The OECD recently released CbC Reporting – Handbook on Effective Tax Risk Assessment.  This guidance is designed to help tax authorities develop an effective approach for using the data contained in the CbC report to assess which taxpayers pose the most – or least – risk from a tax authority perspective.  In addition, this guidance summarizes the risk assessment protocols that have been adopted by several countries (Australia, Brazil, Canada, Chile, India, the Netherlands, and Spain).

On a positive note, the guidance emphasizes that the CbC data are only to be used for risk assessment, that countries should limit their use of these data to situations that impact their own tax base, and that the CbC data do not provide the basis for transfer pricing adjustments per se.  The OECD guidance also points out some of the limitations of the CbC data (e.g., revenues are likely to be double-counted if there are significant inter-entity transactions within a given country; the lack of data on specific transactional flows).  Somewhat surprisingly, the OECD does not really discuss vetting the accuracy of the CbC data, but does note that tax authorities should look for inconsistencies between the data contained in the CbC report and other sources.

Turning first to Table 1 (financial data by country), the OECD’s guidance lists various financial ratios of interest, and notes that unusual results may indicate potential tax risk from the tax authority perspective: high profits per employee or as a percentage of sales or assets contributes to increased tax risk, as does a high share of intercompany transactions, low taxes as a share of profits or sharp deviations between accrued and cash taxes.  A risk assessment example is presented in Annex 3 that lists various ratios that should be considered as part of the risk assessment process.

Turning to Table 2 – the list of legal entities – the OECD’s guidance states that tax risk may arise from the existence of entities that carry out mobile activities (e.g. own or manage IP; procurement; marketing, sales or distribution; intergroup financing or insurance) if they are in a low tax jurisdiction and/or are in specialized entities (e.g., legal entities that perform procurement functions even though they have no manufacturing operations of their own).  The OECD guidance also notes that tax risk may arise from entities with dual tax residence or no tax residence, from entities which report stateless income, and/or from entities which are in jurisdictions that pose a high level of BEPS risk.

Turning next to Table 3, the OECD guidance notes that this information lacks the specific structure contained in Tables 1 and 2, which makes it more difficult for tax authorities to incorporate it into a risk assessment in a systematic way — while it is easy to process the very structured information contained in Tables 1 and 2 – if nothing else, they can be incorporated into Excel spreadsheets – there is no such structure for Table 3.  While there is some general discussion of “text mining,” it is likely to be difficult to automate the linkage between Table 1 and 2 data and Table 3 data.  Therefore, as a practical matter the Table 3 data may be neglected or brought into the process at a very late date. The OECD guidance does not really address the fact that this may lead to a misinterpretation of the Table 1 and Table 2 data, given that the information contained in Table 3 may be included to explain anomalies in the Table 1 and 2 data.

The OECD guidance also discusses ways in which the CbC data can be used in conjunction with other information, noting that such other information may come from: (1) information that is available to the tax authority (tax return information; transfer pricing documentation); (2) information from other government sources (e.g., financial registries, customs); (3) public information – including information from subscription services (e.g., annual reports, press reports); and/or (4) commercial sources (e.g., commercial databases of comparables).  This discussion, however, is largely limited to providing a list of potential other sources of information.

Finally, once the CbC data are available, for the first time, (1) a given tax authority will have access to a consistent and easily processed set of data for hundreds or even thousands of different taxpayers and (2) multiple tax authorities will have access to identical data – both in content and structure – for the same specific taxpayer.  The OECD guidance touches on these issues, generally providing appropriate warnings about potential misuse.  That said, it is hard to believe that some tax authorities will not compare data across different taxpayers as part of their risk assessment process.  It is also at least possible to speculate that the ability to access identical data for the same taxpayer (in the form of the master file as well as the CbC report), may facilitate/encourage more cooperation among different tax authorities.