Archive for the ‘Dubai and regional news’ category

Dynamics 365 Enterprise Finance and Operations – G.C.C. HR and Payroll from Synergy Software Systems

August 10th, 2017

Our Ax 2012 R3 popular HR and Payroll software was implemented in more than 40 companies.
It is now available in Dynamics 365 Enterprise Finance and Operation, with the first implementation already started.

The product includes comprehensive payroll features as well as automation of many day to day processes for HR and PRO staff.

Extensive Power BI analysis, T@A integration, and mobile approval are additional features

VAT for the U.A.E. some updates – July 2017

July 15th, 2017

Any taxable person must retain VAT invoices issued and received for a minimum of 5 years.

Imports
The place of supply will determine whether a supply is made within the UAE (in which case the UAE VAT law will apply), or outside the UAE for VAT purposes. For a supply of goods, the place of supply should be the location of goods when the supply takes place – with special rules for certain categories of supplies (e.g. water and energy, cross border supplies).

For the supply of services, the place of supply should be where the supplier is established – (with special rules for certain categories of supplies e.g. cross border supplies between businesses).

VAT shall be payable in addition to the custom duties paid by the importer of the goods and cannot be deducted against. VAT shall be computed on the value that includes the customs duties.

Some goods that are imported may be exempt from customs duties but be subject to VAT.

VAT is due on the goods and services purchased from abroad. In case the recipient in the State is a registered person with the Federal Tax Authority for VAT purposes, the VAT would be due on that import using a reverse charge mechanism. In case the recipient in the State is a non-registered person for VAT purposes, VAT would be paid on import of goods from a place outside the GCC. Such VAT will typically be required to be paid before the goods are released to the person.

Exempt and zero rate
- The VAT treatment of real estate will depend on whether it is a commercial or residential property.
Supplies (including sales or leases) of commercial properties will be taxable at the standard VAT rate (i.e 5%).
- Supplies of residential properties will generally be exempt from VAT to ensure that VAT does not constitute an irrecoverable cost to persons who buy their own properties. To ensure that real estate developers can recover VAT on construction of residential properties, the first supply of residential properties within 3 years from their completion will be zero-rated.

There is a difference between exempt goods and zero rate. (for example zero rate might be raised in future).
VAT will be charged at 0% in respect of the following main categories of supplies:
• Exports of goods and services to outside the GCC;
• International transportation, and related supplies;
• Supplies of certain sea, air and land means of transportation (such as aircrafts and ships);
• Certain investment grade precious metals (e.g. gold, silver, of 99% purity);
• Newly constructed residential properties, that are supplied for the first time within 3 years of their construction ;
• Supply of certain education services, and supply of relevant goods and services;
• Supply of certain Healthcare services, and supply of relevant goods and services.

The following categories of supplies will be exempt from VAT:
• The supply of some financial services (clarified in VAT legislation);
• Residential properties;
• Bare land;
• Local passenger transport

Financial Services
It is expected that fee based financial services will be taxed but margin based products are likely to be exempt.
Generally, insurance (vehicle, medical, etc) will be taxable.
Life insurance, we understand will be treated as an exempt financial service

The VAT treatment of standard financial services and Islamic finance products, the treatment of Islamic finance products will be aligned with the treatment of similar standard financial services

Businesses that meet requirements the Legislation (such as being resident in the UAE and being related/associated parties) will be able to register as a VAT group. For some businesses, VAT grouping will be a useful tool to simplify accounting for VAT.

Offsetting VAT.
VAT registered businesses will be able to reduce their output tax liability by the amount of VAT that relates to bad debt which has been written off by the VAT registered business. The legislation will include the conditions and limitations concerning the use of this relief.

A scheme will be introduced to allow a UAE national who is not registered for VAT to reclaim VAT paid on goods and services relating to constructing a new residence which will be privately used by the person and his family. This will allow the recovery of VAT on such expenses as contractor’s services and building materials.

To avoid double taxation (where second hand goods are acquired by a registered person from an unregistered person for the purpose of resale), the VAT-registered person will be able to account for VAT on sales of second hand goods with reference to: the difference between the purchase price of the goods, and the selling price of the goods (that is, the profit margin).

The VAT which must be accounted for by the registered person, will be included in the profit margin. The legislation will include the details of the conditions to be met in order to apply this mechanism.

VAT on expenses
A VAT registered person incurs input tax on its business expenses, and this input tax can be recovered in full when it relates to a taxable supply that was made, or intended to be made, by the registered person. In contrast, where the expense relates to a non-taxable supply (e.g. exempt supplies), then the registered person may not recover the input tax paid.

VAT will not be deductible in respect of expenses incurred for making non-taxable supplies. Furthermore, input tax cannot be deducted when it is incurred in respect of specific expenses such as entertainment expenses e.g. for employee entertainment.

VAT on expenses that were incurred by a business can be deducted in the following circumstances:
• The business must be a taxable person (the end consumer cannot claim any input tax refund).
• VAT should have been charged correctly (i.e. unduly charged VAT is not recoverable).
• The business must hold documentation showing the VAT paid (e.g. valid tax invoice).
• The goods or services acquired are used or intended to be used for making taxable supplies.
• VAT input tax refund can be claimed only on the amount paid or intended to be paid before the expiration of 6 months after the agreed date for the payment of the supply.

In certain situations, an expense may relate to both taxable and non-taxable supplies made by the registered person (such as activities of the banking sector). In these circumstances, the registered person would need to apportion input tax between the taxable and non-taxable (exempt) supplies.

Businesses will be expected to use input tax (ratio of recoverable to total) as a basis for apportionment in the first instance – (there will be the facility to use other methods where those are fair and agreed with the Federal Tax Authority).

Compliance and returns
Penalties will be imposed for non-compliance. Examples of actions and omissions that may give raise to penalties include:
• A person failing to register when required to do so;
• A person failing to submit a tax return or make a payment within the required period;
• A person failing to keep the records required under the issued tax legislation;
• Tax evasion offences where a person performs a deliberate act or omission with the intention of violating the provisions of the issued tax legislation.

No special rules are planned for small or medium sized enterprises. The FTA will provide materials and resources available for these entities to assist them in their enquiries.

A supplier registered or required to be registered for VAT must issue a valid VAT invoice for the supply. To be considered as a valid VAT invoice, the document must follow a specific format as mentioned in the legislation. In certain situations the supplier may be able to issue a simplified VAT invoice.

Government entities
Supplies made by government entities will typically be subject to VAT. This will ensure that government entities are not unfairly advantaged as compared to private businesses. Certain supplies made by government entities will, however, be excluded from the scope of VAT if they are not in competition with the private sector or where the entity is the sole provider of such supplies. It is likely certain government entities will be entitled to VAT refunds – this is designed to avoid budgeting issues and provide a level playing field between outsourced and insourced activities. For the supplies provided for government entities, the treatment of such supplies shall depend on the same supply and not on the recipient of the supply. Therefore, if the supply is subject to the standard tax rate, the treatment would remain the same even if it is provided to a government entity.

Transitional rules
Special rules will be provided to deal with various situations that may arise in respect of supplies that span the introduction of VAT. For example:
• Where a payment is received in respect of a supply of goods before the introduction of VAT, but the goods are actually delivered after the introduction of VAT. This means that VAT will have to be charged on such supplies. Likewise, special rules will apply with regards to supplies of services spanning the introduction of VAT.
• Where a contract is concluded prior to the introduction of VAT in respect of a supply, which is wholly or partly made after the introduction of VAT, and the contract does not contain clauses relating to the VAT treatment of the supply, then consideration for the supply will be treated as inclusive of VAT.

There will, however, be special provisions to allow suppliers to charge VAT in situations where their recipient is able to recover their VAT but where there is no VAT clause.

Payments and claims
Note that VAT will be payable in full not after netting off input tax which will then have to be claimed. This is more of a challenge for cash flow and business risk, especially given the penalties for late payments.
Refunds will be made after the receipt of the application and will be subject to verification checks, with a particular focus to avoid fraud.

The FTA may provide its views on various matters in the law. Taxpayers may choose to challenge these views. However, penalties may be imposed on taxpayers who are found to violate any tax laws and regulations.

Other Emirates
It is expected that businesses will need to complete additional information on their VAT returns to report revenues earned in each Emirate. Guidance will be provided to businesses with regards to this. It is expected that the rules will be relatively straightforward for most businesses and will be based, for example, for B2C transactions, on the location of the transaction (e.g. in a retail environment, the location of the shop).

