The Goods and Services Tax Network and the Central Board of Direct Taxes will soon join hands to share data to stop tax evasion, GST Network ChairmanNavin Kumarsaid in an interview .
Vendors from whom small businessmen buy products or services are too small to be in GST, but for businesses to get input tax credits, the vendors must be registered. So, even those not eligible for GST have to register...
We had done a study of the state VAT and we found that 37% of the taxpayers registered were below the ₹5 lakh threshold. They had registered voluntarily precisely for this reason because manufacturers and wholesalers would buy from them only if they were registered so that they could utilise the input tax credits. So the same kind of thing will happen here as well.
Since the registrations are still going on, we have not got the turnover data yet. We will know after some time how many people (on the Network) are below the threshold.
Since the GST Network is going to be such a vast repository of corporate tax data, will the CBDT also have access to this data?
It is in fact part of our mandate also. At this point of time, we are busy with registrations, return filing, etc. But after some time, when we have the data, we will also be undertaking data analytics. We can do analytics on our own data, but we can do much more if we get data from other sources like the Income Tax Department. That is on the cards. If we take their data, of course, they will also want our data. We will have to share.
But won’t there be legal issues since the data is confidential?
This is also [of the] government and that is also [of the] government. We are only handling it on behalf of the government. So, if the government decides it should be done, there will be no legal issues.
Before GST even started, in Maharashtra, the State government obtained income tax data and matched it with their VAT data and discovered a tax evasion of the order of ₹300 crore in a month. So, this kind of thing is doable and should be done. It will happen.
How many people have registered on the GST Network so far?
We refer to registrations with respect to people who have not been registered under any previous taxes. These are fresh. People who are registered under the earlier taxes, majorly VAT, service tax and central excise, their transition to GST is called migration or enrolment.
This 86 lakh is the figure for enrolment - existing tax payers who are to be migrated to GST. Of these, we have reached 70 lakh. Tomorrow is the last day for these people to come on the portal unless the government extends this.
When we started out in November last year, people were asking why they should come to the portal as there was no law. So we asked the tax department to nudge them to come. They started to come when they realised it was in their interest. So, from 10,000 per day it went up to a maximum of 2 lakh per day, and then it started coming down again. When it came down to 5,000-6,000 per day, we stopped it, on April 30.
Then we received requests that many people had been left out and they would like to migrate, so we opened the window again from June 1-15. In the first tranche, 60 lakh had come, and in this second window, 6 lakh more. So, that’s 66 lakh. After that, again, the same requests started coming that there were still people who wished to migrate. So from June 25, when we started new registrations, we also opened the migration window.
Since June 25, until now, about 4.5 lakh more migrations have happened. We stand at 70.5 lakh. By our account, there are about 15 lakh remaining. And still about 10,000-12,000 per day have been coming. Out of these 86 lakh, about 76 lakh are from VAT. In VAT, the threshold used to be Rs 5 lakh in most states. So people above Rs 5 lakh but below Rs 20 lakh, legally they are not required to register for GST. So they may have chosen not to migrate. On the other hand, about 10,000 are coming every day, so maybe the government may extend the date.
Have you asked the government to extend the date for migrations?
We have told the government that this is the status and it is up to them to take a call on this.
How many provisional IDs have so far been granted?
Provisional IDs were created for all 86 lakh who were earlier registered on the other tax networks. Once you get the provisional ID with a password, you then come to the portal and activate your account. That’s Part A. Then you get a TRN number. Based on that, you open Part B and fill up the details about the business, bank details, etc.
The 15 lakh remaining people (who have not yet migrated) have not come to the portal at all. The 70.5 lakh have come, and 41 lakh of the people who have activated their accounts have completed their applications also.
How many new registrations have taken place since the Network began accepting them?
New registrations have been a real surprise. When we started, we didn’t have any baseline data, so we went to the states and looked at the growth of the VAT registrations, and there we found the growth was on average 5%. So, we calculated that on a base of 80 lakh, an annual rate of 5% would be the growth. But since we started the new registrations on June 25, already the number has crossed 8 lakh.
And, it is not slackening. About 35,000-40,000 new people are registering every day.
What is the peak traffic capacity of the GST Network?
If you look at the number of people we can handle, we had envisaged that at the beginning we could have 1.3 crore people.
As things are going now, we have enough spare capacity for people who want to register afresh. I don’t know how long this stream of new registrants will continue, but another 10 lakh is a distinct possibility, taking the total to about 98 lakh. We’ll get there in the next 2-3 months.
