risk management depends on the effectiveness of the framework for managing the risks that provide the foundation and principles that guide the organization at all levels. The framework ensures that the information derived from this process is appropriately communicated and used as the basis for decision-making by, and accountability to, authorities.

The organization’s commitment to a risk-based approach is key when designing a risk management framework that considers the understanding of the institution’s context, the establishment of policies and responsibilities, the integration of risk management with processes, the resources to be provided or used, the establishment of external and internal forms of communication, and the mechanisms for reporting. Subsequently, the risk management framework and process should be implemented, monitored, and periodically reviewed to achieve continuous improvement.

The framework describes the components that make up the risk management system and how they interrelate. The framework is shown in the following illustration.

2.3.2 Phases of the Risk Management Process

The phases into which the risk management model can be broken down, in general terms, are as follows:

Establishing the context: defining the strategic, organizational, and managerial contexts in which the risk management process will occur. The criteria to be used to assess risks must be established, and the analysis framework, roles and responsibilities must be defined.

Identification of risks and opportunities: determination of the risks that could hinder, ruin, or delay the fulfillment of the organization’s strategic and operational objectives, as well as the opportunities that could contribute to the achievement of the aforementioned objectives.

Risk analysis: the analysis should consider the categories of consequences or potential risks and their respective probabilities of occurrence. The consequences and probabilities are combined to produce an estimated risk level. In addition, the respective risk mitigation measures must be identified and analyzed.

Risk assessment: comparison of identified risk levels with pre-established risk criteria (if, in fact, they are previously established), considering the balance between potential benefits and adverse outcomes. It involves ordering and prioritizing the analyzed risks by means of a ranking.

Risk treatment: according to the ranking and level of risk previously established by the organization (in case it has been established), is the definition of its treatment and monitoring, by developing and implementing specific strategies and action plans that keep the risk within the levels accepted by the organization.

Monitoring and review: definition and use of mechanisms to monitor and review the conduction of the risk management process and the accountability of the evolution of the risk level in critical processes for management.

Communication and consultation: definition and use of mechanisms to communicate and consult with internal and external stakeholders, as appropriate, at each step of the risk management process. Such mechanisms should enable authorities to make prompt decisions regarding risks with major deviations from acceptable risk levels.

The following illustration (No. 4) shows a representative scheme of the relationship between the generic phases that make up a risk management process.

ISO 31,010:2013 is a supporting standard to ISO 31,000, as it provides guidelines for the selection and application of systematic techniques for risk evaluation.

2.4 Risk Management Approach in Tax Administrations

2.4.1 Definition of Model Based on Risk Management in Specific Cases9

Tax Administrations that operate under the risk management methodology seek to optimize certain processes in their tax systems. One example is the establishment of a risk score for each taxpayer, based on the historical compliance with their tax obligations. The creation of a score for a given taxpayer aims precisely to try to maximize tax compliance compared to taxpayers with similar characteristics. Despite the efficiency of this model, due to its specificity, it is a tool that needs to be used and interpreted carefully. In this sense, for each taxpayer, an ideal level of tax compliance is set and, therefore, a certain form of treatment, according to its level of risk, from online assistance to audits with sanctions, depending on each scenario.

This could have an impact on the principle of proportionality of actions on a given taxpayer compared to others and according to the strategies defined by the Tax Administration. Thus, the score of a particular taxpayer is not necessarily comparable with others of the same score because the score is obtained from a combination of different attributes for each taxpayer, and the criteria for defining that a certain taxpayer is more prone to risk than others may not necessarily be technical (there may be political influences on the criteria). This could create a kind of tension between efficiency and the institutional values of the Tax Administrations, precisely because of the proportionality that may not necessarily apply to taxpayers. Moreover, the available literature suggests using this method in conjunction with others, as it could be affected by changes in the general tax context, both legislative and on the part of the taxpayers themselves, which would end up changing the algorithm with which the score is obtained for each taxpayer.

2.4.2 Definition of Model Based on Comprehensive Risk Management

Unlike the score-based model, Tax Administrations that operate under the comprehensive risk management methodology seek to optimize the efficiency of the system as a whole. In this way, they select the taxpayers with the highest risk of noncompliance with their tax obligations, maximize collection levels and carry out audit actions that make the best use of technological and human resources. Therefore, an increase in the level of voluntary compliance is sought, by involving the entire organization10.

Risk-based management aims to establish priorities when deciding on a certain action, taking into account particular relevant variables that define such actions: determining the noncompliance risks to be addressed, the establishment of clusters, i.e. segments of taxpayers, and defining the strategies for each of them.

For this reason, compliance risk management could be defined as “a structured process for identifying, evaluating, classifying, and treating noncompliance risks under tax law”11. This implies the use of resources (human, financial and technological), whose expected goal is a balance between audit and taxpayer acceptance.

Therefore, the risk management process can be summarized according to the following structure:

Establishment the context and structure of the organization’s strategic planning.

Identification of the risks according to the lines of action or the objectives.

Risk evaluation and prioritization.

Analysis of results.

Determination and implementation of treatment strategies.

