Latest Blogs from SBS and Company LLP

    Transitional Provisions under GST

    Transitional Provisions under GST

    This article is contributed by Partners of SBS and Company LLP - Chartered Accountant Company. You can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it.


    The roll out of GST is under a promise that the credit of all taxes paid on goods and services during transition shall be given to the supplier to enable him to set off against the output tax. This was mainly to remove the cascading effect which always led to increase in the prices of the goods or services. On such premise, the Goods & Services Tax (for brevity ‘GST’) was brought in with effect from 01st July 17.


    There were numerous ambiguous issues, where the Government in consultation with GST Council was trying to address. However, one major issue, which we have identified was the eligibility of credit of certain capital goods which are also motor vehicles. The stakes involved are pretty high and clarity in this regard before filing the transitional forms would help the trade a lot.


    In this write up, we try to explain the issue and the possible interpretation which would help the trade in availing the benefit. However, the interpretation rendered here comes with a risk which the reader must proceed with caution. The issue for consideration is whether the excise duty paid on tippers and dumpers is eligible for carry forward into GST regime or whether the GST paid on tippers and dumpers is not disallowed under Section 17(5)(a)? Before, addressing such issue, allow us to take you to certain relevant provisions which assume significance in this connection.


    Section 16 of Central Goods & Services Tax Act, 17 (for brevity ‘CGST Act’) allows every registered person to avail the credit of taxes paid on goods and services used or intended to be used for the purposes of business unless such goods or services are barred under Section 17 of CGST Act.


    Section 17(5)(a) of CGST Act specifically states motor vehicles and other conveyances except when they are used for specified purposes (such purposes shall be dealt at appropriate place) are disallowed. That is to say the credit of motor vehicles shall only be allowed to be taken by the supplier only if the supplier is engaged in supply of specified transactions. In all other instances, the credit remains disallowed.


    The specified purposes for which the credit of motor vehicles is allowed is as under:


    1. For making taxable the following taxable supplies, namely:
      1. Further supply of such vehicles or conveyances; or
      2. Transportation of passengers; or
      3. Imparting training on driving, flying, navigating such vehicles/conveyances


    1. For transportation of goods













    15 | P a g e


    SBS Wiki                                                                                                                                             


    As stated above, if the supplier who has purchased motor vehicles for using them for any of the above specified purposes, he shall be eligible to avail the credit subject to other conditions. Let us take an example to understand the same, ABC Private Limited is engaged in development of software services and for transportation of its employees, it purchased certain motor vehicles on paying GST. Such paid GST cannot be availed as credit by ABC Private Limited, since the said company is not engaged in any of the specified activities. Suppose, in the same example, let us assume ABC Private Limited is a courier agency instead of software development company. In such instance, the credit of GST paid on motor vehicles shall be available since ABC Private Limited is engaged in courier (transportation of goods).


    Now, the issue, for consideration is -


    whether GST paid on tippers and dumpers is restricted under Section 17(5)(a) of CGST Act, because tippers and dumpers are required to register under Motor Vehicles Act, 1988 and thereby becomes motor vehicle and Section 17(5)(a) restricts credits on motor vehicles (except when they are used for specified purposes, since tippers and dumpers are not used for such specified purposes)?




    Section 17(5)(a) restricts certain class of motor vehicles which are used for specified purposes and all other motor vehicles which are not designed for such specified purpose does not find restriction and are available for credit?That is to say, is there a blanket restriction on all motor vehicles under Section 17(5)(a)?


    In our opinion, the restriction placed under Section 17(5)(a) is only for motor vehicles which are used for transportation of passengers, imparting training and for transportation of goods. The phrase ‘motor vehicles’ has not been defined under CGST Act. Hence, there is no blanket restriction that all motor vehicles are disallowed under said section.


    Now, on a detailed perusal of Section 17(5)(a), it can be inferred that restriction is only for motor vehicles which are used either for transportation of passengers or goods or imparting training. The credit will be eligible if the supplier is engaged in any of the above activities. Hence, the credit of such motor vehicles is also not totally disallowed, it is conditionally allowed.


