The Kenya Revenue Authority (KRA) published a notice in the local media recently calling for views and comments on the draft Value Added Tax (Electronic Tax Invoice) Regulations, 2019 from members of the public, manufacturers, wholesalers, retailers and the larger trading community. This notice followed an earlier one that informed manufacturers and suppliers of fiscal devices about the issuance of new specifications of Electronic Tax Registers (ETRs) in line with the requirements of the VAT Act 2013.
According to the earlier notice, the enhancements were necessitated by a review of the reporting system in iTax to require online transmission of transaction data to the KRA through the Tax Invoice Management System (TIMS). TIMS is set to enable seamless population of taxpayers’ VAT returns hence reducing filing errors and ultimately reducing the cost of tax compliance.
The last time KRA attempted a similar changeover was in 2005 after the introduction of Value Added Tax (Electronic Tax Registers) Regulations, 2004. This move was met by stiff resistance from the business community back then. The matter was eventually settled in court after the KRA proved it honoured some of the taxpayer demands like allowing the cost of purchasing the device to be fully recovered from VAT payable (if purchased prior to last day of 2006).
It is now 14 years later and the taxman is really emphatic about embracing technology fully in its operations as communicated in the recent Annual Tax Summit 2019. The questions lingering around the new roll out mainly challenge the interests of traders like cost of compliance and data security. I prefer to call the new tax registers – smart registers. Just like a Smart TV is deemed ‘smarter’ than a digital or normal TV because of its ability to access the internet via Wi-Fi, the TIMS system will integrate trader systems (ETRs) with iTax through the internet to allow generation of electronic tax invoices and their transmission.
The revised ETR specifications raise no doubts that current ETR machines or systems may not be compatible with TIMS. The business community may be interested in identifying the bearer of the cost of replacing existing systems within their premises. It will also be of concern to see how compatible TIMS will be with the normal business operations and working systems of taxpayers. Any disruptions may not be admitted by taxpayers hands down.
It is evident that the KRA was unable to fully roll out the previous ETR specifications to sectors like international air transport and online markets. The previous ETR regulations were not compatible to regulated industry practices like air ticketing. International passenger air ticketing is monopolised by an online system run by IATA, the industry regulator. Similarly, most online market portals simply connect buyers to sellers and will naturally run paperless transactions. To date, such transactions remain incompatible with the current ETR specifications. Will the KRA remain tolerant to the operations of some of these sectors when rolling out TIMS? or will it demand a mass disruption of the industry players by insisting on compliance at all costs?
Another major concern is data security. TIMS will enable the KRA to make enhancements to iTax so as to increase its efficiency and effectiveness in tax administration through simplification of its user’s interaction. This will be accomplished by use of a Control Unit connected or integrated to existing trader systems. The Control Unit will perform the functions of tax invoices validation, encryption, signing, transmission and storage. The communication between the Control Unit and the TIMS Application server at the KRA will be over the Internet. One of the principles of taxation is confidentiality. The Tax Procedures Act 2015 guarantees taxpayer confidentiality by even criminalising offenders. What measures has the KRA coded in TIMS to ensure taxpayer confidentiality as per the Law? Will taxpayer data and information collected by TIMS and transmitted through the internet be strictly confidential and used exclusively by the KRA?
Furthermore, data protection and security laws around the world emphasise the fair obtaining and further processing of personal data (with direct consent) and data security of the personal data once collected. Kenya’s data protection legislation is currently limited to the Constitutional provisions under the 2010 Constitution. There are currently two draft Bills on data privacy and protection in Kenya. The absence of a data protection law makes the disclosures to be made subject to abuse, even with the framework under the Tax Procedures Act 2015.