KTBA Challenges FBR’s Frequent Password Change Requirement
The Karachi Tax Bar Association (KTBA) has urged the Federal Board of Revenue (FBR) to restrict its recently introduced password change policy to sales tax filers instead of applying it to all taxpayers.
Concerns Over Abrupt Implementation and Lack of Consultation
In a letter addressed to Dr. Najeeb Ahmad, Member (Inland Revenue – Policy) at the FBR, the KTBA raised concerns over the practicality of the policy, which requires taxpayers to change their passwords every 60 days. Under this new regulation, passwords must be updated six times a year through the “Forgot Password” or “Change Password” options. KTBA President Ali A. Rahim criticized the abrupt implementation, pointing out that it was enforced without prior notification, consultation, or a clear rationale.
Policy Introduced in Response to Sales Tax Fraud Cases
The KTBA explained that the policy appears to be a reaction to recent sales tax fraud cases where fraudsters exploited dormant or nil-filing accounts to generate fake sales tax invoices. While acknowledging the need to curb fraudulent activities, the association emphasized that imposing a blanket requirement on all 5.8 million taxpayers is excessive. Instead, it suggested that security enhancements should be specifically targeted to prevent such fraud.
Blanket Requirement Criticized as Excessive and Impractical
During a meeting with the FBR on January 15, 2024, the KTBA had already expressed concerns about the impact of this policy. It argued that requiring frequent password changes from all taxpayers—regardless of their filing category—would lead to confusion, increased non-compliance, and technical difficulties. The association noted that even financial institutions, despite their emphasis on security, do not impose such frequent password resets.
Differences Between Income Tax and Sales Tax Filing Obligations
The KTBA further pointed out that income tax and sales tax systems function differently. While income tax returns are filed annually and withholding tax statements quarterly, sales tax returns must be submitted every month. Imposing identical security measures on all taxpayers, despite these differences, creates unnecessary complications. Instead, the KTBA proposed that income taxpayers should only be required to change their passwords once a year.
Call for Transparent Amendments to IRIS Web Portal Regulations
The association also recommended that any modifications to the password policy should be introduced through formal amendments to the IRIS web portal’s regulations to ensure transparency and stakeholder input before enforcement.
Recommended Measures to Strengthen Fraud Prevention
To enhance fraud prevention, the KTBA suggested a more strategic approach, including suspending or blocking Sales Tax Registration Numbers (STRNs) for entities that fail to file returns for three consecutive months. Additionally, STRNs under deregistration review for more than three months should be automatically blocked to prevent misuse. These measures, already adopted by provincial tax authorities, have been effective in reducing tax fraud.
KTBA’s Commitment to Balanced Tax Policy and Compliance
The KTBA believes that by adopting these recommendations, the FBR can improve security without imposing unnecessary burdens on taxpayers. The association remains committed to collaborating with the FBR to refine tax policies that strike a balance between fraud prevention and ease of compliance.