Managing Cyber Risks and Insider Threats

Worldwide losses from cyber-attacks are estimated to be in the order of 1 per cent of GDP, which makes the crime in Australia worth close to $17 billion.  Regardless of its value, one only needs to read the press to have some idea of how pervasive cybercrime has become in our society. The extraordinary growth in the ‘Internet of Things’ over the past several years has created a larger cyber-attack surface, increasing the prevalence of destructive attacks, improved counter forensics, attacks aligned with geo-political conflicts and cyber espionage, all of which show no signs of slowing.  What’s more disturbing, is that we are seeing more attackers moving to the cloud; hosting command-and-control servers on pop-up cloud virtual machines and using social media channels for communications to avoid detection.

Cyber security threats come in many forms, and typically fall into two categories; external and internal.  External threats usually come from a competitor, organised criminal elements or a foreign government, and should obviously be taken very seriously.  However, with advancing technology and significantly improved perimeter defences against accessing confidential information, the insider threat is now more pervasive, evasive and disastrous than ever. The threat is no longer just an external one; it could be inside your business or via a trusted third party with access to your systems.  The ability to expose trade secrets, confidential information or proprietary documents over the Internet is at the fingertips of just about every individual in your organisation.  With the number of cyber incidents on the rise, as well as an increased legislative and regulatory focus on information protection, SMEs need to turn their attention to cyber risk and make it a priority.

No business is immune from attack.  Recent high-profile cases have highlighted the need for organisations to further strengthen their strategies to prevent, detect and respond to incidents thereby minimising their risk of attack. The consequences of cybercrime in all its forms – phishing, malicious software, hacking, e-mail spoofing, Distributed Denial of Service attacks or cyber extortion – can be devastating, leading to significant financial consequences, not to mention the damage caused to brand and reputation.

It is the incumbent responsibility of every company director to exercise their duty of care and diligence. This extends to assessing and addressing the risk of damage to the company from external cyber-attacks and internal unauthorised access to or disclosure of company data.  ASIC produced a “Cyber resilience: health check” publication back in March 2015, which helped guide thinking for corporate Australia.  It said that directors need to take head of their advice and evaluate if their company is properly managing cyber risk, including whether adequate resources are devoted to cyber security.

ASIC suggested that key questions should be asked of management by the Board such as:

  • Which systems, if disabled, would create the most business risk?
  • What data, if stolen or corrupted, would result in serious business risk?
  • How is protection of these high-value assets prioritised?
  • What is the current level and business impact of cyber risk and how is the executive leadership team informed on the issue?
  • How many and what types of cyber incidents do we detect in a normal week? What is the threshold for escalation to our executive leadership?
  • What is our plan to address identified risks and how do we preserve the integrity of data residing on our network?
  • Do we have cyber security insurance that covers data breaches?
  • What is the cyber security budget?  Is it adequate?
  • Do existing risk management and governance processes address cyber risk and is there an annual company-wide awareness campaign around cyber security?
  • Are our policies and procedures for responding to cyber incidents robust?
  • How many detected security incidents have involved insiders? Are employees monitored for malicious activity?
  • Do the company’s outsourced providers and contractors have cyber controls and policies in place? Do they align with the company’s expectations?
  • How are industry standards and best practices reflected in our cyber security program and how do we compare with our peers?
  • How comprehensive is our cyber incident response plan? How often is it tested? If we were breached tomorrow, who would we call?
  • What constitutes a material cyber security breach?  How will those events be disclosed to the regulators and investors?

A well-designed and effectively implemented cyber resilience program will not eliminate external and internal risks, but it can assist in mitigating the likelihood of compromise and reduce the fallout from incidents, if and when they occur.

Training employees is a critical part of any cyber resilience program. Employees need to understand the value of protecting corporate, customer and colleague information, and their role in keeping it safe.  They also need a basic grounding in other risks and how to make good judgments when online.  Most importantly, employees need to know the policies and practices you expect them to follow in the workplace regarding the use of devices connected to the internet.

Importantly, when dealing with cybercrime there are a few considerations:

  • Understand your threat
  • Evaluate your maturity
  • Assess your critical risks
  • Develop your security roadmap
  • Monitor employee behaviour
  • Test your capability to respond
  • Transform your environment.

In the ‘hyperconnected world’ where smart systems are merging everything digital and physical, cyber threats and the inadvertent disclosure of confidential information have a greater potential of occurring.  The challenge for owners of small to medium businesses is to understand the complexity of their systems, what they are doing and more importantly what they’re interconnected with. The number of Notifiable Data Breach notifications being made to the Office of the Australian Information Commissioner suggests that Australian business needs to have a better grip on their data and tighter controls over it than ever before.  Maintaining an inventory of data assets and implementing secure network and process structures will go part way to helping your company keep ahead of potential compromises and minimise exposure to negative consequences from the interconnectedness of things.

