By Nishant Grover

Fintech, or more specifically Proptech in the tourism industry essentially touches the lives of anyone who travels. Online Travel Agents (“OTAs”) have revolutionised the industry by not only aggregating the offerings but by improving the booking experience through choice, transparency and ease.

The OTAs disrupted the travel industry much earlier than the overall Fintech sector, and have gained a high degree of acceptance by the users. The acceptance level of OTAs is reflected in their substantial size. Booking Holdings (“Booking”) and Expedia, being the two largest, accounting for 73% of the total revenues of the top 10 OTAs, clocked in revenues of USD 14.53 billion and USD 11.22 billion in 2018. The EBITDA of Booking and Expedia in 2018 was USD 5.75 billion and USD 1.97 billion respectively¹.

However, as the industry comes of age, there are several taxation and legal issues that emerge and the resolution of these issues would shape the way forward for the industry.

Tax

The business of OTAs attracts a highly contentious issue of the tax jurisdiction and liability. While the OTAs provide access to bookings globally, they are (supposed to be) taxed only in the jurisdiction of their incorporation. This is contended by other jurisdictions, which provide the bookings and hence claim to generate income.

Illustratively, a user in South Africa can make a booking on Booking for a hotel in Jakarta. Booking would charge the user for the room rate plus its commission. The commission, or income, would be taxed as revenue of Booking in Delaware, USA, i.e. the jurisdiction of incorporation of Booking. However, Indonesia, where the hotel was located, does not receive any income tax. Neither did South Africa, where the user used the services of Booking, receive any income tax. Both Indonesia and South Africa claim to be tax jurisdictions due to the reasons mentioned above.

In reality, the issue is much more complicated because the OTAs are structured in a maze of corporate structures whereby the services are sub-divided into multiple units. These units are either located in tax havens or favourable tax jurisdictions. Hence, the ultimate parent entity does not pay tax using loopholes in tax laws and brilliantly designed tax structures to avoid taxes. It is a fact that Priceline.com incurred a tax bill of less than zero (received rebates instead!) between 2008 to 2015 in US².

To add fuel to fire, the hotel owners are required to bear the burden of income tax even on commissions paid to OTAs, as the commissions are not tax deductible in many jurisdictions. This burden is in addition to the hefty commissions (between 15% to 30%) that the OTAs charge to the hotels.

In the illustration above, the claim of Indonesia seems to be more legitimate than of South Africa, as the subject matter of the booking service (hotel) is located in Indonesia. It is only a matter of time when the regulations will catch up to the current structures and bring them within the ambit of taxation both, where the income is generated and at the jurisdiction of ultimate parent entity. At that stage, the most plausible resolution would be to incorporate tax resident subsidiaries and pay income taxes locally. Once the local entity is taxed, the parent entity would have the benefit under Double Taxation Avoidance Agreement, wherever applicable.

Those OTAs who would cross this hurdle would have a clear competitive advantage. In such a scenario, it would be important to assess and establish a business model which manages various regulatory requirements globally. As this industry is professionally unregulated in most jurisdiction, compliances are expected to be manageable.

Legal

Dispute resolution - Since the OTAs are in the business of providing services, there are possibilities on dispute over services. The dispute resolution mechanism in the case of OTAs is rather inaccessible for a common user.

For example, booking.com is governed by the Dutch law and submits to the jurisdiction of courts in Netherlands³. Back to our illustration, it would be completely impractical for the user in South Africa to follow this dispute resolution mechanism, should there arise a dispute on services.

Currently, this may not be so much of an issue for the OTAs but it puts them in a position of weakness in the competition against “brand.com” (hotel operator branded booking sites) of various operators. The brand.com are becoming stronger with the consolidation of the hospitality industry and it would be imperative for OTAs to work towards user convenience.

Establishment of local entities will be a major step forward in this direction.

Cybersecurity – As the entire business of OTAs are online and OTAs store sensitive user data including their credit card details, cybersecurity is a major concern.

