Should US multinationals expect their CbC data to remain confidential?
Country-by-country reporting (CbCR) has raised concerns over confidentiality.
Kristin M Mikolaitis and Astrid Pieron of Mayer Brown describe the CbCR requirements in the US and discuss what US MNE groups should expect regarding the confidentiality of their data as the US continues to negotiate bilateral CbC agreements with additional tax treaty partners, and as other tax jurisdictions consider proposals that would require CbC information to be made public.
In 2013, the OECD and G20 countries adopted a 15-part action plan to address base erosion and profit shifting (BEPS) by multinational enterprises (MNEs) (the BEPS action plan). The final report on Action 13 states that the BEPS project aims to "introduce[e] coherence in domestic rules that affect cross-border activities, reinforc[e] substance requirements in the existing international standards, and improv[e] transparency as well as certainty". The final reports addressing each of the 15 actions (together, the BEPS package) were released in 2015.
Action 13 recommends a new paradigm for transfer pricing documentation for MNEs. Among other things, that action calls for MNEs to prepare a country-by-country report (CbC report) containing detailed information regarding their global allocation of income and taxes and the locations of their economic activity. Under Action 13, the CbC report is to be submitted to the tax administration in the jurisdiction where the ultimate parent entity of the MNE group has its tax residence and then automatically shared with tax administrations in the tax residences of the MNE group's constituent entities. Action 13 contemplates that CbC reports will be used by tax administrations for "high-level transfer pricing risk assessment purposes", "evaluating other BEPS related risks" and, where appropriate, for "economic and statistical analysis".
OECD and G20 members have developed an inclusive framework, which allows interested countries and jurisdictions to work with OECD and G20 members to develop standards on BEPS-related issues and review and monitor the implementation of the BEPS package. Monitoring the implementation and impact of the different BEPS measures is a key element of the work ahead. Members of the inclusive framework (which includes developing countries) will develop a monitoring process for the four minimum BEPS standards and establish review mechanisms for other elements of the BEPS package. Action 13, including the CbCR requirement, is one of the four minimum standards.
The US has joined many other countries in the inclusive framework in already adopting local rules requiring MNEs to file CbC reports. Yet, unlike many of its counterparts, the US has declined to sign the Multilateral Competent Authority Agreement on the Exchange of CbC Reports developed by the OECD to facilitate the automatic exchange of CbC reports among various jurisdictions. Instead, the US has committed to negotiating bilateral competent authority agreements with its double tax treaty (DTA) and tax information exchange agreement (TIEA) partners to manage the automatic exchange of CbC reports (CbC CAAs). As of August 2017, the US has entered into bilateral CbC CAAs with 20 tax jurisdictions.
CbCR requirements in the US
In June 2016, the Department of the Treasury (Treasury) and Internal Revenue Service (IRS) released final regulations under section 6038 of the Internal Revenue Code (IRC) specifying the CbCR requirements for US MNE groups. These requirements hewed closely to the recommendations contained in the OECD's final report on Action 13.
Pursuant to the final regulations, the ultimate parent entity of any US MNE group with annual revenues of at least $850 million for the preceding accounting period must file Form 8975 "Country-by-Country Report" with its income tax return. This filing is mandatory for accounting periods of the ultimate parent entity of a US MNE group beginning on or after the first day of taxable years of the ultimate parent entity beginning on or after June 30 2016.
The regulations and associated Form 8975 require the ultimate parent entity of a US MNE group to provide the following information for each of the group's constituent entities:
The entity's complete legal name, tax identification number, and a description of its main business activities;
The jurisdiction in which the entity is a resident for tax purposes; and
The jurisdiction in which the entity is organised or incorporated (if different from the jurisdiction in which it is a resident for tax purposes).
In addition, the ultimate parent entity of a US MNE group must provide the following information for each jurisdiction where its constituent entities are residents for tax purposes:
Revenues generated by transactions with other constituent entities;
Revenues not generated by transactions with other constituent entities;
Profit or loss before income tax;
Total income tax paid on a cash basis to all tax jurisdictions, and taxes withheld on payments received by any constituent entities;
Total accrued tax expenses recorded on taxable profits or losses for operations during the relevant annual period (excluding any deferred taxes or provisions for uncertain tax liabilities);
Stated capital and total accumulated earnings;
Total full-time equivalent employees; and
Net book value of tangible assets (excluding cash, cash equivalents, intangibles, and financial assets).
Protecting the confidentiality and controlling the use of CbC reports
The confidentiality of sensitive taxpayer information has been a paramount concern for the OECD since the BEPS project's inception. For example, in a 2014 discussion draft of transfer pricing documentation and CbCR, the OECD called for tax administrations to "ensure" and "assure taxpayers" that information included in transfer pricing documentation "will remain confidential". Similarly, in the final report on Action 13, the OECD instructed tax administrations to "take all reasonable steps to ensure that there is no public disclosure of confidential information… [or] other commercially sensitive information" in taxpayers' transfer pricing documentation.