    Hence, it can be inferred, that all other motor vehicles which are used other than for transportation of passengers or goods or imparting training are not restricted under Section 17(5)(a), since they do not fall under such class.


    The tippers and dumpers are neither used for transportation of passengers nor for transportation of goods and hence there is no requirement to check under Section 17(5)(a). In the previous example, ABC Private Limited uses the motor vehicles for transportation of employees which falls under the class ‘transportation of passengers’ mentioned in Section 17(5)(a) and hence liable for disallowance.









    16 | P a g e

    Motor Vehicles vis-a-vis Capital Goods



    SBS Wiki                                                                                                                                             


    Hence, the test to be applied is, whether the motor vehicle on which credit is being contemplated to be availed falls under the class mentioned under Section 17(5)(a) or not. If the said motor vehicle falls under such class and used for such specified purposes, then credit is eligible. If such motor vehicle falls under such class and not used for such specified purposes, then credit is not eligible. For motor vehicles which are not falling under the class of Section 17(5)(a), the credit shall be eligible.


    Therefore, we opine that the GST paid on tippers and dumpers shall be eligible for credit and it is not restricted under Section 17(5)(a) of CGST Act. Apart from the above, the recent judgment of Honourable Tribunal of Delhi in the case of Soumya Mining Limited vs Commissioner of Central Excise, Raipur 2017-TIOL-2432-CESTAT-DEL has held that dumpers or tippers are not motor vehicles. The decision was rendered by placing reliance on the judgment of Supreme Court in the case of Belani Ores Limited Etc vs State of Orissa Etc 1975 AIR 17. Hence, accordingly the restriction placed in Section 17(5)(a) does not apply to dumpers/tippers since they are not motor vehicles.


    Further, there is a set of FAQs for Builder released by Media & Entertainment Sectoral Group , vide which the Sectoral Group has answered the credit on tippers and dumpers can be availed since they were being used for transportation of goods. If that is the case, then the credit can be availed without any worry. However, the question is, whether tippers and dumpers are used for transportation of goods, the answer would be negative.


    Barring the FAQs, let us know proceed to examine the eligibility of excise duty paid on tippers and dumpers that are purchased in the year 16-17 and now lying in the closing Cenvat balance. The closing credit can be brought into GST regime under Section 140(1) of CGST Act or balance credit can be availed under 140(2)ibid.


    Section 140(1) and 140(2) allow the credit only when the credit of such capital goods is eligible under the existing law and GST laws. Tippers and dumpers were specifically mentioned as capital goods under Rule 2(a) of Cenvat Credit Rules, 2004 and hence the same were eligible under the existing laws. Under GST laws, as discussed above, the credit is also allowed subject to the risk of interpretation.


    However, we advise the credit to be availed since this being transitional one, if not availed now, cannot be availed later. We advise such transitional credit must be parked for certain time till there exists clarity on the issue and then take an appropriate decision to minimise other liabilities.


    In terms of Section 5 of IGST Act, 2017 Integrated tax is levied on all inter-state supplies of goods or services or both. Section 1 of the IGST Act, 2017 provides that the Act is applicable to whole of India except the state of Jammu and Kashmir. Section 7 provides for the list of transactions that become inter-state supplies. Section 7(5)(a) provides that inter-state supplies include those supplies where the supplier is in India and place of supply is outside India. This implies that IGST Law framework taxes those supplies which are supplied outside India also. In other words, IGST law has extra-territorial operation. This article aims to bring out the legal conundrum relating to this extra-territorial operation.


    Before we proceed to examine the issue under GST law, it is noteworthy to examine legal position in this regard under Service tax law. Section 64(1) of the Finance Act, 1994 provides that the provisions of Chapter V dealing with service tax extends to whole of India except the state of Jammu and Kashmir. Further, sub-section (3) of the said section provides that it shall apply to taxable services provided on or after the commencement of Chapter V. The term ‘taxable service’ is defined under section 65B(51) to mean any service on which service tax is leviable under section 66B.