It’s worth remembering that even the best cyber resilience programs still rely on human interaction; it is critical that staff understand the cyber issue and the threats they face and their organisation faces, as well as their role in the corporate response.  Help your staff understand the risks, make them accountable for controls to manage the threat, have a plan in place to respond to an event, test that it works and ensure that everyone in the organisation remains vigilant and remember, don’t be lulled into a false sense of security!

About the Author

Scott Goddard is the Partner leading Crowe Horwath’s Forensic, Cyber and Data Analytics practice for Australia and New Zealand. He has over 30 years of experience working for professional services firms and industry in various assurance, regulatory compliance and consulting capacities.




AASB release proposed changes to accounting for peppercorn leases

On 23 November 2018, the AASB released an exposure draft which proposes to provide temporary relief to Not-for-Profit Entities (NFPs) from fair valuing Right-of-Use Assets as required by AASB 16 and AASB 1058.

The proposed changes are a result of feedback received by the AASB on the difficulties associated with valuations of NFP’s specialised assets.

AASB 16 and AASB 1058 will be mandatory for NFPs for reporting periods beginning on or after 1 January 2019. Under the existing version of these standards, NFPs that have a peppercorn lease (or a lease that is significantly less than fair value), are required to measure the right of use asset at fair value on commencement of the lease.  This results in a day one income, recognised in profit or loss.  The requirement to fair value the Right of Use Asset may provide significant challenges to an NFP and would likely incur significant cost as an external valuer will be required in most instances.

The AASB are acknowledging that the ACNC legislative review is still on-going.  The outcome of which is currently unknown, but it may result in thresholds being increased such that some NFPs may no longer be required to apply Australian Accounting Standards.  In addition, there is an ongoing project to develop guidance to assist NFP entities in fair valuing assets.  As a result of these ongoing projects, the AASB is proposing to provide temporary relief until these projects are finalised.

It should be noted that the relief is both temporary and optional.  NFPs wishing to fair value Right of Use Assets can continue to apply the requirements of AASB 16 and AASB 1058.

NFPs that elect to apply the relief will be required to include additional disclosures to explain the impact of the peppercorn leases on their financial position and results.  The extent of these disclosures is set out in the exposure draft, ED 286.

Due to the imminent effective date of the standards effective, the exposure draft only has a 14 day comment period.  Comments are due to the AASB by 7 December 2018. We encourage affected NFPs to provide comments to the AASB directly, or reach out to your Crowe Horwath adviser to include your comments in our submission to the AASB.

If you are engaging external valuers for this purpose, we recommend this is put on hold until further notice.

Christine Webb

IFRS Technical Manager




Prudential Tax Audits & Tax Systems Reviews

Our article from 6 August 2018 entitled Are you prepared for a review by the ATO? highlighted that tax governance is a key focus area for the Australian Taxation Office (ATO) when reviewing both privately held groups and large public and multinational businesses.

The article covered the importance of your business being able to demonstrate its tax control framework (documented in the form of a Tax Risk Management Charter) is working in practice.  This is vital to achieving the ATO’s highest rating for tax governance of “justified trust”.

The ATO encourages all large private and public companies to achieve this rating, but to do so you must be able to demonstrate that your tax control framework has not only been designed effectively, but is also operating as intended.  Practically, this can be achieved by undertaking periodic testing of the tax controls of your business with evidence of the testing program to include conducting a:

  • Prudential Tax Audit; or
  • Tax System Review.

How Crowe Horwath can assist

Prudential Tax Audit

Over time, a significant proportion of large businesses can expect an ATO audit and our experience has shown that most businesses are not well prepared.  Very often, this means the process can then become drawn-out which adversely impacts on the day-to-day running of the business.

 

To prepare for the inevitability of an ATO audit, Crowe Horwath regularly assists clients by conducting Prudential Tax Audits.  In addition to properly evidencing the Tax Risk Management Charter of the business is working in practice; such exercises also provide executive management with the comfort of knowing they are better prepared for a tax audit in any tax area.

Our prudential audit program deals with many facets of taxation, including income tax, goods and services tax (GST), fringe benefits tax (FBT) and superannuation guarantee (SG).  Given the activity of the Office of Sate Revenue (OSR), many businesses are also receptive to a prudential audit covering payroll tax.

A typical Prudential Tax Audit commences with an initial interview with the managing director and key senior staff within the finance and administration groups of your business.  At this interview, a detailed questionnaire (customised to meet the specific needs of your business) is used to gather information regarding your internal business systems for the taxes under review.

The initial interview is followed by substantial field work; a manager, along with an experienced senior consultant from our Taxation Advisory group, undertake the field work.  This generally consists of checking taxation information through the internal systems of the business to source documents.  Upon completion of the field work, significant time is then dedicated to analysing the information collected, identifying potential taxation issues, researching solutions to these issues and formulating recommendations and strategies where necessary.

After this analysis has been undertaken, we provide executive management with a detailed report of our findings and recommendations.  The report will include a detailed review of the operation of each of the taxes, and will identify any issues, outstanding taxation liabilities and identify opportunities to minimise tax exposures..

