Jump to content

User:Stuart G Hamilton

From Wikipedia, the free encyclopedia

/Sandbox

Regulatory Risk Differentiation

[edit]

It is probably clear to most observers that regulatory systems function because most clients do the right thing most of the time. In the case of taxes this is also generally true, as James Alm noted in 1996 “Most people pay most of their taxes most of the time”. [1]


Without such a broad level of voluntary compliance, regulatory systems would be swamped with cases that called for intervention, which would quickly outstrip the resources and remedies available.


The compliance framework or model a regulatory authority uses (implicitly or explicitly) is like a lens that it uses to view its clients and becomes a shared value set that permeates its strategies, systems, and style of interactions with those clients. It becomes a key facet in shaping the compliance ‘culture’ of the organisation and even influences its structure, since structure generally follows strategy.


Compliance framework or model

The simplest compliance framework to have is a dualistic regulatory framework or model that views a client’s behaviours as being either right or wrong. A black or white model of compliance, often used for strict liability [2] offences.

A simple dualistic compliance model. A black and white view of the world.


Such a simple framework can lead to problems when applied to more complex areas of behaviour. Regulatory systems where the only remedy is, for example, a prosecution can tend to view the solution set to a compliance issue as prosecuting the right clients – even though a prosecution might not be the ‘right’ treatment to engender long term compliant behaviour in the system. It’s a rather limited response for an increasingly complex regulatory world. Indeed a side effect of such a simple dualistic approach can be that an enforcement culture permeates the organisation rather than a client service ethic that realises clients’ get it wrong for a wide variety of reasons.


It can contribute to a culture within the regulator that results in claims of incompetence, unreasonableness or over zealousness. The credibility of the organisation as a fair regulator can suffer and community and client confidence in the regulator can decline as a result. [3]


Alternatively, having only a few hardline regulatory responses can lead to them not being applied at all. Like nuclear weapons they become an arsenal that is effectively un-useable.


This lack of community and client confidence is a key risk for a regulatory authority and one that can be easily overlooked, often with dire consequences.


An enhancement on the simple dualistic compliance model is to introduce the view of a compliance continuum, or spectrum of compliance behaviours, ranging from deliberately non-compliant through to fully compliant – and ideally have a choice of several remedies that appropriately reflects a clients position within a compliance continuum - the law as it applies to their particular facts and circumstances.


A linear compliance continuum – introducing shades of grey [4]


Research on regulatory compliance approaches by Braithwaite and others on regulatory systems indicates that a range of treatments should be available to engender long term voluntary compliance.


An escalatory or responsive model is suggested to create an incentive for the client to move towards a more engaged and compliant behaviour set. This model was first represented as a compliance pyramid by Ayres and Braithwaite in 1992. [5]


The shape of the compliance pyramid roughly indicates:

o the number of clients that might be found at each level,

o the hierarchical and escalating nature of the engagement, and

o the increasing focus towards the apex for the minority who appear to wilfully seek to abuse the system.


The choice of remedy imposed becomes increasingly severe higher up the pyramid – with the view of creating an incentive for clients to move towards more compliant behaviours. The pyramid shape of the model effectively adds another dimension to simple linear compliance frameworks, allowing for somewhat richer and more informed view of compliance behaviours and appropriate regulatory responses. [6]


The simple regulatory compliance pyramid was developed further during work with the Australian Taxation Office’s (ATO) Cash Economy Project in the mid-to-late 1990’s where the client’s broad motivational posture was explicitly coupled with a suggested response.


The ATO Compliance Model [7]


In this version of the Ayres and Braithwaite compliance model, four broad client archetypes were defined by their apparent underlying motivational postures:

o The disengaged clients who have decided not to comply,

o The resistant clients who don’t want to comply,

o The captured clients who try to comply, but don’t always succeed, and

o The accommodating clients who are willing to do the right thing.


