Regulatory risk differentiation is the process used by a regulatory authority (the regulator - most often a tax administration) to systemically treat entities differently based on the regulator's assessment of the risks of the entity's non-compliance.
Regulators can include law enforcement agencies. Entities refers to those under the authority/control of the regulator – in most cases ranging from individuals to companies (legal entities) to multinationals operating within the regulator's jurisdiction.
The risk differentiation process requires the regulator to directly link a robust risk assessment, such as via a risk scoring model, to different regulatory responses (e.g. financial penalties, criminal imprisonment). Regulatory risk differentiation is also referred to as the Compliance Model in some regulatory agencies. [1] See for example the Australian Prudential Regulatory Authority risk differentiation approach known as: PAIRS [2] / SOARS. [3] PAIRS is the Probability And Impact Rating System, while SOARS is the Supervisory Oversight And Response System.
The simplest compliance model is a regulatory framework or model known as dualistic, where the regulator reacts to an entity's behaviours depending on whether the behaviour is seen as either right or wrong. This is also known as a black and white response, and is often used for strict liability offences in law. [4]
It is a significant improvement to shift to a compliance continuum (or spectrum), where the regulator reacts to a spectrum of compliance behaviours. The Australian Customs Office applies a compliance continuum. [5] [6] [7]
When the reaction of the regulator is tied to the behaviour, it is known as a responsive compliance model. The responsive compliance model was suggested by Ian Ayres and John Braithwaite in their book Responsive Regulation: Transcending the deregulation debate [8] which built on earlier work by John Scholz. [9]
The Ayres and Braithwaite compliance model was elegantly represented as a compliance pyramid. [10]
The shape of the compliance pyramid indicates:
The choice of remedy (e.g. financial penalties, criminal imprisonment) imposed by the regulator becomes increasingly severe higher up the pyramid – with the view of creating an incentive for entities to move towards more compliant behaviours. The Australian Taxation Office (ATO) uses a compliance pyramid. [11]
In the mid-1990s the ATO's Cash Economy Project further developed their compliance pyramid. An entity's apparent motivation for compliance or non-compliance, based on evidence (known as their motivational posture), was explicitly coupled to a suggested response. [12]
In this version of the compliance pyramid, four broad categories of client (called archetypes) were defined by their underlying motivational postures:
This approach has been widely adopted, particularly within Australia. Several other regulators have similar approaches. It is also described as the enforcement pyramid by some regulators although enforcement is only one of the compliance strategies implicit in the model. [13]
The strength of the model is the regulator being seen to apply the right remedy to the right situation, by taking an entity's apparent motivation (including their efforts to comply) into account. See for example Julia Black's paper: "'Chancer', 'Failure' or 'Trier'? Regulatory Conversations and the Construction of Identities" July 2008 [14] or "The ATO Compliance Model in Action: A Case Study of Building and Construction by Neal Shover, Jenny Job and Anne Carroll" [15] and "Reducing the risk of policy failure: challenges for regulatory compliance" [16] The weakness of the compliance pyramid is that attitudes are generally not visible to the regulator, only behaviours. It also delivers no view of risk consequence.
In the OECD paper "Reducing the Risk to Policy Failure: Challenges for Regulatory Compliance" [17] the regulatory responses were distilled down to ensuring that clients were ready, willing and able to comply. The approach is set out in 'Putting the Client First - The Emerging Copernican Revolution of Tax administration, Feb 2003 Tax Notes International [18]
A similar framework is used in the UK Pension Regulator approach. [19]
Another way of looking at this is as a risk bow-tie. See bow tie diagrams in risk management
Organisations in oil and gas, mining, aviation, industrials and finance have had success using risk bowtie approaches. [20] [21]
. [22]
These compliance enhancement strategies fit into a standard structure:
Some commentators do not believe that the compliance pyramid applies when legitimate differences of views exist as to compliant behaviour. [25] Regulators all need to establish their positions in this situation, but it is clear that some regulators do still apply the compliance pyramid when the law is uncertain. [26]
Explicitly considering the likelihood and consequence of the risk of regulatory non-compliance
Some regulators vary regulatory risk differentiation approaches by mapping suggested remedies to an entity's perceived risk of non-compliance. This approach has been used by the Australian Prudential Regulatory Authority, the Australian Taxation Office and the UK Pension Regulator [27] [28] [29]
Explicitly considering the likelihood and consequences of an entity possibly breaking a law is a requirement of the UK Statutory Code of Practice for Regulators [30] which emerged from the 2005 Hampton Report "Reducing administrative burdens – effective inspection and enforcement". [31] The later Macrory Review "Regulatory Justice – making sanctions effective" [32] effectively codifies the Ayres and Braithwaite Compliance Pyramid into the UK Regulatory Enforcement and Sanctions Act 2008. [33]
In these compliance models the possibility of entities breaking a law has both a likelihood of occurrence and a consequence of occurrence, known as a 'risk event'. Considering entities' likelihood of not complying and the consequences of their not complying usually provides a 'power distribution' [34] of a few large consequence or higher likelihood clients and many more lower consequence/likelihood ones.