    The charging section 66B which provides that service tax shall be levied on value of all services other than those services specified in negative list, provided or agreed to be provided in the taxable territory by one person to another and collected in such manner as may be prescribed. Section 65B(52) provides that the term ‘taxable territory’ is defined to mean the territory to which the provisions of this chapter apply i.e. the whole of India except the state of Jammu and Kashmir.To decide the place of provision of taxable services, Place of Provision of Service Rules, 2012 are notified exercising the power conferred under Section 66C of Finance Act, 1994.


    Thus, on combined reading of all above provisions of Finance Act, 1994, the provisions of Finance Act, 1994 are applicable only to services other than those listed in negative list when provided or agreed to be provided within the taxable territory of India. This would imply that if a service is performed outside taxable territory, it may not be considered as a taxable service to attract service tax in India. This interpretation is backed by few judgments which are discussed in subsequent paras.


    In the case of Cox & Kings India Limited vs CST, 2014(35) STR817(Tri-Del) wherein the Appellant has conducted outbound tours to Indian residents. It was held— “As services provided for outbound tours are provided and consumed outside the Indian territory; are beyond the province and purview of the provisions of the Act, the consideration received which corresponds and is relatable to services provided outside the Indian territory require to be excised by applying the doctrine of apportionment. On such vivisection, the consideration attributable to services provided outside the Indian territory must be excluded, as this is not subject to levy and collection of Service Tax, under provisions of the Act.


    This conclusion is also the logical corollary of the non-derogable premise that Service Tax is not a tax on the pursuit of the profession of providing a taxable service but is a tax on the provision of a taxable service, a destination based consumption tax.”






    11  | P a g e


    SBS Wiki                                                                                                                                             


    In the case of Grey Worldwide (India) Pvt Ltd vs. CST, [2015] 63taxmann.com31(Mumbai-CESTAT) wherein the Appellant has undertaken an advertisement campaign for Ministry of Tourism, Government of India in print and electronic media and outdoor hoardings in London, New York and Paris. Service tax liability to the extent of agency commission was discharged. Revenue required the appellant even to discharge the service tax liability on the amount of rent and other expenses incurred on such hoardings and would get covered under the category of ‘Advertising Agency services’. It was held that the said expenditure is incurred outside India and accordingly not subject to service tax in India.


    In the case of Indian Association of Tour Operators vs UOI, the Delhi High Court has extensively examined the applicability of service tax under negative list based tax regime on outbound tours conducted by tour operators in India. The members of the association provided services to foreign tourists visiting India and neighbouring countries. The tour operator services are in the nature of intermediary services. The place of provision of service as per Rule 9 of the said rules is the location of service provider i.e. tour operator in India. Accordingly, the service is said to be taxable in India and in terms of Rule 6A of the Service Tax Rules, 1994, the service cannot be said to be exported outside India as the place of provision of service according to the said rules is in India even though service is provided to foreign tourists and convertible foreign exchange is received. It was held vide para 48 “As already noticed since by virtue of Section 64 (3) the whole of Chapter V applies only to taxable services, and Section 66 C of the FA falls in that very chapter, the rules made by the central government under Section 66 C has to necessarily be only in relation to taxable services viz., services provided in the taxable territory of India. The legal fiction of treating service rendered outside India to be a service rendered in India cannot be introduced by way of rules. That too would partake the character of an essential legislative function, which cannot be delegated to the central government. In fact such service cannot be brought to tax without amending Section 64 (3) of the FA.”


    Thus, the Delhi High Court held that a service performed outside India cannot be considered as a taxable service in terms of section 64(3) of the Finance Act, 1994. Accordingly, the whole of chapter V of Finance Act, 1994 is not applicable to the said service. However, the issue involved in the present case is a composite service i.e. partly performed in India and partly outside India. In this regard, it has been held vide para 52—"Therefore, apart from the fact that the provision for taxing export of services has to be found in the statute itself (and not in the rules) the statute must also provide the machinery by which it can be determined with some certainty how much of the composite service can be said to be rendered in the taxable territory and of what value for the purposes of levy and collection of tax. If there is no such machinery provided, that would an additional ground of invalidation of the levy itself.”