It should also be noted that some commentators have raised questions regarding the applicability of the compliance model in situations where the determination of compliance itself is uncertain – where legitimate differences of views exist regarding what compliance behaviour is. [8]


Regulatory compliance pyramid models posit an escalating choice of remedy to observed client behaviours. For example:

o For those trying and succeeding to do the right thing – the majority of clients – compliance is made as simple as possible. Information reporting requirements are reduced and interactions are made as cheap and easy as is practical. [9]

o For those trying, but not succeeding, in doing the right thing - education and advice is provided to enable compliance. This can be general, or aimed at specific client segment, an industry or occupation group, or some other discernable client grouping. [10]


These interventions are generally relatively quick and low cost mechanisms for enhancing voluntary compliance for the majority of clients who are trying to do the right thing.

o For the smaller number of clients who for a variety of reasons appear to have carelessly, negligently or deliberately not complied - in taxation regulatory systems, a common treatment is to audit the client to determine the amount of the non-compliance and any reasons for it and, if considered appropriate, penalise (administrative penalty) the client for not complying. The audit may be targeted at a specific issue or may be a more wide ranging examination of the client’s relevant affairs.

o Finally, for those relatively few clients that have serious/aggressive non-compliance and other aggravating factors - the treatment may be to investigate with a view to prosecution (civil for abuse or criminal for fraud). Due to the legal evidence gathering nature of these cases they tend to relatively resource intensive, time consuming and costly for all sides.


All of these variations in regulatory response maintain the essential aspect that the choice of remedy should take into account the facts and circumstances of the clients’ situation so as to treat the client in an appropriate and proportionate way:

o For example recidivist clients (those who repeatedly offend after treatment) would generally warrant a different treatment than a client detected making an error for the first time.

o Similarly those who knowingly promote non-compliance by others generally warrant different treatment to those who don’t.

o Those in special positions of knowledge, trust and influence in the regulatory system (eg key intermediaries, agency staff, lawyers, judges, police and accountants) generally warrant different treatment to those who aren’t in such positions.

o Those involved in non-compliance arrangements aren’t all the same. Clients with relatively low knowledge of the regulatory system who enter arrangements on the advice of their trusted advisor should not be treated the same as those who would be reasonably expected to have sound knowledge (such as the advisor).


The appropriate practical translation of the apparent motivational postures into observed behaviours and into the subsequent choice of remedies is critical - as the effectiveness of the model is posited on applying the right remedy to the right situation. [11]


It is naturally quite important that the compliance strategy or 'choice of remedy' be appropriate and defendable – and that the mechanism to get to a decision on the remedy is timely, evidence based and repeatable.


Both the Australian Tax Office and the New Zealand Inland Revenue suggest the use of a broad analysis approach to create an understanding of the client’s motivational stance based on: Business and Industry factors, Social and Economic aspects, as well as Psychological influences - ‘BISEP’ analysis . [12] In practice the ability to do this analysis in depth for large numbers of clients is likely to be limited by resources and capability. Prioritisation is required.


The causal factors involved in the non-compliance also should factor into the appropriateness of the choice of remedy. For example the causal factors for non-compliance could be as a result of:

o deliberate intent,

o negligence,

o carelessness,

o ignorance,

o honest mistake,

o not being in a position to comply,

o or a difference of views as to what compliance is – ranging from a reasonably arguable positions that differ from the regulatory agencies view of the underlying intent and application of the law in a manner that are more or equally as likely as not to be correct, to positions that are more clearly aggressive or ‘hard’ avoidance. [13]


These aspects can be usefully distilled into a mindset of having clients that are ready, willing and able to comply:


o Ready →Clients who know what compliance is

o Willing →Clients who want to comply

o Able →Clients who are able to comply

[14]


Using this framework it becomes apparent that there is a series of proactive and reactive compliance enhancement strategies that could exist to assist in achieving higher rates of compliance:


Compliance Compliance Enhancement

Aspect Constraint Strategy


o Ready > Knowledge > Educate

o Willing > Attitude > Engage, Encourage, Enforce

o Able > Capability > Enable



Another way of looking at this is as a risk ‘bow-tie. [15]


These compliance enhancement strategies fit into the fairly standard regulatory:

o deter, (Educate, Engage, Encourage, Enable)

o detect, and

o deal with (Enforce)


Generic Tax Compliance Risk Bow-Tie Author 2007


Adding the dimension of Risk If we want to really bring compliance pyramid approaches to ‘life’, aspects of the likelihood and consequence of non compliance need to be addressed to guide regulatory case selection and client engagement approaches in a practical sense, where it is evidenced based, repeatable and scalable.