Is the infrastructure robust enough to handle the peak load of tax filers?
We have studied the taxpayer behaviour in terms of return filing for service tax, central excise and VAT and we found that 50% of the taxpayers file their returns on the last day, and during that last day, most of them are between 4-5 PM. About 30% file on the penultimate day and only 20% file before that. We have kept that in mind while designing the system.
We are also encouraging taxpayers to do the bulk of their compliance activity before they actually file their returns. Here, all the businesses apart from the retailers have to provide invoice data in their returns. Putting invoice data in the system is the most tedious task. So we are encouraging people to upload their invoices before the date of filing their returns.
The law says that returns for the transactions for a month need to be furnished between the first and 20th of the next month. But we are telling big businesses, with a large number of invoices, to not wait till the end of the month. Upload the invoices during the month itself. We are providing the functionality for the upload of invoices 24 x 7.
If a company wants to upload invoices as they are generated, that can also be done. We are starting this from next week. We are also going to provide an offline utility which works with an Excel sheet. You can put your invoice data in the Excel sheet and this utility will import that data and upload it to the portal. You don’t have to come to the portal to punch in the data. If you have a few invoices, then you can come to the portal and punch them in, but if you are generating say, 10,000 invoices, then that is not practical.
This offline utility can handle 19,000 invoices at a time. And even if you have a very bad internet connection, the upload of the invoices using the utility will not take more than a minute.
When you are uploading, it is not the size of the file that matters—they are only about 5 MB. What matters is that each invoice has to go through a lot of validations in the system. When it lands on the system, before it is taken into the database, every invoice data point is checked. For example, the GSTIN of the buyer is checked to see whether it is a valid number. It will also check whether the invoice is a duplicate invoice, so it needs to check all the invoices of the entire year for that taxpayer. This checking takes time.
We are asking the MSMEs that they must upload their invoices every week at least, and the bigger businesses must upload them every day. Then, even if everybody comes on the last day, it won’t matter, because the bulk of the work is done already.
Are the GSPs now ready? They had earlier been asking for more time.
They got more time. They are ready with their applications. The only problem is connectivity. We are talking to the telecom companies that are supposed to provide them connectivity. It has to come through a secure MPLS (Multiprotocol Label Switching) connection. There are 5-6 agencies that do this work and the GSPs had some issues with them. Our people are now getting into it, so it should be resolved soon.
Do you find the fact that the GST Council being populated by non-technical people creates operational problems for the technical or operational functions of the GST Network?
It is not the Council that creates the drafts. There is an officers committee that prepares the draft, which then go to the Council.
Our only issue is that we need time to implement any directive or decision. If something is decided today and it has to be implemented tomorrow, that we cannot do. If they decide to change the rates, that can be done overnight, but if a new functionality is required or if an existing process has to be changed, then that takes time. We have told them about this, and they know this.
What are the steps being taken to secure the GSTN against data breaches?
In our case, since the tax systems 29 states and central government are coming together, data security becomes very sensitive. First, we are getting our system ISO certified. The standard is ISO 27000, which is the best known standard for information security management systems. All the processes and the guidelines enshrined by the standard are being followed by us. The paperwork for the certification is still pending, but it will happen soon.
We are following a layered security architecture. You have the physical security, where you have access controls and CCTV cameras everywhere. Then you have the network. There are tools and solutions to secure the network, which we have adopted. Below the network comes the hardware, which we have secured from attacks. Then there are applications. For each application, security systems have been built. From the application, data comes, so data security solutions have also been adopted. Then, when you do the coding, there also there are standards for secure coding practices.
To keep a watch over all that, and the traffic coming into the system and leaving it, we have established a Security Operations Centre (SOC) that runs 24x7. And it keeps logging all the activities and whenever any suspicious activities are registered, they raise an alert and our systems get into mitigation. We have a big system, located in Chennai, where Infosys has its global security centre.
Apart from this, we are also going to set up another Security Monitoring and Analytics Centre. We are selecting a separate agency for that, which will analyse all the data that the SOC generates. So they will be keeping a check on the check. Their work will also be to survey the security scenario in the world and see what new tools are coming, and also do predictive work to see if any attacks are going to happen in the near future. This will come up in the next 2-3 months.
The government of India has an organisation called the Standards Testing and Quality Certification. We have involved them from the design stage itself and they have tested our system—functional testing, performance testing, and security testing.
We are pretty confident that the system is secure, and that we are doing all the best practices.
