It is common knowledge that supply of goods or services to SEZ unit is a zero-rated supply and supplier need not pay GST under forward charges mechanism. The applicant in this case M/s. Portescap India Private Limited had approached authority for advance ruling (AAR) to seek an answer to the question whether they are liable to pay GST under reverse charge mechanism (RCM) on renting of immovable property services received by it from SEZ developer.
AAR had earlier ruled that applicant is liable to pay GST under RCM in this case. Aggrieved by this ruling applicant filed an appeal before appellate AAR. The appellate AAR overturned the AAR’s decision and held that subject to providing a letter of undertaking or bond as a deemed supplier of service, the applicant is not required to pay GST under RCM.
The issue in this case before the Hon’ble Supreme Court was regarding classification of All-in-One Integrated desktop computers. The assessee in this case M/s. HP India Sales Private Limited imported All-in-One desktop computers and classified them under tariff item 8471 50 00 as other Automatic Data Processing machines (ADPs). The customs Authority were of the view that the ADPs in this case are portable and thus they merit classification under tariff item 8471 30 10 resulting in higher collection of duty.
The department contended before Supreme Court that the ADPs in this case are portable and can be carried easily from one place to another as the weigh is less than 10 kgs. Absence of inbuilt power source does not make these ADPs as non-portable. The department further contended that the display dimension of the ADPs (18.5 inches) will not affect the portability fact of the goods.
The Assessee contended that the classification involves an element of functionality and the ADPs in their case are not capable of functioning without any power source. Assessee further contended that the weight is not the sole factor to determine the portability of any commodity and the meaning of the word ‘portable’ ought to be understood in the context of ADPs.
The Supreme Court accepted the classification adopted by the assessee and held that:
Considering the above discussions, the Supreme Court has held that the ADPs in this case are not portable as contended by the department and approved the classification adopted by the assessee.
The future is going to be AI and the past days have shown us figment of the future of AI with Dall E, Stable Fusion, and the internet sensation nowadays, ChatGPT. However, the space crept up by the Artificial Intelligent software were not the ones that people predicted that it would. In the past, while people discussed about Artificial Intelligence over a tea, everyone focused on jobs that are less complex and would require less cognitive ability. But defeating the lay man’s prediction, AI has lived up to its name and is performing tasks that require not only cognitive abilities but also creative minds.
The current interfaces could write you poems, stories, essays, articles, codes, draw you pictures and a great range of other things that requires an artistic mind. This mostly surprised a lot of people who thought AI driving car itself as a peak application of the technology. Some predicted that AI would mostly take over jobs that are mechanical and repetitive tasks giving more time to humans to pursue their creative talents. However, we are looking at a utopian future where AI would work together with humans at the same level or even at a superior level.
That being said, it is clear that the impact of AI in the field of cyber security would be profound as AI is everchanging and ever evolving. However, evaluating the current capacity of AI, there are several advantages as well as disadvantages for AI in the field of cybersecurity which we would discuss in the following sections
With the help of machine learning and deep learning technologies, AI can learn more about organization’s network behavior over a period of time. The capacity to crunch large amount of data, identify patterns that are manually a herculean task, and clustering them together to find any deviation through any deviations in the normal traffic.
There are new methods developed and deployed by hackers every minute that needs to be countered. Modern AI powered solutions are necessary to prevent such sophisticated social engineering attacks that can harm your organization. AI can identify and alert any threat that may not familiar or even zero day threat by identifying certain threats with certain basic characteristics of the malware being used.
Your average phone has a speed of 2.5 GHz, that means the CPU completes 2.5 billion cycles in a single second. Now imagine an AI powered by advanced CPU hosted on clouds with powerful CPUs and GPU executing multiple queries at the same time. AI can detect potential threats, even when it comes to a large chunk of data. In a company, there is a lot of communication and exchange of data internal and external. This data needs protection from malicious people and software. But it’s not possible for cybersecurity personnel to check all the traffic for possible threats. AI is the best possible solution in this case, which can detect any threat hidden in this traffic.
Attackers tend to change their tactics, but the basic security practices tend to remain the same every day. The repetitive and mechanical nature could dull the person who handles this task manually resulting in a less than accurate result. You can use AI to mimic the best human qualities and avoid the short comings.
Now there is long list of advantages however there are some dangers that we need to prepare for as well. Who could explain the dangers of AI better than an AI. So, I asked it to chatgpt and here is its response.
AI can be misused by hackers in several ways to attack organizations:
Hackers can use AI to create highly convincing phishing emails that can trick employees into giving away sensitive information or downloading malware.
