Toolkit on Risk Assessments for more efficient

inspections as a means to
tackle
Undeclared Work
AUTHORS:
Ruslan Stefanov, Daniela Mineva and Stefan Karaboev
Vitosha Research EOOD (Center for the Study of Democracy Group)

With additional inputs from:

Almudena Nuñez-Garcia Bada, ITSS - Spain
Karel Deridder and Bart Stalpaert, NSSO - Belgium
Victor Rotaru, Labour Inspectorate - Romania
Joaquim Pintado Nunes, International Labour Organisation

LEGAL NOTICE
This document has been prepared for the European Commission however, it reflects the views only of the authors, and the Commission
cannot be held responsible for any use which may be made of the information contained therein.

Luxembourg: Publications Office of the European Union, 2019.

© European Union, 2019

Reuse is authorised provided the source is acknowledged.
The reuse policy of European Commission documents is regulated by Decision 2011/833/EU
(OJ L 330, 14.12.2011, p. 39).

For any use or reproduction of photos or other material that is not under the EU copyright, permission must be sought directly from the
copyright holders.

Cover image: © Shutterstock

PDF ISBN 978-92-76-00175-1 DOI:10.2767/010986 KE-01-19-197-EN-N

Created in 2016, the European Platform tacking undeclared work enhances cooperation between EU countries. This EU-level forum allows
different actors, including social partners and enforcement authorities, such as labour inspectorates, tax and social security authorities, to
exchange information and good practices; learn from each other and together; develop knowledge and evidence.
This publication has received financial support from the European Union Programme for Employment and Social Innovation “EaSI” (2014-
2020). For further information please consult: http://ec.europa.eu/social/easi.
 Toolkit on Risk Assessments for more efficient
inspections as a means to
tackle
Undeclared Work

EUROPEAN COMMISSION
Directorate-General for Employment, Social Affairs and Inclusion
Directorate D-1:Free movement of Workers and EURES
E-mail: [email protected]
European Commission
B-1049 Brussels
List of Abbreviations
AEAT.................................................................................................................................................................. Agencia Tributaria/Tax Agency (Spain)
BPMS............................................................................................................................................................. Business Process Management System
CSD...................................................................................................................................................Center for the Study of Democracy (Bulgaria)
Dimona.................................................................................................................. Déclaration Immédiate/Onmiddellijke Aangifte (Belgium)
DSN................................................................................................. Déclaration Sociale Nominative/Nominal Social Declaration (France)
ELA............................................................................................................................................................................................ European Labour Authority
ERGANI...................................System for registration of working hours of employees (used in Greece, Cyprus and Belgium)
ESCORT................................................................... Software, part of the risk assessment systems of Greece, Ireland and Sweden
FOGASA................................................................................................................ Fondo de Garantia Salarial/Wage Guarantee Fund (Spain)
GDPR......................................................................................................................................................................General Data Protection Regulation
GPLA.................... Gemeinsame Prüfung Lohnabhängiger Abgaben/Joint examination of all wage-related levies (Austria)
HLF.............................................................................................................................Anti-Fraud Tool (Herramienta de lucha contra el fraude)
HMRC............................................................................................................................................................Her Majesty Revenue and Customs (UK)
IMI...........................................................................................................................................................................Internal Market Information System
INSS...................................................................... Instituto Nacional do Seguro Social/National Institute for Social Security (Spain)
INTEGRA................................................................................................................... A system for evaluation of effectiveness of inspections
ISM......................................................................................................................................................................................... Instituto Social de la Marina
ITSS........................................................................................................................................................................Instituto Trabajo y Seguro Sociedad
KPIs......................................................................................................................................................................................... Key Performance Indicators
LIMOSA.............................. Landenoverschrijdend Informatiesysteem Migratie Onderzoek Sociaal Administratief (Belgium)
MITRAMISS............................................................................................................Ministry of Labour, Migration and Social Security (Spain)
MSs.....................................................................................................................................................................................................................Member States
NGOs..........................................................................................................................................................................Non-Governmental Organisations
NSSO...........................................................................................................................................................National Social Security Office (Belgium)
OASIS.............................................................................................................Social Inspection Services Anti-Fraud Organization (Belgium)
OECD.....................................................................................................................Organisation for Economic Cooperation and Development
PAYE.............................................................................................................................................................................................Pay As You Earn tool (UK)
RED.ES............................................................................................................ A public body which aim is to digitise public services (Spain)
ROI.........................................................................................................................................................................................................Return on Investment
SEPE..............................................................................Servicio Público de Empleo Estatal/Public State Employment Service (Spain)
SRS...................................................................................................................................................................................................... State Revenue Service
TGSS............................................................Tesorería General de la Seguridad Social/General Treasury of Social Security (Spain)
UDW................................................................................................................................................................................................................ Undeclared work
VAT...................................................................................................................................................................................................................Value Added Tax
List of Figures
Figure 1. The risk management process according to ISO 31000............................................................................................................. 4

Figure 2. Stages of the risk assessment process for the identification of risky companies/employers and for better
targeted inspections tackling UDW.......................................................................................................................................................... 5

Figure 3. Data gathering and databases development process.................................................................................................................. 7

Figure 4. Potential indicators and red flags for effective risk assessment......................................................................................... 10

Figure 5. Example of the relation between the planning stage and formation of collaboration agreements............... 13

Figure 6. Work process and improvement of the model of HLF (Herramienta de Lucha contra el Fraude - Anti-Fraud
Tool)........................................................................................................................................................................................................................ 14

Figure 7. The risk assessment process and its integration in the strategic planning................................................................... 15

Figure 8. Main barriers for the development of risk assessment systems......................................................................................... 16

Figure 9. Success factors................................................................................................................................................................................................ 17

Figure 10. Structure of inspections in Spain........................................................................................................................................................... 18

Figure 11. Sources of data for the Latvian data warehouse......................................................................................................................... 19

Contents
1. INTRODUCTION...................................................................................................................................................1
1.1 What is the toolkit about and how it was developed?.................................................................................................................... 1

1.2 Definitions................................................................................................................................................................................................................ 1

1.3 Who is the toolkit for?....................................................................................................................................................................................... 2

1.4 Facts and figures: The current state of risk assessment systems and their use in the EU....................................... 2

2. THE RISK ASSESSMENT PROCESS: BUILDING AN EFFICIENT SYSTEM...........................................4

2.1 Stages of the risk assessment process.................................................................................................................................................. 4

2.2 What is needed to build a risk assessment system? Methodology development........................................................... 6

2.3 Sources of information. Collaboration and synergies. Mechanisms to ensure data reliability................................ 7

2.4 Lists of indicators and red flags.................................................................................................................................................................. 9

2.5 Outputs of the performed risk assessment....................................................................................................................................... 12

3. REALISING AND ENHANCING INSTITUTIONAL CAPACITY FOR RISK ASSESSMENT IN

LABOUR INSPECTORATES............................................................................................................................. 13
3.1 Main actors, roles and responsibilities when building the risk assessment system.................................................. 13

3.2 Tools and technical support for labour inspectors......................................................................................................................... 14

3.3 The role of social partners and institutional stakeholders........................................................................................................ 15

3.4 Main barriers for developing an appropriate risk assessment system in a public authority................................. 16

3.5 Good practice examples............................................................................................................................................................................... 16

4. EVALUATION, ENHANCEMENT AND SUSTAINABILITY OF RISK ASSESSMENT SYSTEMS...... 21

4.1 Selecting monitoring and evaluation methodologies and procedures. Adopting best practices from other
fields/sectors....................................................................................................................................................................................................... 20

4.2 Exemplary approaches to the setting of benchmarks and Key Performance Indicators (KPIs)........................... 20

5. BIBLIOGRAPHY................................................................................................................................................. 22
 1

