The integration of the Tax Control Framework with the Tax offences

The TCF, certified by accountants or lawyers, is a fundamental element for accessing the Cooperative Compliance regime or the special regime provided for SMEs.

For its preparation, the process of qualitative and quantitative risk assessment cannot disregard the analysis of the company's internal procedures and protocols and existing controls, even if established for different but related purposes. For example, consider the control points on internal processes developed by listed companies to ensure the accuracy and reliability of financial reporting data under Law 262/2005.

During the initial stages of TCF preparation, it is often necessary to first evaluate the constellation of various internal control procedures to assess their synergies and integrations, aiming to implement a broader and more effective internal control system and enterprise risk management.

In this context, the most significant synergies are perhaps found between the TCF and the organizational, management, and control model (MOGC) developed under Legislative Decree 231/2001 (Decree 231). Both instruments, focusing (entirely in the case of the TCF and partially in the case of the MOGC) on tax risk, represent the organization's commitment to prevent tax fraud through appropriate controls aimed, directly or indirectly, at preventing the commission of tax crimes under Legislative Decree 74/2020.

Interactions between TCF and 231 Model

Let us take a step back: the TCF aims to prevent the risk of operating in violation of tax regulations or contrary to the principles or purposes of the tax system. The analysis covers all situations that involve tax risk, including administrative areas, ranging from incorrect treatment of specific facts, transactions, or tax-sensitive items to any possible violation of compliance obligations (e.g., failure to report, false declaration, etc.).

The adoption of an effective organizational, management, and control model (MOGC) aims, under the various measures to be adopted according to Decree 231, to allow the entity to benefit from an exemption from administrative liability in case of crimes, including tax crimes listed in Article 25-quinquiesdecies of Decree 231, committed by its directors, managers, employees, or third parties acting on its behalf if carried out in the interest or advantage of the company itself.

These are therefore two parallel systems:

• The TCF maps all tax risks, quantifies them, and assigns a score derived from various factors such as the likelihood of occurrence, its potential and residual impact, considering the controls implemented.
• 231 Model aims to identify specific internal organizational situations where crimes may occur, raising awareness among personnel, including top management, about the risks related to their commission during their activities.

Maintaining the goal of integrated governance, monitoring the tax risks identified in the TCF is typically assigned to internal figures within the organization, some of which may be specifically established (Tax Risk Manager), and others typically include the CFO and the Head of Tax. In contrast, the adoption of 231 Model is the responsibility of the Board of Directors; oversight of its functioning, compliance, and updating is entrusted to the Supervisory Body (Organismo di Vigilanza), an independent body with the power, within its functions, to initiate internal audits and investigations.

Despite their different purposes and operational approaches, the objective of preventing fraud is common. The well-known Circular of the Tax Police (Guardia di Finanza) No. 0216817 of 1 September 2020, regarding the changes to the regulation of tax crimes and the administrative liability of entities introduced by Decree-Law 124/2019, noted how the then new regulations required the update of organizational models to implement effective tax risk management systems.

It was highlighted, in particular, how a positive judgment from the Tax Authorities following the investigation for admission to collaborative compliance could serve as a useful evaluation element of the effectiveness of 231 Model by the Judicial Authority, disregarding considerations about other legal requirements for exemption purposes in cases where the crime is committed by a senior role rather than a subordinate. Today, considering the regulatory evolution, it can be stated that the same effects could be obtained with a TCF certified according to the law, necessary for accessing the Cooperative Compliance regime or the optional reward regime.

The Integrated Risk Assessment Process

Currently, the most frequent scenario is a company that already has an implemented 231 Model and intends to approach a mapping of corporate tax risks for the preparation of the TCF. The process begins, even before considering adherence to the Cooperative Compliance regime, with the intention to analytically investigate various company processes (managed by each company function) to "uncover" the risks lurking within them. The process, often promoted by the Head of Tax, aims to raise awareness across the entire company and top management about the tax variable, considering the negative impacts in terms of reputation, sanctions, and legal consequences in case of serious or criminally relevant violations.

In this context, the outcome of TCF implementation can certainly help to enhance 231 Model, but an additional step could be the integration of 231 Model with a matrix document developed with the same methodological approach as a TCF but focused on the risk of committing tax fraud.

Operationally, this would mean integrating the TCF with an appendix specifically focused on the risk of committing tax crimes: with the goal of identifying the specific situations within which they may materialize within the company (to define all necessary controls), functions, activities, processes, and existing procedures will be thoroughly examined, comparing the routine behaviors of each function's members with the typical methods of committing crimes or functional to their commission, applied to concrete cases.

The presence of a TCF with such an appendix would thus have the dual benefit of making 231 Model even more effective and, at the same time, representing the taxpayer's commitment, as required by the Code of Conduct for taxpayers adhering to the collaborative compliance regime (Decree MEF 29 April 2024), to "take necessary measures to prevent the organization from being involved in tax fraud phenomena, including those resulting from conduct by third parties, such as individuals, companies, or entities of any nature, other than the taxpayer, even if linked to the latter by employment, participation, collaboration, commercial relationships, or other."