«A report to the Assistant Treasurer Inspector-General of Taxation October 2013 Review into aspects of the Australian Taxation Office’s use of ...»
4.8 Wealthy Australians are those Australian resident individuals who, together with their associates, effectively control net wealth of between $5 million and $30 million.284
70,000 wealthy Australians representing 450,000 entities.285
4.10 There is less publicly available taxpayer information for this market segment as compared to the large business segment. There are various reasons for this, a key one being that entities in these market segments typically do not have the same level of mandatory financial disclosure requirements as public companies listed on the stock exchange.
4.11 In relation to risk specifically, another reason why more information is available in the large business segment is that it consists only of approximately 1,850 economic groups and entities encompassing over 32,000 businesses. Whilst all these groups are risk assessed using quantitative ‘risk filters’, the ATO incorporates additional detailed qualitative information into the risk assessment of a subset of approximately 100 taxpayers. Further information about this process is presented in Chapter 3 in connection with the large business segment.
4.12 For the SME market segment, the ATO has a greater reliance on third party data sources for risk assessment processes. These data sources may be from other government departments, financial institutions or other third parties.286 The ATO approaches to this market segment are outlined in their publication, Tax compliance for small-to-medium enterprises and wealthy Australians (Tax Compliance) which was produced following recommendations contained in the IGT’s Review into the ATO’s Compliance Approaches to Small and Medium Enterprises with Annual Turnovers Between $100 million and $250 million and High Wealth Individuals (SME Review).
4.13 One of the ATO’s approaches to the SME market segment is the ‘private-group approach’, whereby the ATO recognises that some individuals may be the controlling minds or key decision-makers behind businesses that encompass multiple entities. This approach allows the ATO to assess risk at a holistic group level rather than at the entity level. This also allows ATO officers to approach the group through a single contact point for income tax matters, subject to privacy restrictions.
An ATO example of a kind of private group is illustrated below:
ATO, above n 4; see also Australian Taxation Office, ATPF SME Working Group, 14 March 2013, handout.
Source: ATO, Tax compliance for small-to-medium enterprises and wealthy individuals.
4.14 In its Tax Compliance publication, the ATO indicates that it takes a risk-management approach to compliance by categorising SME market sub-segments
according to other risks they pose relative to each other:
We use our risk differentiation framework to view risk, categorise the SME market from an income tax perspective, formulate strategies and apply treatments. We are committed to using the framework and will continue to improve its application to ensure our interactions with you achieve the best possible compliance outcomes.287
4.15 As with the large business and international (LB&I) RDF, the framework seeks to categorise taxpayers using likelihood and consequence of non-compliance factors.
Similar to the LB&I market segment, taxpayers are categorised as higher risk taxpayers, key taxpayers, medium risk taxpayers or lower risk taxpayers. These categorisations are shown in Figure 16 below.
Figure 16: RDF for small-to-medium enterprises and wealthy individuals Source: ATO, Tax compliance for small-to-medium enterprises and wealthy individuals.
4.16 In addition to outlining the application of the RDF to the above three market
segments, the Tax Compliance publication also describes how it determines risk:
We identify compliance risks by matching and analysing data and information.
Our initial risk-identification systems apply complex algorithms and risk rules. Our skilled analysts and compliance officers complement this work by applying their knowledge and experience at the risk-identification stage of a case.
In addition, our compliance program sets out the specific compliance risks we focus on each year. These risks will change in response to economic conditions, new legislation and changes to your business environment. We may also identify new risks through our intelligence and risk-monitoring processes.288
4.17 In earlier years, compliance work in relation to wealthy Australians was supported by the ATO’s Strategic Compliance Initiative. This initiative was part of $302 million Federal Budget funding over four years to address compliance risks associated with Australia’s economic recovery. The SME business line was allocated $68.9 million of this funding to identify and profile wealthy Australians.289
Inspector-General of Taxation, Review into the ATO’s compliance approaches to small and medium enterprises with annual turnovers between $100 million and $250 million and high wealth individuals (2012) para [1.54].
4.18 Through this initiative, the ATO has developed a repository of intelligence in relation to wealthy Australian group structures. Future compliance activity in this market segment builds on this foundation of intelligence.
4.19 In addition to approaching taxpayers on a private group basis, the ATO
undertakes project-based work:
We may undertake reviews and compliance-verification activities on medium-risk taxpayers. These activities may be part of a compliance project involving other businesses with similar issues. This approach allows us to address systemic tax issues on a consistent basis across the SME market, thereby reducing compliance costs to all taxpayers.290 Previous audits and reviews
4.20 Some aspects of the SME business line operations were the subject of a 2011 Australian National Audit Office (ANAO) performance audit.291 The audit made
findings with respect to:
the governance arrangements supporting compliance in the SME market;
how the SME business line assesses compliance risks;
the ATO’s compliance strategies for the SME market segment; and how the ATO measures the effectiveness of its compliance strategies.
4.21 The ANAO audit also made two recommendations in relation to aspects of the then SME ‘risk engine’. The ATO agreed to both recommendations.
STAKEHOLDER CONCERN — INPUTS INTO THE RISK CATEGORISATION PROCESS
4.24 Stakeholders expressed a sense of uncertainty about the type of information the ATO uses when risk rating the SME population. For example, they were unsure as to how the ATO used quantitative versus qualitative information.