VAT in Dubai starts 1 Jan 2018 – summary

July 4th, 2017

Date of implementation: January 1, 2018
• VAT rate: 5%
• What are exempted: 100 types of staple food, and other essential service sectors such as healthcare and education
• What are not: Electronics, smart phones, cars, jewellery and watches, eating out and entertainments
• Inflation : Experience in other markets says there will be some impact on both inflation and GDP.
Given the low start rate it will have less impact here.
• While the impact of tax on property transactions will impact those above upper middle income group, there may well be a knock on effect to rents, and its likely that the cost of related financial services will hit everyone.
• VAT will also have an effect on the buying power of tourists who may alos have to pay duty tax again on certain goods in their country of origin

There will be a number of items that will be VAT-exempt. Younis Al Khouri, undersecretary at the Ministry of Finance, has said that GCC states had already agreed to exempt about 94 food products, as well as the healthcare and education sectors. . A new law, however, has yet to be released to specify which items are non-taxable.

Expect electronics, clothes, home furnishings, cars etc shall I expect to cost more once VAT is implemented
If you want to own a brand-new mobile phone that costs Dh2,600, for instance, prepare to pay an extra Dh130. In some cases for white goods, manufacturers may absorb some of the 5 per cent, to keep their products competitive but in other countries VAT has often resulted in prices being rounded up. Also non VTA items tend to look more cost favourable and that often leads to retailers pushing up prices on those goods.

Since the VAT law is not out yet, we don’t known the impact on air tickets. The VAT implementation in other countries, for instance in the UK as well as in Singapore (where VAT is called GST), passenger transport carries VAT at zero percent. Increases will likely hit tourism.

Tourism spending is a major source of revenue for the UAE and goods purchased by visitors will not be exempted at the point of sale. Anyone buying perfumes, make-up, luxury bags and big-ticket items in the UAE can expect to pay an additional 5 per cent of the sale price. The Ministry of Economy, however, assured that the tax rate is “deliberately low so that VAT is a limited burden on all consumers.” It also remains to be seen whether tourists will be given the option to obtain a tax refund at some point, as observed in other countries it appears not because the relative number of tourists to residents is pzrticulzrly high here.

The UAE is not discounting the possibility of collecting other forms of tax. “As per global best practice, the UAE is exploring other tax options as well. However, these are still being analysed and it is unlikely that they will be introduced in the near future. The UAE is not currently considering personal income taxes, however,” said the Ministry of Finance.

Businesses are encouraged to implement the new tax system, initial indications are that there will be swingeing penalties for late or incorrect returns. Those with annual turnover of more than AED375,000 (approximately US$100,000) are mandated to register.

Not all businesses in the UAE will need to go through the tedious process of registering for the value-added tax. The Ministry of Finance issued an announcement that states that businesses with a turnover of AED375,000 are required to register for value-added tax (VAT) which will be implemented in the UAE on 1 January 2018.

The ministry has announced that those with revenue below AED375000 but over AED187500 will have an option to register. Which means that they may if they like, register under VAT. But if they don’t then they do not have to collect VAT from their customers.

This number however, if it is an annual number, appears to be very low and it may bring a lot of small businesses within the scope of VAT. It of course also means a lot of registration fees, with the likelihood of annual renewal. This with multi companies and trade licenses need to be clear how many VAT registrations they need.

Group companies that undertake intercompany trading also need to think about the impact of VAA on such cross company sales and what tax will be payable and reclaimable by each company in what timescales.

Some may prefer to register even if they are exempt because if they don’t, they may not be able to claim back the VAT paid on their purchases.

As announced recently, the registration will be open three months before the go-live date. Companies will have the option to register online. Businesses can probably start registering for VAT from 1st October 2017.

For most businesses, VAT returns should be filed every three months. Filing of returns can also be done online using the government’s eServices.

According to the Ministry of Finance, businesses may need to change their core operations, financial management and book-keeping, technology and human resource mix in order to prepare for VAT. “It is essential that businesses try to understand the implications of VAT now and once the legislation is issued, make every effort to align their business model to government reporting and compliance requirements.”

Businesses are also strongly advised to ensure that in all the commercial contracts they enter into, they include a clause that spells out that the VAT burden can be passed on to the consumer.

“Once the law is out, businesses would first have to figure out whether their products/services are taxable or not and if yes, they would have to ensure that their billing or invoicing process is capable of adding a VAT charge to all taxable products. The easiest way to do this is to alter your IT systems to automatically calculate and add VAT to the invoices,” said Pardasani.

Hiring new staff that will enable businesses prepare for and implement the new tax policy should be done at this point in time. “Companies should have started to think about the additional resources they would need to ensure VAT compliance. Depending on how tedious / frequent the process is, companies would need resources based on the complexity of their operations. But one thing to bear in mind is that VAT is not only a finance issue,” said Pardasani. “It flows through all operational departments of the company. This is because wherever a company acquires products or services, it may pay VAT and it would need to capture all the documentation relating to VAT paid, in order to claim refunds

Corporate Social Reponsibility for the U.A.E.

June 12th, 2017

The Ministry of Economy in Dubai today on Monday said that it will be mandatory for the private sector to declare their Corporate Social Responsibility (CSR) initiatives by the end of 2017. The CSR initiative aims to encourage all companies to play a role in charitable, humanitarian work. Mohammad Ahmad Bin Abdul Aziz Al Shehhi, Undersecretary at the Ministry of Economy, discussed the National Strategy’s 11 initiatives for CSR, which were set to develop a supportive and stimulating environment for companies to invest in social responsibility.

The CSR programme is one of six main themes of the UAE’s National Strategy, which aims to encourage all companies to play a role in charitable and humanitarian work.

Percentage

The ministry will announce a minimum percentage that should be allocated to CSR by all private companies.

Companies will be able to register starting July, and will be required to declare their audited CSR accounts to the ministry and upon licence renewal at the Department of Economic Development.

Auditors will be required to ensure the financial statement for the company verifies their CSR initiatives and CSR spending.

Al Shehhi said that another initiative is the establishment of a National CSR Index, which will rank entities in the country, based on the percentage of their contributions and projects.

The assessment process will take place in April 2018, while the Corporate Social Responsibility (CSR) Annual Report and National CSR index results will be announced on Zayed Humanitarian Day in June 2018.

Year of Giving

Sultan Bin Saeed Al Mansouri, Minister of Economy, said the launch of the annual report represents an important milestone for the ‘Year of Giving,’ as such programmes and initiatives introduce a solid base for the organisational system of charity works in the UAE.

“Cooperation between the Ministry of Economy, Departments of Economic Development and Chambers of Commerce and Industry and other governmental and private bodies is an essential and effective driving force for transforming the ‘Year of Giving’ concepts to practical programmes and initiatives,” he said.

Smart CSR platform

Al Shehhi highlighted the different services of the Smart CSR platform, which will be launched in July to enable all private companies to register, and to view the various fields of CSR initiatives. It will include guides and tools to make CSR contributions along with models displaying the implementation process.

“One of the main targets of the programme is to spread awareness about the values of CSR within the private sector. We are sure many private companies have CSR programmes, however, it is time to launch a joint platform based on concrete projects, and build partnerships between the public and private sector,” said Al Shehhi. He pointed out the ministry anticipates that all companies in the UAE who are currently registered in the economic department will become members of the CSR programme, which has now been set as a minimum requirement in the private sector.

The Dubai Chamber of Commerce and Industry recently hosted its annual Dubai Dialogue conference at its premises which focused on the UAE’s Year of Giving and highlighted the important role that public-private partnerships can play in achieving the objectives of the national initiative.

The event, organised by the Chamber’s Centre for Responsible Business, was attended by 150 delegates, including H.E. Sultan bin Saeed Al Mansoori, Minister of Economy of the UAE, H.E. Mohammed Alshehhi, Undersecretary for Economic Affairs at the UAE Ministry of Economy, and H.E. Hamad Buamim, President and CEO, Dubai Chamber, as well as various stakeholders from the UAE’s public and private sectors.

The National Strategy for the Year of Giving comprises over 1,000 initiatives and programmes which cover six main themes, namely corporate social responsibility (CSR), volunteerism, the developmental role of humanitarian organisations, legislative systems and government policies, media, and serving the nation.

In his keynote speech, H.E. Al Mansoori said: “Organising this year’s conference is particularly important in light of the UAE’s move to declare 2017 as the ‘Year of Giving’. The wise leadership is taking a number of relevant steps to develop an integrated framework aimed at spreading the initiative’s principles and encouraging active participation of the government and private sectors at the institutional and individual levels.”

