February 2020

SGV thought leadership on pressing issues faced by chief executives in today’s economic landscape. Articles are published every Monday in the Economy section of the BusinessWorld newspaper.
24 February 2020 Rogelanne O. Villarubia

How workable is working from home?

Organizations often claim that their most important assets are their people and studies have indicated this to be true. This is the reason why companies are always looking for ways to motivate their workforce and maintain high job satisfaction. While some consider compensation and benefits as the main drivers when a job seeker decides to accept an offer, we now see other factors that are equally relevant to applicants and recruits. A leading consideration is the flexibility of an employer’s work arrangement policies. In general, employees prefer working hours that allow them to achieve some level of work-life balance. Employees desire the flexibility that provides them the means to meet the demands of their jobs and their personal responsibilities such as attending to family, pursuing further education, or checking items off their bucket lists. This work arrangement is not new; other economies have already adopted it as part of their labor laws and practices. In the Philippines, however, although most employers require a fixed on-site eight-hour work shift, some multinational companies have already introduced flexibility in the workplace, such as allowing their employees to “telecommute” as a work alternative. THE TELECOMMUTING ACT Telecommuting is defined as working from home or an alternative workplace through an electronic link with a central office. While the practice of working at home and interfacing with the office via modem, telephone, or some another electronic device only became commonplace recently, the word “telecommute” has been used since the mid-1970s. Its earliest documented reference can be found in a January 1974 article in The Economist that predicted, “As there is no logical reason why the cost of telecommunication should vary with distance, quite a lot of people by the late 1980s will telecommute daily to their London offices while living on a Pacific island if they want to.” We have seen how this prediction has become a global reality. The Philippines finally passed a law regarding this alternative work arrangement when the President signed into law on Dec. 20, 2018, Republic Act (RA) 11165, known as the Telecommuting Act. The RA codifies the definition of telecommuting and specifies how such a program would work in a company. An employer in the private sector may offer a telecommuting program to its employees on a voluntary basis, including compensable work hours, a minimum number of work hours, overtime, rest days, and entitlement to leave benefits. The law further enumerates a fair treatment clause for employees under the telecommuting program and for those not practicing this alternative work arrangement. Section 5 of the RA provides that the employer will ensure that the telecommuting employees are given the same treatment as that of comparable employees working in the employer’s premises. Further, it listed the rights of telecommuting employees, such as: receiving a rate of pay (including overtime and night shift differential, as well as other similar monetary benefits not lower than those provided in applicable laws); collective bargaining agreements; having the right to rest periods, regular holidays, and special non-working days; having the same or equivalent workload and performance standards; having the same access to training and career development opportunities; and being subject to the same appraisal policies. The RA also features a clause on Data Protection in relation to the Data Privacy Act of 2012 as employees under this work arrangement should still be governed by confidentiality and data security policies in the conduct of their work. PRODUCTIVITY BENEFITS Like in any program or policy, there should be an evaluation of the telecommuting program’s pros and cons. One of its benefits is the flexibility offered to employees to work during the hours that complement their needs, responsibilities and preferences. Research has shown that when employees have work flexibility, they are able to increase their productivity and more effectively meet their deliverables. The company may also consider the potential cost savings to having employees work remotely, such as a reduced need for valuable office space, lower utilities consumption and similar reduced expenses. In addition, telecommuting provides the benefit of less potential business disruption as employees can continue working even if they are physically unable to report to the office. Good examples of this would be the recent events that transpired in the Philippines: the Taal Volcano eruption and the Covid-19 virus outbreak, both of which prompted employers to think about the safety and health of their employees. If a company has a telecommuting program in place, business operations can continue since employees are able to deliver the work from alternative locations. Another benefit of the telecommuting program is that the actual travel from home to office and vice versa will significantly be reduced. This would be beneficial to so many considering the notorious traffic conditions in the Philippines. WHAT TO CONSIDER While telecommuting seems advantageous, there are challenges in implementation. First, telecommuting assumes that the employee would have the necessary resources such as a reliable Internet connection to log on to the employer’s infrastructure. Second, if a company adopts this program, the employer must have well-written guidelines to monitor the work of telecommuting employees to address possible issues of employees not being “active” and potentially missing out on deliverables. Third, and as mentioned earlier, data protection should be addressed because working externally could expose the employee to possible data breaches and security threats, especially with the data handled by the telecommuting employees themselves. Fourth, companies will also need to consider the investment in technology, platforms and resources that will allow employees to remotely access company servers and shared data, particularly in cases where employees function as part of a larger team. CHALLENGING AND DISRUPTIVE It is encouraging to see that the traditional eight-hour desk job in the office has been updated to consider other factors. Employees in the Philippines looking for options to achieve work-life balance now have another consideration when evaluating a job offer. At the end of the day, employers should look carefully at their options to ensure maximum productivity, work efficiency and service delivery quality while taking into account evolving employee needs and job satisfaction measures. Companies may experience transitioning from an existing on-site workforce to a telecommuting team as both challenging and disruptive, but a careful analysis of the pros and cons of the program may help management decide to take the big step of having their employees literally out of the office. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Rogelanne O. Villarubia is a Tax Senior Director from the People Advisory Service Line of SGV & Co.

