Government Has Strategic Control; No Threat To Tax Data: GSTN Chairman

Debunking criticism over equity structure of the company building world's biggest tax system, GST Network Chairman Navin Kumar said all measures have been taken to protect sensitive tax information and the government will have strategic control over it.

By keeping Goods and Services Tax Network (GSTN) private, the company has been equipped to take decisions quickly as an agile and nimble organisation not bound by red tape that can retain talent by paying market salaries, he told PTI. Kumar insisted that enough fire-walls and 8-levels of security is being built to keep the data safe.

BJP leader Subramanian Swamy has questioned the structure of the entity created under the previous UPA regime saying how a private firm can be allowed access to "sensitive" tax information without security clearance.

The Government of India has 24.5 percent stake in GSTN and the state government an equal share. The remaining 51 percent is with private financial institutions.

"But measures for strategic control by the government have been built-in," he said adding the GSTN board has 14 directors, half of them are appointed by the government.

The Centre and State nominate three directors each and the Chairman is jointly named by the two.

"So government has 49 percent equity and 50 percent of the directors. The private equity holders who hold 51 percent, can nominate only three directors. And then there are three are indepedent directors and one is a CEO.

"The rules of business specify that no meeting of the board can take place unless 50 percent of the directors are from government. Which basically means that no decision can be taken against the wishes of the government. So this is the strategic control that they exercise," Kumar said.

While GSTN in day-to-day functioning works like a private company, takes quick decisions and is not bound by the PSU rules, there are certain critical decisions which can be taken only through special resolution in the general meeting, where 75 percent of the votes are to be polled for any decision.

"So in a nutshell, it is a non-government company over which government has a strategic control," he said.

Asked about concerns over data security, he said this is not the first time that the government is implementing an IT project through a private company.

"There are many large IT projects already in operation.

Take the case of Income Tax. Who is doing the Income Tax project-- it is Infosys and TCS. What are Infosys and TCS, they are private companies. Go to any VAT projects in the states, most of them are being done by either TCS or Wipro...

"So is the I-T data sensitive or not? That is with these private companies. Now look at GSTN. GSTN is structured as a private company over which government has a strategic control.

No decision can be taken without its consent... So what is the concern? If data can rest with TCS or Wipro without any problem, why is a question being raised about GSTN handling such data. Because here government has a presence on our board. So there is no problem," Kumar said.

GSTN is a not-for-profit, non-government, private limited company promoted by the central and state governments with the specific mandate to build the IT infrastructure and the services required for implementing GST. Its services will be made available to all stakeholders such as the central tax department and tax departments of all state governments, RBI, banks and taxpayers, Kumar said.

"If you want to know why it is a non-government, private company and not a PSU, for that let me take you back to 2010 when the finance ministry was looking at some large financial sector projects like NPS. Like TIN, GST, there were 4-5 such large projects.

He said further: "So they set up a Technical Advisory Group on Unique Projects (TAGUP), and they were asked to suggest road maps for implementing these large financial sector projects."

He added that they recommended setting up National Information Utilities (NIU) to implement such projects. NIU, the TAGUP recommended, should be structured as non-government private company with a public purpose.

In July 2010, the empowered committee of state finance ministers, which had been working on GST since 2005, constituted an empowered group on IT infrastructure under Nandan Nilekani. This committee had representation from the Centre, the revenue department and CBEC as well as from five states of Maharashtra, Gujarat, Karnataka, West Bengal and Odisha.

The panel recommended that NIU for GST should be a special purpose vehicle structured as a non-government, not-for-profit private company. "They suggested 49 percent equity for government to be shared between central and state governments. So that is how in March 2013, this company got registered," he said. This structure, he said, was decided by the empowered committee of state finance ministers on GST.

"They gave 4-5 reasons (for the structure). First, this SPV must have independence of management, it should not be reporting to any government, but it should be structured such that while it is not under any government, the latter will have a say in its management so that in day-to-day working, the company is not constrained by any rules, regulations or instruction of the government," he said.

Second, the organisation should be agile and nimble to take quick decisions. Also, it should be able to attract the best of talent both in IT and the field of indirect taxes and be able to hire and retain competent resources.

"This kind of freedom should be given which a PSU will never have. So, these were the reasons given," he said, adding that it was recommended that the government should exercise a strategic control over this company as the work it will do is in the public domain.

On the security of data, he said there are 8-levels of security, and ISO 27001, which is the best available standard for information security management, is being followed.

"So our system will be ISO 27001-certified which means the best available tools for security in the world whether in terms of hardware or software will be used. We are going to ensure the security of the data systems," he added.