2.4.2 Functional Analysis of Functions Performed, Risks Assumed and Assets Employed

In transactions between two independent persons, compensation usually will reflect the functions that each person performs (taking into account assets used and risks assumed). Therefore, in delineating the controlled transaction and determining comparability between controlled and uncontrolled transactions or entities, a functional analysis is necessary. This functional analysis seeks to identify the economically significant activities and responsibilities undertaken, assets used or contributed, and risks assumed by the parties to the transactions. The analysis focuses on what the parties actually do and the capabilities they provide.

For this purpose, the structure and organization of the associated persons and how they influence the context in which the MNE operates must be explained, in particular, how value is generated by the group as a whole, the interdependencies of the functions performed by the associated persons with the rest of the group, and the contribution that the associated persons make to that value creation

A. Functions

Functions are activities performed by each person in business transactions such as procurement, marketing, distribution and sales. The principal functions performed by the associated person under examination should be identified first. Any increase in economically significant functions performed should be compensated by an increase in profitability of the person.

Usually, when various functions are performed by a group of independent persons, the party that provides the most effort and, more particularly, the rare or unique functions would earn the most profit. For example, a distributor performing additional marketing and advertising function is expected to have a higher return from the activity than if it did not undertake these functions.

B. Assets

In comparing functions performed, it is also important to identify and consider the assets (tangible and intangible) that are employed, or are to be employed, in a transaction. This includes the analysis of the type of assets used, (e.g. plant and equipment, the use of valuable intangibles, financial assets) and the nature of the assets used (e.g. the age, market value, location, property right protections available, etc.

  1. Tangible assets employed

    Tangible assets such as property, plant and equipment are usually expected to earn long-term returns that commensurate with the business risks assumed. Profitability of a company should rightfully increase with the increase in the amount, as well as the degree, of specificity of assets employed. Quantifying these amounts whenever possible helps determine the level of risks borne and the level of profit a company should expect.

  2. Intangible assets employed

    Intangible assets are also expected to generate returns for the owners by way of sales or licensing. It is thus essential to identify the parties to whom the returns generated are attributable.

C. Risks

Risk is inherent in business activities and persons undertake commercial activities because they seek opportunities to make profits. Identifying risks goes hand in hand with identifying functions and assets and is integral to the process of identifying the commercial or financial relations between the associated persons and of accurately delineating their transactions. Evaluation of risks assumed is crucial in determining arm's length prices with the economic assumption that the higher the risks assumed, the higher the expected return.

Controlled and uncontrolled transactions are not comparable if there are significant differences in the risks assumed which appropriate adjustments cannot be made. Therefore, risks assumed by each party has to be identified and considered since the actual assumption of risks would influence the prices of the transactions between the associated persons and is an economically relevant characteristic that can be significant in determining the outcome of a transfer pricing analysis.

In this section references are made to terms that require initial explanation and definition as below:

  1. The term "risk management" is used to refer to the function of assessing and responding to risk associated with commercial activity. Risk management comprises of three elements:

    1. the capability to make decisions to take on, lay off, or decline a risk-bearing opportunity, together with the actual performance of that decision-making function;
    2. the capability to make decisions on whether and how to respond to the risks associated with the opportunity, together with the actual performance of that decision-making function; and
    3. the capability to mitigate risk, that is the capability to take measures that affect risk outcomes, together with the actual performance of such risk mitigation.

  2. "Risk assumption" means taking on the upside and downside consequences of the risk with the result that the party assuming a risk will also bear the financial and other consequences if the risk materializes. A party performing part of the risk management functions may not assume the risk that is the subject of its management activity, but may be hired to perform risk mitigation functions under the direction of the risk-assuming party.

  3. Financial capacity to assume risk can be defined as access to funding to take on the risk or to lay off the risk, to pay for the risk mitigation functions and to bear the consequences of the risk if the risk materializes. Access to funding by the party assuming the risk takes into account the available assets and the options realistically available to access additional liquidity, if needed, to cover the costs anticipated to arise should the risk materialize.

  4. Control over risk involves the first two elements of risk management defined in (a), that is:

      1. the capability to make decisions to take on, lay off, or decline a risk-bearing opportunity, together with the actual performance of that decision-making function; and
      2. the capability to make decisions on whether and how to respond to the risks associated with the opportunity, together with the actual performance of that decision-making function.