Cybercriminals are getting sophisticated with the major data attacks on the rise. This problem is only going to get worse and OTAs need to be one step ahead of the cybercriminals. The recent attack on Marriott, world’s largest hotel company, affecting data of 500 million users is a testimony to this fact⁴.

It is estimated that businesses spent an average of $11.7m on cyber security in 2017.

Global Banking and Finance recommends deploying dynamic security solutions such as a ‘Moving Target Defence’ (MTD). This method helps to frustrate attacks by continually shifting the points of attack and robbing hackers of the static targets they’re familiar with breaching.

MTD has already been deployed by the US Department of Homeland Security as well as major European banks and many more business are expected to follow in 2018⁵.

General Data Protection Regulation - GDPR is a recent development that OTAs need to seriously take into account. GDPR applies to all OTAs as they deal with EU customers and it requires complex data management with high liabilities.

It is presumed that OTAs would have undertaken a data protection impact assessment to identify risks and would have instituted structures in compliance. However, given the complex business structure of OTAs and multiplicity of parties involved, there is high risk of leakages. This may lead to hefty fines and loss of business (GDPR-imposed fines and fees can reach €20 million or 4 percent of the organization’s worldwide revenues for the preceding year, whichever is higher).

It is recommended to create a detailed plan covering all aspects throughout the organisation/units including roles, responsibilities, policies and processes. A key element is to reinforce such plan through continued training and repeated pressure checks. Further, there should be a protocol to handle breaches and contain the damage.

Consumer Regulations – This is a relatively new area of concern or OTA whereby their selling tactics have come under the scanner of regulators. The Competition and Markets Authority in the UK started an investigation in 2017 on the following areas⁶ : -

• Search results: how hotels are ranked, for example to what extent search results are influenced by factors that may not be relevant to the customer’s requirements, such as the amount of commission a hotel pays the site.
• Pressure selling: whether claims about how many people are looking at the same room, how many rooms may be left, or how long a price is available, create a false impression of room availability or rush customers into making a booking decision.
• Discount claims: whether the discount claims made on sites offer a fair comparison for customers. For example, the claim could be based on a higher price that was only available for a brief period or not relevant to the customer’s search criteria, such as comparing a higher weekend room rate with the weekday rate for which the customer has searched.
• Hidden charges: the extent to which sites include all costs in the price they first show customers or whether people are later faced with unexpected fees, such as taxes or booking fees.

It is only a matter of time that other regulators would pick up similar investigations in their respective jurisdictions if not already done. It is therefore imperative for OTAs to make the necessary adjustments for any allegedly unfair practices that may affect the user adversely.

¹ Medium. 2019. The State of Online Travel Agencies [Online]. [Accessed 13 April 2019]. Available from: https://medium.com/traveltechmedia/the-state-of-online-travel-agencies-2019-8b188e8661ac

² Seattle Times. 2019. GE, Priceline among top corporations paying no income tax over last 8 years [Online]. [Accessed 13 April 2019]. Available from: https://www.seattletimes.com/business/ge-priceline-among-top-corporations-paying-no-income-tax-over-last-8-years/

³ Booking. 2019. Terms [Online]. [Accessed 13 April 2019]. Available from: https://www.booking.com/content/terms.en-gb.html?aid=356980;label=gog235jc-1DCBQoggJCBXRlcm1zSDNYA2jdAYgBAZgBCbgBF8gBFNgBA-gBAYgCAagCA7gC__TF5QXAAgE;sid=7e62b30ce925ce5812eda7db021566ed;keep_landing=1&#tcs_s11

⁴ Forbes. 2019. Marriott Breach – What happened, How Serious it is and Who is impacted [Online]. [Accessed 13 April 2019]. Available from: https://www.forbes.com/sites/kateoflahertyuk/2018/11/30/marriott-breach-what-happened-how-serious-is-it-and-who-is-impacted/#18867427d25a

⁵ Global Banking and Finance. 2019. The three biggest fintech challenges facing the industry right now [Online]. [Accessed 13 April 2019]. Available from: https://www.globalbankingandfinance.com/the-three-biggest-fintech-challenges-facing-the-industry-right-now/