1. INTRODUCTION
1.1. What is the toolkit about and how was it management issues internal to the organisation), but
developed? rather focuses on the specific issue of better targeted
inspections for tackling undeclared work (UDW). At this
The aim of the present toolkit is to propose a process- stage, it does not provide standard classifications or
oriented approach for risk assessment, enabling solutions, applicable in all EU Member States, but rather
EU Member States to improve their current risk examples of processes, systems and red flags that can
assessment implementation through examples of be adapted to each country’s specificities.
practices presented. Risk assessment is increasingly
used by labour inspectorates within the EU. Access to This toolkit follows the logic of the risk assessment
a risk assessment system with developed data mining, process:
data analytics1 and data matching tools enable more
effective preventative, enforcement and educational ▶▶ The first section begins by outlining the main
approaches towards tackling undeclared work. These steps of the process. It represents the mutual
systems allow labour inspectorates to move from experiences of the labour inspectorates and
randomly selected inspections towards risk-based the challenges they have faced developing
selections. Using such systems also enables clearer risk assessment systems and tips on how to
targeted enforcement approaches, cost effectiveness overcome them.
and the implementation of education and prevention. ▶▶ The next section focuses on the prerequisites to
building a risk assessment system. It underlines
Developing a risk assessment system for clearer the importance of institutional cooperation,
targeted inspections requires careful and systematic developing IT systems and addressing issues
planning. This toolkit provides a step-by-step guide for around staff resources.
establishing and evaluating a functioning system. It is ▶▶ It then lists indicators and red flags highlighted
based on the results and sharing of good practice of a during the Thematic Review Workshop and
Thematic Review Workshop on ‘Risk Assessments for examines in more detail what sources of
more Efficient Inspection’ held in Madrid, Spain, 14-15 information and systems can be used to gather
June 2018. It builds on the previously developed ‘Data information.
Mining for more Efficient Enforcement’2 toolkit. This
toolkit does not propose a ‘one-size-fits-all’ solution for ▶▶ The third section advises how to identify
use by all inspectorates, but rather a set of systematic and involve key actors in developing a
steps to help authorities to develop a tailored approach risk assessment system; their roles and
to tackle undeclared work to suit their institutional and responsibilities. The toolkit also focuses on:
economic context. important tools and technical support; barriers
to developing the systems; and the entire
process labour authorities should consider in the
The objectives of this toolkit are to: early stages of developing a risk assessment
system.
▶▶ Set out a concrete step-by-step approach ▶▶ The final section covers how to evaluate the
towards developing a risk assessment risk assessment process to ensure continuous
system for better inspections in tackling improvement.
UDW, by describing the full process of
preparation, development, implementation 1.2. Definitions
and assessing the work of the system;
▶▶ Highlight critical issues and challenges that For the purposes of this toolkit, the following definitions
might occur at each step of the process; apply:
▶▶ Provide examples of good practices from ▶▶ Undeclared work: any paid, lawful activities
Member States which have implemented that are not declared to public authorities,
and functioning systems. considering differences in the regulatory
systems of the Member States.
In that regard, the current toolkit does not discuss ▶▶ Risk assessment system: a system generally
‘risk’ in general (i.e. it does not include operational risk a set of red flags and a software solution, that

1 Data analytics includes both exploratory data analysis, which aims to find patterns and relationships in data, and confirmatory data analysis, which
applies statistical techniques to determine whether hypotheses about a data set are true or false
2 https://ec.europa.eu/social/BlobServlet?docId=18826&langId=en
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
2 U N D E C L A R E D W O R K

identifies the threat that a company or an The methodologies described in the toolkit can also be
employee may be involved in UDW or other of use to:
labour law violations.
▶▶ Risk assessment process: the conceptual ▶▶ The European Commission;
sequence of tasks that enables the labour ▶▶ Social partners (e.g. trade unions, employers’
inspectorate to perform risk assessment, associations, NGOs), experts and practitioners.
by engaging senior staff, risk specialists,
data mining experts, inspectors, etc. The risk 1.4. Facts and figures: The current state of risk
assessment process includes the preparatory assessment systems and their use in the EU
and evaluation stages, while it is executed ▶▶ Most Member States are currently facing similar
through the risk assessment system. The challenges in developing risk assessment
assessments help to identify the inherent systems. The labour authorities in Member
business risks and provide measures, processes States developing these systems are all
and controls to reduce the impact of these risks limited by a lack of databases and indicators
to business operations. to detect cases of undeclared work. Generally,
▶▶ Data mining: a set of automated techniques the databases available are limited to data
used to extract buried or previously unknown sources from the labour inspectorates and tax
pieces of information from large datasets. Using authorities and rarely use data from other public
data mining, correlations or patterns among authorities.
dozens of fields in large relational databases ▶▶ Rather than adopting a strategic approach,
will be identified. most Member States are pragmatic. While a
▶▶ Data matching: large-scale comparison of strategic objective must be evidence-based,
records or files collected or held for different any gaps in information should be filled by
purposes to identify matters of interest. With gathering data, analysis and recommendations
data matching, two or more sets of collected from other sources (including social partners)
data (records) are compared. to help decide which forms of undeclared work
▶▶ Indicators: The statistical categories of data need to be tackled (e.g. envelope wages, bogus
(e.g. average salary in a company, turnover self-employment, etc.). Some risk assessment
and profit amounts, average working time of systems also analyse UDW only at sectoral level,
an employee, type of labour contracts used, without considering the type of UDW that may
number of sub-contractors used, etc.). occur as a cross-cutting issue.
▶▶ Red flags: conditions and criteria, pre-set into
the risk assessment tool that point to the Prior to the Thematic Review Workshop in Madrid, a
existence of UDW (e.g. below average salary pre-event questionnaire was completed by participants
for the sector/profession, 0-25 % profit rate from different labour authorities. The results show that
realised by a company following 2-3 years of currently only a few Member States have developed
activity, 25-50 % of all employees on part- highly effective risk assessment systems and that
time contracts, part-time contracts for less labour authorities face challenges including:
than 4 hours per week, use of more than 3-5 ▶▶ Outdated information systems for collecting
sub‑contractors, more than 10 % staff turnover data;
per month, firms/sectors predominantly cited in
▶▶ Insufficient budgets for new and fit for purpose
the received complaints/signals for UDW, etc.).
information systems;
1.3. Who is the toolkit for? ▶▶ Ensuring compliance with privacy requirements;
The toolkit is aimed to support all relevant authorities ▶▶ Poor connection between the different
responsible for tackling UDW within a Member State. information systems that inspectors have access
This includes: to;
▶▶ A lack of interoperability between the
▶▶ Labour inspectorates and inspectors; information systems such as tax authorities,
▶▶ National tax, revenue and social security social security organisation, etc. making the
authorities; exchange, cross checking and processing of data
▶▶ Policy-makers. into risk analysis systems difficult;
▶▶ Setting meaningful red flags.
 3

It is clear from the Thematic Review Workshop

and feedback that most EU Member States would
benefit from better cooperation and mutual learning
between their national tax and labour authorities.
Some Member State administrations do not have the
necessary methodological knowledge, or access to
private consultancy expertise, and rely on their own
limited experience. There is therefore the need to
synchronise risk assessment processes (e.g. by having
common guidelines or compliance requirements) and
risk assessment systems (e.g. by having standard
classification for similar risks, EU-wide social security
numbers, etc.) and to create an EU model for risk
assessment and management. A standardised approach
towards risk assessment in all EU Member States would
simplify the exchange of knowledge and maximise the
usage of good practices.

Tip: It is important to share experiences across

public administrations both within and between
Member States so that everyone receives early
notification of emerging trends, particularly from
practical, ‘on the ground’ experience. Countries
need to learn from and apply good practices
from other countries.
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
4 U N D E C L A R E D W O R K

2.THE RISK ASSESSMENT PROCESS:

BUILDING AN EFFICIENT SYSTEM
2.1. Stages of the risk assessment process Figure 1. The risk management process according to
ISO 31000
Developing a risk assessment system consists of three
main consecutive phases, as defined by this toolkit.
The initiation and planning phase covers all the early
strategic steps, which define the purpose and goals of
the system. It also includes the steps to generate the Establishing the context

Communication and consultation

necessary political and institutional support and budget.
Risk identification

Monitor and review

The design and implementation phase focuses on the
key technical stages to develop the system. First, it
covers the essential actions to access, manage and Risk analysis
protect the data needed for the system. It then lists the
necessary steps to select appropriate tools and develop
algorithms for indicators and red flags. This phase is Risk evaluation
finished once the selected tools and databases are
tested. The final phase is the evaluation phase, which Risk treatment
assesses if all components (tool, algorithms, indicators,
red flags) are functioning and will result in successful
detection.
Source: ISO 31000:2009, ISO 31000:2011 and ISO 31000:2017.
Tip: The risk assessment process is complex
and its implementation should ideally follow a This generalised process logic can be used as a starting
mature and well-recognised standard for risk point, and a valuable source of reference, before
management. Public authorities are therefore proceeding with the development of risk assessment
advised to consider using ISO 310003 as a procedures and systems specifically aimed at better
reference and adapting it to their specific needs. targeted inspections and tackling UDW. An example of
the main stages of the risk assessment process in the
context of UDW inspections is presented in the next
The process of performing any risk assessment and figure. The two cross-cutting steps “Communication and
management activity in general (regardless of the consultation” and “Monitor and review” are discussed
sphere to which it is applied), involves a number of key in sections 3 and 4. The role of social partners and
stages, as described in ISO 31000 (see Figure 1). institutional stakeholders is covered in section 3.