    It is not necessary for a party to perform the day-to-day mitigation, as described in (a)(iii) in order to have control of the risks. Such day-to-day mitigation may be outsourced, as Example 2 illustrates. However, where these day-to-day mitigation activities are outsourced, control of the risk would require capability and performance to determine the objectives of the outsourced activities, to decide whom to hire as provider of the risk mitigation functions, to assess whether the objectives are being adequately met, and where necessary, to decide whether to adapt or terminate the contract with that provider.

  5. Risk mitigation refers to measures taken that are expected to affect risk outcomes. Such measures may include measures that reduce the uncertainty or measures that reduce the consequences in the event that the downside impact of risk occurs.

The concept of control may be illustrated by the following examples.

Company A appoints a specialist manufacturer, Company B to manufacture products on its behalf. The contractual arrangements indicate that Company B undertakes to perform manufacturing services, but that the product specifications and designs are provided by Company A, and that Company A determines production scheduling, including the volumes and timing of product delivery.

The contractual relations imply that Company A bears the inventory risk and the product recall risk. Company A hires Company C to perform regular quality controls of the production process. Company A specifies the objectives of the quality control audits and the information that Company C should gather on its behalf. Company C reports directly to Company A. Analysis of the economically relevant characteristics shows that Company A controls its product recall and inventory risks by exercising its capability and authority to make a number of relevant decisions about whether and how to take on risk and how to respond to the risks. Besides that, Company A has the capability to assess and take decisions relating to the risk mitigation functions and actually performs these functions. These include determining the objectives of the outsourced activities, the decision to hire the particular manufacturer and the party performing the quality checks, the assessment of whether the objectives are adequately met, and, where necessary, to decide whether to adapt or terminate the contracts.

Assume that an investor hires a fund manager to invest funds on its account. Depending on the agreement between the investor and the fund manager, the latter may be given the authority to make portfolio investments on behalf of the investor on a day to-day basis in a way that reflects the risk preferences of the investor, although the risk of loss in value of the investment would be borne by the investor. In such an example, the investor is controlling its risks through four relevant decisions:

  1. the decision about its risk preference and therefore about the required diversification of the risks attached to the different investments that are part of the portfolio,
  2. the decision to hire (or terminate the contract with) that particular fund manager,
  3. the decision of the extent of the authority it gives to the fund manager and objectives it assigns to the latter, and
  4. the decision of the amount of the investment that it asks this fund manager to manage.

Moreover, the fund manager would generally be required to report back to the investor on a regular basis as the investor would want to assess the outcome of the fund manager's activities. In such a case, the fund manager is providing a service and managing his business risk from his own perspective (e.g. to protect his credibility). The fund manager's operational risk, including the possibility of losing a client, is distinct from his client's investment risk.

This illustrates the fact that an investor who gives to another person the authority to perform risk mitigation activities such as those performed by the fund manager does not necessarily transfer control of the investment risk to the person making these day-to-day decisions. For entities claiming to have control over risk by outsourcing risk mitigation activities, they will have to give evidence of a sequential and scheduled monitoring and administering done by them. In cases where monitoring is performed online, the controlling entity should be able to substantiate and show proof of those activity performed by them.

Also, where a controlling entity has control over the activity done by their local subsidiary or related party, the controlling entity may have Permanent Establishment (PE) in Malaysia (subject to Double Taxation Agreement between Malaysia and the relevant country) as the local entity will be said to be performing activity on behalf of the controlling party.

D. Risk Analysis Framework

Below are the process or steps of analysing risk in a controlled transaction, in order to accurately delineate the actual transaction in relation to risk:

Step 1: Identify economically significant risks with specificity

Risk can be categorized in various ways. However, in transfer pricing analysis, emphasis is on the sources of uncertainty which gives rise to risk. Below are the non-exclusive list of sources of risk (not intended to suggest a hierarchy of risk or rigid category of risk, instead as examples of possible range of risk that can arise in a transfer pricing analysis).

These are largely external risks caused by the economic environment, political and regulatory events, competition, technological advance, or social and environmental changes.

The assessment of such uncertainties may define the products and markets the company decides to target, and the capabilities it requires, including investment in intangibles and tangible assets, as well as in the talent of its human capital. Examples of such risks may include marketplace trends, new geographical markets, and concentration of development investment.