The Treasury and the IRS share the OECD's concerns regarding the continued confidentiality of CbC information. In the preamble to the final CbCR regulations, the Treasury and the IRS announced that information in CbC reports will be classified as "return information" and, thus, covered by the confidentiality protections outlined in IRC section 6103. That section authorises the IRS to disclose return information to a competent authority of a foreign government that has an income tax convention or bilateral TIEA with the US "only to the extent provided in, and subject to the terms and conditions of, such convention or bilateral agreement".
As noted above, as of August 2017, the US has entered into CbC CAAs with 20 tax jurisdictions. Of these, 17 arrangements are based on existing DTAs between the US and a countersigning competent authority, while three are based on existing TIEAs. The Treasury and the IRS have explained that their work on bilateral CbC CAAs is intended to ensure that appropriate safeguards and infrastructure are in place to facilitate the automatic exchange of CbC reports for tax purposes without jeopardising taxpayers' confidentiality interests.
Although the executed CbC CAAs are tailored to incorporate the specific DTA or TIEA on which they are based, they generally follow the draft US Model CbC CAAs. Together, these model agreements prohibit the disclosure of information other than as permitted by the relevant DTA or TIEA. Further, the model CbC CAAs prevent any recipient tax administration from using the information exchanged via the CbC reports except for purposes of "assessing high-level transfer pricing risks, base erosion and profit shifting related risks, and, where appropriate, for economic and statistical analysis". Finally, the model CbC CAAs authorise either signatory to suspend the automatic exchange of information to the extent it determines the other signatory has violated the agreement's confidentiality or use restrictions.
The model CbC CAAs demonstrate the Treasury's and the IRS's commitment to ensuring that confidential information in CbC reports filed by US MNE groups is not subject to inappropriate disclosure or use. However, it is too soon to tell how effective the protections in executed CbC CAAs will be in operation. Accordingly, it will be critical for US MNEs to monitor the progress by the Treasury and the IRS towards executing CbC CAAs with all of the US's DTA and TIEA partners, understand the scope of confidentiality and use provisions in those agreements, and report any suspected or confirmed violations of those provisions that come to their attention.
Current threats to the confidentiality of CbC information in other jurisdictions
As in the US, CbCR is currently being implemented in other jurisdictions, with most implementations following the OECD's recommendations. In the European Union (EU), Directives 2015/2376 and 2016/881 have amended the pre-existing Directive on administrative cooperation in the field of taxation by introducing the mandatory automatic exchange of advance cross-border tax rulings, advance pricing agreements, and the mandatory automatic exchange of CbC reports. The EU has taken a step further than the OECD, however, and released a draft directive that would make part of CbCR information public.
In July 2017, the European Parliament voted in plenary that MNEs carrying out activities within the EU should disclose tax information in each country where they operate. These requirements apply irrespective of where the ultimate parent is established and US MNEs having operations in the EU are consequently within their scope. Under the draft directive, MNEs with a worldwide revenue of at least €750 million would be required to report their tax bills on a country-by-country basis – with possible exemptions in the case of commercially-sensitive information, the so-called "safety clause" – in order to increase tax transparency for the public.
The information to be disclosed under the draft directive would include:
The name of the firm and, where applicable, a list of all its subsidiaries, a brief description of the nature of their activities, and their respective geographical locations;
The number of employees on a full-time equivalent basis;
The amount of the net revenue;
The amount of profit or loss before income tax;
The amount of income tax paid during the relevant financial year by the firm and its branches resident for tax purposes in the relevant tax jurisdiction;
The amount of accumulated earnings; and
Whether undertakings, subsidiaries, or branches benefit from a preferential tax treatment.
Under the draft directive, this information would be published in a common template in each jurisdiction in which the firm or a subsidiary has activities. The information would be broken down by EU member state for activities in the EU. For activities outside of the EU, the information would be presented in aggregate except for activities in "tainted" countries (i.e. tax havens). In these latter cases, the information would also be broken down by country. This data would be filed in a public registry managed by the European Commission and published on the MNE's website.
As mentioned above, the draft directive provides a "safety clause" to protect commercially-sensitive information. Under this provision, member states may allow a temporary omission of certain items when they are of such nature that their disclosure would be "seriously prejudicial" to the commercial position of the MNE group. These exemptions would be applied for annually and would be applicable only in the jurisdiction of the member state granting the exemption. Every year, the Commission would publish on its website a list of firms granted an exemption and a succinct explanation why.
For MNEs, the proposed safety clause offers limited comfort. As the draft directive acknowledges, public disclosure of confidential tax information – even on an aggregated basis – can be "seriously prejudicial" to a commercial enterprise. With the draft directive still being negotiated, it is too early to accurately predict either the strength of the protections for sensitive information that may be included in the final text or the willingness of member states to grant sought-after exemptions. US MNEs with operations in the EU should carefully monitor the progress of the draft directive and, if it is finalised and ultimately includes a safety clause, be prepared to apply for appropriate exemptions in order to limit their obligations to publicly disclose sensitive, confidential CbC information.
Kristin M Mikolaitis and Astrid Pieron