Benefits of a Prudential Tax Audit

The main advantage of carrying out a Prudential Tax Audit is that it allows us to identify past tax technical issues and problem areas.  Not only does this allow us to help ‘fix’ the problem on a prospective basis, it allows us to perform a risk assessment in advance of an audit and enables us to inform executive management of any potential adverse tax consequences that may result from audit or review by the ATO or OSR.

Tax Systems Review

Adequate systems are an essential part of ensuring compliance with the tax risk management policies of a business.  We strongly believe that a Tax Systems Review is a critical step to ensuring ongoing compliance with the tax risk management objectives of your business.  Businesses with demonstrably watertight systems and processes are far more likely to achieve a “justified trust” rating from the ATO, compared to those with inadequate systems in place.

Whilst a Tax Risk Management Charter alone provides a solid foundation for managing tax risk, a key factor of risk management is ensuring adequate systems are in place to deal with meeting the tax objectives outlined in the charter.  Once a documented tax risk management policy is in place, adequate systems are an essential part of ensuring compliance with these policies.  It follows that a Tax Systems Review is an essential step to ensuring ongoing compliance with the Tax Risk Management Charter of your business.

The aim of such a review is to determine if information relevant to correctly paying each of the taxes under review is captured and documented correctly.  The review will identify any shortcomings of your systems and where appropriate, make recommendations to ensure systems and procedures are adequate and robust to assist with compliance of your taxation obligations.

The purpose of a Tax Systems Review is not to identify past tax technical issues and problems, as is the case with the Prudential Tax Review above.  Rather, a Tax Systems Review is a review of the extent to which your systems are being used effectively to record and retrieve tax information.  To this end, we do not analyse in detail the taxation treatment of past transactions, but rather, review and make recommendations to the process involved in capturing and recording tax information.

A Tax Systems Review can cover all Federal taxes including income tax, GST and employment taxes, as well as State taxes such as payroll tax.

Benefits of a Tax Systems Review

The aim of a Tax Systems Review is to provide you with recommendations for improvements to the systems and processes of your business, to ensure that you are well placed to meet your future taxation obligations and objectives.  Where significant risk areas are identified, we incorporate these risks into the Tax Risk Management Charter.

We also examine what procedures are in place to ensure complex tax technical issues are dealt with appropriately, and under what circumstances external advisers are engaged to resolve a problem.  Our reviews also include establishing what risk management procedures are in place, and are therefore closely paralleled with the Tax Risk Management Charter of the business.   Overall, the benefits of undertaking a Tax Systems Review can be summed-up as a way of ensuring:

  • A potential decrease in the frequency of tax audits and therefore a reduction in time and cost of complying with ATO tax audit requirements.
  • Tax risk management becomes embedded into the culture and operations of your business as a whole.
  • A systematic approach to tax risk management is an integral element of planning and performance management;
  • Your level of tax risk is minimised and to manage tax risk in accordance with best practice.
  • Executive management is alerted to changing legislative requirements or changes to the business that may affect the level of tax risk.

In addition, a major benefit of conducting a systems review is a reduced risk of errors in tax compliance systems and processes where our recommendations are implemented and adequate systems are in place for capturing and reporting tax information.

If you would like more information, please speak to your adviser, or contact a member of your local tax team.

Martin Whyte

Partner – Specialist Taxation Services

This article contains general information and is also not intended to constitute legal or taxation advice. If you need legal or taxation advice, we recommend you speak to a qualified adviser.

The views and opinions expressed in this article are those of the author/s and do not necessarily reflect the thought or position of Crowe Horwath (Aust) Pty Ltd.




The “Trusted Employee” Syndrome

He had it all in front of him. At 27, he was a management accountant in a successful company, happily married with a two-year-old and another on the way. But his interest in American sports – and more importantly, gambling on them – was too much. When he was in a hole after maxing out his credits cards and mortgage, he quite literally “borrowed” up to $550,000 from his employer to fund his gambling habit. And was caught – quite by accident. He used a variety of methods to extract cash from the business including the use of fictitious computer-generated invoicing, abuse of online payment processes relating to a divested entity and the manipulation of accounting balances to cover his trail. The ease at which this employee committed the fraud was alarming when you consider the entity was supposed to be dormant and yet it was still linked to the Group’s main trading account via a bank sweeping facility. The employee was also the Treasurer of his local sporting club and was using their account to launder the proceeds. The fraud was only discovered when a diligent employee of the club noticed an unusually large balance in the account when he deposited the weekly bar takings.

In many ways, the fraud was not that surprising. The ability to disguise the electronic transfer of funds may be reserved to those few with access, but what about the potential exposure of confidential information or proprietary documents over the internet which is at the fingertips of almost everyone in your organisation.

It should be the responsibility of everyone in the company to assess what critical assets are at risk of internal theft or fraud, but thankfully there are several options available to minimise fraud and ‘abuse of trust’ practices taking root in the office. It is good practice to develop a sound ethics policy linked to a Code of Conduct and to provide clear reporting guidelines in the event someone does the wrong thing. Importantly, employers need to communicate their expectations and should provide ongoing training to all employees that ensures adequate understand, compliance and clear escalation guidelines.