    In view of the above reproduced precedents on this issue, the following are the outcomes that would emanate:


    1. Services performed outside India will not be considered as taxable services in terms of Section 64(3). Thereby, the entire provisions of Finance Act, 1994 are not applicable to them.


    1. The rule making power conferred section 66C was only to deal with taxable services performed in India. Thus, the Place of Provision of Service Rules, 2012 and Rule 6A of Service Tax Rules, 2006 which determines the place of provision of service and export of service respectively are ultra vires the Statute as essentially the legal fiction of treating services rendered outside India as rendered in India would affect the levy; such provisions cannot be introduced by way of rules. It is essentially a legislative function.


    12 | P a g e


    GST on supplies outside India— the legal conundrum



    SBS Wiki                                                                                                                                             


    1. In case of composite services i.e. partly performed in India and partly outside India, Statute should provide for some machinery to vivisect the portion of services performed in India from those performed outside India. Absence of such machinery would render the levy invalid.


    With this understanding of the issue under Finance Act, 1994, we now move to IGST law. Unlike Section 64(3) of the Finance Act, 1994, there is no corresponding provision under Section 1 of IGST Act, 2017 to expressly restrict the scope of applicability of law only for taxable supplies undertaken within India. Nevertheless, section 1 restricts the applicability of legislation only to the territory of India. Further, the principles relating to place of supply which have a bearing on levy of tax are provided within the statute and not by way of rules.


    As levy of IGST is on inter-state supplies, section 7 provides for the principles to determine inter-state supply. Accordingly, the following cross border supplies are said to be inter-state supplies—


    • Supplies of goods imported into the territory of India till they cross the customs frontiers of India. The expression ‘import of goods’ has been defined under section 2(10) to mean bringing goods into India from a place outside India.


    • Supplies of services imported into the territory of India. The expression ‘import of services’ has been defined under section 2(11) to mean supply of any service where the supplier is located outside India; the corresponding recipient is in India and the place of supply of services is in India.


    • Supply of goods or services or both when the supplier is located in India and place of supply is outside India.


    The only type of cross border transaction that will not become an inter-state supplyare the supplies of goods or services or both when the supplier is located outside India and place of supply is also outside India.


    In order to determine the place of supply of services in case of cross border transactions, section 13 provides for the principles to determine the place of supply. These are identical to the erstwhile Place of Provision of Services Rules, 2012. In case of supply of services of the nature of outbound tours to foreign tourists, display of adds outside India, the performance is completely outside India. They are of the nature of intermediary services. Accordingly, in terms of section 13(8), the place of supply of said services is the location of the supplier i.e. India. Thus, IGST law in order to tax these transactions by legal fiction deems that the place of supply of these services is in India though their performance is outside India.


    In this regard, the three essential issues that arise for legal consideration are;


    1. whether the extra-territorial operation of IGST law to deem certain transactions performed outside India are supplied in India is valid.


    1. In case of supplies performed outside India by a supplier located in India, can it be concluded that tax is not applicable by virtue of the of Section 1 of IGST Act, 2017 which extend the law to whole of India alone and





    13 | P a g e


    GST on supplies outside India— the legal conundrum



    SBS Wiki                                                                                                                                             


    1. Whether IGST Law has any machinery provisions to vivisect composite supplies involving performance in India and outside India in order to tax the portion attributable to performance in India.


    The issue relating to extra-territorial operation of tax laws is examined by Supreme Court under Income Tax, in the case of GVK Industries Limited vs. ITO, [2011] 10 3(SC), where in it was held vide para 76 – “Parliament may exercise its legislative powers with respect to extra-territorial aspects or causes, events, things, phenomena (howsoever commonplace they may be), resources, actions or transactions and the like, that occur, arise or exist or may be expected to do so, naturally or on account of some human agency, in the social, political, economic, cultural, biological, environmental or physical spheres outside the territory of India and seek to control, modulate, mitigate or transform the effects of such extra-territorial aspects or causes, or in appropriate cases, eliminate or engender such extra-territorial aspects or causes, only when such extra-territorial aspects or causes have, or are expected to have, some impact on, or effect in, or consequences for: (a) the territory of India, or any part of India; or (b) the interests of, welfare of, well being of, or security of inhabitants of India and the Indians.”


