Ross McGill

May 15, 2024|9 Minutes

How To Stay CRS Compliant


CRS, otherwise known as the Common Reporting Standard, is a set of rules and technical reporting requirements that form the key underpinning of the Automatic Exchange of Information (AEoI) framework, published by the OECD. The ultimate aim is to provide a global framework for the collection, reporting and exchange of financial account information about people and entities investing outside of their tax residence jurisdiction.

It was modelled on the FATCA regulations, and developed in response to issued around exchanging information between jurisdictions. But what is it, and how does it work?

The Pillars of Compliance

When creating its anti-tax evasion rules, the OECD decided to adopt parts of the FATCA rules. These adopted parts make up the two key pillars of compliance for CRS, and include:

Documentation: The first pillar is the obligation to document the tax residency status of non-residents. Not only that, but to compare that data to a list of countries that have adopted AEoI/CRS in order to share information with other countries in the framework. The framework of CRS is what allows financial institutions to share information about non-resident account holders that are tax residents of countries that are also in the CRS framework. But only those account holders. So, for example, if your jurisdiction is partnered with France and Germany, you’d only need to document CRS status for those account holders, and no others.

Domestic Reporting: In order to avoid data protection issues, the burden in AEoI is for each government to receive CRS reports from its financial institutions, for them to them share that information on an inter-governmental basis when needed. So, in jurisdictions that have partners in CRS there will domestic legislation in each jurisdiction that force financial institutions to perform their own due diligence on account holders. This due diligence helps them determine which accounts are reportable and allows them to file domestic reports. Only the governments themselves then share any information cross-border.

So How Do You Stay Compliant With CRS?

The main issues most financial institutions have is that there are so many variables, rules and deadlines to consider in the mix. So the easiest way to tackle CRS compliance is to do it step by step.

First, you need to establish whether you’re subject to what’s called the ‘wider approach’. This means that you can collect the CRS status of all account holders residents and non-residents, rather than only those in partner jurisdictions. This means that when new jurisdictions sign up to CRS you’ll already have their CRS status and be ready to report.

Second, you will need to understand and then implement the rules for reporting.  This usually means you’ll need to collect ‘self-certifications of tax residency’ from your account holders, and perform extra due diligence of their accounts if, in aggregate, they are of a high value.

Finally, you’ll need to understand who you’re going to report to, in what format and when. Usually this would be an .xml file submitted to your domestic tax authority, but it can vary. These are known as ‘Competent Authorities’ in CRS language, since each government usually identifies its tax administration as the entity responsible for CRS filings.

In short, compliance is about paying attention and documenting everything about how you comply and who’s responsible for that compliance. This is usually done by writing a Compliance Program Document. While this is a requirement in the US QI regulations, it’s left to best practice under AEoI/CRS. Building a CRS Compliance Program can be challenging, and part of staying compliant will be how well you write your policies and procedures, how well you train the staff and the contents of the program.

Your Obligations Under CRS

All of it. The whole thing, from understanding the framework, following the rules for due diligence, performing self-certifications and reporting are all your compliance obligations as a financial institution.

Your tax administration is responsible for checking the files, aggregating the data from multiple financial institutions, monitoring compliance and reporting to partner jurisdictions. If a partner competent authority is suspicious or believes that a partner jurisdiction’s financial institution isn’t meeting its obligations, it can choose to open an investigation into ‘substantial non-compliance’. If they find any, then there could be domestic financial penalties or other sanctions.

The Critical Importance of Self-Certification

Since the whole purpose of AEoI and CRS is to deter and detect potential tax evasion, the most effective tool you have is the self-certification of tax residency. This is usually collected at account opening and then renewed every three years or so.

One of the key benefits of these self-certifications is the transfer of liability. This means that if a financial institution relies on a self-certification to determine whether an account is potentially reportable, then the liability if anything goes wrong lies with the account holder, and not the financial institution. As long as the financial institution didn’t have any other information from other sources that would contradict the self-certification, of course.

Don’t forget that having a self-certification only determines whether the account could be reportable because the account holder is a resident for tax purposes in a jurisdiction that’s a partner to the financial institutions home jurisdiction. Whether the account is actually reportable will depend on other factors, including low-value account exemptions or thresholds, since these are unlikely to be used for tax evasion.

Need Some Help?

At TConsult, we understand the complexities of managing your CRS compliance. If you’re struggling with the framework, we can help you understand your firm’s exposure to CRS with an Exposure Map Report (or EMR). This report will map out your specific circumstances under the AEoI/CRS framework for your jurisdiction and make recommendations for reducing risk and improving your compliance.

We’ve even gone one step further than that. We’ve built a digital self-certification system called the Investor Self Declaration (or ISD) which can be easily integrated into the onboarding process using APIs. We partnered with market leader Muinmos, so that our ISD can be automatically triggered as a module within their KYC/AML onboarding system. Our unique ISD also serves as a fully compliant substitute for the US W-8 series of forms, so you can meet compliance obligations under FATCA and CRS at the same time, and collect claims of double tax treaty benefits with just one digital, electronically signed form.

So, to answer the question “How do you stay compliant with CRS?”: You understand your exposure, write a compliance document that describes precisely how you comply with and monitor CRS, and use a digital self-certification to eliminate paperwork and automate reporting. Easy peasy, right? Yeah, we don’t think so either. But if you contact us, we can help make it a relatively painless process.

Ross McGill

Ross is the founder and chairman of TConsult. He has spent over 26 years working in the withholding tax landscape with companies developing tax reclaim software and operating outsource tax reclamation services.

Ross not only sees the big picture but is also incredibly detail oriented. He can make even the most complex issues simple to understand. He has authored 10 books (including two second editions) on various aspects of tax, technology, and regulation in financial services, making him one of the leading authorities in the world of tax.