This can be represented as a scatter plot on a risk matrix, as shown in the adjacent diagram.
The scatterplot risk matrix to the left shows that most entities are compliant most of the time – in other words, assessed as both lower consequence and lower likelihood of their not complying with the law.
From a risk management perspective the regulator has a more significant interest in higher consequence clients or events than lower consequence. The next two diagrams build on the scatterplot diagram to the left.
In this example of the risk differentiation framework developed by Dr Stuart Hamilton in 2007, [35] the ATO links its strategies to the likelihood and consequences of entities not complying with a law. The ATO risk differentiation framework to the left shows how the ATO divides its clients into four categories, and allocates appropriate risk management strategies to each category.
These strategies are proactive and continuous for higher consequence, reactive and periodic for lower consequence. The strategies are reviewing / auditing for taxpayers more likely to break the law, and only monitoring for those less likely.
The diagram to the left provides more detail, giving names to each category of client, providing all of the strategies - deter, detect and deal with strategies, and the strategies' associated activities.
It is important to note that the boundaries between category are able to be moved to allocate more or fewer clients to each category. Reflecting the underlying Pareto distribution, it is normal to see fewer higher likelihood and/or consequence clients rather than 50% of the population or 50% of the assessed likelihood or consequence. In other words, the boundary is shifted so there can be a strong focus on the few assessed to be higher risk.
This allows more resources to be allocated to more intensive strategies focusing on higher risk entities, providing an incentive to entities to want to be seen to be compliant. The robustness of the risk assessments, and the quality of the data on which the assessments rely, are therefore very important.
Key Clients or Key Taxpayers, due to their size, have an abnormally large impact upon the integrity of the tax system and are therefore prime targets for 'cooperative compliance' approaches. This cooperative compliance approach was originally developed by Dr Stuart Hamilton with Jim Killaly and Alice Dobes of the ATO in 1999. See ATO 2000 Cooperative Compliance. [36] The Cooperative Compliance approach was later adopted by the OECD Forum on Tax Administration as best practice. See OECD 2013 Cooperative Compliance - a framework [37]
The diagram below shows how end to end risk management steps (from ISO 31000) align with risk differentiation and the risk bow-tie.
In September 2009 the UK Pension Regulator, which uses this approach, was shortlisted for a Better Regulation Award [38]
The above approach was discussed in the ATO Commissioners speech "Do you see what I see" given to the Australian Tax Teachers Association in January 2010. [39] In June 2010 the ATO released its revised "Large Business and Tax Compliance" booklet that detailed its approach to risk differentiation in the Large Market [40]
In January 2011 the risk differentiation approach was also 'highly commended' in the annual Australian Comcover Risk awards [41]
The entire approach is mapped out in the UNSW ATAX 2012 paper 'New dimensions in regulatory compliance' and in the UNSW PhD Thesis: 'Managing Ambiguous Compliance in Highly Skewed Populations' [42] [43]
For a whole of taxpayer population risk differentiation framework example see FIGURE 4. Tailoring the Risk Treatments to Segments and Risk Posture in the IMF Technical Note: 'Compliance Risk Management: Developing Compliance Improvement Plans' 2022 [44]
For a simple excel based RDF worksheet using effective tax rates and turnover for views of likelihood of concern and consequence see the segment RDF calculator [45]
Regulation is the management of complex systems according to a set of rules and trends. In systems theory, these types of rules exist in various fields of biology and society, but the term has slightly different meanings according to context. For example:
The Basel Accords refer to the banking supervision accords issued by the Basel Committee on Banking Supervision (BCBS).