3 (International Organization of Standardization 2018)

 5

Figure 2. Stages of the risk assessment process for the identification of risky companies/employers and for better targeted
inspections tackling UDW

01 Initiation and planning phase 02 Design and implementation phase 03 Evaluation phase

1. Selecting monitoring and evaluation

Goal setting Establishing the risk management
methodologies and procedures and
1. Clarifying the objectives of the framework and risk assessment monitor Key Performance Indicators
institution/labour inspectorate. process within the organisation (KPIs).
2. Forming common goals and targets Methodology development: ensuring 2. Re-evaluating the used red flags
among all ministries, agencies and depending on the patterns of undeclared
data availability and quality
inspectorates. work.
3. Establishing a clear vision for the 1. Form a ‘privacy/data protection by
3. Updating of the red flags and/or the
purpose of the risk assessment system. design’ strategy.
whole methodology/system.
4. Setting the overall strategic goals of the 2. Determining what data is needed and
4. Re-launch.
risk assessment process (e.g. emphasis contact the relevant institutions for
on preventative or deterrence approach collaboration.
for tackling UDW at sectoral/general level 3. Negotiating the access to the data
and at regional/national/international and take into account issues regarding
level). privacy.

Ensuring political support, staff buy‑in, Tools selection and technical support
estimation of costs and ensuring 4. Selection of data analysis tool.
financial and human resources 5. Preparation of the operational
5. Ensuring strong political commitment for environment (IT infrastructure).
the development and implementation of 6. Formation of a common database for
the risk assessment system, including the relevant data from all involved
senior management and all departments’ institutions.
engagement.
7. Selection of a competent IT specialist for
6. Assessing of the gap between the the data analysis team.
needed and available resources for the
development of the risk assessment Priorities, red flags, and treatment
system (data, technology, human and procedures
financial resources). (Gap Analysis).
8. Deciding on the appropriate treatment
7. Assessing the expected costs and
for each type and level of risk.
benefits from the implementation of a
risk assessment system (Cost Benefit 9. Setting the risk identificators (red flags)
Analysis). depending on the set priorities for the
risk assessment system.
Establishing collaborations
8. Ensuring support and collaboration with Piloting
other national and foreign/international 10. Test the new risk assessment system,
institutions. and involve inspectors on the field when
developing and testing the system.
11. Learning by doing (political, functional,
operational involvement when explaining
to technicians/programmers/IT specialists
what is needed).
12. Regular communication between the
Data analysts and the on-site Inspectors.

Source: CSD/ICF, based on presentations by workshop participants at the Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’
(Madrid, Spain, 14-15 June 2018).
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
6 U N D E C L A R E D W O R K

2.2. What is needed to build a risk assessment status. This information was compared to
system? Methodology development the social security paid and the bogus self-
employed were discovered.
Developing a risk assessment methodology should rely ▶▶ Data warehouses. Tax, labour and social
heavily on the desired strategic focus of the system security authorities and inspectorates
(type of UDW, sector, etc.), and on the availability and have access to the same data, ideally
access to data. During the Thematic Review Workshop, supplemented by data from other relevant
participants distinguished different types of indicators public bodies. This happens rarely, since it
to be used: requires collaboration at the highest levels
and technical compatibility. Good examples
▶▶ Policy-driven or inspection-driven (based on of the use of data warehouses include
problems identified ‘on the ground’); Latvia and Spain. There are also high
▶▶ Sector-focused; expectations of the French DSN (Nominal
▶▶ Confidential or non-confidential; Social Declaration/Déclaration Sociale
Nominative) tool, introduced in 2015-2016,
▶▶ Based on existing data (databases, feedback which aims to consolidate various social
from inspectors, signals/complaints, etc.) or security information provided by employers
based on newly created data. and reduce the number of declarations
submitted to welfare agencies. Direct
Tip: Developing risk assessment systems access to the DSN will allow the labour
requires significant time and resources. inspectorate to: quickly check for instances
Sufficient staff and financial resources need to of illegal work; more quickly advance a
be allocated to the task. Piloting and small-scale complex investigation; analyse efficiency,
testing is recommended to estimate the positive progress and identify the most appropriate
results (income for the state revenue, increase treatment of each case.
of declared labour contracts, number of declared ▶▶ Use of business models to determine
hours and/or wages). This return on investment turnover and salary levels (plausibility
estimate could help to secure the support and checks). This approach (applied mainly in
necessary resources from the decision-makers. Germany, Romania and Spain), is based
Depending on the data available, four approaches on creating business models of the typical
can be taken.4 operations of selected key risk sectors (e.g.
restaurants). The authorities observe the
▶▶ Use of own databases. For example, the normal business hours, costs of operations
Romanian Labour Inspectorate has used (e.g. delivered food products per week) and
its own database since 2006, which holds estimate the average/expected wages,
around two billion records with information number of employees, turnover and profit,
on contractual agreements. It does now compared to those reported. They also
need to add into the system data from check case-by-case for other discrepancies
the Ministry of Finance and the Registry of (e.g. if a restaurant with 200 tables/places
Companies, which will enable better risk only has two waiters or if the owners of
analysis and develop data mining capacity. a firm declaring small profits have a high
▶▶ Information requests to other authorities. standard of living). The business model
In this model, the social security authorities for a company of specific size (5, 10, 100
and/or the labour inspectorates ask the tax employees) is also compared with the
authorities for information case by case, data from social security and bookkeeping.
often through personal contacts. Spain For the identified risk cases, a check is
provides an example of such a case of one- performed. This methodology can determine
time collaboration between the tax and if missing reports of working hours can be
social security authorities. After bogus self- justified by co-working family members,
employment became a problem in 2012 (in if there is bogus self-employment and
certain organisations, more than 90 % of if undeclared workers are used, whose
workers were registered as self-employed, payments are not offset against profit
while the wage payer remained the same), in the financial accounts (payment from
the Spanish Tax Office provided a list of all unreported incomes, booked as private
workers who did not deduct from their taxes deposits). Using this case-by-case approach
the allowances of genuine self-employed on the ground, the authorities can also
identify specific schemes for hiding income,
4 (European Platform Tackling Undeclared Work, 14-15 June 2018)
 7

wages and turnover – e.g. not registering To operationalise and formalise these collaborations,
sales by using the so-called ‘training’ key in the labor inspectorates can sign bilateral agreements
the cash register or deleting sales through or memoranda of understanding with other authorities
an additional programme. In Spain, the or with social partners, which would further facilitate
Ministry of Labour, Migrations and Social information exchange and interconnection of
Security and the labour inspectors draft databases and registers. Please consult the Platform’s
business rules, work with experts to set Practitioner’s Toolkit: Drafting, Implementing and
parameters, assess the effectiveness of the Improving Bilateral Agreements and Memoranda of
labour inspectors and detect new cases/ Understanding to Tackle Undeclared Work, 2017.5
schemes involving fraud. For example,
fictitious companies are companies without Figure 3. Data gathering and databases development
any activity whose aim is to register process
‘workers’ so they can obtain social security
benefits or work permits for third country
nationals. Such cases of fraud have almost
completely disappeared thanks to this type
analysis (although other, new hybrid forms 01 02
of UDW and fictitious labour relationships
have appeared). Business rules are very Develop interoperability
efficient at tackling certain forms of fraud. with other authorities’ Build an initial database
The business modelling process, however, databases
can be time-consuming and requires more
staff resources than data mining.