    Thus, in view of the above decision of Supreme Court, Parliament has power to make a law that has extra-territorial operation when the aspects or causes have or expected to have some effect or impact on the territory of India or it will affect the interests, welfare or well-being of India. In the case of supplies performed outside India covered under section 7(5), the supplier is located in India. This may constitute an important aspect or cause in order to ensure the validity of the extra-territorial operation of IGST law.


    With respect to the third issue relating to composite supplies involve performance partly in India and partly outside India, going by the above discussed legal position, tax can be levied only on the portion of supplies related to India. The Statute should also provide for legal machinery to vivisect these composite supplies. However, section 13(6) provides that in case of services relating to repairs of goods, services requiring the physical presence of individual to provide services, immovable property related and event based services, where a service is supplied in more than one location including the location in taxable territory, the place of supply is said to be India. This would imply that even portion of service performed outside the taxable territory would be subject. It appears that the provisions of section 13(6) is in direct conflict with section 1.


    In view of above discussion, the taxability of supplies performed outside India under IGST law has extra-territorial operation. However, issues as discussed may require judicial examination.




    Organizations of all types are becoming more vulnerable to cyber threats due to their increasing reliance on computers, networks, programs and applications, social media, and data. Security breaches can negatively impact organizations and their customers, both financially and in terms of reputation. Global connectivity and accessibility to information by users outside the organization increase risk beyond what has been historically addressed by IT general and application controls. Organizations’ reliance on information systems and the development of new technologies render traditional evaluations of IT general and application controls insufficient to provide assurance over cybersecurity.


    • The cost of cybercrime is mounting. The cost of a single ransomware incident can cost a company more than $713,000 on average.


    • Cloud computing may provide the security against cyberthreats that companies need.


    What is Cybersecurity:


    Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attacks, damage or unauthorized access. Cybersecurity involves protecting information and systems from major cyberthreats, such as cyber terrorism, cyber warfare, and cyber espionage.


    Data breaches are occurring more frequently. There are increasing pressures for businesses to step up efforts to protect personal information and prevent breaches.


    Cybercriminals attack to gain political, military or economic advantage. They usually steal money or information that can eventually be monetized


    Cyberattacks may come from malicious outsiders, accidental loss, malicious insiders, hacktivists and state-sponsored actors.


    Internal Audit role in Cybersecurity includes:


    vTheroleof the chief audit executive (CAE) related to assurance, governance, risk, and cyber


    vAssessinginherent risks and threats


    vThefirst,second, and third lines of defense roles and responsibilities related to risk management, controls, and governance.


    vWheregaps in assurance may occur.

    vThereporting responsibilities of the internal audit activity.



    6 | P a g e


    SBS Wiki                                                                                                                                            


    Cyber Risk - Roles and Responsibilities


    Effective risk management is the product of multiple layers of risk defense. Internal Audit should support the board’s need to understand the effectiveness of cybersecurity controls. An essential step in evaluating the internal audit activity’s role in cybersecurity is to ensure the three lines of defense are properly segregated and operating effectively.


    1st line of defense - business and IT functions, management owns and manages the data, processes, risks, and controls. For cybersecurity, this function often resides with system administrators and others charged with safeguarding the assets of the organization.


    2ndline of defense - information and technology risk management function, comprises risk, control, and compliance oversight functions responsible for ensuring that first line processes and controls exist and are effectively operating. These functions may include groups responsible for ensuring effective risk management and monitoring risks and threats in the cybersecurity space.


    3rd line of defense – internal audit, the internal audit activity provides senior management and the board with independent and objective assurance on governance, risk management, and controls. This includes assessing the overall effectiveness of the activities performed by the first and second lines of defense in managing and mitigating cybersecurity risks and threats.