Risk events have both a likelihood of occurrence and a consequence of occurrence and it is critically important to understand the difference between these two aspects, ‘how likely’ and ‘how much impact’, to manage and treat risk.


A risk with a low likelihood, but high consequence is a very different thing to a risk with a high likelihood, but low consequence – even though the risk event and overall risk rating may be the same. Risk management frameworks bring with them relatively mature and robust approaches to the prioritisation of risks for treatment – a key facet in compliance case selection.


We need to be able to factor in likelihood and consequence of non-compliance, and our degree of confidence in these into our view of risk in a consistent, logical and defendable manner.


In most regulatory situations the spread of clients would generally follow a ‘power distribution’ [16] of a few large consequence or higher likelihood clients and many more lower consequence/likelihood ones.


Represented as a scatter plot we have:


Most clients are lower consequence and lower likelihood – most clients are compliant most of the time.


This result will hold true whether our view of risk is event based or whole of client. A whole of client risk view is a summation of the clients risk events. (It is not a simple add since probabilities are involved, but the mathematics are not that complicated.) One way of thinking about this is to imagine that we are essentially zooming in on the compliance pyramid, prioritising who we might review/treat by considering the consequences of possible non compliance as well as our view of the likelihood of non compliance.


Mapping the compliance model to a risk matrix


Clearly from a risk management perspective we will have a more significant interest in higher consequence clients or events than lower consequence. Equally we will be more interested in reviewing those clients or events that have a higher likelihood of being non-compliant than those with lower likelihoods.


Timing and importance of detection efforts


If we then map a client engagement approach based on timing of detection efforts - periodic to continuous (ie ~near real time) and type of detection effort - passive monitoring to active review, the following risk differentiation framework emerges:


Detection strategies laid over a risk matrix


This framework is the basis of a risk differentiation framework now being used by the Australian Tax Office for its large corporate clients. It effectively adds another dimension to the compliance pyramid, making explicit that there is a set of clients that we may need to make an extra investment in to prevent them moving up the compliance model. It can be seen that such a framework may make clearer many of the risk based approaches that people have implicitly been using for years, making the decision process on risk prioritisation more coherent, explicit and transparent. For example, drawing these threads together we can obtain an overarching strategic framework for differentiated approaches to compliance risk management for large corporate clients:


In broad conceptual terms, this risk differentiation framework suggests a different high level engagement approach for clients in each quadrant.


For those clients with relatively high consequences (often the largest clients or those with significant influence in the system) the organisation would invest more time and effort in trying to reduce the likelihood of non compliance. For those clients with lower consequences of non compliance the organisation would look for more efficient leverage approaches to detect and deal with non compliance.


(At all times we need to remember that frameworks are, of course, broad guides providing suggested stances rather than definitive action plans for a client and that our frameworks do not mandate, nor sanction, the use of an inappropriate or unreasonable response given our understanding of a client’s facts and circumstances and the law.)


Reflecting the underlying pareto nature of risk, and in alignment with the compliance model, the risk differentiation framework suggest that relatively few clients would be treated as higher risk – perhaps 2% or fewer. (eg a 90/10 consequence split and a 80/20 likelihood split suggests ~72% lower risk, 18% medium risk, 8% key clients and 2% higher risk.)


Correctly identifying these relatively few higher risk clients or transactions is clearly critical for overall compliance effectiveness.


The framework suggests a relatively intense focus on clients treated as higher risk even though these may not produce the greatest immediate return. Compliance activities with higher risk clients can be drawn out litigious affairs.


For our higher risk client grouping the framework suggests a near real time / continuous risk review stance with the client. That is, that we deploy sufficient skilled resources to enable us to review, detect and understand any relevant transactions that have the potential to be in contravention of laws, so that we can quickly form a view as to their appropriate treatment, ideally before the client or others involved have lodged relevant documents locking in a position that we would dispute.


This stance increases our chances of detecting significant issues with these clients and influencing their voluntary compliance, or dealing with their contravention, early on.

