HMRC has recently advised that a new package of Administrative Guidance on Pillar Two, agreed by the Inclusive Framework on BEPS, was published by the OECD last month. HMRC has also commenced its latest series of educational comms on the UK’s Pillar Two rules. The latest OECD administrative guidance on Pillar Two features the following: Use of deferred tax assets and liabilities in the calculation of the effective tax rate (application of the recapture rule, and clarifications in cases of divergences between GloBE and accounting carrying value) Cross-border allocation of current and deferred taxes Allocation of profits and taxes on certain flow-through tax structures Treatment of securitisation vehicles. Further work remains ongoing on the Inclusive Framework on several fronts and a further update will be provided in due course. The latest communication from HMRC on Pillar 2 is the third in the current series. This is being sent to taxpayers which HMRC considers to be in scope of the new Multi-national Top-up (MTT) and Domestic Top-up ( DTT) taxes, as well as those who have asked to be on this mailing list and other interested agents. This update, delayed from its original intended issue date due to the general election, is happening via the following channels: Directly to some large businesses through their Customer Compliance Managers (CCMs) if they have one A bulk email to other large businesses who do not have a CCM and to wealthy/mid-sized taxpayers who have subscribed to receive updates on Pillar Two A letter going to other businesses not already signed-up to receive updates but likely to be in scope.  

The second and final 2023/24 self-assessment payment on account for income tax and Class 4 National Insurance Contributions (NICs) is due for payment in two days’ time on or before midnight on Wednesday 31 July 2024. Each payment on account is half of the previous year’s tax bill. Anyone who is self-employed is required to make two payments on account for 2023/24 unless: their 2022/23 Self-Assessment tax bill was less than £1,000, or more than 80 percent of all the tax owed in 2022/23 was deducted at source, for example via PAYE. If a taxpayer knows that their tax bill for 2023/24 is going to be lower than that in 2022/23, a claim can be made to HMRC to reduce payments on account. Each payment on account made should be 50 percent of the person’s total income tax and Class 4 NICs liability for 2022/23. If the final tax liability in 2023/24 is greater than the total payments on account made, a balancing payment will be due on or before 31 January 2025. By way of reminder, a “Time to Pay” arrangement payment plan can be made online by a taxpayer in relation to self-assessment tax debt, including payments on account. The limit for an individual is £30,000 and £50,000 for a business.  

The OECD Secretary-General Tax Report to G20 Finance Ministers and Central Bank Governors has been published. The report outlines some of the key developments in international tax reform since February 2024, including on the Two-Pillar Solution to address the tax challenges arising from the digitalisation of the economy and on the implementation of the BEPS minimum standards.    

The European Commission proposes to replace the current paper version of the VAT exemption certificate with an electronic one as it progresses digitalising exemption procedures. The proposal includes implementing measures laying down the technical details and specifications concerning the applicable electronic format of the certificate and the way in which it is to be processed electronically. Member States will be allowed to continue to use the paper version of the exemption certificate for a transitional period until 30 June 2030. The Commission has created a portal where stakeholders can share their views and is inviting feedback until 13 September 2024.  

Revenue has updated its guidance on qualifying health expenses. The main changes include a confirmation that chargeable persons in receipt of PAYE income can use the real-time credit facility for health expenses and nursing home fees, and updating the flat rate amounts allowable in respect of children with life threatening illnesses.

Revenue has updated the Tax and Duty Manual which provides guidance on the incapacitated child tax credit.  The guidance is updated in paragraph 3, to remove references to specific medical conditions.  

The EU Cross-Border Payment Service Provider reporting requirements (CESOP), which took effect on 1 January 2024, require Payment Service providers (PSPs) to return data on cross-border payments every quarter. Readers are reminded that the second quarterly filing deadline for CESOP filers in Ireland is this Wednesday, 31 July 2024. Further information and guidance is available on Revenue’s CESOP webpage.

Last week, the Institute, under the auspices of the CCAB-I, wrote a letter to the Minister for Finance setting out a range of proposals to address various legacy issues within the Employment Investment Incentive Scheme (EIIS) which have been carried forward from the days of the Business Expansion Scheme (BES). The issues highlighted in the letter are not matters arising from differences in the understanding of tax policy. Rather, the issues identified are areas where the legislation could be updated without impacting the integrity of the relief and without conflicting with the General Block Exemption Regulation (GBER). The proposals will, in our view, provide clarity to taxpayers and advisors, and also simplify the legislation by removing obsolete provisions.  

