Regulatory risk differentiation

Regulatory risk differentiation is the process used by a regulatory authority (the regulator - most often a tax administration) to systemically treat entities differently based on the regulator's assessment of the risks of the entity's non-compliance.

Regulators can include law enforcement agencies. Entities refers to those under the authority/control of the regulator – in most cases ranging from individuals to companies (legal entities) to multinationals operating within the regulator's jurisdiction.

The risk differentiation process requires the regulator to directly link a robust risk assessment, such as via a risk scoring model, to different regulatory responses (e.g. financial penalties, criminal imprisonment). Regulatory risk differentiation is also referred to as the Compliance Model in some regulatory agencies.^[1] See for example the Australian Prudential Regulatory Authority risk differentiation approach known as: PAIRS^[2] / SOARS.^[3] PAIRS is the Probability And Impact Rating System, while SOARS is the Supervisory Oversight And Response System.

^ See for example http://www.acir.gov.au/provider/business/audits/ncp/our-compliance-model.jsp
^ "Archived copy" (PDF). Archived from the original (PDF) on 2012-09-13. Retrieved 2012-06-07.{{cite web}}: CS1 maint: archived copy as title (link)
^ "Archived copy" (PDF). Archived from the original (PDF) on 2012-02-27. Retrieved 2012-06-07.{{cite web}}: CS1 maint: archived copy as title (link)

[1] See for example http://www.acir.gov.au/provider/business/audits/ncp/our-compliance-model.jsp

[2] "Archived copy" (PDF). Archived from the original (PDF) on 2012-09-13. Retrieved 2012-06-07.{{cite web}}: CS1 maint: archived copy as title (link)

[3] "Archived copy" (PDF). Archived from the original (PDF) on 2012-02-27. Retrieved 2012-06-07.{{cite web}}: CS1 maint: archived copy as title (link)

[1]

[2]

[3]