Many organisations have well established risk management strategies in place. However, there’s been a slew of new legislation governing how organisations manage and secure their confidential information. With Australia’s Notifiable Data Breaches Scheme and the European Union’s General Data Protection Regulations now in place, as well as Consumer Data Right legislation looming, Australian organisations can no longer be complacent and need to have much tighter control over their confidential customer information regardless of whether they have an online presence. There are now significant penalties for those who choose to run the gauntlet in the hope that it never happens to them.

The Office of the Australian Information Commissioner (OAIC) has recently released its second report into notifications under the Notifiable Data Breach scheme. Of the 242 notifications in the last quarter, 142 (59%) related to criminal or malicious conduct, followed by 88 (36%) caused by human error and the remaining 12 (5%) caused by system faults. The most common human errors were emails sent to the wrong participant with personal information, unintended release of personal information and physical mail sent to the wrong recipient containing personal information.

It is fair to say that reliance is being increasingly placed on operating and system controls to prevent and detect instances of fraud and misconduct in the workplace, particularly in the face of a de-layering of middle management and withdrawal of internal audit and risk management resources. This trend seems to be abating partly due to recent high profile corporate incidents, both here and overseas, and a tightening of the regulatory noose around those charged with the governance of companies. Whilst cost management is necessary in the face of increasing pressure on margins, it is advisable to retain corporate security and fraud prevention initiatives to mitigate the risk of fraud and misconduct occurring.

Those of us who are involved in helping companies get through new requirements, as well as investigating breaches, are too familiar with stories such as that at the top of this piece. ‘Red flags’ were obvious. There was no management supervision of the employee concerned, and poor segregation of duties; he had access to raising and authorising vendor payments, whilst recording and reporting the same transaction in the accounts. A number of key controls were absent including independent monitoring of movements against provisions and review of intercompany adjustments through the sweep account, not to mention monitoring of employee access to online gambling sites.

In another investigation, the Company Secretary of a large publicly listed company decided to take a holiday. While he was away, the company’s bankers telephoned accounting staff expressing concerns about the state of company’s overdraft facility. They were keen to understand likely future collections in order to calculate the repayment of the current overdraft limit which had reached $10 million. Further internal investigation revealed that over an 18-month period, the Company Secretary had influenced a junior accountant to electronically transfer significant funds to external sources controlled by him for his own personal benefit. These transfers were disguised by an over-statement in debtors and other similar accounting irregularities.

Unfortunately, when an employee has a strong motive to steal they tend to rationalise their actions as being acceptable. When you combine this with poor internal controls and little likelihood of detection, you have a recipe for financial and reputational disaster.

The number of corporate fraud investigations continues to steadily increase, so greater emphasis needs to be placed on prevention, particularly as it is a lot cheaper to prevent than to investigate. Business owners and managers need to raise their level of awareness about the techniques used by workplace criminals, in order to better understand their organisation’s vulnerabilities. In doing so, they can strengthen the organisation’s resistance to fraud. The result will hopefully be early detection, efficient investigation (if necessary) and a better more cost-effective outcome for all concerned.

So, in summary, organisations should consider the following:

1. Risk assess the business and manage those high risks identified
2. Make a plan to tackle fraud and serious misconduct
3. Undertake pre-employment checking and ongoing screening
4. Consider annual conflict of interest declarations
5. Raise employee awareness and assign accountability
6. Monitor systems for ‘red flag’ warnings
7. Take appropriate action when issues are uncovered
8. Communicate investigation outcomes to employees.

Scott Goddard, Partner – Forensic and Data Analytics

Scott is the Partner leading Crowe Horwath’s Forensic, Cyber and Data Analytics practice for Australia and New Zealand, He has over 30 years’ experience working for professional services firms and industry in various assurance, regulatory compliance and consulting capacities.




ASIC is on-board with changes to Special Purpose Financial Reports

The Australian Accounting Standards Board (AASB) is currently undergoing a consultation process which will see significant changes to Special Purpose Financial Reports (SPFR) as we know it.

Today we see a variety of SPFRs.  Some SPFRs comply with the recognition and measurement principles of Australian Accounting Standards while others are prepared on a different basis such as modified accruals, which is not a specified framework.

Recent changes by the International Accounting Standards Board (IASB) to the Conceptual Framework will impact the definition of a reporting entity in Australia.  If the AASB adopts the Revised Conceptual Framework (RCF) as issued by the IASB, all entities that are required by legislation to prepare a financial report will be required to prepare a General Purpose Financial Report (GPFR).  This includes every company that currently lodges a financial report with the Australian Securities and Investments Commission (ASIC) and entities that are required to lodge a financial report with the Australian Charities and Not-for-profits Commission (ACNC).

