According to notifications from 234 countries to the World Health Organization (WHO)[1], the global impact of the pandemic was felt by 776 million people and resulted in around 7 million deaths. It has also caused serious economic damage, with a GDP reduction of around 6% in 2021 compared to the IMF’s pre-COVID projections, which had a strong impact on low-income households.

As referred to by Brondolo, Aslett & Komso (2020), tax administrations were also seriously affected by the following factors:

• • Disruption to usual social and commercial functions, including the closure of businesses, schools, and other institutions.
• • Significant reduction in the number of tax administration staff available for work due to illness or other factors related to an outbreak.
• • The need for some or all tax administration functions to be performed remotely (i.e., from an alternative workplace, including home).
• • Changes in tax and social policy, which require new tax administration procedures, personnel training, and improvements in information systems.
• • Prolongation of the crisis situation, followed by waves of contagion (in reality, the crisis lasted for many months).

Business continuity

Business continuity is an organization’s ability to maintain and restore critical operations in the event of disruption, ensuring essential services are available within acceptable timeframes. This is achieved through a Business Continuity Plan (BCP).

For tax administrations, ensuring operational continuity has historically been a key concern, with different levels of maturity and scope depending on the institutional context.

During a pandemic crisis, NCPs should (a) plan, organize and implement an approach to managing business continuity during a range of possible pandemic-related scenarios, and (b) ensure the continuity of revenue collection and the functioning of the institution, thereby helping to finance and implement government responses to the crisis (IMF, n.d.).

The pandemic constituted a real stress test for these plans. In most cases, existing BCPs had to be adjusted and refined in order to respond to conditions that were not fully foreseeable.

Many of the measures adopted during the pandemic proved effective, and in several cases, the solutions implemented to address initially temporary situations were later incorporated permanently due to their applicability to other crisis scenarios or because the effects of the pandemic persisted beyond its acute phase.

Vulnerabilities and solutions

During the pandemic, various types of vulnerabilities were identified to be resolved or mitigated.  Table 1 summarizes the most relevant:

Table 1: Vulnerability x Treatment

What key aspects of continuity in the COVID-19 era remained valid in the post-pandemic context?

Overcoming traumatic experiences can become a learning process and strengthening resilience[2].  In the context of the present discussion, the COVID-19 pandemic, and its effects, many still in force on society and in particular on tax administrations, evidenced the need to institutionalize various measures adopted for the management of vulnerabilities, as set out below.

1. Dependency on the taxpayer’s physical presence and paper-based operations

The more digital a tax administration is, the less the dependence on physical presence and the handling of paperwork by taxpayers and employees.

The digitalization of tax administrations, advocated as “Tax Administration 3.0” in OECD (2020), already indicated in its introduction that “although it was not foreseen, the publication of this document takes place while we are still immersed in the global COVID-19 pandemic. It is hoped that the report will also help us in our current reflections on how to make the tax administration more resilient and agile….”

Intensifying digitalization increases the dependence on information systems; consequently, NCPs must strengthen their capacity to identify, mitigate, and manage the vulnerabilities inherent in these systems.

2. Vulnerability of the workforce

The most important impact for the workforce was the introduction of remote work, which made it possible to ensure the continuity of critical functions in the context of severe health restrictions. Its adoption also showed gaps in technological infrastructure, digital capabilities, and regulatory frameworks.

Many of the remote work strategies adopted during the crisis have been institutionalized, consolidating a hybrid operating model that continues to be in force today, as evidenced, for example, by the federal and subnational tax administrations of Brazil.

The hybrid model demands institutional changes, such as the adoption of management by results schemes, and poses challenges in terms of supervision, motivation, cohesion, and organizational culture.

3. Vulnerability of the information system

Vulnerabilities highlighted in the pandemic ratified the need for a functional and operationally robust tax information system.

The remote operation of tax information systems, in particular, increases the need for stability and performance, in addition to posing new challenges and requiring the development of specific regulatory and technological frameworks for the proper management of inherent risks.

Among these, we can point out: (a) security risks, derived from the increase in the attack surface and the need to strengthen the protection of end devices (antivirus, antimalware, control of external devices, patch management, among others), in addition to the adoption of VPN[3] and more robust models of identity management and two-factor authentication; (b) risks associated with data, such as the generation of uncontrolled local copies, the use of unauthorized applications and the potential leakage of information; (c) legal and privacy risks, linked to the difficulty of inspecting personal devices and possible labor conflicts; and (d) operational risks, related to the increased complexity of technical support and the need to define clear policies regarding the use of personal devices (e.g. BYOD policy rules/limitations)[4].

Likewise, data networks, both private and public, acquire a significantly more critical role, as they become an essential component for the continuity and security of operations.

4. Reliance on external organizations

External organizations play an increasingly important role in the functioning of tax administrations, by participating directly or indirectly in key processes such as collection, information exchange, and the provision of services to the taxpayer. These include financial institutions, technology providers, electronic invoicing platforms and public bodies, whose interoperability with the tax administration is essential for the fulfillment of their functions. This growing dependence expands the operational ecosystem and also introduces new risks and challenges in terms of continuity, information security, and governance.

The pandemic underlined this dependence and corroborated that interaction with external organizations should be managed holistically within the continuity plans of tax administrations.

Final comments

The COVID-19 pandemic constituted an unprecedented stress test for the operational continuity of tax administrations, evidencing both strengths and weaknesses in their continuity plans and in the resilience of their information systems, with many of the lessons learned gradually incorporated into them.

In particular, it has been demonstrated that business continuity in tax agencies—which are becoming increasingly data-intensive—depends critically on the availability, integrity, and security of their technology platforms and the digital ecosystems in which they operate.

Bibliographic references

Brondolo, J., Aslett, J. & Komso, A. (2020). “Tax Administration: Designing a Business Continuity Plan for an Epidemic”. IMF Technical Notes and Manuals 2020. Available at: https://doi.org/10.5089/9781513559865.005

IMF (n. d.). “Business Continuity for Revenue Administrations.” IMF Special Series on Fiscal Policies to Respond to COVID-19. Available at: https://www.imf.org/-/media/files/publications/covid19-special-notes/en-special-series-on-covid-19-business-continuity-for-revenue-administrations.pdf

OECD (2008). “Tax Administration 3.0: The Digital Transformation of Tax Administration.” OECD. Paris. Available at: http://www.oecd.org/tax/forum-on-tax-administration/publications-and-products/tax-administration-3-0-the-digital-transformation-of-tax-administration.htm

References:

[1]  See “COVID-19 epidemiological update – 24 December 2024”, WHO publication

[2]  According to interpretations of Nietzsche’s work.

[3]  VPN – Virtual Private Networks

[4]  BYOD (Bring Your Own Device) – This is a policy that allows employees to use personal devices (smartphones, laptops, tablets) for work activities and access to corporate systems.

21 total views, 6 views today