Read More
17 February 2020 Alvin Manuel, Shaun Cusi, and Dawn Casocot

When the going gets tough, the tough get going

Just over the course of one month into 2020 and the world has been bombarded with a flurry of disasters and unforeseen events. Headlines have been filled with alarming and heartbreaking news — from the wildfires in Australia, to the eruption of the Taal Volcano, and just recently, the outbreak of COVID-19 (coronavirus disease 2019) affecting numerous countries around the world. With these events happening all over the globe, we come face-to-face with the glaring fact that disasters are not a matter of “if,” but “when.” Given the increasingly frequent occurrence of unfortunate events, whether natural or man-made, are organizations prepared to face such ever-evolving and emerging threats? Taking a proactive stance seems to no longer be an option, but a necessity. It is more crucial than ever for companies to ensure that they have an established plan in place to guide the organization on how best to respond and safely maintain operations in the face of unprecedented situations. Recent events should serve as a wake-up call to revisit and ensure that business continuity plans (BCP) are robust enough to cater to all sorts of disasters. DEVELOP AN ORGANIC, EVOLVING BCP First, companies should review their existing BCP and check that all potential threats, whether natural or man-made, are considered in the plan. This would entail the broadening of their perspective to anticipate the current and future risks that the organization may face. The next step would be to update these plans periodically in order to tackle new and continually emerging threats in the industry. This likewise involves checking if the roles and responsibilities are still correct and sufficient, if advances in technology solutions and infrastructure are accounted for, and if procedures to recover critical services are still applicable. The organization should consider specific plans catering to different threats, such as Pandemic Plans and IT disaster recovery (IT DR) plans. These plans should also cover high-risk, low probability events. Having well-documented plans are only the starting point of a well-developed Business Continuity Management (BCM) program. The plans and strategies must also be exercised to test the effectiveness of the strategies. When planning for exercising activities, the organization must consider the current BCM maturity to ensure effectiveness of the testing activities. For example, the organization must start off with tabletop exercises and then transition into simulated exercises as the program progresses. In light of reviewing the BCM, organizations should consider the following points. AWARENESS AND COMMUNICATION The safety of employees should be a top priority, making awareness and communication initiatives especially critical. Organizations should establish proper communication channels and procedures and deploy an emergency broadcast process that will allow the company to reach employees quickly and measurably. Employers must also account for their employees in times of a disaster and be able to escalate emergencies to the proper authorities as necessary. Employers must ensure that their people are regularly updated with reliable information regarding the situation, both to manage the spread of correct, verified information from authorized sources as well as to control the spread of harmful and panic-inducing disinformation. The company’s leaders should maintain communications through easily accessible media, such as printed posters, e-mails, weekly updates, programs and activities. As an example, to increase awareness on the organization’s pandemic plan, the business should send out awareness e-mails regarding the extent of the virus as well as countermeasures and preventive actions. The organization must also consider the company culture in crafting an effective BCM Awareness program. BUSINESS IMPACT AND SUPPLY CHAIN CONCERNS Given the unexpectedly broad impact of the COVID-19 virus outbreak, businesses should revisit their 2020 and Q1 budgets. Determine areas where operations will be impacted, including key