Operational tax risk at financial institutions – preventing tax falling through the risk management cracks - Tax and Legal blog


A financial institution is faced with a broad range of local and international operational tax matters. Topics such as VAT, stamp tax duty, transfer pricing, tax accounting or tax transparency, just to name a few, have unique mechanisms and specific interactions with operational processes.

A survey conducted during a recent Deloitte FS Tax webinar indicates that, within most financial institutions,

     (i)      tax subject matters are not under the oversight of a single person or
              department, and
     (ii)     tax risk is not consolidated into the overall risk management framework.

These results show that strong tax risk governance needs to be put in place to ensure that tax risk is not overlooked and such governance should embed a tax control framework.

Building a tax control framework requires the identification and evaluation of risks, notably by considering the following three jurisdictional touchpoints of (i) products, (ii) services and (iii) the client base.

How operational tax risk is currently managed and reported

In our recent operational tax risk survey, 75% of the respondents indicated that the broad list of tax subject matters was not under the supervision of a single person or department in their institutions.

This highlights the importance of a proper tax governance structure. Indeed, the fact that not all tax subjects are under the supervision of the same person is not a bad thing per se, however, it does require strong governance to ensure tax topics and their related risks do not fall in between the cracks.

In that same survey, 13% of the respondents indicated that tax risk was not reported within the overall risk management of their institution, and 63% indicated it was only partially reported.

           What Deloitte sees happening in the marketplace

This may indicate that the risk management team does not have a clear view and understanding of the tax risk exposure of its institution. This result also reflects our experience of operational risk assessment initiatives that financial institutions run, where tax is often left out. This can indicate that operational tax and its associated risks are not properly understood (or are downplayed) by the operations and risk departments, despite general awareness that numerous financial institutions have paid substantial fines and penalties in this area.

Building an appropriate operational tax control framework

        (i)        Identify the risks

The first step in building a tax control framework is to identify the relevant risks. This process needs to be performed each time the financial institution offers a new product or service, as well as, in the case of a regulatory change. This process should also be executed when existing services and products are made available to a wider group of clients that have a tax nexus with new geographies.

       (ii)       Evaluate the risks

Once a risk has been identified, it needs to be evaluated: what is the likelihood of the risk materialising and what are the consequences of its materialisation?

The results of the evaluation, influenced by the risk appetite of the financial institution, will allow management to decide its strategy to address that particular risk. For example, management could decide that it wants to completely avoid a particular risk and will therefore decide to not provide certain services or products. Or they may decide that the risk is acceptable provided that a certain set of mitigating controls are put in place. Understanding the risks will help define key risk indicators that will allow efficient monitoring of risk levels and trends.

High level case studies / examples

  • As an example, let’s take the case of a Swiss financial institution that is considering providing loans to Portuguese residents. Portugal is a jurisdiction that imposes stamp tax duty on loans provided to Portuguese residents by non-resident entities. In certain circumstances, it is the non-resident financial institution’s duty to calculate and pay the stamp tax. Therefore, not identifying the tax obligation and properly mitigating the related risks can create financial and reputation exposure for the financial institution.

  • Another example is the case of service permanent establishment. This type of permanent establishment is unknown in Swiss law, however, it exists in certain double tax treaties between Switzerland and third countries, such as Saudi Arabia. By providing services in Saudi Arabia, a Swiss financial institution can create a service permanent establishment if certain conditions are met. Not understanding this tax concept and its application can mislead the Swiss entity to rely on the Swiss definition of permanent establishment when assessing whether the services rendered create a permanent establishment in Saudi Arabia.

      (iii)      Manage the risks

To manage such risks, financial institutions should ensure that tax specialists have a seat at its new product/services offering committee.

By considering the three jurisdictional touchpoints of: (i) products, (ii) services and (iii) the client base, financial institutions will be able to assess whether any of those touchpoints create a tax exposure.

Only by properly assessing the relevant risks can a financial institution effectively design and deploy an efficient operational tax risk management strategy, which ideally should be aligned with the risk strategy of the overall organisation.

Finally, it is worth noting that: tax strategy and governance is part of the Global Reporting Initiative Standard Disclosure 207 and thus may be applicable to those institutions performing ESG disclosures under such standards.

If you would like to discuss any of these topics in more detail, please do reach out to any of our team below:

Key contacts



Brandi Caruso - Partner, Financial Services Tax & Legal

Brandi heads Deloitte’s Financial Services Tax team in Switzerland and Liechtenstein. She has extensive expertise in advising the Swiss financial services industry on the implementation of US and international transparency regimes (including QI, FATCA, Section 871(m), CRS, MDR and DAC6). Brandi also leads the Financial Services Tax team's efforts relating to innovative technology solutions. Brandi is a US Certified Public Accountant and has 20 years of experience with Deloitte and has worked in London, San Diego and Zurich.


Karim Schubiger_110x110

Karim Schubiger – Director, Financial Services Tax 

Karim leads the Tax Transparency team in the Suisse Romande and Ticino markets within the Financial Services Tax & Legal practice, responsible for services related to QI, FATCA, CRS, 871(m) and DAC6. He is a technical advisor and subject matter expert to financial institutions in the banking, trust, and insurance sectors. Prior to joining Deloitte, Karim worked for eight years in support teams of Swiss banks, in particular in areas such as operations, project and change management as well as operational taxes.


Camille Von Roten 06 (3)

Camille von Roten - Assistant Manager

Camille is an Assistant Manager working in the Financial Services Tax team. She provides QI, FATCA and CRS advice and expertise to global, regional and private banks as well as banking industry groups in Switzerland. Camille holds a Master of Law and Economics from Lausanne University, Switzerland. 



Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.