Most of the biggest Danish multinationals today are publishing tax policies, often further supported by additional disclosures in their annual report, sustainability report, or even standalone tax reports. In this respect, Danish companies are on the forefront of tax transparency when benchmarked on a Nordic scale – and in my experience also from a global perspective. I can refer to our analysis in “The State of Tax Transparency” in the 2023 version of the Nordics GRI 207 benchmark.
However, even in Denmark, relatively few companies already provide the level of detail about tax governance and tax risk management that should arguably be expected from them (as detailed in GRI 207), , even though these areas are of growing interest for major stakeholders such as investors and tax authorities. I expect these areas to take a more central position in the future, where the focus will likely turn to “greenwashing” (or taxwashing as discussed in our quarterly Responsible Tax Matters newsletter – Q1 2024) and how companies are making sure that their policies are in fact adhered to internally in their groups – and that they can demonstrate that.
With that in mind, this blog post examines the current state of tax governance disclosures and their content focus through the lens of GRI 207-2: Tax Governance, control, and risk management.
Addressing stakeholder expectations
Danish companies do well in describing how tax (naturally) is part of their enterprise-wide risk management framework (aka ERM Framework) and provide information around central roles, responsibilities, and accountability for tax affairs and risk. These fundamentals are often outlined in a published tax policy. That puts companies in line with the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct and thereby the Minimum Safeguards of the EU Taxonomy Regulation.
What is often missing becomes more apparent when we consider who the communication is for. The stakeholders who traditionally have shown interest in tax governance and tax risk management are tax authorities and, increasingly, investors.
Tax authority involvement
Tax authorities have shown an interest in systems of tax control frameworks as good governance and a foundation for cooperative compliance. Tax authorities expect companies to have a (very) low tolerance for compliance risk related to taxes. Similarly, tax authorities have a different understanding of materiality than enterprise-wide risk management systems, especially in relation to financial impacts .
While tax authorities are not setting public transparency expectations, this does not mean that, either now already or in the future, tax authorities will read through public tax reports and specifically disclosures on tax governance and risk management to identify companies worth engaging with. So these expectations remain relevant even for those companies not actively involved in cooperative compliance relationships.
The expectations from investors
Investor engagement on tax affairs has both contributed to and been shaped by the Principles of Responsible Investment’s “ENGAGEMENT GUIDANCE ON CORPORATE TAX RESPONSIBILITY” released in 2015. These guidelines call for information about responsibility for setting tax policy, the level of board oversight, and how policies are implemented from board level to management. The guidance also identifies tax risk management and reputational risk related to tax practices as a relevant investor concern.
While companies could provide this information to (prospective) investors directly, when asked for it, this is arguably not enough. Investors should be able to find this information, or at least some of it, in public reporting. This is more time- and cost-effective for investors, and the work itself that goes into reporting on tax governance and tax risk management can be an indicator of the maturity and effectiveness of tax risk and control systems.
Getting from good to better
In dialogues with investors and tax authorities, information about an effective tax risk management system that considers both compliance and reputational risks specific to tax matters indicates that companies are acting in accordance with tax policy objectives. Investors and authorities are asking companies to demonstrate that policies are adhered to and that systems exist and work effectively, making the company a compliant and responsible taxpayer.
In other words, high-level statements about tax risk management primarily referring to the ERM Framework and stating that tax risks are effectively identified, managed and reported but without providing details on the actual process will fall short of expectations – and GRI 207 guidance.
To bridge these expectations from key stakeholders, companies need at least to explain how and how often the business reports to the board about tax matters, who is responsible for the tax policy and how it is embedded in the organisation, the most important tax risks and how these risks are managed. Specific examples of risks that arose during the reporting year, and how they were managed, would be best practice.
At a roundtable hosted by KPMG Acor Tax in 2023, a key discussion point was the merits of standardised and legally mandated reporting. Several heads of tax who participated in the discussion expressed the view that overreliance on standards for voluntary or statutory disclosures would be a mistake, as the reporting needs to fit each individual company.
That is an understandable position. Looking at tax governance disclosures as an external user in general or from the point of view of standards such as GRI 207, there are indications that reporting standards are underutilised as valuable guidelines about content.
A central problem about tax governance and tax risk management is that it is difficult to provide enough information for outside stakeholders to assess their frameworks in a way that is proportional with what companies can be expected to publish. Reporting standards such as GRI 207: Tax contain specific suggestions for how to tackle that problem.
Looking to GRI 207 and leveraging on existing descriptions of roles and responsibilities for tax policy, multinationals can provide additional details about how the performance of the tax risk management framework is evaluated by the organisation and monitored by the board of directors. This approach is based entirely on high-level information that still contains a strong signal that procedures are implemented and that adherence to the tax policy is important.
A low-hanging fruit contained in GRI 207 is a description of how stakeholders can report unlawful and unethical behaviour. This can easily be addressed by making it clear from the purpose and scope of your whistleblower system that it also handles tax matters. That approach also entails a potential for future reporting on tax matters raised through that system.
On the other end of the spectrum, GRI 207 goes beyond the current state of reporting by calling for information about the assurance process over the information. As MNEs increasingly disclose detailed country-by-country data and prepare to meet new regulatory obligations, the time has probably come for companies to explain how their tax and reporting process is controlled and validated.