    Cyber risk – Assessment approach


    Key activities





    1. Planning and

    1. Identify specific internal and external stakeholders:

    1. Assessment



    IT, Compliance, Legal, Risk, etc.

    objectives and scope



    Understand organization mission and objectives




    Identify  industry  requirements  and  regulatory

    2. Capability







    Perform industry and sector risk profiling (i.e.,

    scorecard framework



    review industry reports, news, trends, risk vectors)




    Identify in-scope systems and assets




    Identify vendors and third-party involvement





    2. Analyze current

    1. Conduct interviews and workshops to understand

    U n d e r s t a n d i n g  o f



    the current profile

    e n v i r o n m e n t  a n d



    Perform walkthroughs of in- scope systems and

    current state



    processes to understand existing controls




    Understand the use of third- parties, including




    reviews of applicable reports



    4. Review relevant policies and procedures, including




    security  environment,  strategic  plans,  and




    governance  for  both  internal  and  external







    5. Review self-assessments



    6. Review prior audits






    7 | P a g e





    Cyber Security



    SBS Wiki











    3.Risk Assessment

    1. Document list of potential risks across all in-scope

    1. Prioritized risk










    Collaborate with subject matter specialists and






    management  to  stratify  emerging  risks,


    2. Capability




    document potential impact





    assessment findings




    Evaluate likelihood and impact of risks








    Prioritize risks based upon organization’s objectives,





    capabilities, and risk appetite






    Review and validate the risk assessment results with





    management and identify criticality









    4.Gap assessment

    1. Document  capability  assessment  results


    1. Maturity analysis


    and recommen-


    develop assessment scorecard




    2. Assessment



    2. Review  assessment  results  with  specific










    3. Remediation




    Identify gaps and evaluate potential severity








    Document recommendations


    4. Cybersecurity audit




    Develop multiyear cybersecurity/IT audit plan















    Common Cyber Threat Controls





    Sensitive or confidential data can be classified and stored internally, externally, or both. Internally, most organizations rely upon technology such as secure configurations, firewalls, and access controls as their first line of defense. However, in a dedicated attack where the firewall is overloaded, the attackers may gain access and unauthorized transactions may be processed.


    To reduce the risk of such attacks reaching the firewall, the first line of defense takes preventive action at the perimeter of the network. This is a challenging process that involves restricting access and blocking unauthorized traffic. Detective controls, such as monitoring, should also be established to watch for known vulnerabilities based on intelligence gained about software products, organizations, and malicious websites.


    Many organizations establish a whitelist of good traffic and a blacklist of blocked traffic. However, active monitoring and frequent updating is critical due to the dynamic nature of network traffic. If the attacker manages to gain access to the system, the next line of attack is likely to obtain administrative privileges and cover their tracks.


    When data is stored external to the organization, it is vital for the organization to ensure vendors are properly managing relevant risks. A critical first step for the first line of defense is to establish strong contracts that require: service organization control (SOC) reports, right to audit clauses, service level agreements (SLAs), and/or cybersecurity examination engagements.








    8 | P a g e

    Cyber Security



    SBS Wiki                                                                                                                                             


    After due diligence has been performed and the contract has been negotiated and executed, management should consider overseeing and governing the vendor by monitoring and reporting on key metrics to ensure conformance with SLAs. If the vendor does not meet contractual requirements, management could invoke the right to audit clause, ask for timely resolution of concerns, enforce penalties, and consider plans to transition to an alternative vendor if necessary.


    Management must also be alert to attack schemes involving social engineering, including phishing emails and malicious phone calls. By impersonating a legitimate organization or person with a need for information or action, attackers convince authorized individuals to sharesensitive data, provide their system credentials, click links that route to fraudulent websites, or perform actions that install malware on the victim’s computer. Malware is becoming more sophisticated and increasingly targeted to a specific purpose or network. Once malware is installed, it can replicate across the organization’s network, disrupt system performance and availability, steal data, and advance fraudulent efforts by the attackers.


    Malware is advanced by exploiting the lack of awareness. Therefore, reminding individuals frequently to be on the lookout for any suspicious or unusual emails, unprecedented requests, phone calls, or system activity is important. Training will also help individuals recognize fictitious communications and to report such incidents quickly for research, escalation, and resolution. Lessons learned and intelligence gained from peers in the industry can also be leveraged for training, awareness, and adoption of additional preventive measures.


