“GST” needs no new introduction. It is a historic and one of the tax reforms in the post independent India. It is expected to simplify the current indirect taxes regime and make it easier for all businesses to collect and pay taxes.
GST is a presumption-based tax on goods and services. India has opted for a Dual-GST which very few other countries have adopted. Most countries such as Malaysia and Singapore have adopted a single-GST whereby one nation one tax is the principle they have followed. But India being a quasi-federal country where the power to tax is equally divided between states and center, implemented the dual GST. Earlier, the center used to levy tax on services, manufacturing and sale of goods whereas, entry tax power was with the states. Now all these will go away and for taking these states on-board, the center decided to go with a Dual-GST model.
GST is ONE comprehensive levy on all goods and services instead of levying multiple indirect taxes being at various stages of supply chain. GST supplants the current indirect tax regime which is known for its multiplicity of taxes, restricted credit flow, copious legislations, varying threshold limits and umpteen instances of cascading, thereby hindering the growth and competitiveness and adding to the woes of businesses in India.
In order to satiate the unyielding need to facilitate “Ease of Doing Business”, attain higher growth in terms of GDP, making “Make in India” a reality, encourage better tax compliance and to bring about transparency in tax administration, it is but natural for GST to gain the astounding momentum that it has in the last few months.
The dual GST which would be implemented in India is a destination-based value added tax, levied at all points in the supply chain with credit allowed for tax paid on purchases used in making the supply. It would apply to both goods and services in a comprehensive manner with exemptions restricted to bare minimum.
In line with becoming digital India GST is a step moving from an era of cumbersome paper-based compliance system to a tech-savvy paper less compliance and administration model.
The Goods and Service Tax Network (“GSTN”) forms the IT backbone of the GST system. It is going to be a shared IT platform for both central and state governments. The GST System is going to have a G2B portal, implying tax payers will have to access and interface with the GST systems directly. However, tax payers' convenience will be a key factor in success of GST regime. As a measure to achieve the same, the tax payers may interact with the GSTN through a third party service provider generically known as “GST Suvidha Providers (GSP)”.
Goods and Services Tax Network (GSTN) is a Section 8 (under new companies Act, not for profit companies that are governed under section 8), non-Government, private limited company. It was incorporated on March 28, 2013. The Government of India holds 24.5% equity in GSTN and all States of the Indian Union, including NCT of Delhi and Puducherry, and the Empowered Committee of State Finance Ministers (EC), together hold another 24.5%. Balance 51% equity is with non-Government financial institutions. The Company has been set up primarily to provide IT infrastructure and services to the Central and State Governments, tax payers and other stakeholders for the implementation of the Goods and Services Tax (GST). The Authorised Capital of the company is Rs. 10,00,00,000 (Rupees ten crore only).
Several measures of strategic control of Government over GSTN have been envisaged. These are explained below:
The Articles of Association (AOA) of GSTN provide that matters of strategic importance will be decided by the Board of Directors and that the Chairman of the Board will have casting/ second vote where Directors are equally divided over any issue in a Board meeting.
The AOA of GSTN provides that certain matters of strategic importance shall be decided only through Special Resolution (i.e. three-fourth (3/4) of the shareholders voting must vote in favor of such matters). Government's 49% shareholding will ensure that it retains effective control over such matters.
An agreement amongst all shareholders of GSTN SPV may provide that till the time Government holds certain threshold of shares in GSTN SPV, specific matters of strategic importance shall not be decided upon without the affirmative vote of the Government.
Strategic Control is also ensured through deputation of Government officials in the GSTN, at both leadership as well as operational levels. Services Division of GSTN, which is responsible for defining business processes, approving the modules and monitoring the outcomes is managed primarily by Government officers drawn from Central and State Tax Departments. GSTN has two officers of CBEC, eight officers from State Commercial Tax Departments, one officer of Indian Audit and Accounts Service and one officer from the central government working on deputation. Some more officers are likely to join in future.
Control over strategic matters could be exercised by Government by incorporating suitable provisions in the Agreement governing service delivery to be executed between Government and GSTN.
The common GST Portal developed by GSTN will function as the front-end of the overall GST IT eco-system. The IT systems of CBEC and State Tax Departments will function as back-ends that would handle tax administration functions such as registration approval, assessment, audit, adjudication, etc. Nine States and CBEC are developing their backend systems themselves. GSTN is doing the backend for 20 States and 5 UTs. GSTN has been interacting with CBEC and States for ensuring mutual interaction between the front-end that would be operated by GSTN and the back-ends of the tax administrations. Till September 2016, ten workshops have been conducted with the States/CBEC. GSTN will undertake training of tax officials in GST IT system from December 2016 onwards. During the operation phase as well GSTN will continue the interaction with CBEC and states and extend help wherever necessary.
The Goods and Services Tax constitutional amendment having been promulgated by the Govt of India, the rollout of the GST Bill will be a collective effort of the Central and State Governments, the tax payers and the IT platform provider i.e. GSTN, CBEC and State Tax Departments. Besides these main participants, there are going to be other stakeholders e.g. Central and States tax authorities, RBI, the Banks, the tax professionals (tax return preparers, Chartered Accountants, Tax Advocates, STPs, etc.), financial services providing companies like ERP companies and Tax Accounting Software Providers, etc.
The GST System is going to have a G2B portal for taxpayers to access the GST Systems. However, that would not be the only way for interacting with the GST system, as the taxpayer via his choice of third party applications, which will provide all user interfaces and convenience via desktop, mobile, other interfaces, will be able to interact with the GST system. The third party applications will connect with GST system via secure GST System APIs. All such applications are expected to be developed by third party service providers who have been given a generic name, GST Suvidha Provider or GSP. The GSPs are envisaged to provide innovative and convenient methods to taxpayers and other stakeholders in interacting with the GST Systems from registration of entity to uploading of invoice details to filing of returns. Thus there will be two sets of interactions, one between the App user and the GSP and the second between the GSP and the GST System. It is envisaged that App provider and GSP could be the same entity. Another version could where data, in the required format directly goes to GSP-GST Server. The diagram below gives the most generic case.
In the evolving environment of the new GST regime, it is envisioned that the GST Suvidha Providers (GSP) concept is going to play a very important and strategic role. It is the endeavor of GSTN to build the GSP eco system, ensure its success by putting in place an open, transparent and participative framework for capable and motivated enterprises and entrepreneurs.
The taxpayer under GST Regime will have to provide following information at regular intervals:
It is expected that the GSPs shall provide the tax payers with all services mentioned above in addition to maintaining their individual business ledgers (sales ledger and purchase ledger) and other value added services around the same. Another important service expected from GSPs is the automatic reconciliation of purchase made and entered in the purchase register and data downloaded in the form of GSTR-2 from the GST portal. In addition, there will be sector-specific or trade specific needs which the GSPs are expected to fulfill. The conceptual diagram depicting the same is as given below.
While the GST System will have a G2B portal for taxpayers to access the GST System, there will be a wide variety of tax payers (SME, Large Enterprise, Small retail vendor etc.) who will require different kind of facilities like converting their purchase/sales register data into GST compliant format, integration of their Accounting Packages/ERP with GST System. Similarly, the specific needs of an industry or trade could be met by GSP. In short, the GSP can help the taxpayers in GST compliance through their innovative Solutions.
Tax payer's convenience will be a key in success of GST regime. The tax payer should have a choice to use third party applications which can provide varied interfaces on desktops, laptops, and mobiles and can connect with GST System. The GSP developed apps will connect with the GST system via secure GST system APIs. The majority of GST system functionalities related to taxpayer's GST compliance requirements shall be available to the GSP through APIs. GSPs may use GST APIs and enrich and enhance the tax payer's experience. (The APIs of GST System are RESTful, JSON-based and stateless). GST System will not be available over the Internet for security reasons.