suppliers, vendors, and third parties. Consider the impact of the disaster on key suppliers and vendors, as this will also impact the delivery of services if disruptions occur, especially for suppliers that provide manpower services. If necessary, identify back-up suppliers and vendors as a pre-disaster activity. This will ensure that critical services and products provided by affected suppliers will continue in the event of a disaster. Organizations should also determine key dependencies, assess potential impacts on these services and align with key clients on adjustments to any affected expectations and deliverables. Additionally, businesses should consider revisiting their contracts with clients or third parties, especially long-term or high value contracts. Client initiatives for their own business continuity should also be taken into consideration, since this can possibly cause delays in the completion of the project/engagement. As an example, the recent outbreak of the COVID-19 restricts work obligations which require teams to work on-site with clients, since quarantine and lockdown measures are in effect in infected countries like China. It is also important to thoroughly go through contracts with strict timelines, stipulations of damages in case milestones are not met, or those with a termination clause in cases of unforeseen events. In reviewing these, organizations should always put into perspective their capabilities to deliver their products and/or services even under extremely difficult circumstances. Business must also look into the impact of disasters on the organization’s assets and workforce. Different disasters call for different responses and organizations must be able to adapt to each one. For example, disasters such as fires, earthquakes, typhoons and floods would affect the organization’s facilities and equipment. Situations such as cyber or hacking attacks would necessitate a different set of responses and resources from digital security teams. Similarly, disasters such as pandemics will directly impact the workforce in terms of physical health and contagion control protocols. In such an eventuality, leave policies must be updated and clearly communicated to the workforce, and health insurance policies for employees must be revisited. Employees that have symptoms or illness should be allowed to remain at home or work from home and seek medical care as soon as possible. BUSINESS SUCCESSION AND BACKUPS In times of disaster, leadership may not be available to address urgent and critical concerns; thus it is essential to develop a plan for leadership continuity in the event that key decision makers are affected. Organizations should also consider setting up physically separate back-up teams that can be deployed in times of disaster. These identified back-up and alternate personnel must also know their roles and responsibilities in times of crisis. For companies with multiple office locations, this may mean designating one office as a support team for another location. Additionally, the company should also include data back-up processes as part of their regular safety protocols. As new threats emerge in the ever-evolving world, people and organizations must stay vigilant not just about COVID-19, but other possible issues that may arise. Practice additional caution by staying updated on current events, carefully examining the organization’s level of readiness and adapting. Consider that just weeks prior to the virus outbreak, parts of the country were affected by storms and earthquakes while Metro Manila was severely affected by the Taal volcano eruption, which led to the closure and suspension of work and classes in several locations. An emergency can occur at any time, so being prepared with a strategic and tested business continuity plan is essential to ensure the safety of a company’s people and the continuity of business-critical services in times of disaster. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the authors and do not necessarily represent the views of SGV & Co. Senior Manager Alvin Manuel, Manager Shaun Cusi, and Associate Dawn Casocot are from the Advisory Service Line of SGV & Co.