The UAE’s Minister of Economy noted that the government is keen on building a more systematic CSR methodology by offering incentives and monitoring, and putting key indicators into place that measure the initiatives’ progress and their benefit to society. Dubai Chamber’s President and CEO said that forming a united vision for CSR and sustainability in the UAE is one of the main objectives of the Dubai Dialogue conference as it enables organisations to share knowledge, experiences, and best practices in this field.

“Corporate social responsibility is at the core of the Year of Giving strategy, which comprises many initiatives that will have a direct and significant impact on the UAE’s business community and society at large,” added H.E. Buamim.

The 11 initiatives for CSR include incentives, facilities, and financial privileges. Among the financial privileges is the ‘Responsible Procurement’ initiative, which will be implemented in cooperation with the financial departments of the various emirates. It aims to allocate a percentage of government contracts to outstanding companies in the field of CSR. The ministry will also launch the ‘CSR Label’ and ‘CSR Passport,’ which will be awarded to the five most innovative companies in the field.

Another initiative is the establishment of the ‘coordinating forum for CSR.’ The forum will be organised in cooperation with the UAE Chambers of Commerce and Industry, to provide platforms for regular communication in order to build partnerships between private sector companies and leaders of the humanitarian and charitable sectors.

“The country’s leadership has a vision to establish the position for the UAE to be the most giving of the world,” added Al Shehhi.

11 initiatives within the Corporate Social Responsibility (CSR) programme:

1. The Smart CSR website to be launched

2. CSR annual report to be published

3. National CSR index to rank companies based on CSR spending

4. CSR Label

5. CSR Passport

6. Monetary incentives for outstanding companies in the CSR field

7. Mandatory annual declaration of CSR projects

8. Coordinating forum for CSR

9. Annual announcement for CSR

10. Responsible procurement

11. Work committees for CSR

European Union General Data Protection Regulation (GDPR) – 2018 what should GCC countries consider?

May 30th, 2017

The UAE Ministry of Economy is raising awareness among private sector companies of the need to be ready for new European data protection rules, which comes into force one year from now.

The European Union General Data Protection Regulation (GDPR) is set to become law by May 2018. The new rules govern all companies in Europe, as well as all companies trading with European companies and individuals.

The GDPR was drafted to “harmonise the protection of fundamental rights and freedoms of natural persons in respect of processing activities and to ensure the free flow of personal data between Member States

The law includes strong penalties for either misuse of data, or failure to protect the personal data of customers, with fines of up to 4% of annual turnover, or 20m euros ($22m).

HE Juma Mohammed Al Kait, Assistant Undersecretary for Foreign Trade at the Ministry of Economy, noted that the regulation issued by the EU aims to protect the data of every individual in the EU.

This not only impacts companies operating in European countries, but includes all institutions and companies that conduct business, trade and investment activities within EU countries, including the UAE business sector linked with European trade relations.

Due to this, the Ministry is working on deepening its knowledge about the new legislation, its provisions and requirements, and aims to reconcile its operational procedures with European authorities, in adherence with the framework of the GDPR, before May 2018.

Al Kait emphasized the EU is one of the UAE’s most important trade partners. Trade between the two sides generated $65.8 billion in 2016 alone. The UAE has become one of the top 10 destinations for EU exports, and is home to over 41,000 European companies, in addition to over 121,000 EU citizens.

Penalties will also apply to information controllers and processors, including cloud software companies.

The new legislation also outlines terms of approval for the use of data, to prevent companies from using legally illegitimate terms, and gives both parties the ability to easily withdraw if desired.

The compliance world will change dramatically for a number of GCC organizations on 25 May 2018. In just over one year’s time GCC organizations that:
1.have a branch, subsidiary or single representative in the European Union (“EU”);
2.do not have a physical presence in the EU, but offer goods or services to data subjects in the EU; or
3.neither have a physical presence in the EU nor offer goods or services to people in the EU, but monitor the online behavior of data subjects in the EU, will have to ensure that they are complying with the European Union General Data Protection Regulation (“GDPR”).

Who is likely to be affected?

Based on the test set out in the GDPR, the new regulations will likely apply to a significant number of entities in this region.
Obvious examples include:
– major airlines that fly to and from the EU,
- hotel and tourism operators who promote travel to the region to EU data subjects,
- regional banks and other financial service companies that have branches in the financial centres in the EU and online.

Less obvious examples include:
- e-commerce companies that are able to accept payments in euros and deliver to the EU
- mobile apps that can be downloaded by users in the EU and which have access to a user’s contacts, photos or location data.

All of these businesses may need to comply with the GDPR and to mitigate the risk and cost of failure to do so.
If your organization is affected it has three main options:
1. wait and see i.e. do nothing (not advisable);
2.consider what it needs to do to ensure that it does not fall within the scope of the GDPR;
3. take immediate steps to prepare to comply with the GDPR .

For option (2), if your organization does not have an establishment in the EU and does not need to target or monitor EU data subjects then you ight consider making it very clear that your website or app is not for use by EU users (e.g. including geo-blocking EU data subjects).

for option (3), if you have not started the process of ensuring compliance by now, then there is a lot to do.

1.monitor business to consumer business practices, including:
- conducting a data protection audit,
- examining the legal basis on which it processes personal data and updates its privacy policies;
2.monitor internal business practices, including:
- review and update of agreements with data processors,
- implement processes for adoption of pseudoanonymization and privacy by design
- considering the legal basis on which it transfers personal data between jurisdictions;
3.establish compliant accountability processes, including”
- processes for record keeping,
- appointment of a data protection officer or EU representative and dealing with data subjects;
4.invest in infrastructure, including:
- how to determine the severity, and impact on data subjects of a data breach
- to establish robust security processes and procedures for notifying regulatory authorities and data subjects -

The need for compliance, especially for longer-term projects such as records of processing and compliant contracting, must be addressed as soon as is practicable.

Businesses that either operate, target customers or monitor individuals in the EU should :
• Audit: to identify key remediation areas.
• Record of Processing: This mandatory record will require significant internal resources, but will also help to plan and implement GDPR processes. .
• Consider Contract Renegotiations: The GDPR requires that contracts with data controllers include additional obligations. As companies come to renegotiate contracts, ensure that adequate data protection clauses are added.
• Review and update, where necessary, employee notices to be GDPR compliant. If you currently conduct criminal records checks, then review national laws where you operate to ensure you can continue to do so . There is an emphasis on transparency in the GDPR. Notices must be clear, concise and informative. Employees must be adequately informed of all data processing activities and data transfers and the information set out in Articles 13 to 14 must be provided. Criminal records can no longer be processed unless authorized by member state law.

Consider whether your organization is processing any sensitive personal data and ensure the requirements for
processing such data are satisfied While the grounds for processing are broadly the same as those set out
in the current Data Privacy Directive, the GDPR imposes new requirements to gain valid consent. Consent can be withdrawn at any time and systems must be able to handle withdrawal request.

• Review and update, where necessary, customer notices to be GDPR compliant
• Consider whether your notices have to accommodate “child-friendly requirements”. he GDPR requires parental consent for the processing of data related to information society services offered to a “child” (ranging
from 13 to 16 years old depending on the member state.
• Data privacy rights. The current rights to request access to data or require it to be rectified or deleted have been expanded to include a much broader right to require deletion (“the right to be forgotten”), a right not just to access your data but have it provided to you in a machine readable format (“data portability”). Versions of the existing right to object to any processing undertaken on the basis of legitimate interests or for direct marketing and the right not to be subject to decision based on automated processing are also included and expressly refer a right to object to profiling.
These must be clearly communicated in the notices given to data subjects, e.g. privacy policy
• Privacy by design. Ensure processes are in place to embed privacy by design into projects (e.g. technical and organizational measures are in place to ensure data minimization, purpose limitation and security)

Consider what data you hold in emails, in CRM systems, Social media.
What should be your data access use and retention policies?

Personally I think it will be great if this is a way to prosecute the perpetrators of all the spam nd phishing emails I get or at least to remove data form their lists!

VAT registration nears for the GCC – what should you be doing now – contact Synergy Software Systems

May 29th, 2017

VAT (Value Added TAX), which is also called as ‘tax on consumption’ , is a tax that is payable while purchasing any product. VAT is applied as particular percentage of the cost of goods and services, hence it can not be considered as a charge on companies. It is a general tax amount, which is added by the producer to the inputs before they are sold as new offerings.

All UAE businesses subject to the Value-Added Tax have to submit their tax declaration statements on a quarterly basis after the VAT law goes into effect starting January 2018, according the Ministry of Finance.

The threshold for VAT registration put at Dh375,000 as per the ministry’s announcement this week.
It is optional to register between Dh187,500 and Dh375,000 .

