In July 2022, the Reserve Bank of India (RBI) issued A.P. (DIR Series) Circular No.10 permitting international trade settlement in Indian Rupees. In sync with this RBI Circular, the Government has amended the Foreign Trade Policy to permit invoicing, payment and settlement of exports and imports in INR. Under this mechanism, the payment for imports would be made by the importers in INR and the same would be credited into the Special Vostro account of the correspondent bank of the partner country maintained with AD Bank in India. In case of exports from India, Indian exporters would be paid the export proceeds in INR from the balances in the said Special Vostro account.
Foreign Trade Policy 2015-2020 was originally valid for five years up to 31 March 2020, which was subsequently extended up to 31 March 2022, and then extended till 30 September 2022. Now, the Government has further extended the validity of Foreign Trade Policy 2015-2020 and the Handbook of Procedures by another six months till 31 March 2023. FTP inter alia provides various export promotion/incentive schemes such as EPCG, Advance Authorization, EOU, STP etc. Such schemes now would continue to operate in their present form up to 31 March 2023.
The time limit to file report of fulfilment of export obligation under para 5.15 of the Handbook of Procedures is extended from September 30, 2022 to 31 December 2022 for the year 2022-23.
The Bombay High Court in a writ petition filed M/s Oasis Reality has held that the requirement of pre-deposit of disputed demand for filing an appeal under the GST law can be complied with by utilizing the balance available in electronic credit ledger. The Hight court referred to a clarification issued by CBIC in Circular F. No. CBIC-20001/2/2022-GST dated 6th July 2022 that balance in electronic credit ledger can be utilized for any amount payable towards output tax whether self-assessed in return or payable as per the consequence of any proceedings under law. Since, the amount payable by the petitioner was towards output tax, the court held that the petitioner could utilize the amount available in electronic credit ledger.
The Karnataka AAR in the case of M/s Myntra Designs Private Limited has held that, the applicant is not eligible to avail input tax credit on the vouchers and subscription packages procured by them from the third-party vendors, that are made available to eligible customers in the loyalty program.
The applicant in this case contended before the AAR that the expenditure incurred is “in the course or furtherance of business” and accounted as expenditure in books related to business and further stated that the third-party vendors raised their invoices in respect of sale of vouchers and subscription packages by classifying their outward supply under the SAC 9983 as “other professional, technical and business services” being termed as ‘supply of services’. Further, considering that the restriction under section 17(5)(h) of the Central GST Act is applicable only in respect of goods disposed of by way of gifts; the said restriction on input tax credit would not be applicable in their case because what is given as gift to the customers is a ‘service’ and not ‘goods’.
The AAR however rejected the contention of the applicant and in support of its ruling noted that:
Having regard to the above, the AAR ruled that the applicant is not eligible for input tax credit on procurement of vouchers and subscription packages. It is interesting to note in this case that the AAR chose to ignore the classification of supply as adopted by the supplier and independently arrived at classification of supply to decide eligibility to input tax credit.
Cybersecurity, vast and extensive as it is, is generally considered a purely technical domain. Having said that, the approach of each company to its security would have a philosophical bent. As a technical domain, the field of computer science has never shied away from using philosophies to describe its dilemmas, like the Philosopher’s Chopstick to describe a deadlock and many others. That is because Computer Science and philosophy share a foundation rooted in logical reasoning. Computer scientists and programmers use mathematical and symbolic form of logic to build hardware and software products. Philosophy uses words to logically examine ideas and concepts. This writeup is quite simple to comprehend though. We will analyse the idea of Zero trust policy and see how important it is in today’s world of cybersecurity – especially when majority of our teams move rapidly in to cloud / hybrid infrastructure.
Zero Trust Security is a foundational element, a philosophical approach to security that is essential for every organization, business, or entity with an online presence. In layman’s term, this policy works on the assumption that you simply cannot separate the “good guys” from the “bad guys”. The traditional methods of establishing a strong perimeter to keep out the malicious actors have been long out of date. Our assets or resources that is the data, applications, infrastructure, and devices are increasingly hybrid or outside of the perimeter that we have strongly set up.