Generally these higher risk clients are less likely to have approached us with full and true disclosure of all relevant facts. We are likely to seek a greater level of evidentiary support in regard to significant transactions so that we can form our opinion regarding compliance. Our compliance stance with these clients is more likely to use our formal powers of access and questioning early on. Our choice of remedy for non compliance is more likely to be at the ‘firm’ end of things where this is considered appropriate in the circumstances.


The activities of higher risk clients can tend to set the bar of acceptability in the market, particularly if their activities go unchallenged for a period of time. If an administration is slower than market time to deal with aggressive avoidance behaviours then ‘breakouts’ of such arrangements occur as more risk neutral clients begin to take up the scheme.


Risk positioning and behaviours Concept adapted from: Diffusion of Innovations by Everett M. Rogers, 1962, New York: Free Press Successfully addressing clients in market time who breach the ‘dam wall’ is clearly a priority for any effective compliance strategy.


Such breaches can be opportunistic constructs of advisors devised for particular business situations faced by the largest clients. The advisors or others associated with the transaction then may use the template of the approach and promote its use with other clients, facilitating a break-out of avoidance activity.


For our key client grouping, the framework suggests a near real time continuous monitoring stance.

We view these clients as generally compliant (though that does not mean we don’t have disputes or differences of view) and they are more likely to have approached us in regard to controversial or contentious matters. We generally have a broadly co-operative and consultative relationship with them. They are generally the major players in the system and what they do matters most.


We aim to deploy sufficient skilled resources to enable us to service their requests and provide certainty quickly. We are likely to engage with these clients to discuss and review their tax risk governance frameworks to assure ourselves that these are real, robust and reasonable in both scope and outcomes. In a real sense we are relying on their governance frameworks to mitigate risk as much as they are.


Our compliance stance with these clients is less likely to use our formal powers of access and questioning, and our choice of remedy for non compliance may involve alternative dispute resolution approaches where there is genuine uncertainty regarding compliance.


However we will still audit or investigate, adjust and penalise a key client where this is the appropriate choice of remedy for an apparent contravention.


So for our higher consequence groupings of higher risk and key clients, we broadly aim to know what they are doing ‘now’ and influence their subsequent tax compliance. Generally we believe we are less likely to need to influence a key client compared to a higher risk client.


The quadrant framework provides for the needed high level of focus on clients that are, based on past experience and current intelligence, more likely to be non compliant. The categorisation does not prejudge in any way the outcome of a review of the client (our detection effort), merely the likelihood of a review and the intensity, formality and timing of it.


Attitudes and behavioural indicators would be expected to differ between the left and right had sides of the framework. However there is no sharp divide between the two sides, rather a spectrum of behaviours that change from left (lower likelihood) to right (higher likelihood).


Likelihood factors (left to right spectrum of behaviours)…

Broadly speaking, higher and medium risk clients might be expected to have aspects of the following behaviours:

o Relatively low effective tax rates compared to industry peers. Tax is often a key driver for them.

o A history of tax positions that often the ATO disagrees with and considers relatively ‘aggressive’.

o Sought out and used advisors with history of aggressive tax planning.

o Utilised complex tax driven structures that make little commercial sense other than to obtain a tax benefit.

o Have significant transactions, often with related parties, that lack economic sense or real commercial risk/return.

o Relied on non disclosure or limited disclosure of significant, potentially controversial tax positions. (For example seeking rulings only on parts of the transaction without disclosing the whole structure.)

o Used concealment or obfuscation as part of process, playing the audit lottery approach.

o Tax risk is inappropriately factored into decision making with limited objective peer or external advice built into governance proceedings.

o Used ‘game playing’ in negotiations, trickle feeding information (and sometimes misinformation). Non bona-fide behaviours in negotiations - ‘deny, delay, defeat’ activity by the few most extreme.


Attitudes they might exhibit include:

o ‘I’d rather pay lawyers than pay tax’

o ‘Lodging a tax return is the start of negotiations’

o ‘Tax is an impost to be avoided where possible’


Key and lower risk clients might be expected to have more of the following behaviours:

o Relatively high effective tax rates over time that accord with expected industry patterns and trends.

o Not a significant history of material adjustments relating to aggressive tax planning (though that is not to say that we don’t have disputes or differences of opinion on the tax outcomes intended by law where the law is unclear.)

o Use of advisors noted for advice that doesn’t push the boundaries of aggressiveness.

o Business driven structures and approaches.

o Significant transactions with related parties are at arms length rates with appropriate supporting documentation and governance.

o Upfront full and true disclosure of significant, potentially controversial tax positions via rulings process.

o They seek our opinion regarding controversial issues and keep us informed of their decisions and actions.

o Tax risk as an explicit, considered part of corporate governance process. Due diligence is followed and objective advice sought.

o Negotiations, while preserving each parties rights and interests, are conducted with a bona fide intent of resolving the issues appropriately.


Attitudes they might exhibit include:

o Seeing the payment of tax as a normal part of the cost of doing business in civil society, funding the legal systems that protect their property rights as well as the social, education and health systems that directly impact upon them, their employees and their customers.


Consequence factors (bottom to top spectrum of potential impact)

Key and higher risk clients might be expected to have one or more of the following features:

o Significant potential revenue impact (this may be reflected by relatively high turnover as we know that most adjustments are for less than 10% of turnover and that it is rare for an adjustment to be more than turnover)

o Control or influence over a relatively large number of assets (as return on assets is a factor in income)

o Occupy perceived positions of trust in the community or in the market

o Directly or indirectly influence significant numbers of other clients

o Significant linkages and influence regarding advisors and intermediaries


These clients are material leverage points for compliance – we need to invest in knowing what they are doing now


Broadly speaking, Lower and medium risk clients might be expected to have the following features:

o Relatively lower revenue impact per client

o Not be in positions of significant trust in the community or market

o Relatively lower influence over other clients or advisors and intermediaries


They are, by themselves, not material leverage points in the compliance market (though in total they may be)


There is really no getting around the fact that using a risk management approach to verify compliance requires the regulator to find a way to form a robust view of a client’s risk of non compliance and how that risk sits relative to other clients. This prioritisation process is quite fundamental to risk management and will exist for any regulatory risk assessment system.


Generally the regulator’s view of a client’s risk, determined by the evidence and information they have about all clients, will often differ from a client’s view of their risk. Part of being fair and professional, open and accountable is being prepared to communicate to the client the regulators view of the client’s risk of non compliance.


Such communication is in fact an important part of educating the client about concerns about their compliance so that they have the chance to self correct matters in the future. It is an opportunity to correct client behaviours – or the regulators view of them. That some clients dispute the regulators view of their risk of non compliance is not be a blocker to the implementation of a risk based differentiation framework. It is always open to the client to show why the regulators view is incorrect.


It should be noted that risk likelihood can be roughly linked to legal concepts such as the evidentiary requirements to support ‘reasonable suspicion’, ‘reasonably arguable position’ and ‘balance of probabilities’. So forming views of a client’s likelihood of non compliance is inherent in a regulatory system and as administrator we are required to both appropriately form and make evidence based decisions regarding them.


As our ability to resource risk alters, the number of clients in each quadrant can be varied by changing the thresholds at which we have the ability to treat clients differently. The ‘bars’ are not static. Moving the threshold bars for treatment does not change our relative prioritisation of a client’s risk, only the proposed treatment that attaches to it and the resource intensity used.


For example if we were allocated more staff for discretionary risk related work, we might either reduce the likelihood cut-off point – increasing client numbers for quadrants one (higher risk) and three (medium risk) or we could reduce the cut-off point for consequence, increasing client numbers for quadrants one (higher risk) and two (key clients).


Equally, as we experience non discretionary compliance resource constraints we might raise the threshold for likelihood or consequence, thus reducing the relative client numbers in those quadrants.


We need to remember that we optimise compliance within certain resource constraints allocated to us. We are not resourced to do everything and it seems inevitable that our views of risk will be more influenced by higher likelihood than consequence. [17] While we should treat in some proportionate and appropriate manner a lower consequence client that we are 100% confident that they have not complied, should we review a higher consequence client where we have a reasonable suspicion of non compliance?


What is the appropriate risk treatment isoquant that can be resourced?