Evaluation of results.

The following is a brief description of the aforementioned steps:1213

Establishing the context:

at this stage, the internal and external factors that may influence decision-making on noncompliance risk management are analyzed. Among these factors are the legislative framework, availability, access to and exchange of information, organizational structure, human resources, evolution of the country’s main activities, and tax culture.

Identification of risks:

at this stage, efforts are made to define as many variables as possible that make it possible to identify behaviors (the type of tax, the taxpayer segment, the risk, among others), in order to minimize noncompliance and facilitate an analysis that considers the different cases.

Risk assessment and prioritization:

the aim of this stage consists in separating the main risks from other smaller risks, according to the aforementioned identification. The implication of this step is to produce a summary that ranks the risks according to their priority. This requires a study of the identified risks, an evaluation of the consequences of these risks, and, finally, an analysis of the probability of noncompliance.

Analysis of results:

at this stage, the different treatment options are matched with the risks detected. These forms of treatment may include mass emails to alert about a certain anomalous situation, summonses and attendance in offices defined by the Tax Administration, educational activities for taxpayers, automated posting of tax differences, among others.

Determination and implementation of treatment strategies:

at this stage, the goal is to choose the best strategy depending on the behavior of the taxpayer, as well as the effectiveness of the selected treatment. Next, an operational plan is defined with the implementation of the actions taken.

Evaluation stage:

at this stage, one must remember that risk management is a continuous process, so it is necessary to obtain periodic feedback to evaluate results or the effectiveness of the treatment applied. This, in turn, is useful for making future decisions. Therefore, this step implies a permanent control of both the actions and the

results

obtained, considering that these will not necessarily meet what was previously defined.

Several Tax Administrations have considered and implemented current best practices in the matter, but have not necessarily adhered to a single form or methodology to promote tax compliance. It is necessary to adapt the recommendations to each context and to the results of monitoring the changes that are generated as a consequence of evolving technology, domestic and international standards, and best practices, among other aspects.

A point of great relevance, which goes beyond the methodology itself, is related to the role of the Tax Administration management team, especially in the implementation and operation of a risk management model.

Undoubtedly, the design and execution of a risk model that follows the standards suggested by the OECD, the European Community and ISO 31,000, duly adapted to the cultural and regulatory scenario of the jurisdiction in question, implies, in practice, that the Tax Administration management team takes on numerous challenges that must be managed at the highest level. To this end, it is advisable to formulate plans and define activities that ensure adherence, verifying that understanding and execution are consistent with the objectives pursued by the risk model and that strategic decisions are made. This team should consider, for instance:

An intervention in the existing processes to incorporate risk rules and related measurements, especially in those processes directly related to the analysis and treatment of taxpayers, which requires a management methodology and process management that may be different from those regularly used by the Tax Administration, including having to entrust its performance to a special dedicated team, able to convene and unite the collaboration of several teams located in different areas of the organization.

A displacement of the analytical teams from their comfort zones to a zone where they analyze and propose actions to address structural issues, considering progress and new behaviors observed. These teams are often successful in identifying specific collection differences in audit cases, but in their comfort zones, they do not distribute structural levels of tax compliance across specific taxpayer segments.

Changes in the working culture of the audit teams, which have traditionally had room and wide discretion to select cases for audit, often basing their decisions on targets linked only to the detection of differences. Strengthening of risk analysis and their respective control tools could lead to a loss of autonomy in the analysis and selection carried out by the audit teams, obtaining, in exchange, significant improvements in the allocation of traditional audit resources to those situations considered to have the greatest impact, according to their probability of occurrence and their consequences.

These simple examples highlight the importance of relying on high-level governance support to signal, monitor, and ensure the implementation of the risk model.

2 “Social media” refer to online applications or platforms for sharing information, such as Twitter, Facebook, and LinkedIn.

3 Objetivo Gubernamental de Auditoría No 3 - 2011, Proceso de Gestión de Riesgos.

4 OCDE, Guidance note; Compliance Risk Management: Managing and Improving Tax Compliance, October 2004, p. 8-9.

5 OCDE, Managing and Improving Compliance: Recent Developments in Compliance Risk Treatments, March 2009, p. 912.

6 European Commission, Compliance Risk Management Guide for Tax Administrations, European Union, 2010.

7 Compliance Risk Management Model.

8 Norma ISO 31000:2009 - Risk Management Principles and Guidelines.

9 Bakker A., Kloosterhof S., Tax Risk Management from Risk of Opportunity, 2010, p. 117-118

10 Ruibal Pereira, Luz. Experiencia internacional sobre medidas de reorganización de las Administraciones Tributarias. Universidad de Santiago de Compostela, 2010, p. 147.

11 OECD (FTA), ‘Compliance Risk Management: Managing and Improving Tax Compliance’, 2004, p. 8.

12 Ruibal Pereira, Luz; ‘Experiencia internacional sobre medidas de reorganización de las Administraciones Tributarias’; Universidad de Santiago de Compostela, 2010, p. 150-155.

