Suits the C-Suite

17 February 2020

Alvin Manuel, Shaun Cusi, and Dawn Casocot

When the going gets tough, the tough get going

Just over the course of one month into 2020 and the world has been bombarded with a flurry of disasters and unforeseen events. Headlines have been filled with alarming and heartbreaking news — from the wildfires in Australia, to the eruption of the Taal Volcano, and just recently, the outbreak of COVID-19 (coronavirus disease 2019) affecting numerous countries around the world. With these events happening all over the globe, we come face-to-face with the glaring fact that disasters are not a matter of “if,” but “when.” Given the increasingly frequent occurrence of unfortunate events, whether natural or man-made, are organizations prepared to face such ever-evolving and emerging threats? Taking a proactive stance seems to no longer be an option, but a necessity. It is more crucial than ever for companies to ensure that they have an established plan in place to guide the organization on how best to respond and safely maintain operations in the face of unprecedented situations. Recent events should serve as a wake-up call to revisit and ensure that business continuity plans (BCP) are robust enough to cater to all sorts of disasters. DEVELOP AN ORGANIC, EVOLVING BCP First, companies should review their existing BCP and check that all potential threats, whether natural or man-made, are considered in the plan. This would entail the broadening of their perspective to anticipate the current and future risks that the organization may face. The next step would be to update these plans periodically in order to tackle new and continually emerging threats in the industry. This likewise involves checking if the roles and responsibilities are still correct and sufficient, if advances in technology solutions and infrastructure are accounted for, and if procedures to recover critical services are still applicable. The organization should consider specific plans catering to different threats, such as Pandemic Plans and IT disaster recovery (IT DR) plans. These plans should also cover high-risk, low probability events. Having well-documented plans are only the starting point of a well-developed Business Continuity Management (BCM) program. The plans and strategies must also be exercised to test the effectiveness of the strategies. When planning for exercising activities, the organization must consider the current BCM maturity to ensure effectiveness of the testing activities. For example, the organization must start off with tabletop exercises and then transition into simulated exercises as the program progresses. In light of reviewing the BCM, organizations should consider the following points. AWARENESS AND COMMUNICATION The safety of employees should be a top priority, making awareness and communication initiatives especially critical. Organizations should establish proper communication channels and procedures and deploy an emergency broadcast process that will allow the company to reach employees quickly and measurably. Employers must also account for their employees in times of a disaster and be able to escalate emergencies to the proper authorities as necessary. Employers must ensure that their people are regularly updated with reliable information regarding the situation, both to manage the spread of correct, verified information from authorized sources as well as to control the spread of harmful and panic-inducing disinformation. The company’s leaders should maintain communications through easily accessible media, such as printed posters, e-mails, weekly updates, programs and activities. As an example, to increase awareness on the organization’s pandemic plan, the business should send out awareness e-mails regarding the extent of the virus as well as countermeasures and preventive actions. The organization must also consider the company culture in crafting an effective BCM Awareness program. BUSINESS IMPACT AND SUPPLY CHAIN CONCERNS Given the unexpectedly broad impact of the COVID-19 virus outbreak, businesses should revisit their 2020 and Q1 budgets. Determine areas where operations will be impacted, including key suppliers, vendors, and third parties. Consider the impact of the disaster on key suppliers and vendors, as this will also impact the delivery of services if disruptions occur, especially for suppliers that provide manpower services. If necessary, identify back-up suppliers and vendors as a pre-disaster activity. This will ensure that critical services and products provided by affected suppliers will continue in the event of a disaster. Organizations should also determine key dependencies, assess potential impacts on these services and align with key clients on adjustments to any affected expectations and deliverables. Additionally, businesses should consider revisiting their contracts with clients or third parties, especially long-term or high value contracts. Client initiatives for their own business continuity should also be taken into consideration, since this can possibly cause delays in the completion of the project/engagement. As an example, the recent outbreak of the COVID-19 restricts work obligations which require teams to work on-site with clients, since quarantine and lockdown measures are in effect in infected countries like China. It is also important to thoroughly go through contracts with strict timelines, stipulations of damages in case milestones are not met, or those with a termination clause in cases of unforeseen events. In reviewing these, organizations should always put into perspective their capabilities to deliver their products and/or services even under extremely difficult circumstances. Business must also look into the impact of disasters on the organization’s assets and workforce. Different disasters call for different responses and organizations must be able to adapt to each one. For example, disasters such as fires, earthquakes, typhoons and floods would affect the organization’s facilities and equipment. Situations such as cyber or hacking attacks would necessitate a different set of responses and resources from digital security teams. Similarly, disasters such as pandemics will directly impact the workforce in terms of physical health and contagion control protocols. In such an eventuality, leave policies must be updated and clearly communicated to the workforce, and health insurance policies for employees must be revisited. Employees that have symptoms or illness should be allowed to remain at home or work from home and seek medical care as soon as possible. BUSINESS SUCCESSION AND BACKUPS In times of disaster, leadership may not be available to address urgent and critical concerns; thus it is essential to develop a plan for leadership continuity in the event that key decision makers are affected. Organizations should also consider setting up physically separate back-up teams that can be deployed in times of disaster. These identified back-up and alternate personnel must also know their roles and responsibilities in times of crisis. For companies with multiple office locations, this may mean designating one office as a support team for another location. Additionally, the company should also include data back-up processes as part of their regular safety protocols. As new threats emerge in the ever-evolving world, people and organizations must stay vigilant not just about COVID-19, but other possible issues that may arise. Practice additional caution by staying updated on current events, carefully examining the organization’s level of readiness and adapting. Consider that just weeks prior to the virus outbreak, parts of the country were affected by storms and earthquakes while Metro Manila was severely affected by the Taal volcano eruption, which led to the closure and suspension of work and classes in several locations. An emergency can occur at any time, so being prepared with a strategic and tested business continuity plan is essential to ensure the safety of a company’s people and the continuity of business-critical services in times of disaster. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the authors and do not necessarily represent the views of SGV & Co. Senior Manager Alvin Manuel, Manager Shaun Cusi, and Associate Dawn Casocot are from the Advisory Service Line of SGV & Co.