Tip: Develop databases, data warehouses,

business models and risk analysis systems first
at national then cross-border level. 04 03
Start adding qualitative
Start using strategic sectoral
2.3. Sources of information. Collaboration and data to boost quantitative
approach
synergies. Mechanisms to ensure data reliability data (e.g. through audits)

Potential sources of information could be: databases, Source: CSD/ICF.

registers, complaints received, inspectors and other
experts working ‘on the ground’, the media, trade There are several considerations around the use of
unions, non-governmental organisations, current or these sources:
ex-employees, anonymous reports by citizens, penal
prosecutions/administrative fines, as well as private a. The complaints/reports (including those anonymised)
(paid) databases. on which inspectorates in many countries still
primarily rely, provide good results (e.g. in Cyprus
Tip: For risk assessment systems to be effective, inspections following reports reveal UDW in 99 %
authorities should seek to establish exchange of cases). However, the question arises whether
of information with as many internal, external
these are the most problematic or priority cases.
and cross-border similar databases or systems
as possible. A key prerequisite however is that HMRC in the UK uses 50:50 share of complaints vs.
authorities first check that the content in these risk assessment data to plan their activities, since
external databases is comparable and compatible there are low-complaint (or complaint silent) areas
with their own to ensure interoperability. of business or geographic regions. Cyprus, on the
other hand, relies on receiving complaints in 80 % of
cases. Thus, reliance on receiving complaints might
It is recommended that labour authorities establish result in only targeting low risk areas or small-scale
good working relations and rely on exchange or cases in terms of undeclared work.
download of data, particularly with the tax authorities
(information on revenues, and sector-specific b. It is key to analyse the latest trends emerging ‘on
characteristics). They are also advised to interlink the the ground’. Sweden is a good example of receiving
data with further outside sources, such as GPS tracking feedback from inspectors in the field. It relies on joint
information of the fishing fleet, migration data, etc. teams from labour, immigration, tax and customs

5 https://ec.europa.eu/social/BlobServlet?docId=18827&langId=en
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
8 U N D E C L A R E D W O R K

authorities to meet and discuss which companies much-needed collaboration agreements with state
will be inspected, based on tips from inspectors, prosecutors and the justice system.13
companies, trade unions, etc. In Croatia, company data is publicly available, so it
can and is regularly used to inform labour authorities
c. The housing register can be used to check if multiple about specific cases. But other databases, e.g. of taxi
workers are living at the same address and so detect companies’ drivers, are not available to inspectorates.
potential ‘ghost’/non-existent workers. The Belgium expert noted that the LIMOSA
declarations (for posted employed or self-employed
d. Labour authorities can also use data from private people) could not be cross-checked with the
providers to discover letterbox companies. If budgets country of origin authorities since there was no
permit, authorities can buy data not available interoperability with local databases. An important
through administrative means to enrich the prerequisite for such interoperability is the existence
database. of common identifier and definitions. Accordingly, the
Belgian authorities have begun to rely on SharePoint
e. The final decision for a treatment should always be software to share information within Belgium. Cypriot
taken by the inspectorate or the responsible public authorities have also begun to implement SharePoint
authority. The users of the risk assessment results to exchange information between different authorities
should bear in mind that some companies marked as in the country.
‘risky’ can be ‘false positive cases’, while other risk Access to both national and other countries’
cases may remain undetected. databases can also be supported through joint
projects such as the Red Flags! project, implemented
by the International Research Institute on Social
The two typical methods of obtaining data from another Fraud14 and focusing on the digital tools to register,
authority are: prevent and tackle cross-border social fraud.
a. Based on national or cross-border collaborative/
bilateral/multilateral agreements (which are still A key step of the process is to verify the degree
necessary to complement the use of the Internal of reliability of the implemented risk assessment
Market Information System - IMI); and processes. The reliability and the success of the chosen
organisational strategies largely depend on information
b. Information requests. access, sources and completeness of data and timely
gathering of information related to aspects such
Examples as company and economic sector profiles, workers,
previous inspection visits, imposed sanctions and
The Labour and Social Security Inspectorate and the
interventions from other authorities, etc.15
National Office tackling undeclared work in Spain
has signed collaborative agreements as a basis for
information exchange and joint activities with SEPE,6
RED.ES,7 TGSS,8 INSS,9 ISM,10 AEAT,11 FOGASA,12 the
Example
bodies that collect social security payments, the In Spain, reliability of data is ensured by inspectors
Spanish Tax Office, the Civil Guard and Police. Joint double-checking them against their findings. In
inspections by the Police/Guardia Civil and ITSS Ireland, labour authorities rely heavily on other public
are continuously being performed (e.g. in 2016, services data e.g. Europol.
there were 16,761 joint investigations). As of June
2018, Spain is currently working on signing new,

6 Servicio Público de Empleo Estatal (Public State Employment Service, Spain) - an autonomous institution, part of the Ministry of Labour Migration and
Social Security. The institution is responsible for the management and control of unemployment benefits.
7 RED.ES is a public body responsible for the digitization of public services in Spain.
8 Tesorería General de la Seguridad Social (General Treasury of Social Security of Spain) - a public institution supervised by the Ministry of Labour,
Migration and Social Security. It is responsible for the management and control of social security contributions and other financing resources of the Social
Security System of Spain.
9 Instituto Nacional de la Seguridad Social (National Institute of Social Security).
10 Instituto Social de la Marina (Marine Social Institute) - a public institution supervised by the Ministry of Employment and Social Security. It is responsible
for the health care for sea workers, as well as the registration of companies, registration of the hiring and removal of workers, collection and control of
contributions (in collaboration with the General Treasury).
11 AEAT is the main institution in Spain responsible for tax collection in all regions (except the Basque and Navarre regions).
12 FOGASA (Fondo de Garantia Salarial/Wage Guarantee Fund) is part of the Ministry of Labour, Migration and Social Security. The responsibility of FOGASA
is to guarantee that workers in employment relationship receive salaries, pending payments, and compensations for termination of the employment.
13 (European Platform Tackling Undeclared Work, 14-15 June 2018)
14 For more information see the website of the International Research Institute on Social Fraud: https://www.ugent.be/re/cssr/iris/en/research
15 (International Labour Organization 2013)
 9

Lastly, when running risk assessment systems, it is evasion schemes, those which suggest risk (particularly
important to account for those companies that are if the firm is considered risky when combined with
completely unregistered, meaning their workers are other red flags) can be followed up by comparing the
not included in the primary or initial labour authority complaint information (e.g. that a worker has not
database. received a salary) with the official data from registers/
databases (e.g. monthly declaration to the tax authority
2.4. Lists of indicators and red flags of salaries paid).

It is crucial for the relevant authorities to prepare a list Use of technological solutions
of red flags that are:
Different Member States have put significant
▶▶ Appropriate to their strategic objectives resources into developing an efficient risk assessment
(correspond to the types of UDW that should architecture. Many of the new measures are
be tackled with priority, considering the country increasingly innovative and have the potential to
specifics); be transfered to other countries and sectors.16 In
▶▶ Easy to measure (available, reliable and Belgium, for example, the Social Inspection Services
regularly updated statistical data/indicators), Anti-Fraud Organization (OASIS) develops red flags to
and; identify individual targets. OASIS monitors seemingly
▶▶ Do not generate issues around privacy and simple company and employee data (e.g. turnover,
confidentiality. number of employees, registered personnel, wage
levels, etc.) but can generate actionable indicators
and detect abnormalities by looking for specific trends
Presented in figure 4 is a non-exhaustive list of possible (e.g. increasing turnover with decreasing number of
indicators (categories of data) and red flags (specific employees; reduction of registered staff above a certain
conditions that could signal the existence of UDW). threshold; large differences in total wage sums and
These can underpin the development of risk assessment numbers of employees; labour mobility, etc.).17 In other
methodologies, once adjusted to the country specifics cases, such as Austria, countries resort to introducing an
and the strategic focus of the public authorities. In integrated social security contributions and wage-taxes
its final form, the red flags should clearly state the audit (Gemeinsame Prüfung lohnabhängiger Abgaben
conditions for UDW risk (e.g. 50 % of all employees in – GPLA), where an employer is being audited either by
a company are part-time employees), and the relevant a competent social security institution or alternatively,
weight of each individual red flag (i.e. if it carries by a related tax authority. This particular approach is
the same weight as all other red flags or is higher/ complemented by a high level risk-analysis, cooperation
lower). Thus, when the red flag conditions are met, and data exchange between the respective public
and their relevant weight applied, the IT solution used organisations (or departments).18
could provide the final ranking and highlight the cases
recommended for further investigation, inspection and/ In Portugal, inspection priorities are based on indicators
or audit. During the process, labour authorities should delivered by an information system and cross-checked
consider any exceptions to the rules and mitigating with information provided by social security and
circumstances. For example, students and those under social partners. This approach produces actionable
25 years-old typically work part-time, and this should intelligence, which can later be incorporated into a
not be considered a risk factor, or it should carry less more comprehensive risk assessment system. The
weight. When considering part-timers as a risk group of results in Portugal identifying major UDW cases ranged
workers, the data should be cross-checked with labour from totally or partially undeclared work, the wrongful
and labour-time databases by the identification number exploitation of fixed-term employment contracts to
and name of the person, since it is possible he/she temporary work, etc.19
works four hours a day for two different employers.