UAE businesses will be able to start VAT registration in Q3 2017 and it is compulsory to be registered by Q4 2017.

Businesses will be able to register online using eServices.

The UAE businesses, subject to the tax, have to keep all files that allow competent authorities to audit their transactions and commercial activities, with the nature of the needed documents to be announced over the coming period. Businesses will be required to keep records which will enable the authorities to identify the details of the business activities and to review transactions. The specifics regarding the documents which will be required and the time period for keeping those will be communicated in due course.

Review your finance systems’ readiness for rapid implementation to meet these requirements. There will be a shortage of skilled consultants, and there are several holidays (EID, Diwali, Christmas, New Year, National Day etc. its also budget time, and preparation for year end audits,to fit in during the last quarter. Allow time for collection of your trading partners VAT registration ids, for report development and update, for testing and for staff training.

All six of the GCC member states: Saudi Arabia, Qatar, Oman, Kuwait, the UAE and Bahrain – have now signed and approved the VAT framework.

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Exemptions:
We understand that:
Health, education services, international transportation, import gold for investment purposes, commodities and exports are exempted from VAT in UAE.
Residential buildings for sale or lease during the first three years in which the building is completed, some financial services and empty plots of land are also exempted from VAT.

The GCC Member States will appreciate the VAT on financial provisions. The Banks and Financial House are ineligible for VAT in terms of the services provided, instead, they might be eligible for input tax based on tax recovery rates determined by each Member State.

The Federal Tax Authority has also announced a 100 per cent tax on tobacco, energy drinks and 50 per cent on carbonated beverages. This is separate from VAT.

The General Authority for Zakat and Income Tax (GAZT) in KSA reportedly warned businesses, during an awareness session that took place at the Riyadh Chamber of Commerce on Monday 16 May 2017, that penalties will be applicable in the cases of violation of VAT laws and regulations.

Penalties

The following types of Penalties will apply in each of the following cases:
• Case 1: Businesses required to register for VAT and that fail to register shall be liable to double the net tax due.
• Case 2: Committing an error in filling the tax return shall result in paying an additional 50% of net tax declared.

• Case 3: Exaggerated tax refund claims shall be subject to a penalty 50% of the original amount reported.
• Case 4: Late filing of tax return would result in a penalty of SAR 1,000 and an extra 5 to 20% of the unpaid tax. The percentage varies depending on the number of days of delay.
• Case 5: Non-registered person who issue an invoice with VAT shall pay SAR 1,000 or double the amount of the net tax (whichever is higher).
• Case 6: Not keeping records of the required documents shall result on a penalty of SAR 1,000 or 2% of the monthly average taxable supplies (whichever is higher).
• Case 7: Non-compliance with GAZT inquiries in providing relevant information shall result in a penalty of SRA 1,000 or 2% of the average monthly taxable supplies (SAR 20,000 maximum) or whichever is higher.

Ramadan 2017 starts soon – Ramadan Kareem to all of our readers -Synergy Software Systems

May 25th, 2017

The holy month of Ramadan is expected to start this weekend. “The Saudi Supreme Court has already called on all Muslims throughout the Kingdom of Saudi Arabia to sight the crescent of the Holy Month of Ramadan on Thursday, May 25- it is expected that Ramadan will officially start on either Friday or Saturday.

During this period of fasting and spiritual reflection there will be several changes to our office routine:
Those working at site will work client hours
Our offices will be closed on Fridays and Saturdays until end of Ramadan.
From Sunday to Thursday our work hours will be 9 am-5pm

\Visitors will be provided with water in the conference room at their request, but will otherwise generally not be offered refreshment.

Some Guidance for those new to the region.
It is very easy to forget in hot weather that there are cultural norms and that authorities and others will be offended if these are not followed. It is a difficult enough time in this climate for those who fast, so please show due respect. You may well be stopped by the police for e.g. drinking a bottle of water in your parked car, or you may offend others by eating sweets, or your own food.

This is a very difficult time due to the hot, humid weather, which is expected to get a lot hotter, and we encourage you all to take adequate drinks of water at the appropriate times.

Dress code: Dubai has fairly relaxed standards that it is a tourist destination, but please be extra aware of the need to behave and dress with modesty and decorum and respect in this period.

Public shops and restaurants. Opening hours may be amended because those too will have shorter working hours – so plan ahead. In most cases shops will open after Iftar and will stay open much later than usual.

Alcohol sales, and public entertainment, music etc. will be stopped.

Some restaurants and shops may serve takeaway food during daylight hours, but will not be open for sit down meals.Some hotels may have segregated screened areas where food can be obtained.

Clinics, doctors, pharmacies etc. may also have reduced working hours.

Travel
Paid parking zones in Dubai,
The tariff will apply to all car parks (Zone: A, B, C, D, and G) from Saturday to Thursday at two periods:
from 08:00 am to 05:00 pm,
and from 07:00 pm to 12:00 (midnight).
The tariff will apply to the parking of the:
Dubai Silicon Oasis (Zone H), Saturday to Thursday, from 08:00 am to 10:00 pm,
Tecom (Zone F), Saturday to Thursday, from 08:00 am to 06:00 pm,
Fish Market (Zone E) from 08:00 am to 11:00 pm daily from Saturday to Friday,

Bus services
Public bus main stations, like Gold Souq Station, will open from 04:25 am to 12:00 (midnight)
Al Ghubaiba Station from 04:30 am to 12:00 (midnight).
Subsidiary stations, like Al Satwa, will operate from 04:57 am to 11:35 pm, and Route C01 will operate around-the-clock at Satwa.
Al Qusais Station will open 04:30 am to 12:00 (midnight),
Al Quoz Industrial Station will operate from 05:00 am to 11:30 pm,
Jebel Ali Station will be offering service from 05:00 am to 12:00 (midnight).

Stations of Metro Link buses, such as Al Rashidiya, Mall of the Emirate, Ibn Battuta, Burj Khalifa-Dubai Mall, Abu Hail and Etisalat, will open from 05:00 am to 12:20 am (past midnight).
The timing of all Metro Link buses will match the timing of the metro service.

Inter-city bus stations will operate in Ramadan as follows:
Main stations like Al Ghubaiba will operate around-the-clock to Sharjah (Jubail), and from 4:30 AM to 12:00 midnight to Abu Dhabi.
• Subsidiary stations, like Union Square, will operate from 04:35 am to 01:25 am (of the following day).
• Al Sabkha Station will open from 06:15 am to 01:30 am (of the following day).
• Deira City Centre Station will open from 05:35 am to 11:30 pm,
• Karama Station will open from 06:10 am to 10:20 pm,
• Al Ahli Club Station will open from 05:55 am to 10:15 pm .
• External stations, like Sharjah Al Taawon, will operate from 05:30 am to 10:00 pm,
• Fujairah Station will open from 05:15 am to 09:30 pm,
• Hatta Station from 05:30 am to 09:30 pm, and Ajman Station from 04:27 am to 11:00 pm.

Metro services
Dubai Metro services, the Red Line stations will run service in Ramadan from Saturday to Wednesday from 05:30 am to 12:00 (midnight).
On Thursday, stations will open from 05:30 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).
There will be no change in the timing of the Express Metro service during Ramadan.
The Green Line stations will operate in Ramadan from Saturday to Wednesday from 05:50 am to 12:00 (midnight).
On Thursday, stations will operate from 05:50 am to 01:00 am (of the following day)
On Friday from 10:00 am to 01:00 am (of the following day).

Dubai Tram
The Dubai Tram will operate from Saturday to Thursday from 06:30 am to 01:00 am, and on Friday from 09:00 am to 01:00 am (of the following day).

Marine transport
The schedules of marine transit services during Ramadan :
The Water Bus will shuttle in marina stations (Marina Mall, Marina Walk, Marina Terrace, Marina Promenade) from 12:00 at noon up to 12:00 midnight.
The Water Taxi will operate from 09:00 am until 10 pm.
Dubai Ferry will be calling at Ghubaiba Station at 11:00 am and 06:30 pm.
The Ferry will operate from Marina at 11:00 am, 05:00 pm and 06:30 pm.
From Al Jaddaf Station to Dubai Water Canal Station, the Ferry will be running service at 10:00 am and 05:30 pm
From Dubai Water Canal Station to Al Jaddaf Station at 12:05 at noon and 07:35 pm.