13 OCDE, Guidance note; Compliance Risk Management: Managing and Improving Tax Compliance, October 2004.

II ASPECTS TO CONSIDER TO ACHIEVE EFFECTIVE   RISK MANAGEMENT

This chapter seeks to explain, through practical examples, the risk rating of a taxpayer and its respective assessment.

The classification of taxpayers according to their risk of noncompliance makes it possible to guide the Tax Administration's control and assistance strategies, to evaluate the tax system based on compliance levels, and to detect patterns of behavior and focuses of noncompliance (certain geographical regions, types of taxpayers, activities, processes, or taxes).

Taxpayer risk assessment can be determined by calculating two components: probability and consequences.

Regarding probability, three calculation methodologies are identified:

Frequency:

evaluates attributes or variables over time;

Evaluation models:

evaluate the willingness to comply with taxes, in which qualitative variables can appear

Mathematical modeling:

based on certain attributes or variables that seek, for instance, to predict taxpayer behavior in a given period, identify associations, anomalies, or groups of taxpayers, among other goals.

Any of these three methodologies have attributes as their starting point. These are understood as variables, whether dichotomous or not, associated with anomalies, noncompliance, and noncompliance risks.

As for consequences, two calculation methodologies are presented:

Revenue or size: the consequences of taxpayers for the tax system are considered according to their size, which could be explained by the volume of their revenue, purchases, capital, or other factors that allow them to be sized.

Techniques that use data mining: based on mathematical modeling. For example, through segmentation, it is possible to associate the consequences of a taxpayer with an estimated value in terms of number of clients, suppliers, revenues, and assets.

1 Taxpayer Risk Rating

Taxpayer risk is directly related to their willingness to comply with tax obligations (registration, submission of the required information, return, and payment) and the consequences they would face if they do not comply. This risk is directly associated with taxpayers, in terms of their "attitude" towards their tax obligations, according to the regulatory framework.

Taxpayer risk is classified through an estimate of their risk of noncompliance (their intrinsic risk), which seeks to summarize the risks considered significant by the Tax Administration.

To assess a taxpayer's willingness to comply with their tax obligations, an indicator used is the probability that the taxpayer will comply with their tax obligations. On the other hand, the consequence of noncompliance is evaluated through the relative estimate of the individual contribution to the tax system or the impact that noncompliance may have on it.

There are several ways to assess a taxpayer's level of compliance. Among these, one way mentioned in the relevant literature is related, in some Tax Administrations, to the classification into four categories: high, medium, and low risk, and a fourth category known as "key taxpayers". These levels are constructed by combining two variables (probability and consequence). This is seen in the following illustration:

The previously described categories of taxpayer risk rating are detailed according to the following definitions:

High-risk taxpayers:

taxpayers that have a high probability of noncompliance with their tax obligations and that have some specific characteristics, such as large size or high levels of revenue or tax contribution, which may cause such noncompliance to generate significant consequences for the tax system.

Key risk taxpayers:

taxpayers that, due to their specific characteristics - large size, high revenue, or tax contribution levels -, can generate important consequences for the tax system. The probability that these taxpayers' risks will occur is low.

Medium-risk taxpayers:

taxpayers that have a high probability of not meeting their tax obligations, but given their specific characteristics, such as size, revenue levels, or tax contribution, the impact or consequences of such noncompliance are not very relevant for the tax system in comparative terms.

Low-risk taxpayers:

taxpayers that have a low probability of noncompliance and given their specific characteristics, such as not very relevant size or low levels of revenue or tax

contribution,

entail consequences that are not significant or are of low relevance for the tax system.

It is worth noting that taxpayers in the high and middle segments have a similar probability of noncompliance with the tax system, but the consequences of each are significantly different.

Next, several risk rating categories used by some Tax Administrations will be pointed out. The sole purpose of this is to exemplify their diversity, as they are not limited only to nomenclature, but also to the basic criteria used in classification.

Table 1: Scenario in Select Tax Administrations

Country

Scope of Application

Categories

Costa Rica

Monthly, by tax and economic subsector

A (lowest risk), B, C, D and E

Bolivia

Under study

a) Low risk

b) Medium risk

c) Higher risk

d) High risk

Brazil

Under study

A (lowest risk), B, C and D

First

a) High

b) Medium

c) Low

Ecuador

Second

a) Very high

b) High

c) Medium

d) Low

e) Not as low

Chile

Universe of taxpayers

High, medium, low, and key

Colombia

Applies to those liable for income tax and VAT

Very score high, high, medium, low, and single

El Salvador

Severe, moderate, and minimal

Guatemala

General VAT regime

Extreme, high, medium, low, and undetermined

1.1 Attributes for Risk Assessment

The attributes for the assessment of risks correspond to definitions and technical elements that make it possible to distinguish the tax behavior of taxpayers in relation to compliance with their obligations and their own characteristics, whether individual or of their sector. Thus, the following can be examples of attributes: "number of times that a group of taxpayers declares belatedly the form associated with Value-Added Tax in the last 12 months"; "non-filer of Value-Added Tax in the last 12 months"; and "company without employees and with revenue in the last fiscal year".