Technology and tax: CRA portal best practices and digital economy taxation

With increasing tax administration moving online, and the OECD reaching milestones in its work on digital economy taxation, technology continues to transform the world of tax. Get details on recent developments in these areas.

In this update, we highlight:

  • best practices for using the Canada Revenue Agency’s (CRA) My Account, My Business Account and Represent a Client (RAC) portals and other electronic communications best practices
  • updates on the OECD’s project toward global principles for taxing the digital economy

Best practices when dealing with the CRA electronically

Taxpayers and practitioners are using the CRA’s secure online portals more often, so we asked the CRA to share some best practices for their use. We summarize the CRA’s advice below, along with other electronic communication ideas from member firms for you to consider for your practice.

Avoid reusing passwords from other systems for CRA access

You and your clients should use unique usernames (where possible) and passwords for bank accounts, CRA portals and other online services that contain sensitive personal information. The federal government has also posted some easy and useful procedures for maintaining passwords that you should think about adopting. For example, passwords should:

  • be unique
  • have a minimum character length
  • use special characters and numbers
  • be updated regularly, such as monthly

Log into CRA portals using secure connections

Be careful when logging into sites with sensitive information, such as the CRA’s online portals, from unsecured devices or networks. This helps ensure that data transfers remain secure. Using a secure connection helps minimize risk.

Enable email notifications in My Account

This service notifies taxpayers by email when their address or direct deposit information has been changed. Clients who receive these alerts but have not authorized any changes should contact the CRA immediately.

Monitor My Account

Your staff and clients should review My Account for any unsolicited changes or suspicious activity. For staff, monitoring their own My Account is important, as suspicious activity could affect their access to both My Account and RAC.

Select RAC access levels carefully

Your firm should have policies in place around the levels of access to RAC that are allowed for different staff members. Users with Level 2 or 3 access can view and change information, so you should only grant this access to staff members who truly need it for their work. This is especially important for business accounts since it is possible to transfer payments between programs, or between years, within programs.

Remove former firm staff and partners from RAC

Your firm should have a documented internal departure process or checklist that includes removing staff, partners and others from RAC when they leave your firm to ensure their access to clients’ personal information doesn’t continue. You should also regularly check the employee list in RAC to ensure that all former firm members have been deleted and that no other people have been added by mistake.

Ensure clients authorize your firm and not individual firm members

When you ask your clients for representative authorization, be sure that they authorize your firm through your business number or a RAC group identifier (if your firm uses this feature). If a client authorizes an individual member of your firm through the member’s RepID, you may lose online access for the client if that member leaves the firm.

Don’t over-rely on RAC when documenting your client files

The CRA’s online services are a great source of information, but they shouldn’t replace properly documented client files. Remember that if you are removed as an authorized representative, you can no longer access key elements of a tax file, such as notices of assessment, so you should download and save these key elements in your firm’s client files. Access to this information may be important in the event of a client disagreement or dispute.

Make sure clients approve significant account changes

Although many practitioners object to the amount of work needed to obtain T183 representative authorizations, they do deliver proof that your client has approved the tax return that you are filing. Also think about having your clients authorize significant account changes, such as large transfers between business program accounts. The CRA does not require it, but this can also help you manage any future misunderstandings that may arise.

Also, when communicating with clients, remember that many of their documents include social insurance numbers and other sensitive information, such as tax slips, returns and T183 authorizations. Transferring this information through email poses serious risks as email may not be secure. There is also the risk of sending an email to the wrong person by mistake. Although your staff and clients might prefer the ease of email, using secure client portals mitigates these risks and they get easier to use as people grow comfortable with them.

Ensure the firm is no longer listed as an authorized representative for former clients

When a client parts ways with your firm, it’s important to have procedures in place to ensure the firm is no longer listed in RAC as the client’s authorized representative. Any former representatives whose authorization has not been cancelled can continue to view the taxpayer’s information and even possibly make changes. The CRA may continue to contact you concerning questions on their tax affairs.

Don’t over-rely on auto-fill

When preparing income tax returns using the Auto-fill my return feature in My Account and My Business Account, ensure that the tax slips and tax attribute data that you import to your tax preparation software are accurate and complete.

Educate your staff and clients on fraudulent emails

Knowing how to spot fraudulent communications is unfortunately crucial these days. Clients and staff need to be trained on how to distinguish between legitimate and suspicious email activity to protect firm data and clients’ personal information from being compromised. This CRA webpage outlines common forms of fraudulent emails, texts, letters, phone calls and other communications that you and the people you work with should be aware of.