Another consideration when performing risk assessment

is the quality and relevance of complaints received.
Complaints tend to be anonymous and come from
workers and trade unions (often ex-workers and
ex-business partners). It is not recommended that
inspection follow every complaint. While complaints are
useful to detect the latest trends in new or prevailing
16 (Eurofound 2013)
17 (Eurofound 2009)
18 (Eurofound, 2013)
19 (International Labour Organization 2013)
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
10 U N D E C L A R E D W O R K

Figure 4. Potential indicators and red flags for effective risk assessment

Below average salary for the sector/profession

Salary Workers on minimum salaries

Low wages but large boarding/lodging/transport costs

Turnover and number of employees mismatch

Turnover below the minimum turnover threshold per sector/company size

Turnover and profit
Zero or very low profit (e.g. max 25 % profit after 2-3 years of activity)

Low profit coupled with high consumption or investment in non-productive assets

25 %-50 % are part-time employees

Working time
Part-time contracts are less than 4 hours/week

High number of short-term contracts

Type of contracts
Sudden changes from employees to self-employed (working for the same payer)

Past infridgements, fines, penalties

History and
experience.
Newly established companies
Registration
inconsistencies
Large number of companies located/registered at the same address

Large number/high turnover of subcontractors

Subcontractracting/
intermediaries
Large numbers of ‘go-betweens’ without license acting as temporary work agencies

High turnover of staff (more than 10 % per month); and mismatched with a low overall number
Staff changes
of workers

Risk sectors Companies in high risk sectors (e.g. construction)

Multiple workers living at the same address

Undertakings that ‘disappear’ (and the owners register new ones); suddenly declared insolvency
Bogus posting and
use of insolvency
‘Circle’ posting of workers

Workers have long-term residence in the receiving state

Direct Firms/sectors cited in the received complaints/signals

observations/
signals Firms/sectors identified as risky by inspectors and other authorities ‘on the ground’

Source: CSD/ICF, based on presentations by workshop participants at the Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’
(Madrid, Spain, 14-15 June 2018).
 11

The fast-paced technological development of recent Examples of registration systems, warehouses and
decades allows authorities to use advanced analytics software which can be utilised for risk-assessment:
and machine learning for risk assessment. Ireland, for
example, continues to develop its approach by regularly Dimona (Déclaration Immédiate/Onmiddellijke
updating existing IT infrastructure and real-time risk Aangifte): a database which collects the working
analysis systems (PAYE20 and the VAT Real Time Risk relationship between employees and employers within
systems are good examples). Moreover, Ireland is the National Office for Social Security in Belgium. Due
investigating new ways to remain up-to-date in the face to the developed e-Government programme in Belgium,
of emerging trends and challenges. In 2016, the country social security applications allow near real-time data
piloted an analytical model, designed to detect non- collection and hence, fast re-use for risk assessment by
compliance based on demographic characteristics and labour inspectorates.
spending behaviour.21
ERGANI: a registration system used in Greece, Belgium
A recent OECD study, however, demonstrates that most and (expected by the end of 2018) in Cyprus. It works
risk assessment systems still include a manual element, by registering the number of working hours of every
with some primarily or wholly manual. Tax and labour employee (Cyprus, Belgium) into a database and
authorities also differ as to whether the risk assessment then compares it with the available data from other
is performed centrally, by a designated unit or by the databases.
compliance team.22 The technical side of the process
includes two key stages: ESCORT: a software, part of the risk assessment
systems of Greece, Ireland and Sweden.
▶▶ Integration of several databases/registers in a
larger data warehouse system. Countries have INTEGRA: a data and files collection system for
already begun cooperating on the introduction evaluation of the effectiveness of inspections (used in
of software systems in risk assessment. For Spain).
example, Cyprus has asked Belgium to help
them operate the ERGANI registration system, PAYE: the UK’s ‘Pay As You Earn’ system is used to
which Greece provided free to Cyprus. The collect income tax and national insurance contributions
system is expected to be launched in Cyprus from employers. Employers deduct taxes and social
at the end of 2018. Similarly, Romania has security contributions from employees’ gross wages.
cooperated with Spain on the introduction of
the INTEGRA system. Technically, Romania now REGES: a database system which collects the working
has the prerequisites to perform a very narrow relationship between employees and employers in
technological assessment, but must first learn Romania.
how to use the e-systems for risk assessment
purposes and secure political backing. As COLUMBO: a Business Process Management System
suggested by the Spanish Anti-Fraud Office, it (BPMS), implemented for the management of the
is also important for inspectors ‘on the ground’ effectiveness of inspections in Romania, similar to
to use more integrated IT and communication INTEGRA in Spain.
systems (e.g. to have inspectors use a tablet-
type device and access labour and security Economic costs and considerations are similarly
databases to obtain real-time information important. According to the Belgian expert, a country
during inspections). might need 10 years and millions of Euros to develop
▶▶ Feeding this consolidated data into a data and launch a risk assessment system based on
mining tool, which calculates the risk scores e-databases, while explaining the possible Return on
based on the programmed risk conditions (red Investment (ROI) of implementing the risk assessment
flags). This data mining software can be open- system to decision makers is also most useful.
source or commercial (paid) and adapted to
the needs of the inspectorates. A list of popular
commercial and open-source data-mining tools
is available on the 2017 Platform’s Practitioner
Toolkit from the Thematic Workshop on ‘Data
Mining for More Efficient Enforcement’.23

20 PAYE (or Pay As You Earn) is the main instrument, through which employees pay taxes. It ensures that the total annual tax amount, which an employee is
required to contribute, is evenly collected on each pay day over the year (Revenue, Irish Tax and Customs 2018)
21 (Irish Tax and Customs Revenue 2016)
22 (OECD 2017)
23 (European Platform Tackling Undeclared Work, 14-15 June 2018)
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
12 U N D E C L A R E D W O R K

2.5. Outputs of the performed risk assessment

It is important that the system is developed so that the

information generated by the algorithms communicates
clearly to the inspectors if a case is potentially
irregular. The ‘on the ground’ inspectors will similarly
only recognise the value of risk assessment if it offers
them specific details of what they perceive in the field.
The final outputs should be provided to them in a
concise, clear and comprehensive form, e.g. including
charts and geographical maps; narrative texts; lists
and rankings of risk companies based on clear criteria
which the inspectors themselves can alter and adjust
as necessary; network analysis of related companies
(accompanied by a network diagram of the internal
connections and relations between companies and/or
people), where applicable.

During the Thematic Review Workshop in Madrid and

the Follow-up Visit in Brussels on 28 September 2018,
several Member States demonstrated which risk is
assigned to the analysed employers, employees or
taxpayers.

Example: Latvia
In Latvia, taxpayers are ranked based on Risk Points,
where the risk ranking does not necessarily mean
that specific tax payers are evading taxes, but rather
that a particular case might require an audit.

In the risk assessment tool used by the State Labour

Inspectorate of Lithuania the outputs are rank-based
and created in a colour-coded, user-friendly manner.
The tool ranks the cases into three zones: the green
zone (‘ignore’), the yellow zone (‘monitor’) and the red
zone (‘check’).

Irrespective of the output method, the decision as to

whether an inspection is needed should be made not by
the system but by the inspectorate.
 13

3.Realising and enhancing institutional

capacity for risk assessment in
enforcement bodies
This section covers the main actors involved in the Figure 5. Example of the relation between the planning
process of developing risk assessment systems. It stage and formation of collaboration agreements
recognises the responsibilities and challenges facing the
relevant bodies for the system to function. It also covers
the process for tool selection and implementation and TGSS
the relevant issues.

3.1. Main actors, roles and responsibilities when

building the risk assessment system INSS
The first important set of actors to consider when the Planning
goal is to implement and enhance the risk assessment SS bodies and
systems are the senior management of the relevant FOGASA
other agencies
institutions. Their key role is primarily to strategically
embed risk assessment into the institutional culture.
This means aligning the visions and goals set for the
risk assessment tool with the institutional objectives SPEE
and establishing the risk assessment process not as Collaboration
isolated but as core to the organisational reporting,
agreements
decision-making and governance. This requires a culture
shift for inspectors and other relevant staff to use ISM
and rely on the risk assessment system for tackling
undeclared work. Another important role of senior
management is to secure political support for the AEAT
development and implementation of risk assessment
systems. This means developing relationships with
other relevant institutions and garnering agreements
on institutional cooperation and data exchange. Senior Source: Presentation of the Spanish National Office tackling Undeclared
management plays a vital role in developing a collective Work, Thematic Review Workshop on ‘Risk Assessments for more Efficient
Inspection’, Madrid, Spain, 14-15 June 2018.
database and amalgamating the databases and
information from all relevant institutions.
An important challenge of the development process is
creating an effective risk assessment algorithm that can
accurately predict if a company or person is compliant.
This can be developed internally by IT specialists within
the enforcement and/or the prosecution authorities or
by using an external specialist commercial company.
Business analysts play a key role in creating the data
analysis tool (including social partners and trade
associations) as do the inspectors, who can offer
insights into which risk condition (e.g. sudden change by
half a firm’s employees to self-employed status) should
be defined as a specific red flag to be used by the tool.24
These observations by inspectors offer vital insight to
help the system to adapt and develop.