Read More
10 February 2020 Philip B. Casanova

Banks rate cybersecurity as top concern

Board members and Chief Risk Officers (CROs) of banks and other financial institutions have identified cybersecurity as their top short-term (12 months) risk priority. This was revealed in the Tenth Annual Global Risk Management Survey conducted by EY (Ernst & Young) and the Institute of International Finance. Survey participants comprised 94 firms in 43 countries with 23% based in Asia. Cybersecurity emerged at the top spot for the third straight year, considering that it only surfaced as a risk concern in 2015. We see this as a result of rapid technology development and the onslaught of banks embarking on digital transformation journeys in the last five years. The refreshed survey also affirmed cybersecurity as one of the major risks to anticipate in the next decade. Some of the key issues identified were concerns on industry-wide cybersecurity attacks, third-party security, cloud transition, and cybersecurity capabilities. INDUSTRY-WIDE CYBERSECURITY ATTACKS In the next five years, 80% of respondents foresee an industry-wide attack. This concern is attributed to three key factors: (1) constant cybersecurity attacks on banks and other significantly important financial institutions; (2) nation states that have exhibited destructive behavior using cybersecurity attacks; and (3) critical third parties that are regularly attacked, such as telecommunications and cloud provider companies. These issues resulted in recent government and private organization initiatives that utilize cross-industry cybersecurity attack drills rather than isolated tests. The survey also showed that 53% of respondents worried about their ability to recover operations after a cybersecurity attack. At the same time, 33% were concerned that customers would not be able to access vital bank services immediately after a cybersecurity attack. These issues relate to another major risk identified as resiliency: the ability to deliver services to customers, clients and markets without disruption. An overwhelming 94% of respondents mentioned that cybersecurity risk is their top resiliency concern, marking a significant increase from 80% in the previous year. This, in turn, led to the rising trend of integrating resiliency into frameworks or functions such as cybersecurity and technology incident responses, disaster recovery, and business continuity planning across business units. Integration is also seen in functions such as crisis management, crisis communication, recovery and resolution planning activities, and testing that includes simulation and table top exercises. THIRD-PARTY SECURITY Banks have long depended on third parties to provide core and support services, a trend that is expected to still grow in the future. However, third-party risk is also noted as a major risk in the next decade and described as the risk of operating in an ever-expanding ecosystem. Cybersecurity is identified as the top third-party risk, with 56% of the banks surveyed echoing this sentiment. Since banks are fortifying their cyber defenses, we should note that third parties handling or processing the banks’ information will likely become bigger targets for cybersecurity attacks. Third parties are expected to be at par or to have better cybersecurity controls than banks. It is also interesting to note that banks are transitioning in defining critical third parties. Previously, third parties were evaluated based only on spending and financial impact, but now, banks are also considering business continuity and resilience (66%), types of data and systems accessed (61%), and sensitivity of data used (54%). This more holistic approach has led to some challenges for banks in handling the sheer volume of third parties that need to be assessed and monitored for their cybersecurity control effectiveness. TRANSITIONING TO THE CLOUD It is evident that cloud transition is the most effective means for banks to tighten cybersecurity, given the service’s promise of efficiency, reliability, and scalability. However, the security of customer information and the banks’ data contained in the cloud remains a big concern for most CROs (92% of respondents). This also poses a major risk in the next decade despite the many cybersecurity controls and capabilities already established by cloud service providers. Banks are also moderately confident in their capabilities to operate in a cloud environment. We see that banks are keen to first establish their cloud security and risk frameworks prior to transition. There is also recognition of differences between the operation of on-premise systems and cloud environments, highlighting the need for additional controls and capabilities. CYBERSECURITY CAPABILITIES The survey further showed that while the banks’ cybersecurity capabilities are mostly rated as “Managed,” (i.e., ad hoc, repeatable, defined, managed, efficient), there is still the challenge to elevate cybersecurity to the next level. Respondents were wary of cybersecurity capabilities such as data restoration (32%), cybersecurity incident response (30%), identity access management (28%), and patch management (27%). They consider these as key areas where banks need to improve. The capabilities must include employing a skilled and knowledgeable cybersecurity workforce. Capability issues are exacerbated due to the inadequate number of qualified cybersecurity professionals on a global scale. While there is an active inter-organization movement among cybersecurity professionals, there are simply not enough new capable talents who can help bridge the gap. SECURITY IS ONLY AS STRONG AS THE WEAKEST LINK Cybersecurity remains a formidable risk for banks to grapple with both in the short and long-term. The challenge to improve the banks’ cybersecurity capabilities includes recognizing that security is only as strong as the weakest link. With the cybersecurity threat landscape rapidly and continually evolving, banks need to increase their vigilance and be more comprehensive in addressing cybersecurity risks. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Philip B. Casanova is an Advisory Partner of SGV & Co.

Read More
03 February 2020 Ana Katrina C. Celis-De Jesus

Transfer pricing and tax avoidance: What does the CITIRA bill say?