The AASB is proposing a two-phase process to adopt the RCF. At its recent board meeting in September 2018, the AASB approved the first phase to go ahead.  In the short-term, the AASB will operate two conceptual frameworks to maintain IFRS compliance, where the new RCF will apply to all for-profit publicly accountable entities, or entities which are stating IFRS compliance.  There is no significant impact to these entities as they are already preparing GPFRs and all other entities can continue preparing SPSF.

Furthermore, the AASB decided to limit the phase two consultation to for-profit entities and conduct separate research on the impacts to the not-for-profit industry.

In September, ASIC announced their support of the proposals by the AASB stating the following:

“ASIC fully supports the consultation to remove special purpose financial statements for entities regulated by ASIC and remove the subjective ‘reporting entity’ test under SAC 1 facilitating a comparable, consistent and transparent framework for preparation of financial statements in Australia.”

This comes as no surprise as the self-assessment for entities, as well as the varying basis of preparation of SPFRs, has been a concern of ASIC for a number of years.

The AASB are currently seeking comments on Phase two of the project.  Comments are due by 9 November 2018.  We encourage all those affected to provide comments to AASB directly or to us for inclusion in our submission to the AASB.

Christine Webb

IFRS Technical Manager




Australia’s Superannuation Laws Have Created a ‘Use It or Lose It’ Landscape for Retirees

The creation and implementation of Superannuation was one of the most significant public policies enacted by the Federal Government in the last century, fundamentally changing how we all prepare for our retirement while creating a multi-trillion-dollar industry. Subsequent policy changes to how we save for our time after work have had major impacts on the practicality of superannuation and has created a new landscape for those approaching retirement.

You may recall the Reasonable Benefits Limits (RBL’s) era, that started in 1994.  This placed a limit on building up concessionally taxed superannuation benefits, based on a multiple of your salary near retirement. The removal of those caps in 2007 allowed individuals to build unlimited wealth in the concessional tax environment of within which super exists, while limiting how much individuals could contribute to their accounts each year.

From 1 July 2017, a total, indexed superannuation balance cap was introduced of $1.6m. This change was motivated largely by the Government’s desire to in some way limit the amount of superannuation assets one can rapidly build as they approach retirement, whereby earnings on those assets are taxed at a concessional rate of no more than 15%.  Don’t forget the Labor Government published a proposal at the time with a similar goal, using a different method – using a maximum annual tax-free earnings cap – likely resulting in a similar asset limit overall.

So, other than owning your own home, superannuation contributions are one of the last remaining options to build assets in a tax-free environment, by using up to $1.6m of superannuation assets to commence an income stream from age 60 onwards.

Unfortunately, the Government concurrently introduced lower super contribution caps, making it even harder to build up that ‘golden egg’ for retirement.

Each super account holder now faces an individual ‘lifetime’ superannuation contribution cap until age 65, after which time, individual tests begin, including ‘work test’ requirements. Each year that passes where you do not take advantage of these contribution limits, the entitlement is forfeited, meaning you lose another year in which you can build wealth in superannuation for retirement.  You ultimately need to make a conscious decision each year if you wish to “use it, or lose it”.

Most of us will go through our working life with very little extra money to contribute to our super until we approach the horizon of our working lives. Others may be in a more fortunate position to start contributing additional amounts into their super accounts earlier in life, knowing they cannot be accessed until at least age 60, but this is an exception to the rule.

Given the additional complexity introduced in 2017, there are some important questions you should know the answer to as you approach retirement: you may need to work with your Wealth Adviser to decide:

  1. Do you have the potential to reach the ‘golden egg’ limit of $1.6m by retirement?
  2. What are the advantages of exceeding the $1.6m by retirement?
  3. Are you eligible for the small business tax retirement exemptions to build up superannuation assets?
  4. Should you develop strategies to help reduce or potentially eliminate the impact of any future estate taxes lying dormant in your superannuation funds? Yes, a death tax does still exist in superannuation!

Super is for most the second-largest financial asset behind their home, and it is an asset facing increasingly complex taxation policies. Combine that with trying to find the best person to nurture the money earmarked for retirement and it is a topic that really should be approached with the help of a dedicated financial adviser or wealth manager.

Frank Tesoriero – Partner




Australian tax residency for foreign incorporated companies

The Australian Tax Office (ATO) has recently published a new tax ruling and practical guidance on company residency for Australian tax purposes. Although the practical guidance hasn’t been finalised, what is clear is that it is now potentially easier than ever before for a foreign incorporated company to become an Australian resident for tax purposes.

Background

In broad terms, a company is treated as an Australian resident company for tax purposes if:

a) It is incorporated in Australia; or

b) It is incorporated overseas but it carries on business in Australia, and either:

i) Australian tax residents control the company’s voting power; or

ii) Its “central management and control” is in Australia.

The new tax ruling and practical guidance focus on the concept of “central management and control.”

The ATO’s former ruling on this matter, issued in 2004, said that a company’s central management and control would not be in Australia if, broadly speaking, substantially all the meetings of the company’s board were held in a foreign location.

New Position

The new ATO guidance requires a far more detailed analysis of the facts when establishing the location of central management and control, essentially adopting a “substance over form” approach.