The production API end points can only be consumed via MPLS lines. All APIs will be accessed over HTTPS protocol. The benefits of API based integration are:
Karvy is a leading player in the financial services industry in India. Spanning over a period of over 3 decades, we have established credentials in multiple business lines, cutting across Corporate registry, Mutual fund registry, Stock broking, Depository services, Commodities, Realty division, Personal advisory services, E-governance services including System Integration, PAN application processing in partnership with NSDL, Biometric enrollment services under UID & NPR, Economic surveys, BFSI services and Telecom services. We have also been recently awarded the certificate of registration as a KYC Registration Agency by the SEBI and to act as an Insurance Repository by the IRDA and as an e-KYC agency by the UIDAI. Given our wide reach and presence, Karvy is among the few corporates in India to be part of market/near market infrastructure across disparate business lines.
Endowed with a well-trained team of 25,000+ employees, our offices are replete with state of the art infrastructure across our 560+ branch networks across 296 cities/towns. Our client service delivery model is uniquely positioned to offer a 360 degree Solution encompassing Technology, People and Infrastructure across the value delivery chain to offer custom built Solutions with precision and scale. We would like to use this opportunity to say that the technology backbone at Karvy is completely managed in-house with over 500 seasoned professionals onboard.
Karvy as a GSP has all that it takes to serve its clients – Service, Technology, and Experience in handling both the corporates as well as a large number of retailers.
KARVY’s proposed GSP/ASP Solution for Tax Payers is explained in detail below.
KARVY proposes to use a robust and highly scalable web-based enterprise Solution architecture, conforming to open standards that serve as a unique platform for GSP/ASP Solution to perform the GSP operations and serve the needs of the various Tax Payers.
By keeping in mind, the desire of taxpayers to provide an integrated web based Solution will be achieved through the proposed robust and efficient Solution architecture. The architecture will cater the needs of all the stakeholders seamlessly as part of the GSTR filing.
The proposed Solution will comprise an n-tier architecture that includes a clear separation of presentation, business and data layers. The presentation tier uses a model-view-controller (MVC) framework that always for efficient code reuse as well provides for a clear separation of concerns. The business layer encapsulates the GSTN specific business logic and workflow rules. The business tier architecture is designed to make it very easy to expose any business service as a public API (Application Programming Interface) for consumption by external applications. The data tier provides a highly scalable architecture for data retrieval and storage in a relational database in a standard format.
An industry standard Universal Data Model will be used to store all application related data. This flexible data model is designed to provide a highly normalized database design that allows for efficient data storage as well as enforcing data integrity across all application modules. The extensible data model design will also make it easy to add new components and other additional requirements of the GSTN.
Following diagrams depict the proposed GSP/ASP Solution with high-level business components in the proposed MVC n-tier Architecture.
For GSP/ASP Solution KARVY proposes an innovative multi-tenant architecture which allows for computing resources and application code to be generally shared between all the tenants but each tenant has its own data and configuration that remains logically isolated from data that belongs to all other tenants. A metadata layer correctly associates each tenant with the correct database and database security prevents any tenant from accessing other tenants’ data. This Solution has the following major benefits:
This multi-tenant architecture can be taken advantage of by adopting this for GSP/ASP Solution for which each module is considered as a universal Logical builder (ULB) and can talk to each other In this architecture each ULB will get its own data and configuration to cater to its specific needs. For example, GSP/ASP Solution proposed dashboard module can aggregate all the ULBs like data using the multi-tenancy Solution and for overall monitoring and generate the analytics on top of it.
The Proposed Application Software is designed to adhere it to follow the design principles based on Next Generation N- tier architecture and Framework and supports the deployment of an end to end Solution for the Client.
The various Systems and Sub-Systems that form part of this Solution platform are modular seamlessly integrated and are scalable for future upgradeability to deliver the overall functionality.
The Platform architecture support load balancing and is highly scalable to support an increase in load – increase in transactions, customers, increase in data and documents storage and increase in web users.
The Software architecture is designed to supports scale and availability. Every component is designed to scale to large volumes and support Millions of transaction and records. The Architecture is designed for high availability to accommodate failure and design for recovery. It is based on a Modular Architecture so that it can be integrated with multiple applications based on a concept of service through APIs. The various services and applications that consume the service are integrated through a SOA Layer.
The proposed Solution integrates existing internal and external modules/applications through the Multiple APIs/Interfaces and gives the Unified framework with a uniform workflow system so that it provides a common operating workflow Solution for the real estate services. The various components that can be integrated cover – core modules, front end and backend systems and external service providers like GSTN, BANKS, CBEC and others.