Last week, the Institute’s Director of Advocacy and Voice, Cróna Clohisey wrote to the Minister for Finance with a proposal to reduce the lower rate of Employers’ PRSI (ER PRSI) for the purposes of assisting businesses manage the cost of introducing pensions’ auto-enrolment. To counteract the cost of auto-enrolment for employers, the letter notes that consideration should be given to reducing the lower rate of Employers’ PRSI (based on the rate that will apply from 1 October 2024) by 1.5%; from 8.9% to 7.4%. This change would impact the group of workers on minimum wage, many of whom depending on individual age and earnings will be required to enrol.

The Tax Strategy Group (TSG) last week published its annual papers in advance of Budget 2025. The TSG is chaired by the Department of Finance and comprises senior officials and advisers from several governmental departments and offices. The TSG is not a decision-making body, rather its purpose is to outline the tax policy considerations for the Government and the options available to it in forming this year’s Budget. In this year’s papers, the TSG notes that the key challenges for Ireland’s economy are ongoing capacity constraints, the aging population, digitalisation, de-carbonisation and de-globalisation. The TSG also highlights the country’s reliance on multinational companies and the vulnerability that this presents for our corporation tax base. The full list of papers released by the TSG are as follows: Income Tax (TSG 24/01) includes a summary of tax yields, information on the distribution and burden of income tax and USC and policy considerations for reform. Other items discussed include tax relief for sporting bodies and philanthropy, the incapacitated child tax credit, income tax property-related measures and pensions. Pay Related Social Insurance (TSG 24/02) examines issues including social transfers, Irish labour market trends, social protection budgets and costings. Corporation Tax (TSG 24/03) examines a range of topics such as corporation tax trends, implementation progress of the OECD BEPS Project (including Pillar One and Pillar Two), EU tax developments, an update on Apple State Aid case and a discussion on various business support measures, including the Research and Development Tax Credit. Enterprise Supports (TSG 24/04) discusses various business tax reliefs, including Reliefs for Investment in Corporate Trades (EII/SCI/SURE) and Innovative Enterprises (Angel Investor), Revised Entrepreneur Relief, Retirement Relief, Share-based Remuneration and accelerated capital allowances. It refers to the report of the TALC Sub-Committee on Simplification and Modernisation of Business Reliefs for SMEs, noting that the Department of Finance will consider some matters of policy that were identified by stakeholders. The Department will also consider administrative proposals that may require legislative amendment. Agri-Taxation Measures (TSG 24/05) looks at the agri-taxation measures available under each tax head. Capital and Savings Taxes and Stamp Duty (TSG 24/06) covers capital gains tax, capital acquisitions tax, DIRT, life assurance exit tax, stamp duty, the Tax Appeals Commission and residential zoned land tax and examines rates, yields and exemptions associated with these taxes. It also provides an update on the Department’s ongoing project to improve the reporting of Tax Expenditures. Value Added Tax (TSG 24/07) reviews VAT rates and structures, provides options for change and looks at VAT developments at EU and domestic level.

While there is a balance between employee privacy and workplace safety, effective monitoring can boost productivity and protect against harmful work practices, says Moira Grassick Workplace monitoring, while controversial, is a legitimate and legal method that you can implement to protect your staff and business. Permitted methods of surveillance include maintaining CCTV systems, monitoring internet browsing history, inspecting email traffic, listening in on telephone calls, or conducting employee bag searches. If implemented correctly, effective systems to monitor employee activity can help safeguard against harmful work practices and encourage higher levels of productivity within an organisation. You should, however, be mindful that any such monitoring activity be proportional to the employment risks requiring surveillance, and it’s crucial to notify your employees of the surveillance and its purpose. Should you monitor your employees? Employers who suspect their employees may need surveillance can choose to keep an eye on their behaviour through employee emails, internet browser history, and access locations. This way, employers are better positioned to evaluate if employees are acting inappropriately. Make sure your electronic monitoring is clearly defined and communicated with a well-explained purpose and is targeted. It’s crucial for employers to approach such initiatives openly and fairly and to not be overbearing. The more employees feel their privacy is violated, the more dissatisfied they become with their role. What can you do when monitoring employees? You want to ensure that your employee isn’t violating their contract or engaging in illicit activity. So, how can you check while still respecting your employee’s privacy? When engaging in employee surveillance, organisations should focus on clarity and communication. Ultimately, employees should be informed of any monitoring activity and its planned use. However, the Workplace Relations Commission (WRC) stated that there are certain instances, albeit narrow, when covert surveillance may be justified where the behaviour of the employee, if proven, may be an offence. This is following a case where the WRC considered whether the use of data recorded on covert surveillance equipment can be relied on as evidence to dismiss an employee. The court relied on a precedent approved by the Data Protection Commissioner which stated that “the use of recording mechanisms to obtain data without an individual’s knowledge is generally unlawful. Such covert surveillance is normally only permitted on a case-by-case basis where the data is gathered for the purposes of preventing, detecting or investigating offences, or apprehending or prosecuting offenders”. The use of a private investigator by an employer has also been deemed to be lawful in circumstances where it’s not central to the case against an employee. Employers enjoy discretion to contract the services of a private investigator to monitor an employee who is suspected of fraud or workplace misconduct. Each case will be reviewed on its facts but the discretional use of a private investigator will not invalidate a dismissal if the surveillance is required in the context of fraud or gross misconduct. The evidence gathered by the private investigator cannot be the sole basis for the employer’s decision to dismiss. Avoid overreliance on surveillance Excessive reliance on surveillance data can result in the setting of unfair targets and take away autonomy, which will have additional negative implications on employee morale. Employees may even respond by trying to subvert surveillance systems, creating further employment issues rather than preventing them. While employers are legally authorised to monitor employees through various methods, it’s important to implement these systems in an open, fair and lawful manner. It’s also recommended that organisations consider if surveillance is actually necessary, and take appropriate steps to establish that any monitoring methods are proportionate to the risks involved. Moira Grassick is Chief Operating Officer at Peninsula 

