Ecovis in Shanghai

How to invest in Tunisia: Unlocking opportunities

28.09.2023

Over the past ten years, Tunisia has made a name for itself as a location for investments in IT development. Foreign IT companies in particular, for example from Western Europe, Canada and the USA, have set up branches in Tunisia – and are benefiting from the numerous advantages that the country offers: a favourable geographical location, a pool of highly qualified engineers and attractive tax and legal incentives.

Tunisia has emerged as one of Africa’s most digitally connected countries, characterised by rapidly growing urban centres that are democratising access to the internet and digital technologies. This widespread connectivity facilitates seamless domestic and international communication and collaboration, providing an ideal setting for IT firms to expand their reach. The country’s strategic location on the northern coast of Africa, in close proximity to major European economic hubs such as Paris, Rome, and Madrid, is another significant advantage. This geographical alignment ensures compatible time zones, enabling real-time communication and minimizing logistical challenges.

We support you with accounting and tax issues if you wish to set up a company in Tunisia.

Youssef Tekari, Managing Partner, ECOVIS KDH Partners, Tunis, Tunisia

Tunisia offers many advantages to IT companies willing to relocate

• The corporate tax rate is only 15%, with a full tax exemption in the first year of business.
• The tax on dividends is a competitive 10%, creating a favourable and cost-efficient business environment.
• Tunisia’s educational institutions consistently produce skilled IT professionals. Graduates possess both theoretical knowledge and practical skills, making them valuable assets to the industry.
• The cost-effective labour market in Tunisia, where starting salaries for IT developers rarely exceed EUR 1,200 gross per month, enhances its appeal to investors. This allows companies to maintain high-quality development teams without incurring excessive financial burdens.
• Tunisia’s academia-industry collaboration plays a pivotal role in its attractiveness. Mandatory internship programmes at Tunisian universities forge close ties with the IT sector, benefiting students with practical experience and companies with a pool of potential future employees.
• The Professional Life Initiation Contract (Contrat d’Initiation à la Vie Professionnelle, or CIVP) exempts employers from social security contributions for the first year when hiring new graduates, reducing hiring costs and encouraging investment in local talent.
• Tunisian regulations accommodate non-resident exporting companies, facilitating straightforward profit repatriation to the parent company or foreign shareholder’s bank account.

For further information please contact:

Youssef Tekari, Managing Partner, ECOVIS KDH Partners, Tunis, Tunisia
Email: youssef.tekari@ecovis.tn

MiCa regulation 2023: Stablecoins and e-money tokens issuance

27.09.2023

The EU’s Markets in Crypto-Assets (MiCA) regulation provides long-needed legal clarity for the the crypto market. Among other things, MiCA provides a comprehensive framework for the operation, structure and governance of crypto-asset issuers and service providers by establishing a uniform EU regulatory regime that will supersede national laws. The Ecovis experts in Lithuania explain the details of MiCa regulation 2023.

As the complex landscape of crypto regulation continues to evolve, it is becoming increasingly urgent for credit institutions and electronic money institutions (EMI) to seek expert guidance. This is especially true during the transitional phase of MiCA’s implementation, as regulated entities will be the first to be scrutinised under the regulation.

To ensure a smooth transition and compliance with the new standards, it is essential that all participants in the crypto market seek professional counsel. With less than a year left for stablecoin issuers to prepare for MiCA, the following is a summary of the essential preparation required.

Evaluation of the company’s own technical capabilities

• Individual technological capabilities for stablecoin issuance
• Procurement of an existing issuance infrastructure
• Acquisition of CASPs (Crypto Asset Service Providers) for the creation of the infrastructure

We support you in implementing the MiCA regulation correctly and on time.

Inga Karulaityte, Partner of ECOVIS ProventusLaw, Vilnius, Lithuania

Preparation of the white paper

• Procurement of the appropriate underlying technology and infrastructure
• Evaluation of corporate and governance arrangements
• Establish adequate tokenomics
• Evaluation of conflicts of interes
• Evaluation and establishment of cooperations with third parties
• Strategy for offering the e-money tokens (EMT) to the public
• Consideration of possible trading platforms for the distribution of EMTs

Evaluation of risks and liability for:

• Inadequate technical standards of the underlying technology
• Misleading white paper
• Inconsistent marketing materials
• Deficits in the safeguarding arrangements for clients’ funds

Overall, the implementation of MiCA marks a significant milestone in the legal clarity of the crypto market and provides a novel legal framework applicable to current crypto market actors and potential participants. To ensure a smooth transition, companies and especially regulated entities are encouraged to use the remaining year of the transitional period to establish a robust infrastructure and ensure that their activities are compliant.

For further information please contact:

Inga Karulaityte, Partner of ECOVIS ProventusLaw, Vilnius, Lithuania
Email: inga.karulaityte@proventuslaw.lt

System and Organization Controls: Which compliance standard is the most suitable

26.09.2023

System and Organization Controls (SOC) in versions SOC 1^®, SOC 2^® and SOC 3^® are auditing and reporting standards of the AICPA (American Institute of Certified Public Accountants). These standards enable service providers such as data center operators or cloud providers to ensure and prove to their customers that they have the effective controls and measures necessary to provide the required services securely. The Ecovis consultants know the details.

SOC 1^®: Internal Control over Financial Reporting (ICFR)

This standard is specifically designed to examine the controls in place at service providers that are relevant to the service provider’s financial reporting. There are two types of report:

• Type 1 – a report on the suitability of the design and adequacy of controls to achieve the relevant control objectives at a given time.
• Type 2 – a report on the effectiveness of controls in achieving the relevant control objectives during a specified period of time (typically 6 months or 1 year).

We check for you whether your service provider has installed comprehensive security measures for data processing.

Gholamreza Aminzadeh, Senior Consultant, iAP-Independent Consulting + Audit Professionals GmbH – an Ecovis company, Berlin, Germany

SOC 2^®: Trust Services Criteria

The controls to be examined (& reviewed) in SOC 2 and SOC 3 reports are measured (& assessed) against the so-called trust services criteria for security, availability, processing integrity, confidentiality and privacy. SOC 2 reports can also be Type 1 (adequacy of controls) or Type 2 (effectiveness of controls over a period of time).

SOC 3^®: Trust Services Criteria for General Use Report

As with a SOC 2 report, a SOC 3 report addresses controls related to security, availability, integrity, and privacy/trust. SOC 3 reports are subject to the same audit criteria as SOC 2 reports. However, there are some differences between SOC 2 and SOC 3. For example, SOC 2 reports are confidential and are only provided to certain clients, whereas SOC 3 reports are intended for public consumption and are usually posted on the company’s website as a marketing tool.

Conclusion

Whenever accounting-related or financially critical data and processes are outsourced, companies should ask their future service providers for a SOC 1 report. If a company wants to outsource the processing of its sensitive customer data to an external service provider (cloud/computing center), the IT service provider in question should obtain a SOC 2 report. As a rule, the service provider’s clients do not ask for a SOC 3 report. The service providers themselves make the SOC 3 report available to the public and thus transport certified security.

For further information please contact:

Gholamreza Aminzadeh, Senior Consultant, iAP-Independent Consulting + Audit Professionals GmbH – ein Unternehmen von Ecovis, Berlin, Germany
Email: g.aminzadeh@audit-professionals.de