The timing of Abra during Ramadan will be as follows:
Traditional Abra will operating at (Ghubaiba, Baniyas, and Dubai Old Souq), from 10:00 am until 12:00 (midnight).
At Al Jaddaf Station, Dubai Festival City, it will operate from 07:00 am to 12:00 (midnight).
At the Sheikh Zayed Road Station (Dubai Water Canal), it will operate from 08:00 pm to 02:00 am (of the following day).
The Electric Abra will be operating at Burj Khalifa/Dubai Mall from 08:00 pm until 11:30 pm,
At Al Mamzar from 08:00 pm to 02:00 am (of the following day).

Testing centres
Technical testing centres run by suppliers will offer services in respect of light vehicles during Ramadan in the morning only without prior appointment. Technical testing services of heavy vehicles will be offered in the morning and evening.

The business hours of strategic partners’ centers will be as follows:
Tasjeel Enoc (Al Qusais, Al Awir, Al Barsha, Al Tawar and Warsan) from Saturday to Thursday will be open in two shifts. In the morning from 08:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).
Hatta Center will open from 09:00 am to 03:00 pm,
Jebel Ali Centre will open from 08:00 am to 04:00 pm.

Emarat, Shamil, Al-Adid, Wasl, Al-Muhaisna, Nad Al Hamar, Al Jaddaf and Al Arabi Centers will open from Saturday to Thursday on two shifts. In the morning from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Quick Registration Centre will also open in two shifts:
In the morning from 09:00 am to 05:00 pm and in the evening from 09:00 pm to 03:00 am (of the following day).
PAL Garage will open from 09:00 am to 04:00 pm,
Al Shirawi Enterprises Centre will open from 09:00 am to 05:00 pm.
Al Mumayaz Centre will open from Saturday to Thursday (at Al Mizhar Markets and Al Barsha Mall) on two shifts.
In the morning, it will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 01:00 am (of the following day).
Tamam Speedfit & Cars Centers will open from Saturday to Thursday on two shifts.
In the morning, they will open from 09:00 am to 04:00 pm and in the evening from 09:00 pm to 02:00 am (of the following day).

Centres that will open on Friday during Ramadan are: Tasjeel Enoc (Al Qusais and Al Barsha) from 09:00 pm to 02:00 am (of the following day); they will offer VIP Service for processing transactions only.
Wasil-Al Arabi Centre will open on Friday from 09:00 pm to 02:00 am (of the following day),
Quick Registration Centre will open from 09:00 pm to 03:00 am (of the following day).

Health.
Those who are fasting from early morning need to be aware of the risk of fatigue or feinting especially if driving long distances and should adjust their meal times and sleeping hours.

With an earlier finish we may all get a lot more exposure to sunlight. Take care to avoid overexposure. We are close to the equator and the sun’s radiation is much stronger here than is generally realized even on a cloudy day. Protect your eyes with sunglasses, if you are fair skinned then also consider sun cream, or long sleeves or a parasol and/or a hat. The locals cover themselves from head to foot for good reason. Long distance driving e.g. to Abu Dhabi also creates risk of overexposure.

Service centres
Customers’ happiness centres will be operating from Sunday to Thursday at different times.
Umm Al Romool, Al Barsha, Deira and Al Kafaf Centers will open from 09:00 am to 02:00 pm.
Al Tawar, Al Manara, and Al Awir Centers will operate from 09:00 am to 05:00 pm.

Some general Ramadan Do’s and Don’ts
DO… make the most of the community spirit. Say ‘Ramadan Kareem’ to friends and colleagues, introduce yourself to those neighbours to whom ‘you’ve always meant to say ‘hi , organise an after-work iftar, and catch up with friends and family.
DO… understand that many locals become a night owl. Everything happens later during Ramadan. Malls are open past midnight and suhoors go into the early hours.
email responses may take longer, and it may take a little more planning to process visas, or just about any other government business transaction if their working hours are reduced
DO… your bit for a good cause. Ramadan is a good time to put your money where your mouth is. The UAE has a wide range of charitable and volunteering organisations.
DON’T… forget the ‘rules.
If you’re not a Muslim, then they still apply – you’re still expected to be respectful.
It’s frowned upon to dress inappropriately, eat, drink or smoke during daylight, play loud music or swear in public. At the very least these things are frowned upon and will cause discomfort to others, and at worst you may find yourself in trouble with the police or fined.
DON’T… lose your patience. Working hours are likely to be shorter (and perhaps a little less productive), those who are fasting tend to be tired, and the UAE’s roads will be more hectic at times.

سائلين الله عـز وجـل أن يرزقكـم فيه مغـفـره ورحمه وعتق من النار.
We ask ALLAH Almighty to bless you with forgiveness and mercy and freedom from fire

May all your prayers be answered.

Deal with WannaCrypt ransomware

May 15th, 2017

To get the latest protection from Microsoft, upgrade to Windows 10.
Keep your computers up-to-date to get the benefits of the latest features and proactive mitigations built into the latest versions of Windows.

Microsoft Malware Detection and Removal Tools

Use the following free Microsoft tools to detect and remove this threat:

• Windows Defender – built-in to Windows 10. There’s nothing to buy and nothing to install. No configuration, no subscriptions, and no nagware
• Microsoft Safety Scanner: https://www.microsoft.com/security/scanner/en-us/default.aspx?wt.mc_id=AID618806_EML_5062822

(The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection.)

Also view :
• Microsoft Security Response Center Blog
• Microsoft Malware Protection Center Blog
• Microsoft Safety and Security Center webpage

We recommend customers that have not yet installed the security update MS17-010 do so as soon as possible. Until you can apply the patch, we recommend two possible workarounds to reduce the attack surface:
• Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 (Reboot Required)
• Consider adding a rule on your router or firewall to block incoming SMB traffic on port 445

Windows Defender Antivirus detects this threat as Ransom:Win32/WannaCrypt as of the 1.243.297.0 update.

Enable Windows Defender Antivirus to detect this ransomware.
Windows Defender Antivirus uses cloud-based protection, to help protect you from the latest threats.

Use Office 365 Advanced Threat Protection, which has machine learning capability that blocks dangerous email threats, such as the emails carrying ransomware.

Monitor your network with Windows Defender Advanced Threat Protection, which alerts security operations teams about suspicious activities.

For enterprises, use Device Guard to lock down devices and provide kernel-level virtualization-based security, allowing only trusted applications to run, effectively preventing malware from running.

A ransomware threat does not normally spread so rapidly. Threats like WannaCrypt typically leverage social engineering or emails as primary attack vector, relying on users downloading and executing a malicious payload. However, in this unique case, the ransomware perpetrators incorporated publicly-available exploit code for the patched SMB EternalBlue vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server.
It was fixed in security bulletin MS17-010, released on March 14, 2017.

WannaCrypt’s spreading mechanism is borrowed from well-known public SMB exploits, which armed this regular ransomware with worm-like functionalities, creating an entry vector in machines still unpatched even after the fix had become available.

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

We haven’t found the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly likely for this ransomware family:
• Arrival through social engineering emails designed to trick users to run the malware and to activate the worm-spreading functionality with the SMB exploit
• Infection through SMB exploit when an unpatched computer can be addressed in other infected machines

The threat arrives as a dropper Trojan that has the following two components:

• Ccomponent that tries to exploit the SMB EternalBlue vulnerability in other computers
• Ransomware known as WannaCrypt

The dropper tries to connect the following domain using the API InternetOpenUrlA():
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

When connection is successful, the threat does not infect the system further with ransomware, nor try to exploit other systems to spread; it simply stops execution. However, when the connection fails, the dropper proceeds to drop the ransomware and creates a service on the system.

Blocking the domain with firewall either at ISP or enterprise network level will just cause the ransomware to continue spreading and encrypting files.