AI algorithms can be trained to automate various hacking techniques, making attacks faster and more effective.
Hackers can use AI-generated fake news, propaganda, and social media posts to spread misinformation and manipulate public opinion.
AI algorithms can be used to automate the process of gathering sensitive information from target organizations.
AI algorithms can be programmed to launch attacks on an organization’s systems without any human intervention, making it more difficult to track and attribute the source of the attack.
These are just a few examples of how AI can be misused by hackers to attack organizations. It is important for organizations to be aware of these risks and take appropriate measures to protect themselves.
So, we now know what AI is capable off in this nascent stage. As it evolves, AI technology is quickly becoming an essential tool for IT security teams to enhance their performance. With the sheer volume of attacks, humans alone cannot ensure the security of an enterprise-level system. AI provides the necessary analysis and threat detection to minimize the risk of breaches and improve overall security.
Additionally, AI can help identify and prioritize risks, streamline incident response, and detect malware before it becomes a problem. Despite some potential downsides, AI is expected to significantly advance the field of cybersecurity and help organizations establish a more secure defense against cyber threats.
On 6th January 2023, the Accounting and Corporate Regulatory Authority (ACRA) has issued its fourth Financial Reporting Surveillance Programme (FRSP) report, which noted that knowledge gap and insufficient due diligence remain the main root causes contributing to material non-compliances with accounting standards. Another root cause was the lack of action taken on issues raised by auditors.
ACRA reviews the financial statements (FS) of Singapore-incorporated companies for compliance with the accounting standards in Singapore and publishes the findings to help companies avoid the common pitfalls and improve their financial reporting. This latest FRSP report covers the FS reviewed between 1 April 2020 to 31 March 2022. Of the 33 sets of FS (comprising 27 listed companies and 6 non-listed companies) reviewed, ACRA found a total of 23 material non-compliance with accounting standards in 12 FS.
The 23 material non-compliances were in areas such as business valuations, impairment assessments, presentation in cash flow statement, consolidation, and equity accounting. Through engagements with the companies, ACRA observed that the material non-compliances were due to the following factors:
a. Knowledge gapwithin the finance teams, Chief Financial Officers (CFOs) and Audit Committees (ACs), resulting in incorrect application of accounting standards;
b. Insufficient due diligenceby the finance teams, CFOs and ACs, on transactions that were neither complex nor required judgement; and
c. Lack of action taken on issues raised by auditors. This includes failure to act upon the areas qualified or disclaimed by the statutory auditors and accepting modified audit reports in consecutive years, instead of taking the appropriate steps to rectify the issues and resolve non-compliances with the accounting standards.
Apart from the efforts made to recruit qualified persons, more can be done to strengthen the competency of the financial reporting team. With evolving business models and more complex transactions, it is critical for preparers to understand the substance of the transactions and the principles behind the accounting standards in order to correctly apply the relevant accounting standards to the transactions. The companies should invest in training to equip and upskill the finance teams, including CFOs and ACs to bridge any competency gaps. Where necessary, the Board can support them by providing access to experts and consultants for advice on more complex matters.
Statutory auditors play an important role in financial reporting – they can assist the ACs, CFOs and finance teams by highlighting accounting and auditing issues early. In such situations, the ACs should guide the CFOs and finance teams to resolve the statutory auditor’s concerns, so as to avoid the issuance of modified audit reports. The Board should also apply rigour in reviewing and approving the FS, to ensure that the FS provides a true and fair view of the financial position and performance of the company.
As companies ramp up their sustainability efforts, attention should also be placed on the accounting implications of climate change. ACs should consider the key accounting and auditing considerations in their review of the FS and engagement with the statutory auditor.
The reliability of financial information is crucial to the credibility and stability of our business environment. Through the FRSP, ACRA will continue to focus its efforts on strengthening the financial reporting value chain so that investors and other stakeholders are provided with reliable and meaningful financial information.
Tax residence status of a company
Under the Income Tax Act of Singapore, the tax residence status of a company is determined by the place where its control and management is exercised.
The meaning of this “control and management” is derived from common law principles— being the directing authority that controls the affairs of a company, usually the strategic management and decision-making body (the Board of Directors who make the fundamental policies of the company’s business).
Such distinguishing factors of this control and management include the body’s power and ability to raise finance; to approve accounts; to appoint those who manage the company’s day-to-day operations; to declare a dividend; to decide on matters relating to a merger/acquisition/joint venture; and has control of the company’s bank accounts.
To be regarded as tax resident in Singapore, it is therefore advisable to have as many of its Board meetings in Singapore, showing that key decisions by the controlling and managing authority of the company are made in Singapore.