Banking regulation and supervision refers to a form of financial regulation which subjects banks to certain requirements, restrictions and guidelines, enforced by a financial regulatory authority generally referred to as banking supervisor, with semantic variations across jurisdictions. By and large, banking regulation and supervision aims at ensuring that banks are safe and sound and at fostering market transparency between banks and the individuals and corporations with whom they conduct business.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.
Know your customer (KYC) guidelines and regulations in financial services require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. The procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.
Compliance costs are all expenses that a company uses up to adhere to government regulations. Compliance costs incorporate salaries of employees in compliance, time and funds spend on announcing, new system necessitated to meet retention, and so on. Compliance costs happen to be as results of local, national or even international regulation. Global firms operating all over the world with varying new regulations in each country tend to face significantly larger compliance costs than those functionating solely in one region. Example – people registered for value added tax have to keep records of all tax to simplify the completion of returns. They need to employ someone skilled in this domain, which is regarded as compliance cost.
Compliance cost mostly includes following:
The Regulatory Flexibility Act (RFA) is perhaps the most comprehensive effort by the US federal government to balance the social goals of federal regulations with the needs and capabilities of small businesses and other small entities in American society. In practice, the RFA attempts to "scale" the actions of the federal government to the size of the groups and organizations affected.
Dr. John T. Scholz is the Francis Eppes Distinguished Professor of Political Science and a Courtesy Professor of Law at Florida State University. As the first political scientist to formulate the "regulation game," which was later extended in influential work on responsive regulation by John Braithwaite and Ian Ayres. Scholz is widely regarded as one of the leading political scientists addressing regulatory enforcement.
Taxation in the British Virgin Islands is relatively simple by comparative standards; photocopies of all of the tax laws of the British Virgin Islands (BVI) would together amount to about 200 pages of paper.
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
Zemiology is the study of social harms. Zemiology gets its name from the Greek word ζημία zēmía, meaning "harm". It originated as a critique of criminology and the notion of crime. In contrast with "individual-based harms" such as theft, the notion of social harm or social injury incorporates harms caused by nation states and corporations. These ideas have received increased attention from critical academics such as neo-Marxists and feminists who have sought to create an independent field of study, separate from criminology, that studies the harms that affect individuals' lives that are not considered to be criminal or are rarely criminalised such as mortgage misselling, poverty and unemployment.
The United States Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.
Harrington paradox is a notion in the environmental and ecological economics describing the compliance of firms to the environmental regulations. The paradox was first described in Winston Harrington's paper in 1988 and was based on the research over monitoring, realization and compliance to environmental regulations in the US from the end of the 1970s to the beginning of the 1980s. According to the paradox, the firms in general comply with environmental regulations in spite of the fact that:
Integrity Management Plan is a documented and systematic approach to ensure the long-term integrity of an asset or assets.
The Rail Safety Act 2006 is a law enacted by the Parliament of the State of Victoria, Australia, and is the prime statute regulating the safety of rail operations in Victoria. The Act was developed as part of the Transport Legislation Review conducted by the Department of Transport between 2004 and 2010 and is aimed at preventing deaths and injuries arising from rail operations.
Command and Control (CAC) regulation finds common usage in academic literature and beyond. The relationship between CAC and environmental policy is considered in this article, an area that demonstrates the application of this type of regulation. However, CAC is not limited to the environmental sector and encompasses a variety of different fields.
The Financial Sector Legislative Reforms Commission (FSLRC) is a body set up by the Government of India, Ministry of Finance, on 24 March 2011, to review and rewrite the legal-institutional architecture of the Indian financial sector. This Commission is chaired by a former Judge of the Supreme Court of India, Justice B. N. Srikrishna and has an eclectic mix of expert members drawn from the fields of finance, economics, public administration, law etc.
Reducing administrative burdens – effective inspection and enforcement is a March 2005 UK publication produced under businessman Philip Hampton. The UK Statutory Code of Practice for Regulators is based on its recommendations with the purpose to promote efficient and effective approaches to regulatory inspection and enforcement.
The Common Reporting Standard (CRS) is an information standard for the Automatic Exchange Of Information (AEOI) regarding financial accounts on a global level, between tax authorities, which the Organisation for Economic Co-operation and Development (OECD) developed in 2014.
International tax planning also known as international tax structures or expanded worldwide planning (EWP), is an element of international taxation created to implement directives from several tax authorities following the 2008 worldwide recession.
{{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link){{cite web}}
: CS1 maint: archived copy as title (link)