As organisations around the world continue to recover, the CrowdStrike software glitch serves as a wake-up call to keep businesses secure against unforeseen IT failures, says Puneet Kukreja It is estimated that 8.5 million Windows devices across 674,620 direct customers in 1,200 unique industries were affected due to a flaw in a routine update issued for a piece of cyber software. It was not a cyberattack or breach. However, the outage has triggered warnings from cybersecurity experts about a surge in hacking attempts exploiting the IT disruption. The disruption on 19 July 2024 pales in comparison to the WannaCry virus in 2017 that infected around 230,000 computers across 150 countries before a kill switch was identified. The widespread impact of the global IT outage was quite alarming for those directly affected. People were not able to withdraw money from bank accounts, supermarkets were forced to close, airline fleets were grounded, and congestion built up at major ports across the world. Global IT outage exposes critical fault lines The outage brings organisations like major software vendors and IT infrastructure providers into the realm of critical infrastructure, underscoring their importance to our daily lives as well as their broad socio-economic significance. It also brings into focus the question of trust. Just as people turn on the tap in their homes to get clean water that they don’t need to test before consuming, they turn on their computers with the same level of trust not expecting to get a “blue screen of death” because of a routine update from a trusted provider. There is a significant element of concentration risk at play. A vast majority of the world’s IT systems run on a handful of providers. Should any of them experience an outage, the results could be catastrophic, extending far beyond mere inconvenience. Such an event could compromise public health and safety, and even put lives at risk. Minimising risk One way to reduce concentration risk is to diversify. However, the interconnectedness of the technology provider ecosystem means that this may not be very practical. The question of trust will arise for many of the organisations affected by the recent outage. At least some of them may be considering switching providers. This is not necessarily a wise course of action though. It would risk further disruption with no guarantee that the new solution would be as effective. The fact remains that the likely cause of the outage was human error, and this does happen from time to time, even in the very best organisations. This puts the focus back on the affected organisations. Every organisation must take responsibility for its ability to function and provide services to its customers, even in the most trying of circumstances. It matters little to your customers if an IT outage was caused by a cyberattack or a flawed software update – all they care about is that they are not disrupted. This increases the importance of IT resilience and robust business continuity plans (BCPs). IT resilience has now become a fundamental aspect of business operations, enabling organisations to quickly recover and maintain continuity in the face of unforeseen disruptions such as that caused by the global outage. By embedding IT resilience into their core strategies, businesses can ensure that they remain operational and competitive, and continue to serve their customers even amidst the growing complexities and vulnerabilities of the digital landscape. Building better resilience The introduction of regulatory frameworks such as the NIS2 Directive and Digital Operational Resilience Act (DORA) makes IT resilience and BCPs even more important. Article 18 in the NIS2 Directive mandates that essential and important entities implement risk management measures, including advanced threat detection and continuous monitoring. Article 20 requires regular testing and updating of these measures to ensure effectiveness. DORA, on the other hand, emphasises operational resilience in the financial sector, with Article 11 focusing on the need for thorough digital operational resilience testing, and Article 15 mandating comprehensive incident response and recovery plans. Organisations must foster a culture of resilience through regular employee training across critical systems, ensuring quick recovery from disruptions. By adhering to NIS2 and DORA, businesses can enhance their resilience, ensuring they remain operational and competitive amidst evolving digital threats and not just those related to cybersecurity. In this respect, businesses should know their: BCPs well and test them regularly; resilience gaps and identify corresponding workarounds; third- and fourth-party technology ecosystems; recovery strategies and establish a clear tiering system; and limits around “stretch capability” partners through consistent testing. Armed with these five “knows”, organisations will be able to recover quickly and continue to operate even during times of extreme disruption. Puneet Kukreja is Cyber Security Leader at EY UK & Ireland