    Role of Audit Committee


    The extent of the audit committee’s involvement in cyber security issues varies significantly by company and industry. Cyber security risk in some organization is tasked directly to the audit committee, while in others, there is a separate risk committee. Regardless of the formal structure adopted, the rapid pace of technology and data growth, and the attendant risks highlighted by recent security breaches demonstrate an increasing importance of understanding cyber security as a substantive, enterprise-wide business risk.


    Audit committees should be aware of cyber security trends, regulatory developments and major threats to the company, as the risks associated with intrusions can be severe and can pose systemic economic and business consequences that can significantly affect shareholders. Engaging in regular dialogue with technology-focused organizational leaders will help the committee better understand where attention should be concentrated.


    Malicious software illustrations:


    Ransomware is a type of malicious software (otherwise known as ‘malware’) that restricts people from accessing their computer or smartphone, or individual files stored on them. Attackers extort money from their targets by holding their device or data to ransom, often threatening to release or erase it to force payment.







    9 | P a g e

    Cyber Security



    SBS Wiki                                                                                                                                             


    Impact of Ransomware on Business


    The services industry is the sector most affected by ransomware, businesses in this sector, such recruitment agencies, handle high volumes of data and typically integrate with various internet services and applications that expose them to infections. Recruitment agencies are particularly vulnerable to attacks. Downloading files like applications, CVs, portfolios and contracts is an essential and everyday function for a recruiter, but antivirus software may not always pick up on files that contain ransomware.


    Famous ransomware: CryptoLocker and WannaCry


    Perhaps the first example of a widely spread attack that used public-key encryption was Cryptolocker, a Trojan horse that was active on the internet from September 2013 through May of the following year. The malware demanded payment in either bitcoin or a prepaid voucher, and experts generally believed that the RSA cryptography used -- when properly implemented -- was essentially impenetrable. In May 2014, however, a security firm gained access to a command-and-control server used by the attack and recovered the encryption keys used in the attacks. An online tool that allowed free key recovery was used to effectively defang the attack.


    In May 2017, an attack called WannaCry was able to infect and encrypt more than quarter million systems globally. The malware uses asymmetric encryption so that the victim cannot reasonably be expected to recover the (private and undistributed) key needed to decrypt the ransomed files.


    Payments were demanded in bitcoin, meaning that the recipient of ransom payments couldn't be identified, but also meaning that the transactions were visible and thus the overall ransom payments could be tallied.


    According to the Symantec 2017 Internet Security Threat Report, the amount of ransom demanded roughly tripled from the previous two years in 2016, with the average demand totaling $1,077. Overall, it's difficult to say how often these demands are met. A study by IBM found that 70% of executives they surveyed said they'd paid a ransomware demand, but a study by Osterman Research found that a mere 3% of U.S.-based companies had paid (though percentages in other countries were considerably higher). For the most part, payment seems to work, though it's by no means without risk: A Kaspersky Security Bulletin from 2016 claimed that 20% of businesses that chose to pay the ransom demanded of them didn't receive their files back.


    Brief: - Charitable Institutions plays an important role in social welfare. These institutions are engaged in providing various services ranging from education to relief of poor across regions of the country. They operate on non-for-profit motive. The various resources mobilised by these institutions will be used for their objectives for which they are formed.


    To incentivise these institutions which are addressing various social issues the Income Tax Act, 1961 (‘ITA,1961’) has provided for exemption of income earned by Charitable Institutions vide section 11.


    ITA, 1961 Provisions: -


    Section 11 provides that income derived from property held under trust wholly for charitable or religious purposes to the extent applied to such purposes in India is exempt from tax.


    Section 2(15) of ITA, 1961 defines Charitable Purpose. It includes: -


    • Relief of the Poor; o Education;


    o  Yoga;

    o  Medical Relief;

    o  Preservation of Environment including watershed, forest and wildlife;


    o Preservation of Monuments or places or objects of artistic or historic interest; o Advancement of any other object of general public utility.


    The phrase ‘advancement of any other object of general public utility’, is very wide. It should be noted that the following are not treated as advancement of any other object of general public utility 1: -


    • Carrying on any activity in the nature of trade, commerce or business or o Carrying on any activity of rendering any service in relation to the trade.