24 (European Commission, DG Employment, Social Affairs and Inclusion 2017)

 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
14 U N D E C L A R E D W O R K

Figure 6. Work process and improvement of the model of HLF (Herramienta de Lucha contra el Fraude - Anti-Fraud Tool)

The ITSS Central Services The files of subjects to

execute the fraud models be inspected are generated Files are loaded into our
and select the subjects to be and also files with additional software, INTEGRA
inspected information

HLF

Upon completion of the

The Heads of the Regional
The HLF analyses the investigation, information on
Inspectorates create ‘service
effectiveness of business rules the results will be uploaded
orders’ and assign them to the
and data mining to the sysetem to validate the
officers
effectiveness of the models

Source: Presentation Spain from Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’ (Madrid, Spain, 14-15 June 2018).

Risk assessment systems use personal data and a 3.2. Tools and technical support for labour inspectors
taskforce to protect this data within the database
is essential. An example is the Commission for the Using data analysis tools helps maximise the benefits
Protection of Privacy (CPP) in Belgium, an independent of inspections and minimises the cost. Various data
body that protects the privacy of personal data mining and data matching tools25 are currently available
processed by the risk assessment system. The CPP to be implemented into risk assessment systems.
consists of several sector committees, responsible No specific tool is better than others, rather different
for the protection of data within a specific sector. For software have their own pros and cons. Selecting the
example, the ‘Social Security and Health’ committee best tools relies on the available IT resources and
protects the privacy of beneficiaries of the Belgian expertise of the analysts. Enforcement bodies must
social security network and the exchange of health- understand the chosen tools and be aware of their
related data. features, advantages and limitations. Recognising
these limitations is essential to the success of the
The final segment is the ‘in-the-field’ inspectors. Their system. It is worth noting that, currently, staff within
role is to conduct the inspections based on the results most labour inspectorates have limited IT expertise
of the risk analysis. The inspectors should be told which in turn limits the efficiency of the risk analysis
which red flags have been activated during the risk system. One solution is for labour inspectorates to hire
assessment. Following the inspections, the results are specialists who understand the data analysis tools,
uploaded into the risk assessment system. Based on provide technical support and exchange information
these results, the effectiveness of the algorithm in and insights with the inspectors ‘in field’, but this is
detecting fraudulent activities can be assessed. If the costly. Regular communication between analysts and
fraud model/algorithm is ineffective, it is improved inspectors is vital because inspectors need to know the
based on the failed inspections. reasons for the inspections. More particularly, they need
to know which red flag is activated during the analysis,
In some risk assessment systems, for example to provide further background to the inspections.
in Belgium, companies that have previously been
involved with UDW are ranked as vulnerable to future The selection of the most appropriate risk assessment
infringements compared to companies which have system also depends on whether the tools are
not. Again, for future inspections, inspectors will have free, open-source software or specially designed
information about the vulnerability of the company programmes and systems. The first has the benefit
and previously used forms of undeclared work, offering that more IT specialists will be available to perform the
clues as to what to inspect. The interaction between analytical work and it is cheaper to install. The benefit
the data analyst and the inspector should therefore be of specially designed systems is that they are specific to
an iterative process. To further improve inspections, it the purposes of risk assessment systems. For example,
may be recommended that civil guards and the police the Connect Tool (used in the UK) is specifically
accompany the inspectors (particularly when visiting designed to measure behavioural patterns which might
employers known for acts of violence or obstructing more accurately identify high-risk VAT traders. Another
inspectors). advantage is that the tool comes with skilled personnel,
solving the challenge facing enforcement bodies of
recruiting IT specialists.

25 https://ec.europa.eu/social/main.jsp?catId=1299&intPageId=4875&langId=en
 15

Figure 7. The risk assessment process and its integration in the strategic planning

1. Political and senior management support 2. Observe the labour 3. Setting joint goals for all departments/
▶▶ Placing risk assessment for both enforcement environment; find bodies
and prevention as a priority unusual behaviour and ▶▶ Coordinated action/work
its reasons plans, including use of risk
▶▶ Enabling legal base, supporting data sharing
assessment
and cooperation, common definitions

5.2. Methodology development. Setting 5.1. Develop and 4. Cooperation agreements, access to databases
indicators (data categories) and red flags (risk improve reliability (compatibility/reliability)
conditions) of own databases; ▶▶ Analysis of the available information
▶▶ To serve for: education and connect with
databases of other ▶▶ Determining what competences will be
prevention, detection and
bodies needed
enforcement

6. Trained and motivated 8. Evaluation of the

7. Output of the risk assessment process
human resources (data impact, update and
scientists, inspectors), funding, ▶▶ Working methods for inspections, notifications, improvement.
IT/software prevention, awareness/education, audit procedures, etc. Re-launch

Source: CSD/ICF.

3.3. The role of social partners and institutional Provincial governments, local municipalities, non-
stakeholders governmental organisations, social partners, academia
representatives and individual researchers can also
The successful planning, development and functioning support the development of risk assessment systems,
of the risk assessment system relies on various by highlighting specific patterns of undeclared work.
social partners and institutional stakeholders being Cooperation between them, labour authorities and also
involved in the process. During the planning phase, local civil officers/police helps generate more efficient
political commitment from senior management in pections.
all relevant ministries, agencies and inspectorates is
essential. For example, in Croatia, only through political The European Platform Tackling Undeclared Work (the
support, were relevant institutions made aware of Platform) and the future European Labour Authority
the development of the risk assessment system and can play an important role in sharing expertise for
the importance of their databases to its success. It is developing and improving risk assessment systems. It
vital for labour inspectorates to communicate to the is essential that the actors responsible for developing
ministers and policy-makers the benefits of developing such systems be informed about patterns of undeclared
and implementing a risk assessment system to gain work, strategies for social security and tax evasion and
political backing and funding. Risk assessment systems other approaches occurring in other Member States to
should also be included in overall strategic planning be able to adapt the red flags to detect UDW patterns in
to promote better cooperation between institutions. their own country. The Platform is an effective source of
Improved cooperation can strengthen the risk new information and insights. It organises seminars and
assessment system through data-sharing, exchange of workshops between key stakeholders of the different
experience, sharing IT tools, training, etc. This process is Member States including labour inspectorates, tax
also often implemented alongside the development or authorities social partners, etc. It also helps exchange
improvement of the e-government and e-services for information about the challenges and experiences in
citizens and businesses, a further argument for political developing and maintaining such systems. The Platform
support. Collaboration should also be established produces studies, toolkits, discussion papers, event
between the institution developing the risk assessment reports and other written resources. It is important
system and the labour inspectorates from other that the senior management of the national labour
Member States. inspectorates are informed through these resources.
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
16 U N D E C L A R E D W O R K

Figure 8. Main barriers for the development of risk assessment systems

Difficulties in establishing Lack of links to information

Privacy issues
objective indicators systems of other organisations

Difficulties in gathering of data,

Difficulties in implementing Lack of human resources.
its integration into one system,
it into the ordinary work of Insuficient budget to update old
keeping the information up-to-
the inspection organisation information systems
date

Source: Presentation from Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’ (Madrid, Spain, 14-15 June 2018). Findings from
pre-event questionnaire.

3.4. Main barriers for developing an appropriate risk

assessment system in a public authority

Risk assessment systems are a cutting-edge approach

for tackling undeclared work. Institutions face a variety
of barriers, which limit their ability to implement these
systems. During the pre-event questionnaire at the
Thematic Review workshop on ‘Risk Assessments for
more Efficient Inspection’ representatives from the
labour authorities highlighted six main barriers to
adopting a risk assessment system.