Government investment promotion agencies offer tax incentives to attract investors. Many companies, especially those in priority and emerging sectors, benefit from such incentives in the course of doing business. In some cases, companies engage in related-party transactions, such as transactions between a parent company and a subsidiary, or between affiliates. However, according to a Department of Finance (DoF) and Bureau of Internal Revenue (BIR) analysis, such practices may give rise to abusive transfer pricing schemes, deemed to cost the Government billions in lost revenue each year. Specifically, the DoF identifies transfer pricing abuses to include the corporate practice of shifting profits from a high-tax country to tax havens, as well shifting profits from a corporate taxpayer to its related party located in special economic zones. Because of such practices, the DoF is pushing for the legislative approval of the Comprehensive Tax Reform Program (CTRP), which will prevent income from being shifted among related parties through the inappropriate pricing of related party transactions. Under Section 50 of the Tax Code (the Philippine Transfer Pricing provision), the Commissioner of Internal Revenue has the authority to review controlled transactions among associated enterprises and distribute, apportion or allocate their income and deductions to reflect the true taxable income of such enterprises. In the 17th Congress, a bill was introduced which included a proposal to amend Section 50 of the Tax Code under the current administration’s Tax Reform for Attracting Better and High-Quality Opportunities (formerly known as the TRABAHO Bill or the then CTRP Package 2). The TRABAHO Bill was approved on third reading by the House of Representatives but was not passed by the Senate in the 17th Congress. The TRABAHO Bill has since been renamed the Corporate Income Tax and Incentives Rationalization Act (the CITIRA Bill or the now CTRP Package 2). The CITIRA Bill has been re-filed in the 18th Congress to pursue, among others, the amendment of Section 50. As of this writing, the CITIRA Bill has been approved on third reading by the House of Representatives and has been endorsed to the Senate for its consideration and approval. FINE LINE BETWEEN TAX AVOIDANCE AND EVASION The proposed amendment to the current transfer pricing provision emphasizes the prevention of tax avoidance. The proposed amendment defines tax avoidance for purposes of transfer pricing. Corporate taxpayers often weigh their options when planning to implement their business transactions. In doing so, they may resort to tax avoidance strategies to reduce the amount of tax payable. Tax avoidance per se is not illegal. On the other hand, the intentional and deliberate non-payment of taxes, in an attempt to reduce or eliminate a taxpayer’s liability, is called tax evasion, which is illegal. An Organization for Economic Cooperation and Development (OECD) Economics Department working paper by Johansson, Skeie and Sorbe reported that all G20 and OECD member countries have implemented transfer pricing rules to prevent related-party taxpayers from manipulating the price of their transactions for tax purposes. Some of these member-countries have anti-avoidance rules against international tax planning by multinational enterprises. The general anti-avoidance rules prohibit an aggressive approach to tax avoidance, with a common thread of adherence to the principle of substance over form. Tax benefits may not be availed of when a related-party transaction lacks economic substance or has no reasonable commercial purpose. The anti-avoidance rules of the G20 and OECD member countries are generally designed to achieve the following goals: identification of such a scheme or arrangement; quantification of the actual tax benefit or advantage gained from the scheme; and performance of a test to assess if the company gains a clear tax advantage through the scheme. It should be noted, however, that there are differences in the rules for various countries. STRENGTHENING THE TRANSFER PRICING PROVISION The CITIRA Bill proposes that the time is ripe for the Philippines to adopt similar anti-avoidance rules to counteract the potential abuse of tax incentives by corporate taxpayers. From a current Philippine tax perspective, the BIR may impose an adjustment to transfer prices affecting the recognition of income or expenses of taxpayers based on its industry-specific arm’s length standards. This imposition may result in deficiency taxes and even possible interest and penalties to be assessed against the taxpayer. With the proposed transfer pricing amendment to Section 50 of the Tax Code, the CITIRA Bill will vest the Commissioner of Internal Revenue with dual roles: first, to distribute, apportion, allocate, and impute income and deductions; and second, to disregard and counteract tax avoidance arrangements necessary to clearly reflect the income of a corporate taxpayer. The CITIRA Bill also aims to empower the Commissioner to consider the transaction or arrangement as void for income tax purposes. Under the proposed amendment, tax avoidance will become more clearly defined to include actions that directly or indirectly alter either the incidence of any income tax, or relieve, avoid, postpone, or reduce any liability to pay current or future income tax. Companies with transfer pricing arrangements should note that tax avoidance is presumed to exist in situations where the transaction or arrangement can be proven to be motivated by obtaining a tax benefit or advantage with no commercial reality or economic benefit. CONSIDERING TRANSFER PRICING RISKS If and when the proposed amendment to Section 50 of the Tax Code passes into law, we can expect the BIR to take an aggressive approach to transfer pricing. Philippine companies with related-party transactions will have to increase vigilance to potential transfer pricing issues that may have a significant impact on reporting its taxable income. Given the current administration’s drive for tax reform, the passage of the CITIRA Bill into law will further intensify the need for taxpayers to include transfer pricing as a significant part of their tax planning and risk management strategies. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Ana Katrina C. Celis-De Jesus is a Tax Senior Director of SGV & Co.

Read More
Leading the way in business

Other SGV News and Publications