Cloud adoption has significant impacts on various aspects of business operations. This article explores essential factors that demand thorough consideration when embarking on a cloud transformation initiative.

The financial and fiscal implications arising from cloud adoption

The capitalisation of cloud services

Current accounting guidance poses the challenges of applying the definition and recognition criteria of an intangible asset according to International Financial Reporting Standards (IFRS)® accounting standards. One of the key difficulties highlighted, centres around demonstrating control over the software in a Software as a Service (SaaS) arrangement.

Control usually remains on the provider’s side but there may be cases where contractual arrangements could be seen as leasing. This could for example be the case where the “buyer” would have discretion over where to host the solution and over when to upgrade it.

When the SaaS agreement leads to a situation where a services contract is recognised, the real question comes: Can Customisation and Configuration (CC) costs in cloud computing arrangements be capitalised? The answer is not that obvious and requires analysis from multiple angles. The decision tree below summarises the accounting outcomes.

While in a classic SaaS arrangement, many related costs would be recognised as expenses, there are still situations where judgement is required and where advice from an accountant professional will be useful. Some of those situations may refer to lease arrangement, additional codes, prepayment accounting, etc.

  

The crucial role of FinOps in managing cloud spending

Since cloud services are associated with Operating Expenses (OpEx), it is crucial to monitor cloud spending. Therefore, any organisation moving to the cloud shall embrace Financial Operations (FinOps) practices. The objective is to establish necessary tools and processes to facilitate the planning, measurement, analysis, optimisation, and reporting of cloud costs.

First, forecasts in terms of cloud consumption must be planned per organisational unit and per application. These targets will be set up in the cost management tools, so that actions can be taken whenever predefined spending thresholds are reached. Organisations shall also implement the appropriate metrics and dashboards to gain real-time insights into their actual spending and analyse them.

It is also essential to ensure continuous optimisation of cloud costs. This could be done for instance by selecting the cloud providers’ pricing models that best fit the organisation’s usage patterns, or by implementing policies that enable the identification of underutilised resources and shut them down or resize them whenever feasible.

Finally, show back and chargeback methods can help to foster awareness and responsibility throughout the organisation by making other business units aware of the costs associated with their cloud usage.

To embrace FinOps, organisations are encouraged to leverage toolkits and accelerators for deploying these capabilities, managing, and optimising cloud usage costs, with a focus on automation.

 

Tax-related concerns

Transition to the cloud may also raise tax-related concerns due to its borderless and digital nature, making it challenging to determine the character of transactions and the locations of consumption and taxation. Multinational enterprises often view their operations from a group perspective, but tax authorities assess individual entities, meaning that changes in functions, risks, assets, or decision-making can impact the local tax base.

Firstly, the proper allocation of cloud costs is crucial. If not assigned correctly to the benefiting entity, local tax authorities may deny cost deductions, leading to a higher tax burden or double taxation. Exit taxes are another key area, especially when transferring assets, functions, or off-balance sheet assets like client lists or data.

Secondly, intercompany pricing must be at arm’s length to ensure profits are allocated correctly and tax deductions are justified. This requires accurate documentation and compliance with local tax authority requirements to avoid reassessments and penalties. The implementation of the cloud necessitates a re-evaluation of intercompany pricing to reflect any changes accurately.

Lastly, Net Wealth Taxes (NWT) may increase if assets, particularly in jurisdictions like Luxembourg, are owned by specific entities. Transfer pricing rules, which dictate the prices a provider must charge an affiliate for cloud services, play a critical role in determining a group’s overall effective tax rate, depending on where profits are taxed. Ensuring that existing intercompany transactions align with arm’s length principles is crucial to minimise transfer pricing exposure before and after cloud service implementation.

 

DORA as a key milestone for the future of cloud in financial services

The Digital Operational Resilience Act (DORA) will enter into force on 17 January 2025 and with it some far reaching implications. DORA applies to regulated financial entities in Europe and requires them to take an inventory of their current operating model – including Information and Communication Technology (ICT) assets – and identify and qualify associated ICT risks. This assessment of the operational and IT model may require changes to the current IT setup. These changes may include the adoption of cloud-based services like what can be observed in the non-financial industry. In case regulated financial entities are selecting (new) cloud providers, DORA stipulates a systematic ICT third party risk management which ranges from:

• A multi-vendor strategy at the level of the regulated financial entity that needs to be put in place;
• New contractual requirements;
• Enhanced due diligence requirements with respect to the cloud provider as well as the ensuing sub-outsourcing chain;
• To the DORA register that will require regulated financial institutions to collect minimum information for each contractual relationship including the related sub-outsourcings for ICT services provided.

Legal and compliance considerations

The use of the cloud requires mastering legal requirements including, among others, the General Data Protection Regulation (GDPR) and DORA regulations.

For instance, it is key to ensure that personal data and processing operations are clearly outlined, emphasising data protection and security during cloud migration. Contracts must cover the requirements imposed by GDPR and any other applicable data protection legislation.

Furthermore, for financial services, contracts should stipulate cloud service providers’ support for DORA’s resilience and reporting standards, to achieve operational integrity in a digital infrastructure.

Additionally, contracts need mechanisms to address conflicts, for example between the US Cloud Act and GDPR, particularly around data access by foreign authorities, ensuring data protection commitments are robust and legally sound.

Contractual Guarantees are also key and should include:

• Defined and reasonable data retention periods;
• Explicit data location and transfer protocols and/or standard contractual clauses (as well as data transfer impact assessment) for international compliance;
• Clear definition of GDPR responsibilities and roles as well as interactions with data protection authorities;
• Firm security and confidentiality commitments from cloud service providers, with detailed security measures and audit rights to protect data integrity.

A successful cloud transformation demands a thorough approach that goes beyond the traditional aspects related to technology, organisation, and operations. It also encompasses vital elements such as financial, tax, regulatory and contractual aspects. The journey toward cloud adoption involves actively engaging various stakeholders in the organisation, and it is imperative to include them from early stages of transformation.

For more information visit our webpage: https://www.pwc.lu/en/advisory/digital-tech-impact/technology/cloud-services.html

 

Patrice Witz, Advisory Partner, PwC Luxembourg

Philippe Forster, IFRS, Treasury & Payment institutions, Partner, PwC Luxembourg

Michael Horvath, Regulatory Advisor,  Financial Services, Partner, PwC Luxembourg

Marc Rasch, Transfer Pricing Partner, PwC Luxembourg

Audrey Rustichelli, Head of the Technologies & IP department,  Head of the Commercial Contracts practice, Deputy Managing Partner, PwC Legal Luxembourg

Stéphane Zema, Cloud Transformation Leader, Director, PwC Luxembourg