4.25 In 2011, the ATO replaced the former ‘risk engine’ with a new corporate risk assessment tool, being the Risk Assessment and Profiling Tool (RAPT). Whilst the RAPT is used across the ATO, the manner and extent to which it is used can vary by business line. It should be noted that this system is different to the ‘risk filters’ used by the LB&I business line where the RAPT is not a major part of the risk categorisation process.
4.26 The RAPT is one of a suite of corporate risk assessment tools. Among others are the Operational Analytics (OA) and the Analyst Workbench (AWB) tools. The ATO uses OA for mainly high volume low complexity work, while the AWB is used mainly for low volume high complexity work. As seen in Figure 17 below, the RAPT fits in between these tools for medium volume medium complexity compliance work.
4.27 The SME business line uses the RAPT to drive a largely quantitative-based process using risk flags and risk signposts. All of these risk flags and risk signposts are brought together into what is known as the Integrated Scoring Model (ISM). The ATO
The Integrated Scoring Model (ISM) is the process of risk assessing and prioritising the S&ME market (both private wealth groups and SME economic groups) based on likelihood and consequence of known compliance risks. Currently, there are approx 120
risk rules that form part of the likelihood score, these comprise of two types of risk rules:
A risk flag highlights the likelihood of a compliance risk based on a combination of variables from different data sources. A risk flag will affect the group’s risk score.
A signpost identifies an event; further verification work may be required to determine if a compliance risk has occurred. A signpost in itself is not a risk; however, a combination of signposts may indicate a potential compliance risk.293
4.28 A risk flag or combination of flags usually seeks to assess the likelihood that a taxpayer has incorrectly reported against a particular type of tax risk. For example,
there are risk flags that assess risks against:
4.29 The risk rules usually test a compliance risk hypothesis using the data from income tax return labels.295 In all, there are 84 risk flags and 35 risk signposts covering the above risks. This chapter uses the term ‘risk rules’ to refer to both risk flags and risk signposts unless a specific reference indicates otherwise.
4.30 In contrast to the LB&I higher consequence segment, where a moderation process considers qualitative information for some 140 large business taxpayers, the SME business line seeks to risk assess 700,000 entities by using quantitative data.
4.31 Nevertheless, the SME business line seeks to take into account some qualitative aspects in its risk assessment. These have been described as ‘contextual attributes’ and are used to incorporate information about the taxpayer from outside the tax return itself. The contextual attributes are used to increase or decrease the initial likelihood score depending on the attribute.296 The three contextual attributes are ‘start-up businesses’, ‘phoenix activity’, and ‘advance pricing arrangement’.
4.32 The rules then produce likelihood and consequence scores which are used to place taxpayers relative to each other within the RDF. The ATO emphasises that the ‘RDF is an initial risk assessment tool and that it does not indicate non-compliance’.297
4.33 The risk rules are developed by risk managers within the SME business line.
As part of developing risk rules, risk managers are also required to develop risk guides,298 which explain to compliance staff why their case was selected (that is how the taxpayer triggered the risk rule) and what the compliance officer should consider during the case. These risk guides are considered later below.
4.34 Risk managers in the SME business line are required to review their risk rules twice a year.299 The purpose of the review is to ensure that the latest information is used when the SME business line runs the RDF in February and August of each year.
The risk manager is to convene a workshop to conduct the review. The workshop
should have the following participants:
the risk manager (and appropriate members of their team);
Australian Taxation Office, Draft SME minutes, March 2013, Agenda item 3, http://www.ato.gov.au.
Australian Taxation Office, SME Detailed Risk Guide Extract – Available fraction flag – provided to IGT 3 April 2013.
Australian Taxation Office, RAD13_Review of risk rules in S&ME – (undated), last modified 7/01/2013.
4.35 However, in some workshops, participation may be limited. For example, in a 2011 workshop, representatives from all the above areas attended300 whilst in a 2012 workshop, only the risk manager and two representatives from the SME Risk and Detection area were in attendance.301
4.36 The workshop considers the current risk rule and its application, associated documents (such as the risk guides), and considers any new rules or gaps in the current rule. A risk manager may have responsibility for a ‘suite’ of risk rules related to a particular risk area. In this case, the panel would consider all the rules within the suite.
4.37 The SME market consists of a high number of taxpayers, so the ATO is highly reliant on quantitative methods to filter for risks against the selected population at first instance. The use of ‘contextual attributes’ is a useful addition to the risk assessment process, adding some qualitative considerations to the process.
4.38 The IGT notes that most of the risk rules are associated with specific taxation risks which is helpful for ensuring that the ATO is testing for specific types of potential non-compliance.
4.39 The IGT supports the ATO’s regular review of the risk rules. By necessity, at the outset, risk managers develop risk rules based on estimates which can then be refined and become more accurate by feedback loops that is input from completed cases such as risk reviews and audits. It is important, therefore, for the risk rule review process to incorporate compliance officers’ experience from actual case work. Whilst this may be the expectation, it does not always happen in practice.
RECOMMENDATION 4.1 The IGT recommends that the ATO incorporate compliance officer experiences and case work results into the risk rule review processes.
STAKEHOLDER CONCERN — COMMUNICATION OF THE RISK CATEGORISATION
4.40 As described above, since September 2012, the ATO has publicly shared its RDF process for SME taxpayers through its online Tax Compliance guide. This, however, was a general description, and in contrast with the LB&I notification process, did not specifically inform particular taxpayers about how the ATO considered specific risks.
Australian Taxation Office, FBT Review workshop minutes 29 November 2011.