The threat creates a service named mssecsvc2.0, whose function is to exploit the SMB vulnerability in other computers accessible from the infected system:

Service Name: mssecsvc2.0
Service Description: (Microsoft Security Center (2.0) Service)
Service Parameters: “-m security”

When run, WannaCrypt creates the following registry keys:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ = “\tasksche.exe”
• HKLM\SOFTWARE\WanaCrypt0r\\wd = “

It changes the wallpaper to a ransom message by modifying the following registry key:
• HKCU\Control Panel\Desktop\Wallpaper: “\@WanaDecryptor@.bmp”

It creates the following files in the malware’s working directory:

• 00000000.eky • 00000000.pky
• 00000000.res

• 274901494632976.bat
• @Please_Read_Me@.txt
• @WanaDecryptor@.bmp
• @WanaDecryptor@.exe
• b.wnry
• c.wnry
• f.wnry
• m.vbs
• msg\m_bulgarian.wnry
• msg\m_chinese (simplified).wnry
• msg\m_chinese (traditional).wnry
• msg\m_croatian.wnry
• msg\m_czech.wnry
• msg\m_danish.wnry
• msg\m_dutch.wnry
• msg\m_english.wnry
• msg\m_filipino.wnry
• msg\m_finnish.wnry
• msg\m_french.wnry
• msg\m_german.wnry
• msg\m_greek.wnry
• msg\m_indonesian.wnry
• msg\m_italian.wnry
• msg\m_japanese.wnry
• msg\m_korean.wnry
• msg\m_latvian.wnry
• msg\m_norwegian.wnry
• msg\m_polish.wnry
• msg\m_portuguese.wnry
• msg\m_romanian.wnry
• msg\m_russian.wnry
• msg\m_slovak.wnry
• msg\m_spanish.wnry
• msg\m_swedish.wnry
• msg\m_turkish.wnry
• msg\m_vietnamese.wnry
• r.wnry
• s.wnry
• t.wnry
• TaskData\Tor\libeay32.dll
• TaskData\Tor\libevent-2-0-5.dll
• TaskData\Tor\libevent_core-2-0-5.dll
• TaskData\Tor\libevent_extra-2-0-5.dll
• TaskData\Tor\libgcc_s_sjlj-1.dll
• TaskData\Tor\libssp-0.dll
• TaskData\Tor\ssleay32.dll
• TaskData\Tor\taskhsvc.exe
• TaskData\Tor\tor.exe
• TaskData\Tor\zlib1.dll
• taskdl.exe
• taskse.exe
• u.wnry

WannaCrypt may also create the following files:

• %SystemRoot%\tasksche.exe
• %SystemDrive%\intel\\tasksche.exe
• %ProgramData%\\tasksche.exe

It may create a randomly named service that has the following associated ImagePath: “cmd.exe /c “\tasksche.exe”"

Then it searches the whole computer for any file with any of the following file name extensions:
.123, .jpeg , .rb , .602 , .jpg , .rtf , .doc , .js , .sch , .3dm , .jsp , .sh , .3ds , .key , .sldm , .3g2 , .lay , .sldm , .3gp , .lay6 , .sldx , .7z , .ldf , .slk , .accdb , .m3u , .sln , .aes , .m4u , .snt , .ai , .max , .sql , .ARC , .mdb , .sqlite3 , .asc , .mdf , .sqlitedb , .asf , .mid , .stc , .asm , .mkv , .std , .asp , .mml , .sti , .avi , .mov , .stw , .backup , .mp3 , .suo , .bak , .mp4 , .svg , .bat , .mpeg , .swf , .bmp , .mpg , .sxc , .brd , .msg , .sxd , .bz2 , .myd , .sxi , .c , .myi , .sxm , .cgm , .nef , .sxw , .class , .odb , .tar , .cmd , .odg , .tbk , .cpp , .odp , .tgz , .crt , .ods , .tif , .cs , .odt , .tiff , .csr , .onetoc2 , .txt , .csv , .ost , .uop , .db , .otg , .uot , .dbf , .otp , .vb , .dch , .ots , .vbs , .der” , .ott , .vcd , .dif , .p12 , .vdi , .dip , .PAQ , .vmdk , .djvu , .pas , .vmx , .docb , .pdf , .vob , .docm , .pem , .vsd , .docx , .pfx , .vsdx , .dot , .php , .wav , .dotm , .pl , .wb2 , .dotx , .png , .wk1 , .dwg , .pot , .wks , .edb , .potm , .wma , .eml , .potx , .wmv , .fla , .ppam , .xlc , .flv , .pps , .xlm , .frm , .ppsm , .xls , .gif , .ppsx , .xlsb , .gpg , .ppt , .xlsm , .gz , .pptm , .xlsx , .h , .pptx , .xlt , .hwp , .ps1 , .xltm , .ibd , .psd , .xltx , .iso , .pst , .xlw , .jar , .rar , .zip , .java , .raw

WannaCrypt encrypts all files it finds and renames them by appending “.WNCRY” to the file name. For example, if a file is named “picture.jpg”, the ransomware encrypts and renames to “picture.jpg.WNCRY”.

This ransomware also creates the file “@Please_Read_Me@.txt” in every folder where files are encrypted. The file contains the same ransom message shown in the replaced wallpaper image. After completing the encryption process, the malware deletes the volume shadow copies by running the following command:

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

It then replaces the desktop background image with a message and also runs an executable showing a ransom note which indicates a $300 ransom and a timer. The ransomware also demonstrates the decryption capability by allowing the user to decrypt a few random files, free of charge. It then quickly reminds the user to pay the ransom to decrypt all the remaining files. The worm functionality attempts to infect unpatched Windows machines in the local network. At the same time, it also executes massive scanning on Internet IP addresses to find and infects other vulnerable computers. This activity results in large SMB traffic from the infected host, which normally can be observed by SecOps personnel.

Once a vulnerable machine is found and infected, it becomes the next hop to infect other machines. The vicious infection cycle continues as the scanning routing discovers unpatched computers. When it successfully infects a vulnerable computer, the malware runs kernel-level shellcode which seems to have been copied from the public backdoor known as DOUBLEPULSAR, but with certain adjustments to drop and execute the ransomware dropper payload, both for x86 and x64 systems.

Ransomware strikes again

May 13th, 2017

Ransomware increased 35% last year.
More alarming is the continuing recent rise in both sophistication and the mass distribution of ransomware.

Ransomware can bring your business to a halt and cause significant financial damage.
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.

Cyber attackers don’t need a lot of money, resources or technical sophistication to use ransomware.

Todays headlines:
Hospitals across the country hit badly by attack
Nearly 100 countries affected
Fears of chaos over weekend
Cyber attack hits German train stations as hackers target Deutsche Bahn

Russian-linked cyber gang Shadow Brokers was blamed. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria. The exploit was leaked last month as part of a trove of NSA spy tools. The ransomware locks down all the files on an infected computer and asks the computer’s administrator to pay in order to regain control of them. The ransomware, called “WannaCry,” spreads by taking advantage of a Windows vulnerability for which Microsoft (MSFT, Tech30) released a security patch for in March. .
Affected machines have six hours to pay up and every few hours the ransom goes up

The global cyber attack crippled services on Friday (yesterday) The U.K. health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.

Medics described how computer screens were “wiped out one by one” by the attack, spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator. Spain’s largest telecom operator, Telefónica., was also affected. Spanish authorities confirmed the ransomware is spreading through the vulnerability, called “EternalBlue,” and advised people to patch.

Helsinki based Security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets. Megafon, a Russian telecommunications company, was hit by the attack

The ransomware is automatically scanning for computers it can infect, whenever it loads itself onto a new machine. It can infect other computers on the same wireless network. It has a ‘hunter’ module, which seeks out PCs on internal networks, so, if your laptop is infected and you go to a coffee shop, then it will spread to PCs at the coffee shop and from there, to other companies.

The sad part of the NHS tale is that Microsoft provided free software to protect computers in March, which raises questions about why the NHS was still vulnerable. it seems that many trusts were using obsolete systems, while others failed to apply recent security updates. Indeed This there are estimates that 90 per cent of NHS trusts in the UK are still using Windows XP – a now unsupported, 16-year-old operating system., introduced before 2007 which is particularly vulnerable,

Unknown attackers deployed a virus targeting Microsoft servers running the file sharing protocol Server Message Block (SMB). Only servers that weren’t updated after March 14 with the MS17-010 patch were affected; this patch resolved an exploit known as ExternalBlue, once a closely guarded secret of the National Security Agent, which was leaked last month by ShadowBrokers, a hacker group that first revealed itself last summer. The ransomware, aptly named WannaCry, did not spread because of people clicking on bad links. The only way to prevent this attack was to have already installed the update.

Through the ExternalBlue exploit, the malware installed an NSA backdoor payload called DoublePulsar, and through it went WannaCry, which then spread rapidly and automatically to other computers on the same network.“Whereas ransomware such as Locky normally requires user interaction, such as opening a word document, WannaCry has the capability to spread automatically. Thankfully a weakness in the method of propagation has allowed researchers to take control of a piece of attacker infrastructure and limit new infections— otherwise it could have been even worse.

Microsoft said yesterday that it is pushing out automatic Windows updates to defend clients from WannaCry.

What is ransomware
?Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it

Where did ransomware originate?
The first documented case appeared in 2005 in the United States, but quickly spread around the world

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something innocent. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on there – such as photographs, documents or music

How can you protect yourself?
Anti-virus software can protect your machine, although cybercriminals are constantly working on new ways to override such protection

How much are victims expected to pay?
The ransom demanded varies. Victims of a 2014 attack in the UK were charged £500. However, there’s no guarantee that paying will get your data back.
If you think you might be vulnerable to WannaCry, or you don’t remember installing any updates over the past month, then your first step is to address that issue immediately.