OECD releases blueprints for taxing the digital economy

Despite the COVID-19 pandemic, the OECD continues its work on achieving global consensus on international tax changes, recently releasing new documents that flesh out the details of its proposed two-pillar approach to the taxation of transactions conducted digitally.

As we described in an earlier blog post, Pillar One is intended to provide market countries with additional taxing rights and a formula for allocating profits. Pillar Two is aimed at imposing a global minimum tax to prevent companies from shifting profits to low-tax jurisdictions. The proposed framework is complex and differs greatly from our current international tax regime. Canada’s current rules use the permanent establishment principle for determining nexus for tax purposes and the arm’s length principle (transfer pricing) for allocating the income of international groups to the countries they do business in.

On October 12, 2020, the OECD released detailed blueprints for the Inclusive Framework’s ongoing work for both pillars, as well as an economic impact assessment. Highlights from the three documents are as follows:

  • The Inclusive Framework members have amended their goal of reaching consensus on Pillars One and Two by the end of this year and now aim for agreement by mid-2021.
  • The two pillars are expected to generate between US$60 and US$100 million in global tax revenues, mostly from Pillar Two.
  • The two blueprints are up for public consultation, with written submissions due by December 14, 2020. Virtual public consultation meetings will take place in January 2021. It will be important for affected multinational enterprises to raise their concerns before this opportunity passes.
  • Going forward, the Inclusive Framework will focus on resolving outstanding political and technical issues of both pillars. Some of these issues are noted below.

Pillar One issues

  • Safe harbour: Debate continues over whether Pillar One should be implemented on an optional (safe harbour) or mandatory basis. The safe harbour approach was recommended by the United States.
  • Scope: More information is provided on the type of business activity that would fall under the proposed definitions of “automated digital services” and “consumer-facing business,” but uncertainty remains.
  • Reallocation methodology: It is still unclear how the rules would reallocate an international company’s profit among various market jurisdictions. However, more details are provided on what would constitute “Amount A” (residual profit allocated to market jurisdictions by formula) and “Amount B” (fixed return for baseline marketing activities in a jurisdiction). “Amount C” (additional profit for activities exceeding baseline), which was set out in earlier proposals, has been dropped.
  • Tax certainty procedures: The new documents present details on the review process for Amount A and beyond.
  • Dispute resolution: More information is provided on possible dispute resolution processes.

Pillar Two issues

  • Minimum tax rate: The blueprint contemplates a minimum tax at a rate ranging from 10 to 12.5 per cent, but no consensus of a minimum tax rate has been reached.
  • Interaction with U.S. Global Intangible Low-Taxed Income (GILTI) regime: Rules still have to be developed to deal with U.S. taxpayers with income from intangible assets such as patents, trademarks, and copyrights that is subject to GILTI.

Overall, the proposals are extremely complicated. Pillar 1 seems especially difficult to implement due to the complexity and the need for coordination among the countries affected. In Canada, the fact that Canadian businesses do not file their tax returns on a consolidated basis will make the rules even more complicated.

We also wonder whether it is possible that an entirely different approach could emerge. The United Nations’ Committee of Experts on International Cooperation in Tax Matters has developed additional tax treaty provisions that deal specifically with digital services taxes. This approach appears to accept that these taxes will continue being imposed and tries to employ tax treaties to deal with the concerns they raise, such as double taxation. Although the committee’s document discusses these concerns in the context of developing countries, its suggested approach could presumably be applied more broadly.

If global leaders don’t achieve consensus on a multilateral approach, whether from the OECD, UN or elsewhere, more countries are likely to follow the U.K., European Union and some other jurisdictions by introducing their own domestic digital services tax rules. We’ll watch developments in this area closely and update you as information becomes available.

Looking for in-depth analysis and insight on current tax issues? Sign up for our tax blog by checking Tax Blog under My Subscriptions in your profile.SUBSCRIBE NOW

NOTE: The commentary function of this page has been temporarily closed. Unfortunately, because of the volume of feedback regarding recently announced COVID-19 tax measures, we do not have the capacity to respond to individual inquiries. We strongly encourage you to visit our Federal Government COVID-19 Tax Updates page for information.

About the Author

Bruce Ball, FCPA, FCA, CFP

Vice-president, Taxation, CPA Canada