10 February 2020

Philip B. Casanova

Banks rate cybersecurity as top concern

Board members and Chief Risk Officers (CROs) of banks and other financial institutions have identified cybersecurity as their top short-term (12 months) risk priority. This was revealed in the Tenth Annual Global Risk Management Survey conducted by EY (Ernst & Young) and the Institute of International Finance. Survey participants comprised 94 firms in 43 countries with 23% based in Asia. Cybersecurity emerged at the top spot for the third straight year, considering that it only surfaced as a risk concern in 2015. We see this as a result of rapid technology development and the onslaught of banks embarking on digital transformation journeys in the last five years. The refreshed survey also affirmed cybersecurity as one of the major risks to anticipate in the next decade. Some of the key issues identified were concerns on industry-wide cybersecurity attacks, third-party security, cloud transition, and cybersecurity capabilities. INDUSTRY-WIDE CYBERSECURITY ATTACKS In the next five years, 80% of respondents foresee an industry-wide attack. This concern is attributed to three key factors: (1) constant cybersecurity attacks on banks and other significantly important financial institutions; (2) nation states that have exhibited destructive behavior using cybersecurity attacks; and (3) critical third parties that are regularly attacked, such as telecommunications and cloud provider companies. These issues resulted in recent government and private organization initiatives that utilize cross-industry cybersecurity attack drills rather than isolated tests. The survey also showed that 53% of respondents worried about their ability to recover operations after a cybersecurity attack. At the same time, 33% were concerned that customers would not be able to access vital bank services immediately after a cybersecurity attack. These issues relate to another major risk identified as resiliency: the ability to deliver services to customers, clients and markets without disruption. An overwhelming 94% of respondents mentioned that cybersecurity risk is their top resiliency concern, marking a significant increase from 80% in the previous year. This, in turn, led to the rising trend of integrating resiliency into frameworks or functions such as cybersecurity and technology incident responses, disaster recovery, and business continuity planning across business units. Integration is also seen in functions such as crisis management, crisis communication, recovery and resolution planning activities, and testing that includes simulation and table top exercises. THIRD-PARTY SECURITY Banks have long depended on third parties to provide core and support services, a trend that is expected to still grow in the future. However, third-party risk is also noted as a major risk in the next decade and described as the risk of operating in an ever-expanding ecosystem. Cybersecurity is identified as the top third-party risk, with 56% of the banks surveyed echoing this sentiment. Since banks are fortifying their cyber defenses, we should note that third parties handling or processing the banks’ information will likely become bigger targets for cybersecurity attacks. Third parties are expected to be at par or to have better cybersecurity controls than banks. It is also interesting to note that banks are transitioning in defining critical third parties. Previously, third parties were evaluated based only on spending and financial impact, but now, banks are also considering business continuity and resilience (66%), types of data and systems accessed (61%), and sensitivity of data used (54%). This more holistic approach has led to some challenges for banks in handling the sheer volume of third parties that need to be assessed and monitored for their cybersecurity control effectiveness. TRANSITIONING TO THE CLOUD It is evident that cloud transition is the most effective means for banks to tighten cybersecurity, given the service’s promise of efficiency, reliability, and scalability. However, the security of customer information and the banks’ data contained in the cloud remains a big concern for most CROs (92% of respondents). This also poses a major risk in the next decade despite the many cybersecurity controls and capabilities already established by cloud service providers. Banks are also moderately confident in their capabilities to operate in a cloud environment. We see that banks are keen to first establish their cloud security and risk frameworks prior to transition. There is also recognition of differences between the operation of on-premise systems and cloud environments, highlighting the need for additional controls and capabilities. CYBERSECURITY CAPABILITIES The survey further showed that while the banks’ cybersecurity capabilities are mostly rated as “Managed,” (i.e., ad hoc, repeatable, defined, managed, efficient), there is still the challenge to elevate cybersecurity to the next level. Respondents were wary of cybersecurity capabilities such as data restoration (32%), cybersecurity incident response (30%), identity access management (28%), and patch management (27%). They consider these as key areas where banks need to improve. The capabilities must include employing a skilled and knowledgeable cybersecurity workforce. Capability issues are exacerbated due to the inadequate number of qualified cybersecurity professionals on a global scale. While there is an active inter-organization movement among cybersecurity professionals, there are simply not enough new capable talents who can help bridge the gap. SECURITY IS ONLY AS STRONG AS THE WEAKEST LINK Cybersecurity remains a formidable risk for banks to grapple with both in the short and long-term. The challenge to improve the banks’ cybersecurity capabilities includes recognizing that security is only as strong as the weakest link. With the cybersecurity threat landscape rapidly and continually evolving, banks need to increase their vigilance and be more comprehensive in addressing cybersecurity risks. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Philip B. Casanova is an Advisory Partner of SGV & Co.

03 February 2020

Ana Katrina C. Celis-De Jesus

Transfer pricing and tax avoidance: What does the CITIRA bill say?