This is the most critical Windows patch since [Conficker], which was one the largest similar infections to date.
Despite having been patch nearly a decade ago, the Conficker worm is still in circulation which you find everywhere. WannaCry, too, is going to be on networks for years.

The importance of downloading and installing security updates (as opposed to just clicking “remind me tomorrow” for several weeks in a row) cannot be overstated.

Just ask the patients of the 16 hospitals in England whose delay in care could have been easily avoided

VAT planning- GCC framework is published

May 10th, 2017

The GCC’s unified agreement for value added tax (VAT) has recently been published (in Arabic only) by the
Saudi Ministry of Finance on their website.

This unified agreement sets out the framework under which VAT can be implemented in each of the
GCC member states. The framework includes agreement on certain matters but still allows member
states discretion on how to treat others.

Once the agreement is ratified, each member state can issue its own local law and implement VAT.

The UAE intends to implement VAT with effect from 1 January 2018 but other states may take another 6 months or so.

The framework paves the way for implementation, for a basic rate of VAT of five percent with certain supplies of goods and services zero rated or VAT exempt. We understand that the Ministry of Finance (MoF) will release the UAE’s law on VAT towards the end of June. This will detail how the UAE will interpret the GCC framework and how it will deal with those matters where it has discretion. These will include whether to treat certain supplies as zero rated or VAT exempt.

The local law will detail conditions for:
VAT deductions,
VAT grouping
Rules for recovering VAT in respect of financial services
Reporting formats

There is no indication of how VAT will apply to free zones.

The MoF has recently been holding a series of public awareness sessions, outlining how they
propose to apply VAT to those areas where the GCC framework allows discretion. The UAE has also
taken steps to set up its own Federal Tax Authority (FTA), which will be responsible for all VAT
matters in the UAE.

The framework provides information to start planning for VAT.

VAT will impact all businesses in the UAE, either directly or indirectly.

So carefully review your systems and review their processes to understand the impact of VAT and to determine what needs to be done to be fully compliant with the new laws.

Do you need to recruit? Train?

Budget for auditors, or consulting support, or system modifications or upgrades?

What contracts are in place beyond 1 January 2018 -how will those be impacted by VAT?

All businesses will be required to maintain extensive and proper books of account because complete, verifiable
documentation will be essential to support a VAT refund claim and avoid penalties for non-compliance.

Accounting systems should be able to identify and record VAT – payable and receivable, – across the entire supply chain. Ensure that your systems will enable you to:
- hold VAT registration ids by trading partner
- hold VAT codes by item fro the relevant tax rate or exemption.
- identify and record rebates,
- exemptions,
– or other special VAT treatments on particular transactions.
- generate commercial documents like invoices or till receipts with VAT shown
- deal with rebate and returns
- create timely, accurate statutory returns
- work with current interfaces.
- product auditable accounts.

We have already received several dozen inquires to assist with this transition, if you need assistance with your business systems to comply with VAT then please contact us in good time – year end is a holiday season and also a busy time for new system go live, and for financial audit preparation.

VAT Phase 1 – open for registration.

March 20th, 2017

An event aimed at all businesses to explain the rules of the new VAT system will cover the general application of the new VAT rules and will not focus on any specific industry sector.​ Several workshops are scheduled across the U.A.E.

Dubai
Date:12/04/2017
Morning session
Time:09:00 AM-12:00 PM
Afternoon session Time: 02:00 PM-05:00 PM
Attendees:500
Place: Please note that the exact venue details will be sent to you 72 hours before the event.

Similar events will be held on 18th and 30th April in Dubai.

An excise briefing will be held Excise Tax briefing. An event aimed at businesses involved in the import, production and sale of tobacco products, carbonated drinks and energy drinks to explain the rules of the new Excise Tax system , ​will be held 10 May in Dubai.

An event aimed at small and medium businesses to explain the rules of the new VAT system. The event will cover the general application of the new VAT rules and will not focus on any specific industry sector.​
City:Dubai
Date:16/05/2017
Time:09:00 AM-12:00 PM

Similar session are planned for other Emirates details: https://www.mof.gov.ae/En/Pages/workshops.aspx

Spa Event -Deyafa Systems Dubai – featuring ‘Core’ by Premier Software

March 14th, 2017

GEMS auditorium
10:00-12:30 16 March 2017
Microsoft Gulf Offices: Dubai Internet City

- What are the challenges an opportunities for the spa industry in the U.A.E. ?
- Hear from industry professionals.
- Find out how Core from Premier Software and Deyafa Systems can help you increase you inquiry conversion, and customer retention, and drive your SPA REVPATH.

Premier Software gets to the ‘Core’ of your business.
The industry’s leading spa business management software companies has confirmed as a key speaker at an exclusive one day event held at the Microsoft Gulf, Gem Auditorium, Internet city, Dubai.

Premier Software has teamed up with Deyafa Hospitality Solutions to host an exclusive event showcasing its flagship software system – Core by Premier Software (Core).

The event is supported by Microsoft and Synergy Software Systems,.

Developed specifically for the spa, wellness and leisure industry, Core is already the software system of choice for many leading hotels and spas across the world including the Buji Club – Burj Khalifa, InterContinental® Dubai Marina, Nikki Beach Resort & Spa, The Belfry and The Corinthia.

Core brings together over two decades of experience to deliver a business management system that provides a complete overview of your business at the touch of a button. Core is available both as a single site, and a multi-site solution.

Stephen Jones, Director, of Dubai’s Deyafa Systems will present a key note speech on spa challenges and opportunities in the region that encompasses: economic, demographic, statutory, and technological changes, key spa metrics and industry trends.

Leonie Wileman, Premier’s Chief Operating Officer, will then showcase ‘Core’ and how its capabilities help a spa be more profitable. “The spa and wellness industry is constantly evolving and many of our clients are looking for a robust IT solution that not only integrates with existing PMS, but can also flex to accommodate future growth,” she said. “The event is an ideal opportunity for visitors to explore Core, see how it works and integrates with existing systems and fully understand how it can transform a business. Core helps to maximise profitability, to streamline day-to-day operations and to pinpoint areas for growth. It is easy-to-use for everyone form the Group Financial Director’s through to the therapists and reception staff.”

The event will also showcase the Core solution with a live demonstration.

We will also hear about some implementations of Core, in prominent spas.

There will be opportunity to mix with other regional spa professionals at the event.

Deyafa Systems is a Dubai based speciality provider of globally branded hospitality solutions. Stephen Jones, Director of Deyafa Systems, said. “We are excited about the new release of Core, an integrated, new generation of spa software. It builds in Premier Software’s years of spa management experience and leverages Microsoft’s powerful technology to improve REVPATH, customer conversion and customer retention.“

Key functions in Core include: online bookings, memberships, scheduling, retail sales, automated marketing and extensive reporting features

Premier has been working with Deyafa since 2003 to provide hospitality IT solutions to both independent spas, and wellness centres, and to large international hotel groups. With its single database structure that can be tailored to meet a sap business’s exact requirements,

Core is rapidly proving to be the software system of choice for the industry.

To register:
Call Suresh 00971 4 3365589/ 33744582
or
Email: suresh.savari@synergy-software.com
or
register on line http://deyafasystems.com/PremierSPAevent

VAT in the U.A.E. what steps should you be taking- ask Synergy Software Systems

March 13th, 2017

By January 1, 2018, it is expected that value added tax (VAT) will be applied at a rate of 5 per cent on most goods and services in the UAE and wider GCC region. The Unified Agreement, previously referred to by the working title of a framework agreement, is an overarching agreement that will be concluded by all six GCC nations. The best acronym, albeit long, is “GCC UAVAT”.

The unity referred to in the GCC UAVAT is a unity of purpose. The GCC UAVAT is intended to make sure that VAT is introduced in the GCC in a coordinated fashion. It does not necessarily mean that each national VAT law will be identical, nor that those national laws will all become effective on exactly the same date.

The rate of VAT has been confirmed at 5 per cent, a figure that was agreed at GCC level in mid-2016.
Minister of State for Financial Affairs Obaid Humaid Al Tayer. Speaking to reporters after a joint press conference with Christine Lagarde, Managing Director of the IMF in Dubai, Al Tayer said 100 food items, health, education, bicycles and social services would be exempt from VAT. Further information was provided by the Bahraini information affairs minister, who held a press conference attended by the under-secretary for finance in Bahrain. The Bahraini minister confirmed that basic food and other consumer commodities, medicines and medical supplies will be exempt from VAT. The list of exemptions signals a clear intention on the part of the GCC authorities to temper the mildly regressive nature of VAT.

