Riskier Business — Paradoxes of Infrastructure & Operational Risks
Too sprawling to mention? Too fundamental to ignore!
Infrastructure risk is rarely announced in a transfer pricing report for a limited risk function. It may be implied, tangentially referenced, but almost never analyzed directly.
And yet, when you turn to the annual report, infrastructure is everywhere.
This Margin Note continues our series on non-transactional risks under the OECD Transfer Pricing Guidelines (TPG). After exploring Strategic and Marketplace Risks, herein we examine Infrastructure and Operational Risks—the internal systems, facilities, processes, and capabilities that enable a business to function profitably and scale.
The paradox is straightforward: these risks are foundational and often enterprise-defining, but their inherently expansive and complex nature results in them frequently being distilled down into a generic notion of “market risk” within transfer pricing documentation. That framing increasingly feels incomplete.
The OECD Risk Framework – Accurate, But Also Understated
The TPG (¶1.72) identifies infrastructure and operational risks as risks that arise from the adequacy and functionality of systems, processes, and organizational capabilities. This includes both physical infrastructure and the processes that convert inputs into outputs.
That description is technically reasonable. But in practice, “Infrastructure” has evolved from operational necessity to competitive differentiator.
To see this clearly, one need only look at how management teams describe these risks in Form 10-K disclosures.
Management Disclosures Giveth Again
As noted, one of the most underused sources in transfer pricing risk analysis are the company’s own (or its competitors) public disclosures.
Every year, management teams describe “material risks” in Form 10-K filings. These sections are not casual exposition. They are carefully drafted, vetted by securities counsel and C-suite Executives, and structured to capture the risks that could materially affect financial performance. In other words, they represent management’s own articulation of what truly matters.
And across industries, a pattern emerges. Infrastructure is not described as droll background mechanics. It is highly consequential.
For example, annual reports in semiconductor manufacturing routinely emphasize the importance of infrastructure risk along these lines:
“Our competitive position depends on the continued effectiveness of our advanced manufacturing facilities and our ability to execute complex process technologies. Manufacturing disruptions, yield variability, or delays in implementing new technologies could materially adversely affect our results of operations.”
In fact, this formulation appears consistently across the many sectors. Manufacturing precision, facility effectiveness, and process execution are framed not as routine operational concerns, but as risks capable of materially affecting financial outcomes and requiring oversight and management. Infrastructure—the fabrication facility itself—is often a competitive engine.
Retail and distribution companies use similar language, albeit adapted to their respective operating models:
“Our business depends on effective supply chain logistics, distribution center operations, and inventory management systems. Disruptions to our distribution network or transportation infrastructure could materially impact sales and operating results.”
Here, the emphasis shifts from delivering nanometer precision to literally delivering reliabily. Yet the structure of the disclosure is the same: operational infrastructure is tied directly to revenue continuity and operating performance. Distribution systems are not peripheral; they are enabling infrastructure without which sales cannot be realized.
Financial institutions, in turn, often describe infrastructure exposure through the lens of system reliability:
“Our operations are highly dependent on the reliability and security of our technology and data systems. System outages, cyber incidents, or infrastructure failures could adversely affect our operations, reputation, and regulatory standing.”
Again, the pattern holds. Technology platforms and no-fail uptime are described as foundational to success. The risk of a systems failure is not an inconvenience; it would be an event with operational, reputational, and potentially regulatory consequences.
As a final example, it is much the same in the hyperscale cloud and AI environment, where the language is similarly explicit:
“Our cloud-based services depend on the efficient operation of our global data center and network infrastructure. Significant service interruptions, capacity constraints, or infrastructure failures could adversely affect our business and competitive position.”
Across these models, infrastructure is not merely supportive of the product. It becomes an aspect of the product, the brand promise, the business operations itself. Capacity, resilience, and architectural design directly influence market standing.
These excerpts are not isolated examples from a handful of companies. They reflect industry-standard disclosure patterns. Across sectors, infrastructure and operational systems are described in terms of materiality, competitive positioning, and financial consequence. This makes their relative absence in many transfer pricing reports all the more striking.