While tax resident and non-resident companies are generally taxed in the same manner, tax resident companies enjoy certain benefits, such as:
The Certificate of Residence (COR) is a letter issued by IRAS to certify that the company is a tax resident of Singapore for the purpose of claiming tax benefits under the DTAs that Singapore has concluded with other jurisdictions. It is generally required by the foreign tax authority to prove that the company is a Singapore tax resident.
On 11th January 2023, Singapore Exchange Regulation (SGX RegCo) has announced that it will limit to nine years the tenure of independent directors (IDs) serving on the boards of listed issuers. The proposal to limit the tenure of IDs, which stemmed from recommendations by the Corporate Governance Advisory Committee (CGAC), received broad market support during a public consultation process.
Remuneration disclosure is important for companies listed on the Singapore Exchange because it promotes transparency which enables shareholders and investors to assess the value of the company in relation to how much the management is remunerated and thus incentivized in its management of the company.
Currently, Principle 8 of the Code of Corporate Governance (“Code”) provides that a listed issuer must be transparent on its remuneration policies, level and mix of remuneration, the procedure for setting remuneration, and the relationships between remuneration, performance and value creation. Provision 8.1 of the Code recommends that a listed issuer should disclose in its annual report the policy and criteria for setting remuneration, as well as names, amounts and breakdown of remuneration of, among other things, each individual director and the CEO. Compliance with the Principles of the Code, which set out broadly accepted characteristics of good corporate governance, is mandatory. However, the Provisions of the Code, which underpin the Principles, are applied on a comply or explain basis – as a result, majority of companies choose to disclose remuneration in salary bands citing competition and sensitivity concerns.
Following this announcement, for annual reports prepared for financial years ending on or after 31 December 2024, Singapore-listed issuers will be required to disclose the exact amounts and breakdown of remuneration paid to each individual director and the CEO by it and its subsidiaries. Such breakdown must include (in percentage terms) base or fixed salary, variable or performance-related income or bonuses, benefits in kind, stock options granted, share-based incentives and awards, and other long-term incentives. Termination, retirement and post-employment benefits should also be separately disclosed.
It should be noted that disclosures for at least the top 5 key management personnel (not director or CEO) will remain unchanged – issuers should specify the names, amounts and breakdown of remuneration for such key management personnel in bands no wider than S$250,000.
SGX RegCo believes that the increased transparency will enable investors to assess whether the directors and CEO are appropriately incentivised.
The Code of Corporate Governance defines an ID as one who is independent in conduct, character and judgement, and has no relationship with the company, its related companies, substantial shareholder or officers, which could interfere or be reasonably perceived to interfere with his independent judgement. IDs are important to enable an objective check on management.
Prior to 11 January 2023, a two-tier vote mechanism was in place to allow companies to retain long-serving IDs who have served for more than nine years. Long-serving directors could continue to be deemed independent so long as their appointment was approved by all shareholders, and then by all shareholders excluding the directors and the CEO of the issuer, and associates of these directors and CEO.
With effect from 11 January 2023, this two-tier shareholder voting mechanism will be removed, thereby limiting the tenure of IDs to nine years. It should be noted that this does not prevent directors who have served for more than nine years from being re-appointed; they can continue serving as non-independent directors.
To allow companies time to search for new IDs, existing IDs whose tenure exceed the nine-year limit can continue to be deemed independent until the company’s next annual general meeting for the financial year ending on or after 31 December 2023.
As a result of this change, consequential amendments have been made to Rule 210(5) of the SGX Listing Rules (Mainboard) and Rule 406(3)(d) of the SGX Listing Rules (Catalist) to limit the tenure of IDs to nine years.
These changes have been introduced based on recommendations by the Corporate Governance Advisory Committee (CGAC), following a public consultation process which received broad market support. The removal of this two-tier system promotes an infusion of new IDs directors on the board, giving companies an opportunity to inject new skills, experience and knowledge into their boards, and help to ensure board renewal and diversity.
When organization faces challenges during managing risk and compliance program, it tends to be outdated reporting, lack of ownership or skills, inconsistent controls, manual processes, information silos and limited risk visibility. If this is the state of business within the organization, then the ecosystem becomes complex as it expands exponentially.
RSA Archer Integrated Risk Management helps the organization to strengthen their information security posture by providing a centralized and integrated platform for managing and mitigating information risks across their operations. It also helps in operating accountability across the internal functions and external third-party ecosystem as well.
Some of the areas where Archer provides solution are Audit, Compliance, Operational Risk, Business Resiliency, Third Party Risk and Governance and IT & Security.