The Design principle and consideration are compliant to the General and Design Consideration Guidelines as specified by GSTN and the compliance is provided for the same.
Following is the logical view of the Infrastructure deployed at the Data Centre to configure and run the proposed GSP/ASP Solution.
General Enterprise Requirements
Azure allows customers to encrypt data and manage keys and safeguards customer data for applications, platform, system and storage using three specific methods: encryption, segregation, and destruction.
Data isolation. Azure is a multi-tenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware.
Protecting data at rest. Azure offers a wide range of encryption capabilities, giving customers the flexibility to choose the solution that best meets their needs. Azure
Key Vault helps customers easily and cost effectively streamline key management and maintain control of keys used by cloud applications and services to encrypt data.
Protecting data in transit. For data in transit, customers can enable encryption for traffic between their own VMs and end users. Azure protects data in transit, such as between two virtual networks. Azure uses industry standard transport protocols such as TLS between devices and Microsoft data centers, and within data centers themselves.
Encryption. Customers can encrypt data in storage and in transit to align with best practices for protecting confidentiality and data integrity. For data in transit, Azure uses industry-standard transport protocols between devices and Microsoft data centers and within data centers themselves. You can enable encryption for traffic between your own virtual machines and end users.
Data redundancy. Customers may opt for in-country storage for compliance or latency considerations or out-of-country storage for security or disaster recovery purposes. Data may be replicated within a selected geographic area for redundancy.
Data destruction. When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before reuse. As part of our agreements for cloud services such as Azure Storage, Azure VMs, and Azure Active
Directory, we contractually commit to specific processes for the deletion of data.
Multi-Factor Authentication. Microsoft Azure provides Multi-Factor Authentication (MFA). This helps safeguard access to data and applications and enables regulatory compliance while meeting user demand for a simple sign-in process for both on premises and cloud applications. It delivers strong authentication via a range of easy verification options—phone call, text message, or mobile app notification—allowing users to choose the method they prefer.
Access monitoring and logging. Security reports are used to monitor access patterns and to proactively identify and mitigate potential threats. Microsoft administrative operations, including system access, are logged to provide an audit trail if unauthorized or accidental changes are made. Customers can turn on additional access monitoring functionality in Azure and use third-party monitoring tools to detect additional threats. Customers can request reports from Microsoft that provide information about user access to their environments.
Restricted access by Microsoft personnel. Access to customer data by Microsoft personnel is restricted. Customer data is only accessed when necessary to support the customer’s use of Azure. This may include troubleshooting aimed at preventing, detecting, or repairing problems affecting the operation of Azure and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam). When granted, access is controlled and logged. Strong authentication, including the use of multifactor authentication, helps limit access to authorized personnel only. Access is revoked as soon as it is no longer needed.
Notification of lawful requests for information. Microsoft believes that customers should control their data whether stored on their premises or in a cloud service. We will not disclose Azure customer data to law enforcement except as a customer directs or where required by law. When governments make a lawful demand for Azure customer data from Microsoft, we strive to be principled, limited in what we disclose, and committed to transparency.
Microsoft does not provide any third party with direct or unfettered access to customer data. Microsoft only releases specific data mandated by the relevant legal demand.
If a government wants customer data—including for national security purposes—it needs to follow the applicable legal process, meaning it must serve us with a warrant or court order for content or subpoena for account information. If compelled to disclose customer data, we will promptly notify the customer and provide a copy of the demand unless legally prohibited from doing so.
Karvy ASP application will provide below services-
Returns, Records, and Reconciliation-
Remote Training and Handholding sessions
The Training Specialist will train key operational staff in the use of the system. This training will be oriented towards the usage of the system as defined by the business requirements and will employ a hands-on method of teaching using the customer’s system. At the Conclusion of the training, the customer will sign a Training Verification Checklist. A Concluding meeting will be conducted with the customer. The purpose of the meeting is to Review the activities of both the installation and the training and to provide the customer with the necessary information related to both the Limited Remote Consulting and the Customer Service Support.