Government investment promotion agencies offer tax incentives to attract investors. Many companies, especially those in priority and emerging sectors, benefit from such incentives in the course of doing business. In some cases, companies engage in related-party transactions, such as transactions between a parent company and a subsidiary, or between affiliates. However, according to a Department of Finance (DoF) and Bureau of Internal Revenue (BIR) analysis, such practices may give rise to abusive transfer pricing schemes, deemed to cost the Government billions in lost revenue each year. Specifically, the DoF identifies transfer pricing abuses to include the corporate practice of shifting profits from a high-tax country to tax havens, as well shifting profits from a corporate taxpayer to its related party located in special economic zones. Because of such practices, the DoF is pushing for the legislative approval of the Comprehensive Tax Reform Program (CTRP), which will prevent income from being shifted among related parties through the inappropriate pricing of related party transactions. Under Section 50 of the Tax Code (the Philippine Transfer Pricing provision), the Commissioner of Internal Revenue has the authority to review controlled transactions among associated enterprises and distribute, apportion or allocate their income and deductions to reflect the true taxable income of such enterprises. In the 17th Congress, a bill was introduced which included a proposal to amend Section 50 of the Tax Code under the current administration’s Tax Reform for Attracting Better and High-Quality Opportunities (formerly known as the TRABAHO Bill or the then CTRP Package 2). The TRABAHO Bill was approved on third reading by the House of Representatives but was not passed by the Senate in the 17th Congress. The TRABAHO Bill has since been renamed the Corporate Income Tax and Incentives Rationalization Act (the CITIRA Bill or the now CTRP Package 2). The CITIRA Bill has been re-filed in the 18th Congress to pursue, among others, the amendment of Section 50. As of this writing, the CITIRA Bill has been approved on third reading by the House of Representatives and has been endorsed to the Senate for its consideration and approval. FINE LINE BETWEEN TAX AVOIDANCE AND EVASION The proposed amendment to the current transfer pricing provision emphasizes the prevention of tax avoidance. The proposed amendment defines tax avoidance for purposes of transfer pricing. Corporate taxpayers often weigh their options when planning to implement their business transactions. In doing so, they may resort to tax avoidance strategies to reduce the amount of tax payable. Tax avoidance per se is not illegal. On the other hand, the intentional and deliberate non-payment of taxes, in an attempt to reduce or eliminate a taxpayer’s liability, is called tax evasion, which is illegal. An Organization for Economic Cooperation and Development (OECD) Economics Department working paper by Johansson, Skeie and Sorbe reported that all G20 and OECD member countries have implemented transfer pricing rules to prevent related-party taxpayers from manipulating the price of their transactions for tax purposes. Some of these member-countries have anti-avoidance rules against international tax planning by multinational enterprises. The general anti-avoidance rules prohibit an aggressive approach to tax avoidance, with a common thread of adherence to the principle of substance over form. Tax benefits may not be availed of when a related-party transaction lacks economic substance or has no reasonable commercial purpose. The anti-avoidance rules of the G20 and OECD member countries are generally designed to achieve the following goals: identification of such a scheme or arrangement; quantification of the actual tax benefit or advantage gained from the scheme; and performance of a test to assess if the company gains a clear tax advantage through the scheme. It should be noted, however, that there are differences in the rules for various countries. STRENGTHENING THE TRANSFER PRICING PROVISION The CITIRA Bill proposes that the time is ripe for the Philippines to adopt similar anti-avoidance rules to counteract the potential abuse of tax incentives by corporate taxpayers. From a current Philippine tax perspective, the BIR may impose an adjustment to transfer prices affecting the recognition of income or expenses of taxpayers based on its industry-specific arm’s length standards. This imposition may result in deficiency taxes and even possible interest and penalties to be assessed against the taxpayer. With the proposed transfer pricing amendment to Section 50 of the Tax Code, the CITIRA Bill will vest the Commissioner of Internal Revenue with dual roles: first, to distribute, apportion, allocate, and impute income and deductions; and second, to disregard and counteract tax avoidance arrangements necessary to clearly reflect the income of a corporate taxpayer. The CITIRA Bill also aims to empower the Commissioner to consider the transaction or arrangement as void for income tax purposes. Under the proposed amendment, tax avoidance will become more clearly defined to include actions that directly or indirectly alter either the incidence of any income tax, or relieve, avoid, postpone, or reduce any liability to pay current or future income tax. Companies with transfer pricing arrangements should note that tax avoidance is presumed to exist in situations where the transaction or arrangement can be proven to be motivated by obtaining a tax benefit or advantage with no commercial reality or economic benefit. CONSIDERING TRANSFER PRICING RISKS If and when the proposed amendment to Section 50 of the Tax Code passes into law, we can expect the BIR to take an aggressive approach to transfer pricing. Philippine companies with related-party transactions will have to increase vigilance to potential transfer pricing issues that may have a significant impact on reporting its taxable income. Given the current administration’s drive for tax reform, the passage of the CITIRA Bill into law will further intensify the need for taxpayers to include transfer pricing as a significant part of their tax planning and risk management strategies. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Ana Katrina C. Celis-De Jesus is a Tax Senior Director of SGV & Co.

27 January 2020

Pamela Lantes-Arellano

Rising from the ashes: How to claim tax relief from Taal’s unrest

The Philippines is vulnerable to natural calamities due to its geographical location. The archipelago is frequently exposed to the devastating effects of natural disasters like typhoons, earthquakes, and — from time to time – volcanic eruptions. On Jan. 12, the picturesque Taal Volcano expelled smoke, ash and lava, prompting the government to evacuate residents from nearby towns as a precaution in the event of a more powerful eruption. Just less than a month prior, hundreds of thousands of Filipinos lost their homes and livelihoods when Typhoons Tisoy and Ursula swept the Visayas region. In the aftermath of natural or environmental catastrophes, many businesses struggle to recover from the resulting damage, loss and devastation, especially when they are unable to claim losses incurred as deductions for income tax purposes. However, it may be of some comfort to affected taxpayers that this can be avoided. CLAIMING CASUALTY LOSSES Affected individuals and corporations engaged in trade, business or a profession may avail of tax relief by claiming (as business deductions) casualty losses incurred from destroyed properties that were actually used in the business. Keep in mind, however, that casualty losses on assets not used in the course of business or are personal in nature will not be allowed as deductions. To guide taxpayers on how to declare casualty losses incurred during the year for tax purposes, the Bureau of Internal Revenue (BIR) issued Revenue Memorandum Order (RMO) No. 31-2009. Although it is a dated RMO, these rules are still in force and highlight critical considerations for taxpayers in claiming casualty losses. ACT FAST, BUT BE DETAILED Businesses that wish to deduct casualty losses need to file their claim of casualty loss within 45 days after the date of the event. A Sworn Declaration of Loss is submitted to the Revenue District Office (RDO) holding jurisdiction over the taxpayer’s place of business. The sworn declaration of loss should include specific details, such as the nature of the event that gave rise to the loss; when it occurred; a detailed description of the damaged properties and where they are located; and very importantly, the amount of insurance or other compensation that the taxpayer anticipates receiving. In addition, the taxpayer needs to provide a detailed computation of the losses covering the cost of the property, any depreciation deducted, the value of the properties before and after the event, and the cost of any necessary repairs for assets that can be recovered. As with other similar claims for deduction, the taxpayer should submit proof of the loss incurred, including but not only limited to before and after photographs of the damaged or destroyed properties. KNOW HOW MUCH LOSS TO REPORT When a taxpayer submits the declaration for casualty losses, it is important to accurately calculate the deductible casualty losses. This amount is basically the difference between the value of the property before and immediately after the calamity. This means that the casualty loss should never exceed the cost (or other adjusted basis, including depreciated cost) of the property the taxpayer is using in business. At the same time, taxpayers should remember to deduct any insurance or compensation they receive for the loss. Understandably, insurance claims take time to process. If the taxpayer or company anticipates any insurance payments to occur after the reporting period in which the losses occurred, then for financial reporting purposes, the loss should be recognized when incurred. For example, when a piece of equipment is destroyed, the asset should be written off, regardless of whether the losses can be recovered from an insurance policy or if there are plans to replace the equipment. Companies should also note that timing will be different for financial reporting and for tax purposes. In cases where a company has no insurance on the assets used in its business, the loss will be recognized on the date it is incurred. However, if a claim for reimbursement exists and there is a reasonable prospect of recovery, then no portion of the loss is sustained until it can be reasonably ascertained whether or not such reimbursement will be received. Determining whether a reimbursement will be received or not can be reasonably ascertained such as by a settlement, adjudication, or abandonment of the claim. Why is this significant? Because taxpayers either need to actually collect insurance proceeds or decide to abandon their claim (which, naturally, requires documentary proof), before they can claim casualty losses as tax deductions. Since volcanic eruptions and the damage they may cause are not usual vents, insurance companies will need time to accurately evaluate the reasonableness of the incurred losses compared to other more frequently occurring disasters, such as floods and typhoons. HOPING FOR MORE TIME Arguably, the 45-day period for taxpayers to submit the sworn statement (together with the supporting documents) may not be enough. This is considering that the losses should first be ascertained before a taxpayer can start preparing the documentary requirements. Our tax authorities in their wisdom may wish to consider granting a longer period to allow taxpayers to collate all of the documentary requirements to report these casualty losses. As an example, the BIR extended by three months the filing of the sworn declaration in the wake of typhoon Yolanda in November 2013. In the meantime, as we hope and wait for any advice for a reporting deadline extension from the BIR, we expect that affected businesses and taxpayers will continue to prioritize the safety and recovery of their employees and their families, while anticipating the resumption of normal operations in the soonest possible time. Amidst all challenges, we hope and pray for the safety and well-being of our affected kababayans. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Pamela Lantes-Arellano is a Tax Senior Director under the Financial Services Organization Group of SGV & Co.