These are likely to include the uncertainties associated with the company's business execution and may include the effectiveness of processes and operations. The impact of such risks is highly dependent on the nature of the activities and the uncertainties the company chooses to assume. In some circumstances breakdowns can have a crippling effect on the company's operations or reputation and threaten its existence; whereas successful management of such risks can enhance reputation.

In other circumstances, the failure to bring a product to market on time, to meet demand, to meet specifications, or to produce high standard products, can affect competitive and reputational position, and give advantage to companies which bring competing products to market more quickly. Some infrastructure risks are internally driven and may involve capability and availability of assets, employee capability, process design and execution, outsourcing arrangements and IT systems.

All risks are likely to affect a company's financial performance, but there are specific financial risks related to the company's ability to manage liquidity and cash flow, financial capacity, and creditworthiness. The uncertainty can be externally driven, for example by economic shock or credit crisis, but can also be internally driven through controls, investment decisions, credit terms, and through outcomes of infrastructure or operational risks.

Include pricing and payment terms in a commercial transaction for the supply of goods, property, or services.

Includes adverse external events that may cause damages or losses, including accidents and natural disasters. Such risks can often be mitigated through insurance, but insurance may not cover all the potential loss, particularly where there are significant impacts on operations or reputation.

Determining the economic significance of risk and how risk may affect the pricing of a transaction between associated persons is part of the broader functional analysis of how value is created by the MNE. The economic significance of risk may be illustrated by the following two situations:

The MNE Group supplies fuel oil to various industries in Malaysia. The fuel oils are mostly used by industries for process heating, steam generation and power generation, and marine vessels. Analysis of the economically relevant characteristics establishes that the product is undifferentiated, the market is competitive, the market size is predictable and players are price-takers.

In such circumstances, the ability to influence margins may be limited. The credit terms achieved from managing the relationship with the oil suppliers fund working capital are crucial to the distributor's margin. The impact of the risk on cost of capital is, therefore, significant in the context of how value is created for the distribution function.

A multinational toy retailer buys a wide range of products from a number of third-party manufacturers. Most of its sales are concentrated in the last two months of the calendar year, and a significant risk relates to the strategic direction of the buying function, and in making the right bets on trends and determining the products that will sell and in what volumes. Trends and the demand for products can vary across markets, and so expertise is needed to evaluate the right bets in the local market. The effect of the buying risk can be magnified if the retailer negotiates a period of exclusivity for a particular product with the third-party manufacturer.

Step 2: Contractual assumption of risk

The identity of the parties assuming risks may be set out in written contracts which typically sets out an intended assumption of risk by the parties. Some risks may be explicitly assumed in the contractual arrangements. For example, a distributor might contractually assume accounts receivable risk, inventory risk, and credit risks associated with the distributor's sales to unrelated customers. Other risks might be implicitly assumed. For example, contractual arrangements that provide non-contingent remuneration for one of the parties implicitly allocate the outcome of some risks, including unanticipated profits or losses, to the other party. However, purported assumption of risk by associated person when risk outcomes are certain or has materialised is by definition not an assumption of risk, as there is no longer any risk.

The assumption of risk has a significant effect on determining arm's length pricing between associated persons, but it should not be concluded that the pricing arrangements adopted in the contractual arrangements alone determine which party assumes risk. Therefore, one may not infer from the fact that the price paid between associated persons for goods or services is set at a particular level, or by reference to a particular margin, that risks are borne by those associated persons in a particular manner. For example, a manufacturer may claim to be protected from the risk of price fluctuation of raw material as a consequence of it being remunerated by another group company on a basis that it takes account of its actual costs. The implication of the claim is that the other group company bears the risk.

The form of remuneration cannot dictate inappropriate risk allocations. It is the determination of how the parties actually manage and control risks which will determine the assumption of risks by the parties, and consequently dictate the selection of the most appropriate transfer pricing method.

Therefore, it should not be inferred that a party bears the assumption of risk simply because it is being remunerated on cost plus basis, certain mark-up or reimbursed for cost or losses incurred. Instead, a taxpayer has to prove assumption of risk by showing the exercise of control over the risk and financial capacity to assume the risk.