One of the most common issues facing newly adopting

institutions is lack of access to information systems
and databases of other relevant institutions. As noted
in figure 3. and in section 3.1 and 3.3, partnerships and
cooperation agreements are essential for accessing
more databases. Another potential barrier is if
indicators and algorithms cannot highlight fraudulent
activities. It is vital that these are tested regularly
and include the input from the ‘in-field’ inspectors.
Regarding data privacy issues, as suggested in section
3.1, creating a Data Protection Task Force is essential.
The main barrier that most inspectorates claim to be
facing is the lack of human resources with relevant IT
skills.

3.5. Good practice examples

Ensuring political support for the use of risk assessment

systems, access to necessary data with sufficient detail
and skilled human resources all impact the success of
identifying potential UDW companies and workers and
their efficient inspection.
 17

Figure 9. Success factors

Ensure political support (financial and human resources) for using risk assessment systems
Establish a clear vision for the purpose of the risk assessment system
Demonstrated success (to the policy-makers and society)
Organisational culture and structure, where the risk assessment process is not isolated but considered a core
element of organisational reporting, decision-making and governance
Update the vision for the risk assessment system and the strategic goals over time
Pursue more collaborative agreements and national and foreign partnerships with other government agencies,
business and social partners
Experience and feedback from the ground (inspectors to act as the bottomline)
Protection of personal data/ensuring privacy
Experienced human resources with appropriate IT skills
Training of inspectors
Available software tools. Human and technological capabilities and integrator to bring them all together
Access to appropriate data
Common definitions across administrations, and common legal base
Update the red flags according to changes in the patterns of undeclared work
EU dimension: common identification numbers (e.g. VAT, Social Security Number)

Source: pre-event questionnaire and discussion at the Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’ (Madrid, Spain, 14-15
June 2018). Findings from pre-event questionnaire.

Tip: Legislation should support data sharing - labour and social security inspection signed in 2015;
whilst complying with data protection issues - independent agency to conduct the fight against UDW;
and concentrate efforts where most needed (e.g. increase coordination with regional administrations/
no need for obligation to check all anonymous regional governments coordinate with each other;
signals). National legislation is also necessary to greater participation of social partners); 2) Better
enable police officers/civil guards to accompany cooperation (regional, national institutions and other
inspectors. organisations and stakeholders); and 3) Intensive use of
technology to analyse information sources and detect
fraud, but also to understand social and labour reality
and trends. Some of the priorities of the plan include:
a) Prevention and detection of cases of unemployment
Example: Spain. Tackling UDW and social benefits paid to people not entitled to them, b)
security fraud26 Detection and control of social security bonuses and
other employment benefits. This framework has been
reinforced by the Master Plan on Decent Work 2018-
Between 2010 and 2012, Spain was significantly 2020 which was recently published. This Master Plan
affected by the economic crisis, one of the results includes 75 measures to tackle UDW and labour and
being a significant increase in UDW. Since 2012, a social security fraud.
comprehensive plan to tackle UDW and social security
fraud has been developed and is currently being
implemented. This plan is based on three pillars:
1) Stronger institutional structure (new law on the

26 For more information see: (Ministerio de Empleo y Seguridad Social 2015) and (European Platform Undeclared Work 2017)
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
18 U N D E C L A R E D W O R K

Figure 10. Structure of inspections in Spain

Source: Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’ (Madrid, Spain, 14-15 June 2018). Findings from pre-event
questionnaire.

The Spanish Anti-Fraud Tool (Herramienta de lucha ▶▶ The Heads of the Regional Inspectorates create
contra el fraude) is a collection of IT tools used to ‘service orders’ (each investigation on a specific
tackle UDW and social security fraud.27 It has been in company is called a ‘service order’) and assign
use since 2015 and due to the ongoing re-evaluation them to the officers;
of its effectiveness, the efficiency rate of inspections ▶▶ Upon completion of the investigation, results
has regularly increased. This risk assessment system are uploaded to the system to validate the
is based on solid infrastructure for data gathering effectiveness of the models;
and exchange. To enable data gathering, cooperation
agreements are signed with TGSS, SEPE, AEAT, RED. ▶▶ The HLF analyses the effectiveness of business
ES, INSS, ISM, Secretaria General de Transporte, rules and data mining.
Registradores de Espana and others. The Anti-Fraud
Tool collects data from the databases of the different The risk assessment system undergoes an evaluation
institutions with which it has cooperation agreements. It phase, which includes both quantitative and qualitative
also analyses data from the Labour and Social Security measures of success. Following an inspection, the
Inspectorate database, INTEGRA. The data mining results are uploaded into the INTEGRA system and the
process is performed by inspectors, IT staff and external efficiency is then assessed.
consultants.

The system also relies on ‘business rules’, which are Example: Latvia. ESCORT risk analysis
risk assessment indicators designed by the team system
of inspectors and sub-inspectors assigned to the
‘Anti-Fraud Tool’ Unit and Ministry and IT experts.
Their involvement in conducting ‘in field’ inspections The Latvian State Revenue Service (SRS) currently
allows the effectiveness of each planned activity to uses the ESCORT risk analysis system. This system
be analysed. It also detects new trends of fraud. For focuses on analysing companies rather than employees.
example, in new geographical areas, activity in different The process of selecting tax control measures begins
sectors, appearance of new forms of undeclared work, with tax control planning and analysis division of the
and others. The involvement of inspectors also makes Tax Control Board, which sends the selected task to
it possible to redirect inspection activities towards more the Legal persons’ analysis division who compare
critical cases. the data on the ESCORT system with data from the
data warehouse and produce an Audit Plan. The tax
The whole process of transition from data mining and control board includes four highly qualified specialists
data analysis towards inspections and evaluation is a who provide the risk analysis process, maintain and
six-step process: operate risk analysis systems and formulate metadata.
The formation of the metadata includes: following up
▶▶ The ITSS (Inspección de Trabajo y Seguridad all the data available on the database that is at the
Social/Labour and Social Security Inspectorate) disposal of the SRS; inclusion of additional information
Central Services execute the fraud models and into the database; defining, maintaining, correcting
select the subjects to be inspected; and improving the Risk Criteria (SQL and formalisation
▶▶ The files of subjects to be inspected are language); planning the Risk Analysis Tasks. The Tax
generated and files with additional information; inspectors at the Legal Persons’ analysis division utilise
▶▶ Files are loaded into the software, INTEGRA; the results from the risk analysis and evaluate the

27 (European Commission 2016)

 19

taxpayers to select the appropriate tax administration taxpayer’s employees with salary less than the state
measure. average salary exceeds 50 % of the overall number of
taxpayer’s employees and the turnover of the taxpayer
The data used for the ESCORT risk assessment is bigger than X value. Risk variables which are used
system are collected in one data warehouse. The with the risk rules include, for example:
main information sources used by the risk assessment
system come initially from the SRS database, which ▶▶ Average salary;
includes data on taxpayers’ registration information, ▶▶ Hourly wage/tariff rate;
information from tax returns, SRS tax administrating ▶▶ Number of employees;
activities etc. This data warehouse also collects external
data from other institutions. The external source is the ▶▶ Number of registered cash registers;
State Labour Inspectorate which provides information ▶▶ Number of market places;
about businesses previously detected with illegal or ▶▶ Number of structural units;
undeclared employees. It also collects data from the
Office of Citizenship and Migration Affairs on issued ▶▶ Information on performed control measures in
licenses for specific sectors such as Construction or the field of envelope wage;
Transportation. Other sources include: vehicle registry ▶▶ Information on detected offences during checks;
data, information from market places (persons who rent ▶▶ Information on received complaints about
trading facilities in markets), Central Statistical Bureau envelope wage.
data on average salary within certain professions,
Information from banks about instances of suspicious
transactions. There are three forms of risk categorised by this
system:
The ESCORT system risk assessment works via
knowledge-based risk rules. Different functions are used ▶▶ Common risks;
to formulate risk criteria. One example is «If – Then» ▶▶ Comparative risks;
logical operators. Another is the function slope (points ▶▶ Analytical risks.
are assigned for a certain value of ‘step’). According to
significance, similar risks, which are differently defined
and with different degrees of risk, are combined into These risks are evaluated based on a point assessment
one ‘area’ - if a company operates in several ‘areas’ system, where the value of points depends on risk’s
of risk, then only the risk with the highest number relevance. Assigned points indicate potential risk of
of points is counted in the total points. An example tax evasion. Once the assessment is completed, it is
of a rule is RISK, which identifies if the number of decided whether to conduct an audit.