20 January 2020

Betheena Dizon

Estate tax amnesty for non-resident Pinoys: Yay or nay?

Among all the internal revenue taxes imposed in the Philippines, estate tax is arguably one of the most neglected. It is not uncommon to see estate taxes remain unpaid for several years after the death of the decedent until the heirs see the need to transfer the inherited property. These properties then remain idle with their economic benefit unutilized. Thus, the much-anticipated Estate Tax Amnesty program was welcomed when the President signed it on Feb. 14, 2019. This program provides a one-time opportunity to settle estate tax obligations at a reduced tax rate and with no penalties. In a nutshell, the estate tax amnesty allows unpaid estate tax obligations to be settled at the rate of 6%, without any penalties imposed. This covers the estates of decedents who passed away on or before Dec. 31, 2017, with or without tax assessments issued by the Bureau of Internal Revenue (BIR) and that have remained unpaid as of the same date. The amnesty also covers “undeclared estates” or properties that were not included in a previously filed estate tax return and not subjected to estate tax. The 6% amnesty tax rate is imposed on the net estate of the decedent at the time of death. This means that the estate can take advantage of the deductions that are available under the Tax Code as of the time of the decedent’s death. AVAILING OF THE ESTATE TAX AMNESTY The estate tax amnesty return (ETAR) shall be filed with the BIR Revenue District Office (RDO) that has jurisdiction over the place of residence of the decedent, who must be a resident of the Philippines, or of the executor/administrator in the Philippines if the decedent was a non-resident. If the estate has no executor or administrator in the Philippines, the ETAR will be filed with BIR RDO No. 39 in Quezon City. Following Revenue Memorandum Order No. 33-2019, the Certificate of Availment and the Electronic Certificate Authorizing Registration (eCAR), which authorizes the transfer of the estate properties to the heirs, shall be issued within 15 calendar days from the receipt of the validated Acceptance Payment Form and proof of payment of the Estate Amnesty Tax. The estate tax amnesty is available for two years, starting June 15, 2019 and ending June 14, 2021. Any estate that fails to take advantage of the tax amnesty within the period given will be subject to the graduated estate tax rate that was in effect as of Dec. 31, 2017, with interests and penalties also due upon payment. The law was good news to Filipinos in the Philippines as well as those residing overseas who are heirs to unsettled Philippine-based estates with unpaid taxes. Many Filipinos who have settled abroad with their families have expressed their preference to settle the estates and sell off Philippine-based properties. CHALLENGES FOR NON-RESIDENT FILIPINOS However, there are challenges for non-resident Filipinos who wish to take advantage of the tax amnesty. One challenge is the availability of documents required by the ETAR. Under Revenue Regulations (RR) No. 6-2019, documents pertaining to the value of the properties within the estate must be attached to the ETAR to provide a basis for the tax base and the resulting estate amnesty tax payable. If, for example, the decedent passed away decades ago, there is a good chance that the heirs no longer have documents that indicate the value of the properties as of the time of the decedent’s death. This can cause difficulty in proving the actual value of the properties, since it is certain that these properties were worth far less at the time when the decedent died than their current fair market value. Without the relevant documents, it will be difficult to determine the actual value of the decedent’s estate, and the resulting basis to compute the estate amnesty tax. Another challenge for non-resident heirs is how to determine the actual properties that comprise their parents’ or grandparents’ estates. In some cases, the heirs had already migrated to other countries, leaving their parents behind in the Philippines. When the parents are gone, there is a chance that the survivors have no clear idea about the nature or number of properties that were left behind. As they have no resources in the Philippines to obtain information on their parents’ properties, the likely result is an ETAR that may not include all the properties that actually belonged to the decedent. A third challenge for non-resident Filipinos is the actual filing of the ETAR and payment with the bank. Non-residents usually prefer to remit payments online or through wire transfer. However, the amnesty regulations require the physical filing of the ETAR and payment through BIR authorized-agent banks. To avail of the amnesty would require that the non-resident return to the Philippines or to authorize a representative for this purpose. POTENTIAL COURSES OF ACTION With the way that the regulations for estate tax amnesty are currently worded, non-resident Filipinos have the option to authorize representatives in the Philippines to file and process the applications on their behalf, without having to come to the Philippines themselves. Where a proper authorization is in order, these representatives can assist in determining the properties covered by the estate, preparing and submitting the ETAR to the BIR, making the actual payment, and claiming the eCAR to be issued to the estate. In determining the properties that may be covered by the estate, the heirs or their representatives can try to confirm with the relevant government agencies any registered properties that the decedent may have. However, there may also be hurdles on this point as more and more government agencies begin to implement rules that limit information disclosure. Given these challenges for non-resident Filipinos, there may be a need to first evaluate how the authorities can help them maximize the benefits of the amnesty. For example, it may be useful to determine whether it is feasible to authorize Philippine embassies or consulates to accept ETAR filings and amnesty tax payments. Another potential option would be to develop online platforms to enable these individuals to file the ETAR online and settle through bank-to-bank payments. These potential options will certainly help ease the compliance of non-resident Filipinos who may be keen on settling outstanding estate tax obligations. The intent of the estate tax amnesty is certainly laudable as it seeks to increase the revenue of the government, while helping unlock idle properties and opening these up for transfers upon the payment of the estate tax obligation. These objectives can better be realized if additional measures can be developed to help Filipinos, wherever they may be in the world, conveniently and efficiently take part in the estate amnesty program within the given period of time. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Betheena Dizon is a Tax Senior Manager of SGV & Co.

