In 2014, the Organization for Economic Co-operation and Development (OECD) established the Common Reporting Standard (CRS), laying the groundwork for a new global network of tax reporting. The CRS calls on the tax authorities of participating countries to obtain information from their financial institutions and automatically exchange that information with other countries on an annual basis. The purpose of the CRS is to combat international tax evasion. There are now more than 1,300 bilateral relationships in place across 101 jurisdictions committed to exchanging information in 2017 and 2018. This comprehensive cross-border transfer of sensitive financial data between jurisdictions raises important privacy and data protection concerns. However, automatic exchange is subject to a privacy model imposed by the CRS, which cultivates the extraterritorial reach of privacy laws in an increasingly global market for data.The CRS imposes privacy and data protection obligations on every tax authority that participates in automatic exchange. Tax authorities are required to safeguard financial data, limit their use of data to prescribed purposes, and disclose any breaches of confidentiality.
Under CRS, financial institutions (FIs) in participating jurisdictions must collect certain information regarding client’s status and country (or countries) of tax residence, and for certain types of entity clients, the country (or countries) of tax residence of the individual(s) who control them. FIs will report information on financial accounts held by clients who are tax residents in other reportable jurisdictions to the designated local authorities. The information then will be exchanged annually by the local authorities with the designated authorities in each reportable jurisdiction with which a relevant information sharing agreement has been entered. In participating jurisdictions, compliance is mandatory under local law.
CRS and FATCA both target offshore tax evasion and require financial institutions to identify clients’ tax statuses, monitor clients for change in circumstances and report clients’ account details, as applicable.However, FATCA focuses only on tax evasion by US Persons, whilst CRS targets offshore tax evasion based on an account holder’s country (or countries) of tax residence.
Pakistan is not yet a signatory to the CRS, however, in September 2016 Pakistan has signed the Multilateral Convention on Mutual Administrative Assistance in Tax Matters and became 104th signatory to the Convention. The FBR has now finalized Common Reporting Rules and notified the same vide S.R.O. 166 (I)/2017 dated March 15, 2017. The CRS Rules interalia require financial institutions to start due diligence of customers from July 1, 2017. Banks/DFIs/MFBs are therefore ensuring the compliance of the CRS Rules in accordance with relevant domestic laws and are taking all necessary steps to put in place requisite systems/mechanism in a timely manner.
This is the first provision introduced in the taxation laws of Pakistan whereby there will be any obligation for exchange of information about the client by the financial institutions. In this situation, it is highly necessary that such rules be taken up seriously and all related aspects be taken care of as, in addition to compliance, any error or omission may also affect the client relationship of financial institutions.
Generally, the reportable information includes:
- Country (or countries) of tax residence;
- Taxpayer Identification Number (TIN);
- Date and place of birth (for individuals or Controlling Persons);
- Account number;
- Account balance;
- Certain payments made into the account.
The list of accounts covered by the CRS includes depository accounts, custodial accounts, cash-value insurance contracts, annuity contracts and certain equity or debt interests in a financial institution. There are specific classes of account that are excluded from the definition, including certain retirement or pension accounts, certain tax favored savings accounts, certain life insurance contracts, estate accounts and other accounts that present a low risk of being used to evade tax.
The due diligence requirements distinguish between pre-existing and new accounts and between individual accounts and entity accounts. For all accounts, financial institutions may not rely on certifications or documentary evidence if the financial institution (in the case of certain high-value accounts), a relationship manager knows or has reason to believe that the certification or documentary evidence is incorrect or unreliable. This will require financial institutions to have processes to cross-validate information received against the information held for Know Your Customer/Anti-Money Laundering purposes. This requires enhanced diligence on part of the customer handling personnel at branches for the timely identification of conflicting information between the self-certification and other information collected from customers at the account opening stage, and at the time of subsequent amendments in account particulars.
This new paradigm in reporting and due diligence requires:
- proper understanding aided by professional input;
- incorporating and aligning the systems and procedures within the institutions to ensure compliance taking all encompassing approach;
- assurance for adequacy of compliance requirements and;
- Take adequate steps to ensure that the additional regulatory and due diligence requirements do not create a significantly adverse impact on customer experience.