A foreign incorporated company that carries on virtually any kind of business anywhere in the world, can now be an Australian resident for tax purposes even if every single director’s meeting is held overseas.

Furthermore, the ATO also asserts that the “central management and control” of a company forms part of the company’s business – thus killing two “residency test” birds with one stone.

This means companies no longer need to be carrying on an Australian business under “normal concepts” to be treated as Australian tax residents.

Three of the ways that a foreign company’s central management and control can be in Australia under the new guidance are:

  1. The company’s core policies and strategic decisions are made in Australia; so, it may be enough to locate central management and control in Australia, even if the policies or decisions are not formally adopted until ratified by an overseas directors’ meeting.
  2. The role of the company’s overseas directors; if overseas directors do nothing more than mechanically accept recommendations made to them, the central management and control will be located where the real decision maker is located.
  3. High-level decisions about the company’s business are made in Australia; if the sole shareholder and director(s) of a foreign company are in Australia at the time of making a fundamental decision regarding the company’s business operations, central management and control may be in Australia – even if there is no other connection to Australia.

This list is far from exhaustive, but shows how fundamentally the ATO is refocussing its ability to tax foreign operations that are essentially managed/controlled from Australia.

Any of these scenarios may result in a foreign incorporated company becoming an Australian resident company for tax purposes, and there are many more possibilities that arise from the ATO’s new guidance.

The consequences

If a foreign incorporated company becomes an Australian tax resident, it may mean:

  • All of the foreign company’s income is exposed to Australian taxation;
  • All of the foreign company’s capital gains are exposed to Australian taxation;
  • Certain types of tax losses arising in foreign jurisdictions may be unavailable in Australia;
  • The foreign company might be forced to join an Australian tax consolidated group, with potentially detrimental outcomes, including cancellation of tax losses;
  • Australian taxes paid by the foreign incorporated company may create franking credits that do not have any value to its shareholders.

These are just some of the consequences that may arise.

Transitional compliance approach

The ATO recognises that the new guidance will have consequences for many existing arrangements. Accordingly, a “transitional compliance approach” is available, so that existing arrangements can be altered to maintain the non-resident status of foreign incorporated companies.

The transitional period for making these alterations is between 15 March 2017 and 13 December 2018.

As you would expect, the transitional compliance approach has conditions attached, not least being that the foreign incorporated company must not be part of a tax avoidance scheme.

Next steps

Clients that utilise foreign incorporated companies in their structures should immediately:

  1. Review existing corporate governance and decision-making processes and arrangements, particularly where the foreign company structure was established before March 2017.
  2. Consider what changes may be required to existing processes to ensure that foreign incorporated companies do not become Australian residents.
  3. Ensure that the requirements of the transitional compliance approach can be met.
  4. Examine the company’s approach to documenting key decisions, including minutes of directors’ meetings, circulating resolutions, management reports, and the like.

If there is no way that adequate changes can be made which preserve the existing non-resident tax status for foreign incorporated companies, consider whether the entity should be restructured, or otherwise dealt with, to manage the Australian tax outcomes.

How we can help

Crowe Horwath’s team of specialist tax advisers are experts in examining, understanding and advising on corporate and international taxation.

Please contact your adviser today to schedule an initial meeting with a specialist tax adviser to discuss your situation.

Andrew Jones

Associate Partner




EU-Australia FTA: in defence or defiance of a failing system?

The EU finds itself at a critical juncture as the last-man standing defending the globalist post-war liberal economic order, abandoned by US leadership.

While the often-dysfunctional bloc is an unlikely flag-bearer given its adeptness implementing long-term protectionist policies, upheavals in the global trade landscape leave it as the most powerful international force still committed to ‘free trade,’ with potential suitors attracted to its single market, including Australia.

Free trade agreements have historically received bipartisan support in Australia, an expected stance for a resource-rich nation desiring diversification of its economic base and export market dependencies. North Asian deals have brought a significant trade upswing in both goods and services, although some remain concerned that the benefits accrue largely to big business with SME’s missing out. Continuing public support for Australia’s future free trade negotiations will likely rest upon their benefits being more readily accessible to larger parts of the economy.

All the world’s a stage, and all the men and women merely players

A (pre-Brexit) market of 512 million, the EU28 was Australia’s largest source of foreign investment in 2017, second largest trading partner and third largest export destination. With a combined GDP of a whopping US$17.3 trillion and two-way trade of $101 billion with Australia, the prima facie case for a free-trade agreement is self-evident.

The post-Brexit EU of nearly 450 million souls across 27 nations, a single market of consumers 18 times the size of Australia’s population, is still an attractive trading prospect given its enormous scale and complexity, notwithstanding the removal of the UK’s financial sector and the liberalising influence of the City in global financial services.

How would Australia, a geographically massive country dwarfed by Europe’s economic might approach a negotiation with the EU, a bloc which comes to the table slowly and by consensus? It is this bloc-negotiating tactic that presents Australia’s negotiators with both a blessing and a curse, as the simplicity of one negotiating mandate is arguably outweighed by that mandate necessarily consisting of its memberships’ lowest common denominator position.