14 January 2020

Nathaniel F. Dizon

Smart, savvy and strategic cyber risk management

We regularly hear and read about hacks, security breaches and similar cybersecurity incidents that expose vulnerabilities in corporate and government digital security systems. The reality is that most companies and organizations lack the internal cybersecurity expertise and capability to combat external threats, which lead them to seek external solutions. While this may be necessary, effective cybersecurity efforts should be anchored on a clear digital risk management strategy, as discussed in a recent EY article, “Making digital risk management strategic.” Digital risk management is the next stage in enterprise risk and security for companies and entities that are incorporating digital processes and technologies into their business. It includes new and unexpected challenges that may arise as a result of digital transformation. Digital risk is a business and not a technology issue, making it a C-suite level concern instead of just an IT matter. Organizations need to take on a holistic approach when creating a digital risk management strategy, one that supports risk-based decisions and improved cybersecurity that reduces costs related to managing security risk. This approach considers the entire organization’s digital assets and relationships since some vulnerabilities can come from the most unlikely of sources. An example would be an incident where the customer information of a local remittance company was leaked through a data breach on a separate system used for marketing purposes. The latest EY Global Information Security Survey showed that 37% of organizations stated they would not be able to detect a sophisticated system breach, despite 53% of respondents claiming that they increased their cybersecurity budgets in prior years. This paints a bleak picture, although the situation may be due to the blurring of organizational boundaries resulting from the emergence of more interconnected devices. With the “Internet of Things” (IoT), or the increased connectivity between systems and the growing online presence of many organizations, any company may become a potential victim. Addressing these risks requires a combination of strategic elements such as identifying risks; monitoring and predicting potential cyber threats; having a ready response protocol to any incidents; and a plan to restore operations. These are considerations that all organizations, regardless of size, need to consider within the limits of their financial and human capital resources. Whether it is a large organization or a smaller one with fewer resources, the key to building an effective digital risk management strategy lies in a few significant steps. FIND YOUR WEAK SPOTS Organizations need to actively and thoroughly review their existing processes, digital platform and operations to identify areas where risks can be minimized or addressed early on. One example of taking bold steps to implement a digital risk management strategy was undertaken by the Singapore Ministry of Defence (MINDEF) in 2018. The government agency decided to invite about 300 ethical (or white hat) hackers from around the world to a first-ever bug bounty event. The challenge was to attempt to hack into the agency’s internet connected system to find vulnerabilities and be rewarded for finding vulnerabilities. This innovative action helped generate nearly 100 vulnerability reports, 35% of which were considered valid security vulnerabilities that the government agency addressed immediately. While this may have been a first for a government agency, it has actually become a common practice for some multinational entities. They now hire white hat hackers to test their security systems for flaws and vulnerabilities by replicating the tactics, techniques, tools and procedures that a malicious hacker would utilize in an actual cyberattack. PROTECT THE CROWN JEWELS Companies need to quantify their risk appetite and identify the digital operations that require greater resources, competencies and capabilities to protect. These are usually the most vital operations such as infrastructure, cloud applications, managed operations or security services. Organizations also need to consider investing in intelligent technology solutions that can automate the process of monitoring and managing digital assets that are most at risk or have the greatest impact on operations. There has been a trend for larger organizations to move their digital risk management and cybersecurity functions outside of traditional IT or technology departments and put them directly under the oversight of top management. This highlights the reality that cybersecurity and digital risk management are larger business issues and not simply IT problems. PREPARE FOR THE WORST Organizations should prepare an incident response plan ahead of time and undertake drills and practices to ensure that all stakeholders know what to do in the event of a breach. This plan, naturally, needs to be one that is continually studied and enhanced as threats evolve. Following the initial response to any breach and the measures taken to minimize the damage, companies should have contingency plans in place to restore business-as-usual operations in the shortest time possible while also managing any operational and reputational damage that may occur. GET YOUR PEOPLE UP TO SPEED As with most programs, people are both the first line of defense and often the greatest point of vulnerability. The EY survey found that 34% of organizations consider careless and untrained employees as their greatest vulnerability. Based on our experience, about one out of five employees fall victim to social engineering techniques in the campaigns we conducted for our clients. This is the reason why organizations need to ensure that all their people are adequately trained in a cyber resilient risk culture. People, in this context, refer to more than just employees. They also include the people engaged by an organization’s vendors, third-party stakeholders and internal/external systems providers. Cyber-savvy organizations need to ascertain that proper access controls, policies and technologies are in place to reduce possible unauthorized access to vital systems or confidential data. A thorough evaluation of the cybersecurity knowledge, exposure and competencies of an organization’s people can also help identify possible human single-point-of-failures, which can significantly hamper an organization’s response time and effectivity in case of a breach. For example, say a breach happens and the cyber-security team swings into action. Part of their containment solution is to block all access to vital databases, but before they can do so, permission from the CIO is required. If for some reason the CIO cannot be readily contacted, it would cause a delay in implementing the security protocols. AN AGILE, HOLISTIC APPROACH TO CYBERSECURITY In the digital environment and ecosystem we operate in today, cyber threats will continue to exist and will constantly evolve to present new risks. Some analysts believe that a breach is inevitable for any organization. However, what matters is how the organization will respond to such an incident. Hopefully, it will be carried out with an agile, scalable, well-designed digital risk management strategy that integrates processes, systems, people and technical competence into a holistic cyber defense system. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Nathaniel F. Dizon is an Advisory Manager of SGV & Co.