If management consistently frames infrastructure as capable of materially affecting financial results, then a transfer pricing analysis that subsumes these exposures into a generic sub-heading of “market risk” may itself risk appearing detached from enterprise reality.
And that is the paradox.
Paradox #1 – A Risk Too Foundational to Grapple
Infrastructure risk is often so large and so embedded in the enterprise that it disappears from the transfer pricing narrative. Infrastructure tends to be unique for a given company, and thus can be difficult to adequately describe.
In a Local File, a tested party may be characterized as a limited-risk distributor, a low value-added service provider—any sort of entity targeting a routine margin. The documentation may state that the entity does not bear significant market risk or strategic risk.
Yet, at the enterprise level, management describes failures in the low-risk tested party’s infrastructure as being capable of materially affecting results of operations. So much for low risk! The contrast in the level of attention and detail is revealing.
The routine tested party is not low-risk because infrastructure risk is insignificant. It is low-risk because infrastructure risk is concentrated elsewhere. The entity earning a targeted profit level is unlikely to be making decisions about:
Major manufacturing technology transitions;
Global supply chain redesign;
Core system architecture overhauls;
Large-scale data center investments; or
Capacity expansion commitments.
Those decisions require executive authority, technical expertise, and financial capacity – the ability to act on and mitigate perceived risks. They carry long-term consequences and exposure that far exceed routine operational execution.
When transfer pricing documentation chooses to omit this context, the underlying risks are assumed away and dissolve from view. When it incorporates management’s own description of infrastructure risk—and explains where decision-making authority resides—the “limited-risk” characterization becomes clearer and more proportional.
Paradox #2 – Tangible, Yet Strategic
The topic of infrastructure risk is also connected to what is classically referred to as the Infrastructure Risk Paradox: How infrastructure it is at once an immediate risk to the enterprise and one of the most strategically determinative.
On the one hand, it is measurable. Capital expenditures are visible and often very substantial. Downtime can be quantified. Yield loss can be calculated. System outages carry identifiable financial impact. Few categories of risk lend themselves to clearer operational metrics.
On the other hand, strategic infrastructure decisions can shape the long arc of competitive positioning. Choices about manufacturing platforms, systems architecture, data center design, logistics networks, or energy sourcing determine scalability, resilience, geographic reach, and regulatory exposure. They establish the conditions under which marketplace and strategic risks even arise.
That is the paradox: infrastructure risk is simultaneously operationally tangible and strategically decisive. To what degree is infrastructure simply a cost center, versus the structural foundation of enterprise performance?
Unlike generalized references to “market volatility,” infrastructure risk can be traced to identifiable governance processes. There is a management or Board level decision to approve capital investments, to determine technology architecture, to authorize capacity expansion or redesign global operational systems, and so on. And somewhere in the org chart, a related entity possesses the financial capacity to absorb large-scale failure if those decisions prove flawed. Unfortunately, the weight and significance of these factors is often side-stepped entirely in transfer pricing documentation.
From Public Disclosure to Transfer Pricing Narrative
At the end of the day, our objective is not to convert a Local File risk discussion into a comprehensive enterprise risk register. Rather, it is to demonstrate proportionality and awareness.
It’s important to know if management has publicly disclosed that manufacturing disruptions, distribution network failures, technology outages, or infrastructure bottlenecks could materially affect financial performance. A transfer pricing report covering transactions that would also be materially affected by such issue that also completely ignores those risks may appear disconnected from business reality.
Infrastructure risks are not peripheral. They are foundational. They often determine whether the enterprise—including far flung subsidiaries performing limited risk functions—can compete at all.
In transfer pricing documentation, they are too often invisible.
Bringing them into view does not complicate the analysis. It sharpens it before a tax authority does.
Stay tuned for the next Margin Note in this ‘Riskier Business’ series, featuring Financial Risks.
And in case you missed it, the initial ‘Riskier Business’ Margin Note can be found here: Beyond Market & Transactional Risks