Large multi-national free trade agreements such as the Regional Comprehensive Economic Partnership (RCEP) and the recently concluded Comprehensive and Progressive Trans-Pacific Partnership (CPTPP) are only a partial guide as to what we can expect from the negotiations, with the EU’s interests diluted by their breadth and magnified by their interconnected complexity.

While Australia’s negotiators are experienced and pragmatic, negotiating increasingly complex free trade agreements, the size of the EU market immediately creates a power disparity with Australia, one that has not necessarily served us well in the past, such as the concessions Australia made to the USA during that FTA negotiation.

What’s past is prologue

Prior to the commencement of talks, the EU revealed its long-held protectionist position on agriculture, Australia’s FTA kryptonite, with French President Emmanuel Macron cautioning fellow EU leaders about negotiating with Australia, fearing a “free-trade stampede” would “wipe out” his country’s “struggling” agricultural sector.

The EU’s hypocritical cry of wolf over agriculture is a signal that member states are jockeying to position their individual interests. The bloc’s pursuit of its shibboleths such as Geographic Indicators (GI’s) has become increasingly puritanical, reinforced through negotiation with each previous agreement entered. The risk is that the EU uses access to its large, complex market as a weapon to force Australia to capitulate on its major interests including agriculture.

Australia’s lack of agricultural subsidisation stands in stark contrast to the EU’s market distorting anti-competitive Common Agricultural Policy (CAP), the removal of which is the only way for Australia’s farmers to compete on a level playing field. The days of the cheese mountains and wine lakes may be over, but cheap, subsidised EU products still represent an unfair threat to producers in partner nations. In 2016, the EU exported €131 billion of agri-food products, importing €112 billion, for a trade surplus of €19 billion. Compare this to Australia’s $44.8 billion in production, with about 77 per cent exported. In terms of direct subsidisation, the EU28’s 22 million farmers secured a staggering €408.31 billion or 38 per cent of the 2014-2020 EU budget, gobbling up an unbelievable €160.113 billion (A$250.871 billion) in subsidies in 2018 alone.

The Australian wine industry thinks that it will benefit from lower or eliminated tariffs, a relatively straightforward objective. However, the proliferation of EU non-tariff barriers such as GI’s which may be extended to non-food products, limits Australia’s ability to trade with the bloc. This sentiment is echoed by the Export Council of Australia, which notes that “any name, symbol or other product which ‘evokes’ the protected [EU] product is not permitted even if the true origin of the product is known,” effectively privileging EU producers over Australian.

Australia’s trade unions are also likely to closely scrutinise the deal, with the Australian Council of Trade Unions warning that there remains a “fundamental obligation on employers to support Australian jobs first”. Labour mobility has proved a vexed issue for the EU, with the UK making its views on the EU’s free-movement principle crystal clear.

The lady doth protest too much, methinks

The reality is that the negotiations are unequal. The EU believes it can extract concessions from Australia, particularly as its negotiations with Canada, Mexico and Japan have concluded, and New Zealand flirts with the prospect of its own EU FTA.

Cecilia Malmstrom, the EU’s Trade Commissioner made no bones about what she expects of Australia, warning that it will need to concede on its farmers’ interests on GI’s to secure a deal, potentially preventing Australian companies from making parmesan, brie and feta cheese for example.

Apparently oblivious to the hypocrisy of simultaneously railing against protectionism while pursuing and defending protectionist practices, the Commissioner observed that an agreement with Australia serves a strategic purpose to remove trade barriers at a time when protectionism, led by US President Trump is on the rise.

To thine own self be true

There is a certain irony in the supranational EU Commission forging ahead with Australian talks against the backdrop of waning globalisation, while national forces reassert their authority. With the EU spending nearly six times as much on subsidising its agriculture sector per year than Australia’s entire annual farm production value, Australia’s negotiators would do well to ask themselves at what cost to our farmers an agreement might be reached.

The US recently accused the EU of being a foe on trade, a view immediately and perhaps not entirely fairly dismissed by the mainstream. Perhaps discretion is indeed the better part of valour and through a methodical consensus approach Australia’s negotiators will insist on an outcome which ensures a level playing field, rather than selling agriculture short. If not, for Australia it may be another case of history repeating itself.

Sam Lawrence, Senior Manager – Global Trade and Customs

[email protected]

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the thought or position of Crowe Horwath (Aust) Pty Ltd.




Achieving Your Small Business Goals

So, you are in small business and you are exhausted.

Of course you are; you are the marketing expert, the financial controller, the mentor, the HR manager, the operations manager, the purchasing clerk, the debt collector and the worker.

It’s not simple to run a small business and that’s why so many start the journey and fail. In fact, it has been recorded by the Bureau of statistics that 60% of small businesses cease to operate within the first three years.

ASIC provided a report on 2011-12 insolvencies, finding that 44% suffered poor strategic management, 40% had inadequate cash flow and 33% suffered from trading losses.