06 January 2020

Wilson P. Tan

Making a difference, one ripple at a time

As a new decade begins, we reflect upon the year that just passed and look forward to what may be in store for us in 2020 and beyond. In his article before Christmas — and his last as SGV’s Country Managing Partner — J. Carlitos G. Cruz described how an organization can sustain its purpose for the long term to ensure that its people and culture remain steadfast. In line with SGV’s efforts to sustain our collective purpose to nurture leaders and enable businesses for a better Philippines, we have successfully launched the new EY Ripples program. EY Ripples was introduced by EY Global in late 2019 as a global corporate social responsibility program aimed to drive long-term value for EY clients, people, and the community at large. This multi-year journey is committed to create a greater social impact on the lives of others with the use of the skills, knowledge and experience of EY employees. As one of the early adopters along with the EY member firms in Indonesia, Malaysia, and Singapore, SGV focused on making a difference in two ways: supporting the next generation workforce and engaging impact entrepreneurs. NURTURING FUTURE LEADERS EY Ripples encourages programs on mentoring and coaching the next generation, the young future leaders between the ages of 10 and 18 who will become tomorrow’s aspiring workforce. SGV volunteers interacted with students as young as 5th graders from public and private schools in Malabon, Manila, Muntinlupa, Makati and Quezon City. The students learned about the basics of entrepreneurship and finance through workshop sessions. This was done in collaboration with Junior Achievement Philippines (JAPI), a non-profit organization created to help young people succeed professionally and personally. SGV volunteers all underwent teaching workshops to provide them with basic classroom skills. Their mandate was to help inspire the students with knowledge about the basics of entrepreneurship and financial literacy. The SGV mentors shared the importance of earning, spending, and saving money. They encouraged young students to explore and enhance their career aspirations. Through the use of critical thinking, students were coached to develop a positive attitude in exploring businesses or careers. One SGV volunteer recounted how it was a great experience for her to witness the children’s eyes spark with interest during the talk on the value of money. It made her realize how something so simple might just be one of the ways for us to help Filipino families improve their lives. Besides the schools identified by JAPI, there were other occasions that allowed SGV volunteers to work with young students. These were mainly students sponsored by non-profit organizations. They were introduced to the basics of financial literacy through Supporting the Next Generation workshop modules developed by EY and localized to suit Filipino elementary school children. SGV Christmas outreach programs doubled as learning opportunities with volunteers who taught them the value of money, distinguishing between needs and wants while reiterating the importance of earning and saving. The modules included talks, games and fun activities. BUILDING A BETTER WORKING WORLD EY Ripples also focuses on helping impact entrepreneurs through business clinics to help scale small, growing businesses through seminars and group mentorship. These entrepreneurs differ from other business owners through the positive social change that they generate, as well as the potential to expand that change as they scale. They may occasionally be referred to as social entrepreneurs. SGV held the first EY Ripples business clinic in the Asia-Pacific region, co-organized with Endeavor Philippines, a non-profit organization that aims to build a strong entrepreneurial ecosystem within the country. SGV has had a sound relationship with Endeavor Philippines ever since it was established in the country. Working together on the EY Ripples program was a natural next step for both organizations. Endeavor Philippines helped us identify start-up or small business entrepreneurs from the FinTech, production and services, and business process outsourcing industries. These entrepreneurs were looking for practical training and guidance on how to navigate Philippine business requirements and regulations. SGV partners and senior managers became mentors, sharing practical knowledge and skills in tax and financial planning. Sessions on financing, investment options and methods, as well as Philippine taxation, were conducted with the goal of helping the entrepreneurs accelerate their growth and become more responsible players in the economy. A DECADE OF RENEWED PURPOSE The new decade presents limitless opportunities not only for business but more importantly, for ways to make a difference in the lives of others. We are looking ahead at how we can create more ripples in the next 10 years. More than 1 million people from across EY member firms and their communities will be globally mobilized through EY Ripples. In other parts of the world, EY is laying the foundation to achieve its bold ambition through relationships with impact investors and non-government organizations such as Junior Achievement Worldwide and Acumen. In 2020, some 6,000 EY professionals in the Middle East and North Africa are committed to dedicate at least one work day a year to collectively help advance sustainable inclusive growth in their respective regions. Collaborative initiatives have also been forged with the World Bank, which joined EY in committing to positively affect the lives of 10 million people by 2022. There is also a linkage with TRANSFORM, an initiative founded by Unilever and the UK Department for International Development (DFID) that offers to scale EY support for impact entrepreneurs and help 100 million low-income people in Asia and Africa gain access to vital goods and services by 2025. It is an ambitious program with a collective goal of making a positive impact on the lives of 1 billion people by 2030. We believe it is possible even if it takes us one ripple at a time. In this transformative age of digital — with new knowledge, skills and tools available at our disposal and with people dedicated to our purpose — we are committed to assume a leadership role in communities using the best of our abilities to nurture future leaders and enable impact entrepreneurs to build a better Philippines that, in turn, would create ripples to help build a better working world. I wish to take this opportunity to wish our readers a New Year and a new decade full of promise and possibilities. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Wilson P. Tan is the Country Managing Partner of SGV & Co.