Risk isoquants – lines of equal risk


The approach does provide guidance for a considered and consistent regulatory response to resource changes and constraints in a dynamic risk environment.

--Stuart G Hamilton (talk) 08:04, 31 August 2009 (UTC)

  1. ^ “Explaining tax compliance” in Pozo, S, ed. “Exploring the underground economy” 1996, Kalamazoo, Michigan, Upjohn Institute. Several other researchers, such as Henk Elffer have made the similar comments. See “But taxpayers do cooperate” in “Cooperation in modern society” Mark Van Vugt, 2000, Routledge.
  2. ^ http://wiki.riteme.site/wiki/Strict_liability
  3. ^ See for example the report (the “Palmer Report”) into the detention of Cornelia Rau, July 2005 @ http://www.immi.gov.au/media/publications/pdf/palmer-report.pdf
  4. ^ See for example the Customs Compliance Continuum @ http://www.customs.gov.au/webdata/resources/files/FS_CustomsCompliance.pdf
  5. ^ Ayres, Ian and John Braithwaite (1992) “Responsive Regulation: Transcending the deregulation debate”. New York: Oxford University Press. Page 35. It was earlier described by John Braithwaite in “To punish or persuade”, State University of New York, 1985, at page 142. The models evolution over time is tracked in a paper by John and Valerie Braithwaite at http://vab.anu.edu.au/pubs/1/anevolvingcompliance.pdf.
  6. ^ See for example ‘Law & Policy’, Volume 29, Issue 1, January 2007
  7. ^ http://www.ato.gov.au/content/downloads/SB39073.pdf Improving Tax Compliance in the Cash Economy, Second Report, ATO Cash Economy Task Force, 1998, Page 58
  8. ^ See for example: Mark Burton’s detailed paper “Responsive Regulation and the Uncertainty of Tax Law – Time to Reconsider the Commissioner’s Model of Cooperative Compliance?” @ http://www.atax.unsw.edu.au/ejtr/content/issues/previous/paper4_v5n1.pdf, eJournal of Tax Research, Volume 5, Number 1 July 2007
  9. ^ See for example the ATO Easier, Cheaper, More Personalised Change Program @ http://www.ato.gov.au/content/downloads/Making_it_easier_to_comply_2005_06.pdf
  10. ^ See for example http://atogovau/corporate/content.asp?doc=/content/42628.htm on marketing and taxation.
  11. ^ See for example Julia Black’s paper: “‘Chancer’, ‘Failure’ or ‘Trier’? Regulatory Conversations and the Construction of Identities” July 2008 @ http://www.cardiff.ac.uk/chri/research/cnic/J%20Black%20CNIC%20Paper.doc
  12. ^ The ATO Compliance Model in Action: A Case Study of Building and Construction by Neal Shover, Jenny Job and Anne Carroll @ http://demgov.anu.edu.au/papers/ShoverEtal2003TD(8).pdf
  13. ^ See similar in “Reducing the risk of policy failure: challenges for regulatory compliance”, OECD 2000 @ http://www.oecd.org/dataoecd/48/54/1910833.pdf
  14. ^ See Box 2 page 12 in “Reducing the Risk to Policy Failure: Challenges for Regulatory Compliance,” OECD, 2000 @ http://www.oecd.org/dataoecd/48/54/1910833.pdf
  15. ^ Risk Bow Ties: Originally conceived of in the late 1970’s by the University of Queensland and then brought to the fore by Shell after the Piper Alpha disaster. Now a widespread risk approach the ‘bow-tie’ usefully shows the ‘paths’ by which a risk event can occur, where preventative or deterrent controls are used, the event itself and detective controls and the consequence paths and restorative controls. http://www.bowtiepro.com/bowtie_history.asp
  16. ^ See for example “Power laws, Pareto distributions and Zipf’s law” by M. Newman, 2006 @ https://arxiv.org/pdf/cond-mat/0412004.pdf
  17. ^ For example see the conceptual framework on page 5 of “Optimising Compliance – the role of analytic techniques” available @ http://www.itdweb.org/documents/Optimising%20Compliance%20-%20Role%20of%20Analytic%20Techniques.pdf