VAT is an indirect tax applied at every stage of the supply chain, the end effect of the levy is on consumers who finally pay the tax while buying a good or service. Businesses collect and account for the tax, in a way acting as a tax collector on behalf of the government. A business pays the government the tax that it collects from the customers while it may also receive a refund from the government on tax that it has paid to its suppliers. The net result is that tax receipts to government reflect the ‘value add’ throughout the supply chain. VAT is said to be a “self-policing” tax because of the netting-off of input tax from output tax at each successive stage of the production and distribution cycles. Thus, administration is not confined to the national tax authority. As taxable entities, VAT-registered businesses also have administrative responsibilities. Work must be undertaken in that important regard.

There are four important stakeholders in this VAT episode: – governments (beneficiary), businesses (tax collectors), consumers (taxpayers) and consultants (VAT experts). VAT is a tax on consumption. It is ultimately paid by the consumer, in other words “the public” in some shape or form. The public does, therefore, need to be aware.

The businesses that are required to collect the VAT and deposit it with the government are the most worried . They will have to perform an extra function, which could result in additional hiring and costs, or risk of fines, although they do not receive a direct economic incentive. It is not just a question of simply collecting and remitting, , being in the ‘middle’ may bring several complexities.

if the UK and EU VAT regimes are anything to go by, the complete legislative picture will comprise a number of layers. All businesses in the UAE will need to record their financial transactions and ensure that their financial records are accurate and up to date.
– Businesses that meet the minimum annual turnover requirement (as evidenced by their financial records) will be required to register for VAT.
- Businesses that do not think that they should be VAT registered should maintain their financial records in any event, their turnover may change, and the in case the government tax team may need to establish whether they should be registered.

Registration for VAT is expected to be made available to businesses that meet the requirements criteria, three months before the launch of VAT. Businesses will be able to register online using eServices

Registered businesses will be expected to submit VAT returns on a regular basis. It is expected that the default period for filing VAT returns will be three months for the majority of businesses. Registered businesses will be able to file their returns online using eServices.

Details of the Tax Law will be made to the press and details will be published on the Ministry of Finance website. The primary source of information regarding the UAE VAT Law is the Ministry of Finance website.

There may be some special rules on VAT for organizations such as government entities as well as refunds available in some circumstances, especially where international obligations require us to make those refunds.

Everyone is urged to fully comply with their VAT responsibilities. The government is currently in the process of defining the exact fees and penalties for non-compliance.

VAT-registered businesses generally:
• must charge VAT on taxable goods or services they supply;
• may reclaim any VAT they’ve paid on business-related goods or services;
• keep a range of business records which will allow the government to check that they have got things right

If you’re a VAT-registered business you must report the amount of VAT you’ve charged and the amount of VAT you’ve paid to the government on a regular basis. It will be a formal submission and it is likely that the reporting will be made online.

If you’ve charged more VAT than you’ve paid, you have to pay the difference to the government. If you’ve paid more VAT than you’ve charged, you can reclaim the difference.

VAT differs from sales tax which is only imposed on the final sale to the consumer. This contrasts with VAT which is imposed on goods and services and is charged throughout the supply chain, including on the final sale. VAT is also imposed on imports of goods and services so as to ensure that a level playing field is maintained for domestic providers of those same goods and services.

Not all businesses will need to register for VAT. In simple terms, only businesses that meet a certain minimum annual turnover requirement will have to register for VAT. That is, many small businesses will not need to register for VAT. The specific conditions (such as minimum annual turnover) that will help identify businesses that do not need to register for VAT are not expected to be announced before October.

Four-step guide to help companies in the UAE to prepare for VAT implementation, (which can take between eight and 12 months). It may take longer if some of the activities are outsourced, for example IT.
1. Impact assessment
• Complete an impact assessment to understand VAT and its commercial effects.
• Prioritise issues and prepare for implementation.
• This is a key step.
• The assessment looks at its various effects on the organisational, operational and financial levels.
• Typically, an impact assessment needs between eight and 12 weeks to complete and that leaves a relatively short time, no more than nine months, to affect implementation.

2. Project preparation
• Prepare a project plan and secure the necessary internal and external resources and ensure the stakeholders in the business are informed.
• VAT is not just a finance project. It affects all transactions and so touches every aspect of the organisation.
• VAT affects IT systems, finance, human resources, legal teams and even inter-organisation transactions.
• IT systems are integral to the process because they need to be updated to handle the VAT.
• Preparation will entail a cost that companies will need to budget.

3. Design and implementation
• Based on the impact assessment, they need to develop a road map for identifying the changes required, understanding the scheduling requirements and planning for work.
• Implementing the changes across various levels in the organisation starts with mapping the transaction footprint to understand the VAT obligations of the business. This should form the basis for making changes across different verticals in the organisation such as IT, supply chain and human resources.
• Businesses need to design the systems and reports and train their staff on the process requirements for VAT.
• This may require a new software/ new release, or upgrade, Consider:
 COA changes,
 Contract changes
 Order, receipt and invoice formats
 Cash flow and budget updates
 Impact on open orders on1 Jan 2018
 Whether any interfaces are affected
• Businesses must implement necessary changes to systems, controls, reporting and governance in good time.

4. Registering and testing
• Businesses need to register for VAT .
• They need to test that their business systems are capable of compliance and reporting.
• Businesses need to integrate the changes made into the operations and train relevant staff about their new roles and responsibilities to achieve the desired result.
• Testing the VAT system, processes and controls during a “live” phase (expected from January 1, 2018) is important to allow for the complete and accurate completion of the first VAT return.
• Make sure to test adequate volumes of data – e.g. processing a quarterly Vat return on all sales and purchase transactions may involve a lot of processing for some companies.
• Make sure to test interfaces.

Spa challenges and opportunities in the U.A.E. – Deyafa Systems event 16 March 2017

March 7th, 2017

What challenges and opportunities face Spa operators this year?
Find out at this focused seminar to be held at Microsoft Gulf offices on 16 March 2017

Hear about the Digital Revolution from Microsoft

Key Note speech by Deyafa Systems:
Dubai Department of Economic Development, ‘Blue Book’, new requirements – dual language, e cashier
VAT introduction – are you ready?
Economic situation” Oil prices? Trump travel ban? Brexit? VAT? U.A,E, GDP and budget forecasts?
SMAC: Social Mobile, Analytics, Cloud
IoT -connected devices turn information to action
Wellness – medical tourism
New treatments
Aging population
Generation Z
and much much more…

The “Core” solution for spa has had huge success since it launch last year in the U.K. In the last quarter of 2016 it was introduced to the U,A.E. and early adopters include Nikki Beach Spa and the Burj Club.

The event will end with a live demonstration by Premier Software who have partnered with Deyafa Systems locally to provide Spa solutions to the region since 2003.

If you have not received an invitation and would like to attend then please contact Deyafa Systems as soon as possible to register. Take this opportunity to meet with other Spa professionals and to get update insights to guide your strategy.

Dubai Airport – strict new baggage rules from 8 March 2017

March 6th, 2017

Dubai Airport authorities will enforce stricter baggage rules that will come into effect on March 8, 2017.

The new rules may change the way you pack your suitcase.

“Dubai International provides some of the most sophisticated baggage systems in the world. However, even the most technologically advanced systems can be disrupted by irregular shaped or oversized bags. Bags that are round. or do not have a flat surface of any kind are by far the largest source of baggage jams.” Ali saidAngizeh, Vice President of Terminal Operations at Dubai International. These jams can shut down sections of our system, delay baggage delivery to the aircraft and inconvenience our customers,”

Round bags, i.e. those that do not have a flat surface, will not be checked-in.

Dubai Airports has a advised all airlines operating into the airport of the new regulations that will take place next month. “Passengers, who show up at the airport with non-compliant baggage, will also be given the option to have it repacked in boxes for a fee.”

Beware:
1.No irregular shaped bags
2.No oversized bags
3.No round bags
4.All bags should have at least one flat surface

Baggage larger than 90cm long, 75cm high and 60cm wide, or that does not have a single flat surface, will need to be checked in at the oversized baggage counter. Allow extra time to check-in oversize baggage.
Excess baggage must be repacked and excess baggage fees will typically apply.

Do not carry liquids over 100ml in your hand luggage. Place containers in a clear, re-sealable plastic bag
Put the re-sealable bag in your hand luggage.