Figure 11. Sources of data for the Latvian data warehouse

RASA SRS users Credit institutions

Report (queries)
ESKORT Other information
Others
sources
External users
VIES
State registers
Data Warehouse
EUROFISC

Central customs information system Tax Information System (TIS) Information system for state officials declarations

Source: Thematic Review Workshop on ‘Risk Assessments for more Efficient Inspection’ (Madrid, Spain, 14-15 June 2018).
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
20 U N D E C L A R E D W O R K

4.EVALUATION, ENHANCEMENT AND

SUSTAINABILITY OF RISK ASSESSMENT
SYSTEMS
Once the risk assessment system is established, it is need an update). Monitoring and evaluation plans and
important to follow an evaluation process which will methodologies can be adopted from other authorities
assess the system, its outcomes and whether it needs and sectors, e.g. tax evasion risk assessments, health
changes or improvements over time. The evaluation and safety risk assessments, etc.
process enhances the system over time while the
iterative process of solving occurring issues improves 4.2. Exemplary approaches to the setting of
the sustainability of the system. benchmarks and Key Performance Indicators
(KPIs)
4.1. Selecting monitoring and evaluation
methodologies and procedures. Adopting best To continually improve the effectiveness and impact
practices from other fields/sectors of an inspection plan based on risk analysis and
data mining, the most appropriate KPI should be
The evaluation phase is vital to the long-term selected. KPIs should be agreed benchmarks among all
effectiveness of the risk assessment system. It enables stakeholders (i.e. inspectorates and public institutions,
the relevant actors who use the system to assess its social partners and business representatives), which
performance and, if issues occur, to make changes to correctly reflect the strategic objectives and aims of the
the system. The evaluation phase begins during the risk assessment system. Some examples of KPIs may
development of the system and remains part of it, in include:
order for the system to adapt in the future. An efficiency
evaluation process for the whole institution can identify ▶▶ Increased efficiency of inspections (has the
how a sifting process can be designed so that the risk assessment correctly pointed out the most
authorities can dedicate greater resources to more prominent cases of UDW);
strategic inspection visits. When an evaluation is made, ▶▶ Positive return on investment (based on cost-
it is important to bear in mind the original purpose benefit analysis);
of the system. Changes should not be limited to the ▶▶ Decreased overall occurrences of UDW (number/
technical parameters of the system itself but also share by sector, type of UDW, company size,
include re-examining the overall purpose of the system. geographical region, etc.);
If the relevant authorities that use the system conclude
that its goals are becoming irrelevant over time, they ▶▶ Converted UDW into declared (number/share);
should change the risk assessment system and the red ▶▶ Corrected behaviour regarding salaries,
flag methodology in a way that better corresponds to working time, use of the appropriate type of
the new reality, the newly emerging evasion schemes, employment, etc.;
and the overall strategic objectives and policy focus of ▶▶ Increased social security and tax collection
the relevant public authority. (amount/share) or decreased social security
(undue) benefits etc.
To evaluate the performance and effectiveness of
the system, it is important to set concrete benchmark
indicators, and monitor their success by collecting The cost-benefit analysis28 particularly helps assess if
regular feedback from the main users. These indicators the cost of the development and implementation of the
should be designed to allow the labour inspectorates to system is more or less than the estimated benefits. For
assess whether the system delivers its prescribed goals. example, the Connect Tool, used by HMRC, initially cost
Ideally, they should be ‘SMART’ (specific, measurable, GBP 90 million (EUR 102 million) for the development
attainable, relevant, time-based). These indicators can and implementation of the system, but subsequently
also highlight whether particular aspects of the system the increased tax revenue was estimated around GBP
need changing (e.g. if the red flags are appropriate to 3 billion (EUR 3.4 billion) for the period 2010-2015, due
detect the most prominent cases of UDW or if they to the implemented Connect Tool.29

28 (Wispelaere and Pacolet 2017)

29 (HM Revenue & Customs 2016)
 21

Another approach which evaluates the effectiveness

of the system is by measuring the number of
inspections and their outcome. For example, the
National Employment Office of Belgium publishes the
annual outcomes generated by the system indicating
number of audits, number of infractions and amount
recovered.30

The evaluation phase should be undertaken with

caution. It is important to note that inspection agencies
that use a risk assessment system should not only
concentrate on using increased tax revenues from
inspections as the main indicator of the system’s
success, but also aim to reduce instances of UDW and
turn undeclared work into declared.

Relying primarily on financial results or on the number

of successful inspections could generate a potential
issue: the positive results of these indicators might
shift the purpose of the system towards maximising
successful inspections, audits and returned taxes, rather
than the overall aim of reducing UDW and increasing
formal labour contracts correct declaration of total
wages and working hours.

30 (Wispelaere and Pacolet 2017)

 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
22 U N D E C L A R E D W O R K

Bibliography
Eurofound. 2009. Belgium: OASIS. Accessed here. OECD. 2017. Country-by-Country Reporting: Handbook
on Effective Tax Risk Assessment. BEPS Action 13. OECD.
Eurofound. 2013. Tackling undeclared work in
Accessed here.
27 European Union Member States and Norway:
Approaches and measures since 2008. Eurofound. Wispelaere, Frederic De, and Jozef Pacolet. 2017. Data
Accessed here. Mining for More Efficient Enforcement: A practitioner
toolkit form the thematic worksop of the European
European Commission. 2016. European Platform
Platform Undeclared work. Toolkit, Brussels: European
tackling undeclared work, Member States Factsheets
Platform Undeclared Work.
and Synthesis Report. Brussels: DG Employment, Social
Affairs and Inclusion. Accessed here.
European Commission, DG Employment, Social Affairs
and Inclusion. 2017. European Semester Thematic
Factsheet: Undeclared Work. Factsheet, Brussels:
European Commission, DG Employment, Social Affairs
and Inclusion. Accessed here.
European Platfiorm Tackling Undeclared Work. October
2017. Practitioner’s Toolkit: Drafting, Implementing and
Improving Bilateral Agreements and Memoranda of
Understanding to Tackle Undeclared Work.
Accessed here.
European Platform Tackling Undeclared Work. 2018.
Thematic Review Workshop: Risk Assessment for More
Efficient Inspections. (14-15 June 2018). Madrid, Spain.
Summary of Discussion, Madrid: European Platform
Tackling Undeclared Work.
European Platform Undeclared Work. 2017. Data mining
tools and methods, UK. Factsheet, Brussels: European
Platform Undeclared Work.
European Platform Undeclared Work. 2017. Data Mining
for More Efficient Enforcement: Learning Resource Paper.
Learning Resource Paper, Brussels: European Platform
Undeclared Work.
European Platform Undeclared Work. 2017. Spain.
Factsheet, European Platform Undeclared Work.
HM Revenue & Customs. 2016. Making Connections.
Accessed here.
International Labour Organization. 2013. Labour
Inspection and Undeclared Work in the EU (LAB/ADMIN
Working Document No.29). Working Paper, International
Labour Organization. Accessed here.
International Organization of Standardization. 2018. ISO
31000:2018 Risk management — Guidelines.
Accessed here.
Irish Tax and Customs Revenue. 2016. Annual Report.
Accessed here.
Ministerio de Empleo y Seguridad Social. 2015.
Dirección General de la Inspección de Trabajo y
Seguridad Social: Informe Anual de la Inspección de
Trabajo y Seguridad Social. Annual Report, Ministerio de
Empleo y Seguridad Social. Accessed here.
 23

Getting in touch with the EU

In person
All over the European Union there are hundreds of Europe Direct Information Centres. You can find the address of the
centre nearest you at: http://europa.eu/contact
On the phone or by e-mail
Europe Direct is a service that answers your questions about the European Union. You can contact this service
– by freephone: 00 800 6 7 8 9 10 11 (certain operators may charge for these calls),
– at the following standard number: +32 22999696 or
– by electronic mail via: http://europa.eu/contact

Finding information about the EU

Online
Information about the European Union in all the official languages of the EU is available on the Europa website at:
http://europa.eu
EU Publications
You can download or order free and priced EU publications from EU Bookshop at: http://bookshop.europa.eu.
Multiple copies of free publications may be obtained by contacting Europe Direct or your local information centre
(see http://europa.eu/contact)
EU law and related documents
For access to legal information from the EU, including all EU law since 1951 in all the official language versions, go
to EUR-Lex at: http://eur-lex.europa.eu
Open data from the EU
The EU Open Data Portal (http://data.europa.eu/euodp/en/data) provides access to datasets from the EU. Data can be
downloaded and reused for free, both for commercial and non-commercial purposes.
 R I S K A S S E S S M E N T S F O R M O R E E F F I C I E N T I N S P E C T I O N S A S A M E A N S T O T A C K L E
24 U N D E C L A R E D W O R K