CRS, or the Common Reporting Standard, is a key part of the OECD’s Automatic Exchange of Information Framework, otherwise known as AEoI. Oh yes, it’s another acronym-heavy blog today! But it’s an important topic, so let’s dive in.

AEoI is an intergovernmental framework, which allows governments to share certain information with other governments as part of the international fight against tax evasion. There generally two types of tax evasion:

• Evasion conducted by individuals using financial accounts set up in different jurisdictions to the one where they are primarily resident, and;
• Evasion conducted by multi-national enterprises (MNEs) who move parts of their businesses to low or zero-tax jurisdictions from the ones where they actually create economic activity.

The latter is handled by a different OECD framework called BEPS (Base Erosion and Profit Shifting), but the first is handled by CRS.

How Does CRS Work?

The general purpose of CRS is to provide a global framework for the collection, reporting and exchange of financial account information about people and entities investing outside of their tax residence jurisdiction. It was modelled on the FATCA regulations, and developed around the issues around exchanging information between jurisdictions. And that starts at the beginning of the process.

In order for governments to have information to share, they first need to gather that information from their domestic financial institutions. This is typically done by passing domestic primary legislation that requires those financial institutions to disclose account holders who aren’t residents of that jurisdiction.

Customer Due Diligence

One of the biggest components of CRS is due diligence (or CDD). In order to fight tax evasion, governments are most interested in high-value accounts, and the accounts of entities that might have foreign owners or controllers. This is why there are rules in place called Customer Due Diligence, which tell every financial institution how to establish whether an account is foreign-owned or controlled, or not. In the normal run of things under CRS a foreign-owned or controlled account would be expected to declare its income to the controller or owner’s residency jurisdiction.

The US anti-tax evasion framework (FATCA) has something called ‘de minimis’ thresholds, which are in place so that low-value accounts don’t necessarily need to be reported. CRS doesn’t have these thresholds in place, so many more accounts will be reportable under CRS than under FATCA.

When creating CRS, the OECD and its members also recognised that whenever CRS came into force through domestic primary legislation, there would be financial accounts that were already open on that date, and that the financial institution may not have collected enough evidence to know whether an account was reportable or not. This problem led to the concept of pre-existing accounts, and there are different due diligence rules that apply to these. Under CRS a pre-existing account is one that was already open on December 21^st 2015. Separate due diligence rules apply to ‘new’ accounts, and usually include the use of a self-certification by the account holder of their primary residency for tax purposes. This is normally included in the onboarding procedures.

Residency Checks: The rules on residency are complicated, but in most cases, you can’t be a resident unless you are present in that jurisdiction for at least 183 days. Or in the case of an entity, you need to have a permanent residence there. Doing the maths, it means that most account holders could have no more than two tax residencies.  These self-certifications are used a lot because they typically transfer liability for errors, omissions and misrepresentations from the financial institution to the person completing the form. More and more often these self-certifications or investor self-declarations (ISDs) are being collected digitally with an electronic signature so that the data on the forms can be processed directly by a financial institution in its systems. After all, the age of the paper form is nearly gone.

Entity Accounts: To combat one of the more common tax evasion tactics, the due diligence rules also apply to entity accounts and, most importantly, to the individuals that either own or control the entity. That’s to stop entity accounts being used to hide tax evasion activities of the individuals that own or control them.

Aggregation: CRS also requires you to aggregate any accounts owned or controlled by the same people. Financial institutions are required to aggregate all financial accounts maintained by them or by a related entity, but only to the extent that the financial institution’s computerised systems link the financial accounts by reference to a data element, like a client number or TIN, and allow account balances or values to be aggregated. For financial groups, this can be a major operational issue to solve if they want to avoid enforcement proceedings.

Responsive: The final obligation you have under CRS is to be responsive to any queries or rejections from tax administrations. After all they are dealing with almost every financial institution in your country, and they have to unpack all of that data and re-package it for transfer to each separate paired jurisdiction. That’s not a simple job! It’s also the reason that the tax administration deadline for AEoI is usually in September, while financial institutions usually have to submit the reports in May.

All in all, CRS definitely isn’t a simple thing, and its obligations are (or can be) complex depending on the nature and scope of what your firm offers to its clients. As a result, many clients are frustrated by the amount of administration needed to open an account now – which includes CRS, FATCA and KYC.

At the end of the day, the purpose of the CDD rules is to make sure that a financial institution has enough information to decide if an account should be reported under CRS.

The Wider Approach To CRS

There are currently over 110 jurisdictions that have signed up to CRS, and more are planning to in the future. To understand your obligations, you will first need to understand which jurisdictions are paired with your own – because it’s the account holders from those jurisdictions that you will need to report. And since more jurisdictions are still signing up, this is an evolving landscape.

Which brings us on to the ‘wider approach’. Now, financial institutions like simplicity and consistency. They’d rather not have bifurcated processes where they are deciding which accounts to report and not, and have monitoring processes in place at all times. Jurisdictions that sign up to the ‘wider approach’ allow their financial institutions to collect residency information from all account holders, not just the ones resident in paired jurisdictions. So, if a new country gets added to the list of paired jurisdictions, financial institutions don’t have any additional work to do in due diligence because they already have the data. They just need to add it to their report when the deadline approaches.

Apart from CDD, there is one more obligation under CRS – and that’s to actually submit CRS reports by a deadline each year (with respect to accounts open in the previous year) to their domestic tax administration. That data clearly represents a cyber-crime risk, so it usually has to be formatted correctly according to a published xml schema, compressed and then encrypted before it’s uploaded to a web portal operated by the tax administration. This isn’t an easy task on its own, and many institutions lack the resource and/or expertise to do that job. Instead, they outsource it to a professional vendor.

At TConsult we are subject matter experts in all things CRS. We can provide institutions with exposure map reports, support with policy development, compliance reviews and training, as well as a retainer to keep an expert in your corner. If you’d like to find out more, just get in touch with the team today to book a consultation with one of our experts.