Those that succeed beyond the three-year startup, what do they do differently?

I would suggest that they are goal setters. One of the first goals they would set is the revenue target. Of course, careful measurement of expenditure will give a starting point of the minimum revenue target but a healthy profit on that will allow the business to grow further. This is commonly known as “the break-even point.” The successful business owner might not be happy with their first attempt, or their second attempt, but they will keep gathering knowledge and ideas from many sources to enable them to try something different each time until they find the method that works. Failing is okay, as long as we learn from it and try again doing something differently.

The successful business owners are happy to work hard at finding a way to achieve the goal. To them it is all about the journey, what they learn about themselves and the people around them is as important to them as achieving the goal.

Everyone can learn the art of setting and achieving goals. A good place to start is to follow these four simple steps;

  1. Evaluate your starting point; is the current point okay or would you prefer to be somewhere else?
  2. Dream of what success looks like to you. It is different for everyone.
  3. Make each goal a SMART goal; Specific, Measurable, Realistic and Time sensitive.

Specific; put a number to it, for example I want to increase sales by 20% within a 12-month period.

Measurable; increasing sales or staff numbers are measurable but increasing your personal satisfaction is vague and difficult to measure. The measurement must be specific.

Attainable; if you are on the path to a really big goal, break it down into a series of smaller goals- the stepping stone approach.

Realistic; keep it real. If a 20% increase in sales within a 12-month period is too far off, bring it back to a realistic goal, say 5% increase each year for 4 years.

Time Sensitive – give yourself sufficient time, but put a limit to it. Ninety days should give you time to obtain the knowledge and attempt the goal, but not so long that you leave it to the last month to put everything in place. Too long a time frame and human nature dictates that the majority of us will not do anything straight away. If it is a 12-month end period for the goal, again break it down into 90-day efforts or small steps.

  1. Have accountability. Find someone to share your goals with, and check in with them regularly to voice your journey. If you are not naturally a goal setter and you don’t find that person to check in with, then you may find you lack the focus to achieve the goal to your full potential.

If you want to be serious about improving the business then make sure you set some time aside, without technology and distractions, on a regular basis and work out what needs to happen. You will not always be the best one to get the job done; in those circumstances delegate to either a staff member, a family member or hire a contractor or professional. Don’t fall into the trap of believing you are the only one that can and will work towards your vision of success.

Helping people achieve their goals is one of the things I love doing most in my business. Fortunately, at Crowe Horwath there is a huge network of specialists that can be drawn upon to work with you to ensure that you are in the best position to achieve your goals. Strategy and knowledge is key and we can help you with both.

If you would like further information or support, please contact your adviser. Alternatively, feel free to reach out to me directly [email protected]

Lisa Daw 

Senior Partner-Business Services




Global Trade and Customs Compliance Health Check

Prevention is better than cure

Recently we have seen a trend of the Department of Home Affairs (DHA) making trade enforcement one of their key operational priorities.

Earlier this year, a Melbourne based import business was required to pay almost $2 million in penalties and recovered Duty and GST.

This was the outcome of an investigation by the DHA into the undervaluation of imported pre-galvanised steel products from a number of different countries.

Currently within your business, what independent assurance do you have to provide you with comfort that you are compliant?

Are you confident that your Customs Brokers / agents are acting in your best interests and paying the correct amount of duty and GST?

It is surely not worth waiting a visit from the DHA to highlight any weakness and then find yourself subject to possible penalties and infringement notices.

To provide you with the assurance and comfort that your business needs, our Customs and Global Trade team is currently offering a complimentary, no obligation assessment and Compliance Health Check. On receiving your signed letter of authorisation, utilising our data analytics we will be able to provide you with a visual overview of your past four years of import and export data.

The free compliance health check will provide you with valuable insight into your trade activities.

Our aim is to provide you with significant cost savings whilst ensuring compliance.

A review is completed of all the key factors that affect the customs duty and GST exposure of your cross-border transactions.

Some of the key factors we will look at include; tariff concessions, tariff classification for import and export, customs valuation, Free Trade Agreements, Country of Origin and preference.

As part of the review we will consider overpayment as well as past errors and underpayment of duty – to assist in eliminating risks and their associated penalties, which have exponentially increased in recent years.

Our Customs and International Trade Experts are highly experienced in Australian and New Zealand Customs Taxation and duties.

To deliver relevant, up to date advice to clients, our team regularly reviews government policy, legislative changes and related court cases and precedents.

Following the Compliance Health Check, we will provide a long-term improvement strategy to help your organisation maintain customs compliance and maximise refund opportunities.

By identifying and mitigating risks, and developing an improved compliance framework for the future, your business can save on customs duty and related taxes.

Ensure peace of mind and book in your free Compliance Health Check with one of our Customs and International Trade Experts today.

As they say, prevention really is better than cure!

For more information, and for an introduction to our Customs and Trade team, speak to your adviser.

Matthew Morgan

Manager – Global Trade and Customs

[email protected]