26 December 2019

Piyali Roy

Avoid these pitfalls on the road to digital transformation

While digital transformation is one of today’s most frequently-used buzzwords, the concept itself is constantly transforming. This is because every digital transformation journey is different for every company, and it can be difficult to have a single definition that applies to all. In general terms, we define digital transformation as the integration of digital technology into all areas of a business, resulting in fundamental changes to how businesses operate and how they deliver value to customers. Simply put, digital transformation should result in more efficient operations, optimized controls, and better customer service. With every industry getting disrupted by the “digital wave,” organizations have no choice but to transform. Many companies who are leaders in their industries do it by choice to seize opportunities brought about by new technology, innovation and trends, allowing them to stay ahead in the game. Other companies however, embark on transformation because disruption is impacting their business and they have no choice but to transform or risk falling behind or even becoming extinct. THE KEY PILLARS OF DIGITAL TRANSFORMATION For digital transformation to be successful, companies need to focus on six pillars beyond technology: experiences, people, change, innovation, leadership, and culture. Digital transformation is enabled by technology, but it is only possible if the organization embraces the possibilities that transformation offers. Over and over, it is reiterated that digital transformation is a business and cultural transformation rather than just a transformation driven by technology. PITFALLS TO AVOID Since digital transformation is an organizational transformation encompassing both business and cultural change aided by technology, each journey should be customized to the organization undergoing transformation for it to be successful. This is why it is so important for companies to have a digital transformation strategy. As new technology emerges, companies can avoid pitfalls such as embracing advancements too quickly, rolling them out in a way that could cause too much or too little disruption, and not properly tracking the changes within the organization. Outlined here are five pitfalls that any company undergoing digital transformation should address or manage: Not having a transformation strategy. Basic concepts involved in a digital transformation strategy include analyzing a company’s own needs as well as its company culture. However, transformation cannot only be driven by IT; it must be fully aligned with the organization’s overall path, goals, mission and planned future. The digital strategy must therefore support the corporate, functional and business strategy to align with the overall vision of the company, which entails analyzing the market, customizing the customer experience, and assessing the current standing and adjustment of the company’s infrastructure. Industry experts who can bring in industry-wide knowledge of the framework can be consulted to help build the overall strategy. In the agile digital world where everyone wants to fail fast and keep moving, it does not mean that failure is a necessity; there are learnings which can definitely be made available to minimize failures and increase the potential for success. Not setting up practical steps for change. An organization’s current state is the starting point of all transformations and cannot be forgotten while trying to embrace the trend. It is important to have a digital road map keeping in mind the state of the company as is, while outlining well-defined milestones will be key to driving change in a coordinated and effective way. Careful planning and a methodical process can help ensure actualization of goals, avoiding excessive detours and unnecessary costs. All projects, programs methods and framework (agile) should be aligned with that road map. This reduces the risk of misalignment, redundancies, or even projects that do not address a strategic objective. Costly projects that are at risk of being scrapped can be avoided. Not having the right leadership. Whoever will take charge of the digital transformation needs to have the right mandate for change and the influence to make it happen. This space requires great leadership, collaborative skills, and support to help leaders develop the right digital skills. This can come in the form of advice from peers, or from outsourcing expertise. Not investing in cultural change. If we address everything but culture, any progress made will eventually regress in time. Addressing culture will allow an organization’s investment into digital transformation to take care of itself automatically. However, culture is also the most difficult to change, and cannot be transformed by a simple memo from the top. Culture is omnipresent in any organization; it is what happens every single day, how leaders behave every single day, how decisions are made, how people work, and what is incentivized. INEFFECTIVE INTERNAL COMMUNICATION Digital transformation will inevitably involve continued change management and ensuring that people are aligned. Internal communication teams need to work hard on campaigns to motivate employees, celebrate successes and offer encouragement when going digital feels uncomfortable or difficult. While the road to digital transformation entails change on several levels throughout an organization and is unique for every business, the potential pitfalls are a common ground that can be anticipated. Several companies massively invest in developing new capabilities in Digital and Omni channel (a multichannel sales strategy used to provide a seamless customer experience across digital and brick-and-mortar locations) interfaces while building analytical capabilities, allowing them to upgrade and utilize technology to deliver a better customer experience. Many others run “business” or IT transformation programs that modernize their architecture and systems, while some have started simplifying their products and processes by reassessing their operating models. Whatever way each company decides to initiate its digital transformation journey, the end goal is the same — to enhance the organization’s business, culture and level of innovation to maintain its competitive edge by seamlessly and effectively integrating technology into every aspect of its operations. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. Any tax advice contained herein may be insufficient for US penalty protection. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Piyali RoY is a Senior Director of SGV & Co.

23 December 2019

J. Carlitos G. Cruz

On purpose, passion and possibilities

Whenever the calendar year winds down, many among us find it an opportune moment to reflect and reevaluate the last 12 months. We recall the challenges we faced, revisit the dramatic changes in the business landscape, and ponder how we, as individuals and organizations, have grown and evolved. We have seen how companies have shifted their focus to global trends and technologies, how people are taking on new jobs that didn’t even exist a few years ago, and how the challenges of sustainable development have become the top priority for organizations. At the start of 2019, I wrote about how the SGV team recommitted itself to the firm’s collective purpose to nurture leaders and enable businesses for a better Philippines. I described how purpose motivates people, becoming the primary driver of strategy and transformative development in every aspect of business. Purpose can empower individuals and teams by creating a deep sense of meaning that enhances personal commitment and energizes them with the power of positive action. Purpose is like having an internal compass, one that guides a person’s every action by never compromising values. At the same time, people who believe in and are proud to be part of an organization go the extra mile and tend to be at their creative best. Becoming a purpose-driven organization is one thing, however. Sustaining that purpose for the long term is another. How, then, can organizations ensure that its people and culture will remain steadfast in its chosen purpose? ALIGN YOUR PEOPLE TO YOUR PURPOSE For a purpose to work, it is vital for the organization’s people, culture, work practices and leadership behavior to be aligned with it. Think of your purpose as your road map — those travelling on the road will need to adjust their course if they wish to remain on track. The truth of your purpose needs to permeate every aspect of your business. Purpose has to be a living covenant. When SGV launched its purpose, we asked our people if they were willing to commit to the purpose and journey together to live it out. Each member wrote his or her commitment and placed it on a visual map as a symbolic reference. They were also encouraged to integrate our purpose with their own personal career journey, and internalize how such a purpose could energize and validate their progress, from initial recruitment to their continuing professional growth to their involvement in our CSR programs. Eventually, we see our people carrying our purpose with them even if they continue their journeys outside SGV as alumni. Speaking of recruitment, purpose-driven organizations also need to consider adjusting their metrics for hiring people. Most companies hire for talent, skill or potential. Purpose-driven companies also hire for values, taking into consideration whether a candidate’s values align with those of the organization. STEER YOUR PURPOSE Simply declaring a purpose is not enough. Organizations need to have leaders who will set the pace for positive change by transforming the organization’s culture and ways of working to become more purpose-led. Purpose should not be the sole responsibility of one leader in the organization, it needs to be supported by the collective will and wisdom of various stakeholders. In SGV, a steering committee (aptly named the Purpose Council) meets regularly to identify areas for improvement and design programs to continually ensure that our practices reflect our purpose. COMMUNICATE AND DEMONSTRATE PURPOSE-DRIVEN CONDUCT As with any transformative program, constant communication is key. An organization’s leaders need to actively and constantly communicate the company’s vision and encourage people to embrace the meaning behind the purpose on a personal level. Leaders not only have to “walk the talk” when it comes to purposeful behavior, but they also need to regularly keep the channels of dialogue open. We continue to sustain our purpose through regular, inspirational internal communications from leaders and partners to further strengthen our people’s collective resolve. HELP YOUR PEOPLE FIND THE PURPOSE ‘SWEET SPOT’ Leadership advisor Peter Fisk references an interesting duality between passion and purpose, which he attributes to Ha Nguyen of Omidyar Networks. Passion, he says, is about finding yourself. It’s about doing what you love and possibly building your life and career around it. Purpose is about losing yourself in something bigger than you. It’s about wanting to make a difference, to leave a lasting and meaningful legacy. Finding one’s passion may not always have purpose and finding one’s purpose may not necessarily fit one’s passion. However, for those individuals who can both do what they love while serving the greater good, that is where true fulfilment lies. I wish to take this opportunity to share with our readers how fortunate I had been — that in my 38 years of working with SGV — I had personally found deep fulfilment in the unique intersection between my passions and our purpose. As I turn over SGV’s leadership to Wilson P. Tan, the next SGV Country Managing Partner, I am excited about the limitless possibilities of a fresh, new decade with full confidence that SGV’s Purpose will thrive and endure for generations of SGV professionals yet to come. A Merry Christmas and a purposeful 2020 to all! This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. J. Carlitos G. Cruz is the Chairman and outgoing Country Managing Partner of SGV & Co.