Step 3: Functional analysis in relation to risk

In this step, the functions in relation to risk of the associated persons that are parties to the transaction are analysed. The analysis provides information about how the associated persons operate in relation to the assumption and management of the specific, economically significant risks, and in particular about which person or persons perform control functions and risk mitigation functions, which person or persons encounter upside or downside consequences of risk outcomes, and which person or persons have the financial capacity to assume the risk.

Company A seeks to pursue a development opportunity and hires a specialist company, Company B, to perform part of the research on its behalf. Under step 1 development risk has been identified as economically significant in this transaction, and under step 2 it has been established that under the contract Company A assumes development risk.

Company A has mitigated its risk by taking measures to outsource development activities to Company B which assumes the day-today responsibility for carrying out the research under the control of Company A. Company B reports back to Company A at predetermined milestones, and Company A assesses the progress of the development and whether its ongoing objectives are being met, and decides whether continuing investments in the project are warranted in the light of that assessment.

Company A has the financial capacity to assume the risk. Company B has no capability to evaluate the development risk and does not make decisions about Company A's activities. Company B's risk is mainly to ensure it performs the research activities competently and it exercises its capability and authority to control that risk through making decisions about the processes, expertise, and assets it needs. The risk Company B assumes is distinct from the development risk assumed by Company A under the contract, which is controlled by Company A based on the evidence of the functional analysis.

Step 4: Interpreting steps 1-3

Carrying out steps 1-3 involves the gathering of information relating to the assumption and management of risks in the controlled transaction. The next step is to interpret the information resulting from steps 1-3 and to determine whether the contractual assumption of risk is consistent with the conduct of the parties and the other facts of the case by analyzing;

  1. whether the associated persons follow the contractual terms under the principles of paragraph 2.4.1; and
  2. whether the party assuming risk, as analyzed under (a), exercises control over the risk and has the financial capacity to assume risk.

In line with the discussion in paragraph 2.4.1, it should be considered under step 4(a) whether the parties' conduct conform to the assumption of risk contained in written contracts, or whether the contractual terms have not been followed or are incomplete. Where differences exist between contractual terms related to risk and the conduct of the parties which are economically significant and would be taken into account by third parties in pricing the transaction between them, the parties' conduct in the context of the consistent contractual terms should generally be taken as the best evidence concerning the intention of the parties in relation to the assumption of risk.

If it is established that the associated persons assuming the risk as analyzed under step 4(a) either do not control the risk or do not have the financial capacity to assume the risk, then the analysis described under step 5 needs to be performed. Where the associated persons assuming risk (as analysed under step 4(a) controls that risk and has the financial capacity to assume the risk, step 5 need not be considered. Control requires both capability and functional performance in order to exercise control over a risk.

The test of control should be regarded as being met where comparable risk assumptions can be identified in a comparable uncontrolled transaction. To be comparable those risk assumptions require that the economically relevant characteristics of the transactions are comparable. If such a comparison is made, it is particularly relevant to establish that the persons assuming comparable risk in the uncontrolled transaction performs comparable risk management functions relating to control of that risk.

Step 5: Allocation of risk

If it is established in step 4(b) that the associated persons assuming the risk based on steps 1 – 4(a) does not exercise control over the risk or does not have the financial capacity to assume the risk, then the risk should be allocated to the persons exercising control and having the financial capacity to assume the risk.

If multiple associated persons are identified that both exercise control and have financial capacity to assume the risk, it should then be allocated to the associated persons exercising the most control. The other parties performing control activities should be remunerated appropriately based on the importance of the control activities performed.

Step 6: Pricing of the transaction

The accurately delineated transaction should then be priced in accordance with the tools and methods available and taking into account the financial and other consequences of risk-assumption, and the remuneration for risk management.

The assumption of a risk should be compensated with an appropriate anticipated return, and risk mitigation should be appropriately remunerated. Thus, a taxpayer that both assumes and mitigates a risk will be entitled to greater anticipated remuneration than a taxpayer that only assumes a risk, or only mitigates, but does not do both.

In the circumstances of Example 6, Company A assumes and controls the development risk and should bear the financial consequences of failure and enjoy the financial consequences of success. Company B should be appropriately rewarded for the carrying out of its development services, incorporating the risk when it fails to do so.