    'Property' is a term of the widest import, and subject to any limitation or qualification which the context might require, it signifies every possible interest which a person can acquire, hold and enjoy. Business would undoubtedly be property unless there is something to the contrary in the enactment - J.K. Trust v. CIT 32 ITR 535.It includes immovable and movable property. - CIT v State Urban Development Agency 37 193


    The profits of the business carried on by a non-religious trust will be exempt provided: -


    o    The business is incidental to the attainment of the objective of the trust; and

    o    Separate books of account are maintained by such trust in respect of such business.



    1Where aggregate receipts from such activities exceeds 20% of total receipts of the trust or institution undertaking having object of advancement of any other object of general public utility (WEF AY 2016-17)


    3 | P a g e


    SBS Wiki                                                                                                                                             


    This section requires Charitable Institutions to apply 85% of income for its purposes in India and the balance can be accumulated for application in future. The 15% of the income should be invested in the investments specified in section 11(5) of ITA, 1961.


    2Any amount credited or paid out of income to another charitable institution registered under Section 12AA of ITA, 1961 as a corpus (capital) contribution shall not be treated as application of income for charitable or religious purposes.


    Where 85% income cannot be applied during the previous year, it should be accumulated and applied for charitable purposes in future subject to a maximum period of 5 years. For this purpose, assessee has to file Form 10 before the due date for filing return of income specified under Section 139 of ITA, 1961.


    The word ‘applied’ need not necessarily spent. Even if the amount is irretrievably earmarked and allocated for charitable or religious purposes it may said to have been ‘applied’ to the said purposes- CIT Vs Radhaswami Satsang Sabha 25 ITR 472.


    Any amount by way of depreciation or otherwise in respect of any asset, acquisition of which has been claimed as application of income, is not considered as application of income for the purpose of section 11 of ITA, 1961.


    Capital Donations, which are received for a specific purpose, are not subject to tax.


    Any voluntary contributions received by trust or institution created wholly for charitable or religious purpose, other than capital contributions, shall be deemed to income derived from property held under trust wholly for charitable or religious purposes.(Section 12)


    The objectives of Charitable Institutions are such that public in general are beneficiaries. They should not benefit a group of individuals. Section 13 of ITA,1961 specifically provides that the benefit of exemption provided in section 11 and 12 are not available if the beneficiaries of the activities of charitable institutions are only those specified there in.


    Section 12(2) of ITA, 1961 states that the value of services, being medical or educational services, made available by any charitable or religious trust running a hospital or medical institution or educational institution to any person referred to clause 3 (a)/(b)/(c)/ (cc)/(d) of section 13(3) shall be deemed to be income of the trust or institution derived from property held under trust wholly for charitable or religious purpose and shall be chargeable to tax.


    However, charitable institutions running educational institution or medical institution or hospital shall not lose the benefit of exemption of any income other than the income referred to in section 12(2).






    2Finance Act 2017


    3Author of the trust or founder of the institution or trustee or manager or relative of such person or person

    who made substantial contribution.


    4 | P a g e

    Charitable Institutions



    SBS Wiki                                                                                                                                             


    Registration requirements: -


    The Charitable Institution will get the benefit of exemption U/s 11 and 12 only if it is registered U/s 12AA of the ITA, 1961.


    The application should be made in form 10 to the Principal Commissioner or Commissioner of Income Tax. Order granting or refusing registration shall be passed before expiry of six months from the end of the month in which the application was received.


    Where registration has been granted to the trust or institution U/s 12AA then the provisions of section 11 and 12 shall apply in respect of income related to the assessment year for which assessment proceedings are pending before assessing officer as on the date of such registration.


    After grant of registration Principal Commissioner or Commissioner has satisfied that the activities of the trust or institution are not genuine or are not being carried out in accordance with the objects of the trust or institution he shall pass an order in writing cancelling the registration of such trust or institution.


    If the objects of the charitable institution are modified after grant of registration, such change should be informed to the Principal Commissioner or Commissioner within 30 days of such modification.

    Looking for suggestions?

    Subscribe SBS AND COMPANY LLP updates via Email!