09 December 2019

Jocelyn M. Magaway

Act fast before the FAST Act interferes with US Passports

This article applies to US citizens, US nationals and their employers, the latter to ensure US Federal tax compliance. “Seriously Delinquent” tax debts can cause suspension, denial, or nonrenewal of US Passports. The US passport is said to be one of the most powerful in the world. Its holders enjoy visa-free access or visa-on-arrival access to almost 200 countries. For an American who lives overseas, the US passport is even more important as it may be the only valid proof of identification in the host country. Furthermore, a US passport may be the only acceptable ID document when entering into any legal transactions, such as signing a lease agreement or an employment contract or opening a bank account. However, what if this powerful passport were rendered useless, revoked or refused renewal due to tax compliance issues? On Dec. 4, 2015, former President Barack Obama signed into law the Fixing America’s Surface Transportation (FAST) Act. The Act provides funds for Federal highways, highway safety and transit programs, and related needs. To help cover the costs involved, it added a new Internal Revenue Code (IRC) section (Section 7345) that allows the Internal Revenue Service (IRS) to work with the State Department to revoke, deny, or limit the passport of any taxpayer with a “seriously delinquent tax debt.” This procedure has raised an estimated $1 billion so far — considerably more than the anticipated $400 million. Given this level of success, we can expect the IRS to continue using passport suspensions, denials, and non-renewals to motivate taxpayers to settle tax compliance issues. WHO ARE THE FAST ACT’S TARGETS? The operative phrase here is “seriously delinquent tax debt.” Under the Act and the IRS’s implementing guidelines, this refers to an individual’s unpaid, legally enforceable Federal tax liability of at least $52,000, including interest and penalties, as formally assessed by the IRS. Also, IRS must have already filed a notice of lien, issued a levy on the taxpayer’s assets, or the taxpayer must have either exhausted administrative appeal rights or allowed them to lapse. So, when is a tax debt not considered seriously delinquent? The FAST Act clarifies that debts that are being paid in a timely manner in accordance with an IRS-approved offer in compromise or installment agreement are not considered seriously delinquent. Tax cases for which a due process hearing has been filed or is pending or that are subject to a claim that can result in a zero balance are also not included. IRS rules also have certain compassionate provisions that exempt taxpayers who have filed for innocent spouse relief or for personnel who are currently serving in a combat zone. IRS rules also allow for discretionary exemption (which means IRS may or may not allow an exemption) in cases involving financial hardship or identity theft, for taxpayers in federally-designated disaster zones, bankrupt individuals, or for deceased taxpayers. WHAT HAPPENS IF A TAXPAYER’S PASSPORT IS AT RISK? If the taxpayer’s debt is seriously delinquent and none of the exceptions or discretionary exclusions apply, the IRS will send a certification that the taxpayer’s passport is subject to suspension or non-renewal to the Treasury Secretary who then forwards that certification to the Secretary of State. Concurrently, the IRS will notify the taxpayer of this action at his or her last known address. To contest a certification, a taxpayer may file suit in a US district court or the US Tax court. Given the expense and time involved in litigation, a recent IRS Notice may provide a more attractive option for taxpayers who act fast. If the State Department receives a passport application from a certified delinquent taxpayer, it will now inform the taxpayer and hold the application for 90 calendar days instead of immediately rejecting it. This provides time for the taxpayer to contact the IRS and request a decertification by convincing the IRS that the certification is in error, by settling the tax liabilities in full, or by entering into an offer in compromise or installment payment agreement with the IRS. Affected taxpayers should bear in mind that the $52,000 threshold for 2019 is not difficult to breach. Under the general statute of limitations for federal taxes, the IRS usually has just three years from the due date of a return or, if later, from the actual filing date to assess additional taxes. However, this limit becomes six years in cases where there is a substantial understatement of income (i.e., omission of over 25% of gross income). The statute is unlimited in cases where the understatement is fraudulent or where the taxpayer has failed to file. The statute of limitations is also unlimited if the taxpayer fails to include certain forms related to foreign assets when required. Since the time frame to calculate liabilities can run from three to an unlimited number of years, the tax plus interest and penalties can easily add up to $52,000 or more. ACT FAST TO PROTECT YOUR US PASSPORT Anyone who receives a notice from the IRS or State Department of a seriously delinquent tax debt or who is certified for passport denial or limitation must act quickly. Affected US passport holders who have been identified as delinquent taxpayers should immediately consult a tax advisor and resolve any tax compliance issues before the FAST Act takes away their passport. It should be noted that an application to renew an expiring US passport can be submitted up to nine months before its expiration date. Passport holders who have any inkling of a pending tax problem should file their renewal as early as possible to give themselves and their advisor time to work out a solution. This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. Any tax advice contained herein may be insufficient for US penalty protection. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co. Jocelyn M. Magaway is a tax senior director and IRS enrolled agent of SGV & Co.