With Zero Trust, no actor can be trusted till they are verified. As far all the other strategies are concerned, this one has a holistic approach to security which ensures that everyone and all the devices granted access are who and what they claim to be. In the current digital age, data is spread across innumerable services, applications, devices, and people. Setting up a password protection or firewall or some other kind of perimeter is not enough in today’s world. In this age of digital transformation, perimeters don’t exist, and the old parameters of security doesn’t stack up to the sophistication of today’s threats.
The elements of the Zero trust security are straight forward and uncomplicated. We could boil it down to the three core principles:
Being simple doesn’t mean it is easy to execute. However, for organizations choosing the Zero Trust Policy, it simply becomes how security happens.
Verify Every User
Today, organizations rely on only one verification method such as Single sign-on (SSO) which has a lot of advantages. Users don’t have to type passwords every time to use or access something and could reduce the number passwords they have to manage.
But, let us look at a few hypothetical situations. What if THAT one password is compromised orwhat if someone forgets to lock their system? In those cases, SSO lead to a security gap.
To avoid such issues, SSO needs to be balanced with Multi-Factor Authentication (MFA). Ultimately, you need to balance security and end user experience. But, it may be too onerous for end users to be constantly asked for additional factors of authentication.
Validate Every Device
Nowadays, nearly everyone has their devices locked down with a password of some sort, and that is unequivocally a great thing. Remember, however, that passwords are only one piece of the puzzle. To ensure real safety, devices must also have adaptive MFA to go along with that password.
When MFA-supported passwords are combined with some level of device management, the right policies are put on the device and locked in place, and the context of the device (where it’s used, what browser it has, etc.) is always understood, then it’s safe to make an access decision.
Intelligently Limit Access
The next aspect to discuss in the Zero Trust Security is the resources of the organization and who uses it. Make sure that on day one, an user is productive, they have access to the accounts they need, and devices are set up with the clients they need. When they change roles, their access likewise changes to fit their new job / role, or if they leave, those privileges are automatically revoked.
Most importantly, it is essential that all these capabilities are integrated and work together so that they can be applied in real time without adding delays to access decisions for APIs, or for users who are logging onto applications.
The Zero Trust strategy is result oriented. Beyond protecting valuable data by reducing the chance of breach, studies have shown that this approach has resulted in 50% fewer breaches and companies have spent 40% less on technology as everything is integrated. Also, recently aForrester study pointed that companies that adopted the policy are more confident in their ability to implement new business model and customer experience to the market. Thus, we can say, Zero Trust Infrastructure, is one line everyone can get behind.
The Monetary Authority of Singapore published an information paper on” Strengthening AML/CFT Practices for External Asset Managers”. This information paper is based on thematic inspections and engagements on anti-money laundering and countering the financing of terrorism (AML/CFT) conducted by MAS of selected external asset managers (“EAMs”). It sets out MAS’ supervisory expectations for effective AML/CFT frameworks and controls and includes good practices and illustrative examples observed. Its learnings should also be considered by other financial institutions.
MAS highlighted the following conclusions from their information paper:
The Monetary Authority of Singapore (“MAS”) has released a circular setting out key observations and expectations for effective anti-money laundering (“AML”) and countering the financing of terrorism (“CTF”) frameworks and controls following an industry-wide survey of Variable Capital Companies (“VCCs”) and a series of thematic engagements of eligible financial institutions (“EFIs”) to assess the effectiveness of their AML/CFT risk management and controls.
Insufficient oversight by VCCs of appointed EFIs
On 12 September 2022, the Business Trusts (Amendment) Bill (“Bill“) was tabled in Parliament for First Reading. The Bill seeks to amend the Business Trusts Act 2004 (“BTA“) which governs the registration and regulation of business trusts (“BTs“).
Certain key amendments to the BTA set out in the Bill are as under:
(A) Re-alignment with the Companies Act
(B) Aligning with Corresponding Provisions of REIT Regulatory Regime
Taking reference from the REIT regime, the BT(A) Bill will strengthen the governance requirements of the BT regime by reducing the percentage of voting rights required to remove a trustee-manager from not less than three fourths to a simple majority of the voting rights of all the unitholders. This will instil greater market discipline by facilitating investors in holding TMs accountable for their performance.
(C) Miscellaneous amendments
Other amendments include clarificatory amendments, amendments to align with Securities and Futures Act 2001 provisions, miscellaneous amendments consequential to the CAAs, and amendments to reduce administrative requirements, for example, providing for: