New Global Information Exchange Regimes and the Impact on the Financial Industry Worldwide


Business Law International Business Law International homepage  » January 2017

By Jennifer Wheater*


Technical issues
Global issues in the future




The various global information exchange regimes either in force now or coming into force in the course of the next few years, with exact timing depending upon each jurisdiction, are proving a source of increased administration to the financial industry worldwide. This is especially the case for entities such as investment funds, which are not the target of these regimes nor are they likely to receive investment from those the new laws seek to identify, but which must nonetheless bear a burden of compliance that seems disproportionate to their role in the investment industry. Further, information exchange rules have created an entirely new lexicon for those affected in order to identify precisely what they are required to do, when and in which jurisdiction.

Those in the financial sector now need to manage carefully the process of communicating to investors what information they need and why. Requests for seemingly irrelevant details are rarely welcome and, although the system is becoming better understood, this remains an area in which financial entities must approach customers in a well-informed manner and a number of times.

All information exchange regimes have a common aim: to identify residents of one jurisdiction who may be concealing their assets, and thus their taxable income and gains, in another jurisdiction. In the broadest terms, Mr Smith, a United Kingdom resident, may have a securities account in Brazil, from which income and gains are received. If he conceals such income and gains from, for example, the UK tax authorities, then there is a limited prospect of such authorities discovering the account’s existence. Therefore, the idea with information exchange is that Brazilian banks report to their tax authorities details of their foreign account holders, and the Brazilian tax authorities share this information with other tax authorities, including HM Revenue and Customs (HMRC) in the UK, which is thus alerted to Mr Smith’s account. On a global scale, the idea is that participating countries receive information regarding those who are resident in their jurisdiction but with financial accounts elsewhere, and provide information on those with accounts in their jurisdiction but who are resident elsewhere. Domestic law identifies institutions obliged to report this information to the tax authorities for exchange.

Foreign Account Tax Compliance Act

The first law to be enacted leading to the concept of information exchange was not originally intended as an exchange. This was the Foreign Account Tax Compliance Act (FATCA), the original United States legislation requiring foreign financial institutions (FFIs under FATCA, also referred to as FIs more generally) to identify US account holders and report their details to the Internal Revenue Service (IRS) on penalty of a widely applicable 30 per cent withholding tax for failure to do so. Therefore, there was no question of any kind of exchange or the option of reporting domestically. The US authorities simply imposed draconian withholding taxes if targeted entities did not supply the information they required on US residents.

However, the concept of exchange gradually developed. Most jurisdictions now comply with FATCA through an intergovernmental agreement (IGA). All IGAs limit due diligence procedures required to identify US account holders. Model 1 IGAs require FIs to report information on US account holders to their own domestic tax authorities, which will then share this information with the IRS. Under Model 2 IGAs, FIs still report to the IRS but the information provided is more limited. US account holders who do not volunteer their information have their balances and number of accounts involved reported ‘collectively’. The IRS must then identify and pursue individuals through the Model 2 jurisdiction government. This is generally to address banking secrecy laws and, thus, jurisdictions such as Switzerland currently have a Model 2 IGA, although, interestingly, there is talk of switching to the Model 1 form. Model 1 IGAs eliminate the withholding risk entirely, while Model 2 IGAs render it applicable in only very limited circumstances. Under Model 1A IGAs (also known as reciprocal IGAs), there is reciprocal exchange of information to some extent. Certain US FIs are required to report the details of their foreign accounts holders to the IRS, but the procedures to identify such account holders are by no means as onerous as the converse rules for the identification of US accounts in the partner jurisdiction. Nonetheless, this type of IGA was the first step in the concept of jurisdictions collating and then sharing tax identification information.

FATCA is now in force with the first reports filed in May 2016, in respect of accounts in place on 30 June 2014 and new accounts opened since
1 July 2014.

Crown Dependencies and Overseas Territories legislation

The second information-sharing regime introduced was the UK’s Crown Dependencies and Overseas Territories legislation (CDOT) – also commonly known as UK FATCA. Broadly speaking, UK FIs are required to identify and report accounts held by residents of the Crown Dependencies. However, the rules relating to Overseas Territories are not reciprocal, meaning that FIs in the Overseas Territories are required to identify UK accounts, but there are no corresponding requirements on UK FIs.

CDOT is also now in force in terms of existing and new accounts requiring due diligence and, if appropriate, reporting. However, the first such reports do not need to be submitted until May 2017 in respect of accounts in place on 30 June 2014 and those opened since 1 July 2014.

Although of limited scope in terms of jurisdictions, CDOT represents another step in the development of information exchange.

Common Reporting Standard

The third regime is the one of greatest significance. The Common Reporting Standard (CRS) is an initiative undertaken by the Organisation for Economic Co-operation and Development (OECD) with a view to bringing the concept of the FATCA Model 1A IGAs into the global arena. Broadly speaking, the idea is that all FIs in jurisdictions that adopt the CRS collect and report to their domestic tax authorities the details of accounts held by residents of other CRS participating countries. These details are then shared between the relevant jurisdictions. Therefore, tax authorities in countries adopting the CRS will receive information on accounts held by their residents in other CRS countries.

In the European Union (EU), the CRS is being implemented by the Directive on Administrative Co-operation (DAC). This means that, as far as EU countries are concerned, the interpretation of the CRS is limited by the requirements of the DAC, with which they must comply. Hence, references to the CRS and DAC are, from a practical point of view, interchangeable for the purposes of EU entities. For the earliest adopting countries, the CRS will apply to accounts in existence on 31 December 2015 and those opened since 1 January 2016, with first reports due in May 2017 in respect of the 2016 calendar year.

The introduction of the CRS will erode the impact of CDOT since all countries involved in CDOT will participate in the CRS. The US has not signed up to the CRS, however, so FATCA, in itself or through the IGAs, will remain a separate regime. It would seem unlikely that the US will subject itself to the burden of the CRS when FATCA supplies the information it needs.


The definition of ‘FI’ in the FATCA, CDOT and CRS includes anticipated financial institutions such as banks and custodians. However, the term ‘investment entity’ (ie, an entity managing or administering assets as a business on behalf of customers or managed by such an entity) brings others such as investment funds and their managers within the definition of FI. The IGAs contain certain limited exemptions for funds, but these are not usually applicable to a typical private equity or similar fund.

FIs, must, as applicable in accordance with domestic law, report the identity of their ‘account holders’. They are thus obliged to ascertain, as part of the account opening process for new accounts, the status of their account holders for global information exchange. FIs may generally rely on self-certification but it must be anticipated that certain individuals and entities may ask why they are being asked to provide this information.

All entities within an FI will have their own classification for information exchange purposes and will need to provide this to relevant FIs for that FI’s reporting purposes. Therefore, when an entity within an FI wishes to, for example, open a bank account, it must provide the required details to such FI and give its classification and, if appropriate, reference number(s).

Funds as reporting FIs – obtaining information

Entity account holders will either be FIs themselves or non-financial foreign entities (NFFEs or NFEs). FIs are, broadly speaking, depository institutions, custodial institutions, insurance companies and investment entities. FIs will need to identify themselves as such and, if reporting in their own jurisdiction, provide a reference number (global intermediary identification number under FATCA), but will not be required to provide further information. The idea is that they are responsible for supplying details of account holders under their own obligations under the CRS, FATCA or an IGA. Some of the potential issues in this area are discussed later in this article.

Certain types of FI are designated ‘non-reporting’. A non-reporting FI is any FI resident in a reporting jurisdiction that falls within the exemptions set out in FATCA, the relevant IGA or domestic legislation. Very broadly, non-reporting FIs are designed to secure relief from reporting for certain entities deemed to be at low risk for concealing assets, such as pension funds. These will be specified under FATCA or an IGA, but in the CRS context they will be left to local law. In addition, certain entities can be designated as non-reporting FIs if they are, for example, ‘sponsored FIs’ (available only under FATCA) where their obligations are undertaken by another FI acting as their sponsor. Additionally, it may be that certain FIs can self-certify, for example, if they are only an investment entity because they are managed by another investment entity and have no account holders in the course of a business (‘owner-documented FI’ – again only available under FATCA). These concepts are again discussed in more detail later. For the purposes of this overview, the key point is that an entity that is an FI will need to supply a reference number or state that it is non-reporting, but additional details are not required to be submitted to a fund for their inclusion in a report.

As stated above, an entity that is not an FFI will, by default, be regarded as an NFE. Again, further classification will be needed, since NFEs are divided into ‘passive’ NFEs and ‘active’ NFEs. Passive NFEs have some reporting requirements but active NFEs are exempt. An active NFE includes certain specific NFEs such as publicly traded companies and also NFEs that derive less than 50 per cent of their income from certain types of investment and holds assets, less than 50 per cent of which are of a type that produces passive income. A typical active NFE will be a trading company. Passive NFEs do have some requirements under FATCA/the IGAs and under the CRS. Under FATCA, such an NFE is required to confirm that it has no substantial ‘US owners’ or, if it does, provide details of such owners. A ‘substantial’ US owner has an interest of ten per cent or more in the entity concerned. Under a typical IGA and the CRS, to avoid being regarded as a US account the NFE must be able to show that it is not owned by any US ‘controlling persons’ (25 per cent or greater interest or other forms of control). In most instances, substantial owners and controlling persons can be readily identified, but there are some technical issues relating to this that may present certain ambiguities and contradictions.

Individuals need to identify their country (or countries) of residence and tax identification number. Under the CRS, a date of birth is also required since many countries use this to identify individuals for tax purposes.

Submitting the report

Unless they have specific reason to doubt the veracity of self-certification, FIs are permitted to rely on the information given to them and are not obliged to conduct detailed checks on investors. Reports are submitted to tax authorities in the format dictated by the IRS (if complying under FATCA) and domestic law (if complying under an IGA or with CDOT or the CRS).

Ongoing/administrative requirements

On an ongoing basis, FIs should request that account holders advise them of a change in their status under the CRS/FATCA. Additionally, as a matter of good practice, they should ask, within routine communications, for confirmation that there are no changes to the previous certification given by the account holder.

Under FATCA, FIs are required to have a ‘responsible officer’ to oversee compliance. This is not necessary under a typical Model 1 IGA or under the CRS. However, for those complying under FATCA the appointment must be made.

Although, as stated above, FIs may rely on self-certification for new accounts, there are requirements for due diligence to identify when the information provided in the self-certification process should be questioned. There is also a more general requirement on FIs to make enquiries if they have actual knowledge of inconsistency between the self-certification and facts of which they are aware through other means. Accordingly, FIs should be vigilant in respect of any information that might suggest that a self-certification is inaccurate.

Obligations to FIs

As stated above, every entity will have a FATCA/CRS status of its own. For FIs, this status must be disclosed to other FIs if such an entity is or becomes an account holder of that FI. For example, if an FI entity opens a bank account, it will be required to give details of its information exchange position in the same way as an NFE or individual.

Entities that are FIs will need to identify themselves as compliant FIs and supply their global intermediary identification number (GIIN) under FATCA and any similar references. If entities are sponsored or otherwise deemed compliant FIs, then this information will need to be supplied. Beyond this, no further information is needed.

Entities that are active NFEs (likely, in context, to be portfolio companies) must simply disclose their status as active NFEs.

Entities that are passive NFEs need to identify their ‘substantial US owners’ under FATCA and their ‘controlling persons’ under the CRS/CDOT or a typical FATCA IGA. Although generally clear, this can be an area of some difficulty, especially given inconsistencies in the laws of each country participating in global information exchange. This is discussed further later in this article.

Once other institutions are given the information, any US account details will be reported to the IRS under FATCA or through a relevant IGA. Under the CRS, information will be reported to the account holder’s jurisdiction if such a jurisdiction is participating in the CRS. If a jurisdiction is not participating in the CRS, the information will not form part of the report to the relevant FI jurisdiction and indeed it may not be required at all – see the discussion later of the ‘wider approach’ and the ‘narrow approach’ to the CRS.

If an entity’s status changes, then it should advise the FI concerned of its new status and any additional information that may be required. Domestic law may lay down penalties for an entity that files with an incorrect status.

Technical issues

Although the legislation under FATCA, CDOT and, especially, the CRS is becoming progressively clearer and more consistent, some outstanding technical issues remain. Certain general points apply to, while others are more specific to, specific industries.

Adoption of the CRS

The OECD Standard for Automatic Exchange of Financial Information in Tax Matters (the ‘Standard’) has no legal force at all. In a similar manner to the OECD Model Treaty, it is merely a template. Countries adopting the CRS are required, according to paragraph 26 of the Standard, to have rules in place ‘consistent’ with the scope of the CRS. However, paragraph 19 of the Standard makes it clear that jurisdictions will need to apply the CRS to their own domestic law. This gives considerable scope for variation in interpretation.

For the CRS actually to have effect, there needs first to be a legal instrument to allow this conceptually. This can include standard double tax agreements, the Multilateral Convention on Mutual Administrative Assistance in Tax Matters (the ‘Convention’) or a typical tax information exchange agreement (TIEA). However, beyond this legal permission there must also be an actual commitment by competent authorities to exchange information. Therefore, the Standard contains three competent authority agreements (the model CAAs):

  1. a reciprocal model;
  2. a non-reciprocal model; and
  3. a multilateral model (the MCAA).

The aim of the MCAA is to streamline the process – signatories to the MCAA need only notify that they wish to exchange information and this can then proceed. In relation to the other CAAs, these would be, as with any tax treaty, subject to the terms agreed by the competent authorities in question. The MCAA makes it clear that jurisdictions are expected to report information and conduct due diligence in a manner ‘consistent’ with the Standard. The other model CAAs state the same thing but, as mentioned above, they may be adapted by the countries involved. Therefore, countries could, on a bilateral basis, enter into a ‘CRS-lite’ agreement, which may well be less onerous. For the purposes of EU countries, the DAC now mandates information exchange according to its own standards, which closely mirror the Standard set down by the OECD.

In the context of the above options and their various stages, who is regarded as ‘participating’ in the CRS? This is important because the term ‘participating jurisdiction’ must be established in the context of the CRS. The model CAAs define a ‘participating jurisdiction’ as one with which there is an agreement regarding information exchange and which is ‘identified in a public list’. Presumably, the agreement must be with the other country concerned, but there is no detail on the type of list in the Standard itself or in the model CAAs. The OECD’s CRS Implementation Handbook (the ‘Handbook’) indicates at paragraph 97 that each jurisdiction is obliged to keep a list of those it considers ‘participating’, presumably those with whom it has information exchange agreements. However, given the procedure described above for implementation, this may obviously vary.

The OECD website contains a list of countries that are ‘committed jurisdictions’. This includes such countries as the Bahamas and Singapore, neither of which has signed the MCAA. In the case of the Bahamas, the government has specifically declined to follow a multilateral route on information exchange. Instead, the Bahamas will adopt information exchange agreements on a bilateral basis. This provides for much more flexibility on the actual terms of the exchange arrangements. If they are consistent with the CRS but in an incomplete way or if there are minor inconsistencies, would this result in the Bahamas being on or off a country’s ‘list’ of participating jurisdictions? Might this result in countries such as the Bahamas (which is mentioned as an example, but which is not alone) being regarded as ‘information exchange havens’ through which structures can operate while retaining privacy? This is discussed further below.

The globalisation of information exchange is especially important for many financial structures given their international nature. For example, a fund structured as a Jersey limited partnership, with a UK manager, holding companies in Luxembourg and Malta and portfolio companies in France, Spain and Croatia, will need to review the law in all the aforementioned jurisdictions. Assuming the fund, manager and holding companies are all FIs, the actual law and reporting requirements for Jersey, the UK, Luxembourg and Malta will all require review. If a fund has US investors then, although the manager can undertake reporting as a sponsor under FATCA, the IGAs in all those jurisdictions must also be reviewed and the law complied with, even if it involves reporting substantively similar information. The fact that the law can be so specific, and that FIs must comply with the legal and administrative procedures under various domestic laws, renders the CRS potentially burdensome for numerous structures. This burden becomes greater given that different jurisdictions may well value certain ‘accounts’ such as partnership accounts in different ways.

The difficulties in relation to applicable law are not resolved within the CRS itself and are not well addressed by the OECD. In August 2015, the OECD issued a set of frequently asked questions (FAQs) in relation to the CRS. At question 15, they addressed the issue of which law determined an entity’s status under the CRS, since the only reference to this within the CRS itself states that an entity’s status as an FI or NFE is determined by its jurisdiction of residence. The FAQs elaborated on this by adding that, if an account holder is resident in a non-CRS jurisdiction, its status will be determined by the law of the jurisdiction in which the account is ‘maintained’, which is presumably that of the FI requesting the information from the entity. This makes sense given the fact that there may be no applicable law available otherwise in a non-CRS jurisdiction. However, the OECD goes on to state that the question of whether an entity is an active or passive NFE is also to be determined by the law of the jurisdiction in which the account is ‘maintained’. This seems to add complexity to an already complex area in that NFEs with accounts in various jurisdictions will need to ascertain the law in each of those jurisdictions to give their CRS status correctly. They cannot, under the OECD FAQs, rely on their domestic classification, unless specifically permitted to do so by the jurisdiction in which the account is maintained.

The concept of applicable law and differences in implementation and interpretation are key in the CRS. Specific issues may be identified, but they will all share this ultimate problem in that their resolution is likely to differ according to the jurisdiction involved and the precise nature of the law in that jurisdiction and its agreements with others. The Standard may not be applicable to all countries regarded as participating in the CRS.

‘Residence’ of a partnership

As many private equity funds and other entities are formed as partnerships, the question has frequently been raised as to how this affects the applicable jurisdiction for reporting purposes. The reporting legislation, be it the FATCA, CDOT or CRS, universally uses the term ‘resident’; this is inappropriate in the context of partnerships for tax purposes. In the Standard, there is no definition of the term and it is not addressed in the FAQs referred to above. Accordingly, this is an area of some confusion.

The International Exchange of Information Manual published by HMRC in May 2016 (, which aims to be collective for the FATCA, CDOT and CRS) has endeavoured to add some clarification in this area. In the past, the test given was simply that HMRC regarded a partnership as being resident where it was managed and controlled. The latest guidance elaborates on this by stating that a partnership is resident in the UK if its business is controlled and managed from the UK, or if it registers with and submits partnership returns to HMRC. Therefore, a limited partnership managed and controlled in Guernsey, but required by HMRC to submit a partnership information return, would be regarded as UK resident. The guidance does go on to address the potential issues of dual residence by stating that if a partnership (or indeed any other FI entity) is resident in the UK and in another jurisdiction, it must comply with UK law in respect of any accounts ‘maintained’ in the UK.

As with the FAQs, there is no indication as to exactly what the term ‘maintained’ means. This could leave investment funds in some difficulty in determining the correct position to take. Funds are not like banks in which the account location is generally clear. Since global reporting should not require any duplication, an election system in which dual residents self-select their jurisdiction would be preferable. For now, however, funds must examine local law and guidance on this point before taking a view on residence of a partnership.

This area has already been the subject of some difficulty in the context of the FATCA IGAs. As stated above, the UK test was formerly one of management and control. The Cayman Islands, however, originally adopted a test to determine the ‘residence’ of a partnership. This resulted in some genuine examples of situations in which a partnership organised in England and Wales or in Scotland, but with a Cayman general partner, was ineligible for using the Cayman IGA (it was not organised there) and was equally ineligible for using the UK IGA (it was not managed and controlled from there). Given these facts, the partnership was originally required to comply with FATCA itself until the Cayman Islands modified its guidance. Similar issues are likely to arise under the CRS.

Investment entities and the ‘managed by’ test

One of the most problematic areas in relation to FIs arises in the context of the ‘investment entity’ type of FI. This is defined similarly in the FATCA, CDOT and CRS. The definition (taking the Standard example) is:

‘The term “investment entity”means any entity:

(a)          that primarily conducts as a business one or more of the following activities or operations for or on behalf of a customer:

(i)            trading in money market instruments (cheques, bills, certificates of deposit, derivatives); foreign exchange; exchange, interest rate and index instruments; transferable securities; or commodity futures trading;

(ii)           individual and collective portfolio management; or

(iii)          otherwise investing, administering, or managing financial assets or money on behalf of other persons; or

(b)          the gross income of which is primarily attributable to investing, reinvesting, or trading in financial assets, if the entity is managed by another entity that is a depository institution, a custodial institution, a specified insurance company, or an investment entity described in subparagraph A(6)(a).’

As indicated above, an otherwise NFE can be regarded as an FI if it is ‘managed by’ another FI. Therefore, the question arises as to the extent to which ‘managed’ is defined. For the purposes of FATCA, various examples are given of when an entity or its assets are ‘managed by’ another. For the CRS, too, it is clear that the entity (or its assets) is subject to the test. However, the CRS adds some further information in its commentary at section VIII paragraph 17. This states that:

‘an entity is managed by a financial institution if that financial institution performs, either directly or through another service provider, any of the activities described in the section above (activity based investment entity) on behalf of the entity. An entity is not regarded as managed by a financial institution if that financial institution does not have discretionary authority to manage the entity’s assets, either in whole or in part. An entity may be managed by a mix of other entities and individuals. If one of the entities so involved in the management of the entity is a financial institution within the meaning of the agreements, then the entity meets the requirements for being managed by a financial institution.’

As stated, this language is only in the commentary to the OECD Standard. It is not part of the CRS and it is, theoretically at least, subject to the interpretation of the domestic courts and the intention of the jurisdictions involved. This area has been contentious and may be one of those in which bilateral treaties can take a more relaxed approach without being inconsistent with the CRS.

The main issue is frequently the technical nature of the arrangements themselves. For some structures, an entity may not be managed by another entity, but it may be managed by individuals who are appointed by such entity. Since that does not result in management by an ‘entity’ but by individuals, then presumably this does not meet the ‘managed by’ criteria. Equally, if a role is merely advisory and there is no discretion to manage, then the ‘managed by’ test is not met. The treatment of entities affected by this appears to depend on precise arrangements. It will also depend on jurisdiction: some countries have an exemption, for example, for holding companies on the basis that any information they report will be duplicative. Again, this reflects the fact that knowledge of the law in different jurisdictions is going to be necessary as the CRS takes effect.

Information reported – FIs and NFEs

Fund investors self-certifying their status and entities within fund structures themselves are required to report certain information to requesting FIs in the manner summarised above. In terms of FIs, the process is relatively simple. Since reporting obligations of an FI are a matter for that FI’s jurisdiction, they need disclose only that they are an FI. In participating jurisdictions, such an FI will report information on its own account holders to its own domestic tax authorities. In non-participating jurisdictions, the account holder is simply regarded as the FI, but no further reporting will occur. Accordingly, if an individual holds an account with an FI in a non-participating jurisdiction and that FI itself opens an account in a participating jurisdiction, the individual will not be reported through the CRS.

With NFEs the situation is different. Active NFEs – typically entities in which less than 50 per cent of their income is passive income and less than 50 per cent of their assets are held for the purposes of generating passive income – are not required to report further. Passive NFEs must, however, disclose the identity of their ‘controlling persons’.

The definition of controlling persons is another area of some controversy in the context of the CRS. The definition of the term is as follows:

‘The term “controlling persons” means the natural persons who exercise control over an entity. In the case of a trust, such term means the settlor(s), the trustee(s), the protector(s) (if any), the beneficiary(ies) or class(es) of beneficiaries, and any other natural person(s) exercising ultimate effective control over the trust, and in the case of a legal arrangement other than a trust, such term means persons in equivalent or similar positions. The term “controlling persons” must be interpreted in a manner consistent with the Financial Action Task Force Recommendations.’

The OECD (in its CRS Implementation Handbook) elaborates slightly by stating:

‘The term controlling persons corresponds to the term “beneficial owner” as described in the Financial Action Task Force (FATF) Recommendations. For an entity that is a legal person, the term controlling persons means the natural person(s) who exercises control over the entity, generally natural person(s) with a controlling ownership interest in the entity. Determining a controlling ownership interest will depend on the ownership structure of the entity and control over the entity may be exercised by direct ownership (or shareholding) or through indirect ownership (or shareholding) of one or more intermediate entities. For example, controlling persons include any natural person that holds directly or indirectly more than 25 percent of the shares or voting rights of an entity as a beneficial owner. If no such person exists, then any natural person that otherwise exercises control over the management of the entity (for example, the senior managing official of the company). For example, an Individual A may own 20 percent interest in Entity B and, although held in the name of Individual C, pursuant to a contractual agreement, Individual A also controls 10 percent of the voting shares in Entity B. In such instance, Individual A should meet the definition of controlling person.’

The above is not particularly clear and there are several points to consider. The 25 per cent threshold is derived from the definition in the FATF. However, beyond this the FATF is somewhat imprecise. It is not really true to say that the term ‘controlling persons’ corresponds to the beneficial owner in the context of the definition set out above. First, the controlling persons are required to be ‘natural persons’, which is not the case with beneficial ownership. Secondly, the way the definition is phrased could exclude the actual beneficial owners in certain structures. For example, in an entity with multiple shareholders the managing director, who may not be a shareholder, would be likely to be the controlling person.

In terms of trusts (which can be FIs or NFEs and, if the latter, are mostly but not exclusively passive), the definition seems absurdly broad and would result, in the case of some trusts, persons being reported who have absolutely no control of the trust in the normal sense of the word. In irrevocable trusts, the settlor would still be reported. Beneficiaries could be reported even without being aware they are even a beneficiary of a trust. Some beneficiaries may not be identifiable. Ironically, in the case of trusts that are FIs, the reporting requirements are narrower. In such cases, discretionary beneficiaries need only be reported if they receive a distribution during the year in question. The Standard gives the option of applying this requirement to controlling persons for trusts that are passive NFEs, and it is to be hoped that a number of jurisdictions will do this. However, in the context of EU countries that must implement the CRS through the DAC, this is not an option since it is not permitted by the DAC.

In terms of the potential ambiguity regarding this definition in other contexts, the concept of controlling persons in generally regarded as one way to potentially address the impact of the CRS. Structures can be envisaged in which the individual reported as a controlling person would have no objection to being so, while those who might wish to retain their privacy are able to do so. It is also likely that domestic law interpretation will be important. There is no universal agreement as to how far up the ‘chain of ownership’ an NFE is supposed to enquire to determine controlling persons. The most common view is that once a natural person or persons can be identified, enquiries may cease. Under FATCA, enquiries may stop if certain entities are identified before reaching a natural person. For example, if an FI can be ascertained first as controlling a passive NFE, such an institution will then presumably undertake reporting of information necessary further up the chain of ownership. However, while this is the case under FATCA, it is not the case under the CRS, and it remains uncertain how this will be addressed going forward.

A further uncertainty arises in the variation between jurisdictions regarding the content of the information exchange report. In some jurisdictions, NFEs are required to disclose the category of ‘controlling person’ a named individual falls into. In others this is not the case.

Non-participating jurisdictions and NFE treatment of certain FIs

The concept of controlling persons in the CRS is especially important in the light of an important difference between FATCA and the CRS. Under the CRS, an FI classed as an ‘investment entity’ by virtue of being ‘managed by’ another FI but resident in a non-participating jurisdiction, is treated as a passive NFE and is thus required to name its controlling persons. The idea behind this is simple. As stated above, FIs in non-participating jurisdictions are required to provide very little information. Therefore, an individual resident in a participating jurisdiction wishing to avoid being reported could easily establish a trust or holding structure in a non-participating jurisdiction managed by an FI and thus is itself an FI under the ‘managed by’ test. Applying the NFE requirements to such a structure renders it much more likely that the person will be reported as a ‘controlling person’.

In the context of investment funds, this issue is frequently encountered in the case of non-participating funds of funds, trusts or family offices investing in funds in participating jurisdictions. Commonly, these are US structures since the US is not participating in the CRS. In a typical fund of funds situation, naming the management team of the general partner as controlling persons appears to be the most common approach. However, there are others. Certain funds and potentially family structures are taking the view that they are not investment entities by virtue of being ‘managed by’ an FI, but are investment entities in their own right, with limited partners or family members (in varying capacities) as ‘customers’. This is a very interesting development. It is hard to see how partners in a partnership are ‘customers’ of that partnership or how family members can be ‘customers’ in their own structure. However, it is not beyond the reach of argument in some cases. If this argument can be sustained, then these entities are treated as FIs in non-participating jurisdictions with no further details being reported. In the context of funds receiving a self-certification to this effect, it is important to remember that they are, unless they have reason to believe an inaccuracy, able to rely on such self-certification. If they question the classification and receive a reference to technical advice on the point, then they are perfectly entitled to accept it and, indeed, should do so, even if they may have reservations on this issue.

The ‘wider approach’ and the ‘narrow approach’

Under the CRS, jurisdictions participating through some kind of multilateral instrument are required to adopt the ‘wider approach’ or ‘narrow approach’ to global reporting.

Under the ‘wider approach’, FIs are required to request and retain (usually for six years) information on the residence of all their account holders and the controlling persons of all NFEs. Therefore, even entities resident in countries in which no exchange of information applies must, for UK FIs to comply with UK law, supply their details to such FIs, even if those FIs do not submit this information in their report to their domestic tax authorities with a view to information sharing. The explanation by the UK for this requirement is that it is easier and cheaper for FIs to obtain this information with a view to jurisdictions adopting the CRS in the future and the government is satisfied that there is sufficient data protection cover in the six-year period.

The narrow approach is more akin to FATCA. Many other jurisdictions are not requiring FIs to solicit information beyond details of account holders or controlling persons from those countries to which reporting is relevant. Sometimes this is for data protection reasons and sometimes not. Other countries are giving FIs the option of adopting the wider approach if they wish and assuring them that data protection issues can be addressed. In the UK, however, it is mandatory to obtain information on the residence of all account holders and controlling persons.

Non-reporting FIs

The remit of non-reporting FIs is very much a matter for jurisdictions’ domestic law. In the CRS itself, according to the OECD Standard, the definition is as follows:

‘The term “non-reporting financial institution” means any financial institution that is:

(a)          a governmental entity, international organisation or central bank, other than with respect to a payment that is derived from an obligation held in connection with a commercial financial activity of a type engaged in by a specified insurance company, custodial institution, or depository institution;

(b)          a broad participation retirement fund; a narrow participation retirement fund; a pension fund of a governmental entity, international organisation or central bank; or a qualified credit card issuer;

(c)           any other entity that presents a low risk of being used to evade tax, has substantially similar characteristics to any of the entities described in subparagraphs B(l)(a) and (b), and is defined in domestic law as a non-reporting financial institution, provided that the status of such entity as a non-reporting financial institution does not frustrate the purposes of the common reporting standard;

(d)          an exempt collective investment vehicle; or

(e)          a trust to the extent that the trustee of the trust is a reporting financial institution and reports all information required to be reported pursuant to Section I with respect to all reportable accounts of the trust.’

Accordingly, apart from some fairly narrow-named categories, jurisdictions are free to designate an FI as non-reporting ‘provided that the status of such an entity as a non-reporting financial institution does not frustrate the purposes’of the CRS. It is difficult to see how this point would be determined. As detailed in the first part of this article, jurisdictions can only participate in any form of information exchange if their competent authorities agree to do so. Accordingly, if competent authorities enter into such an agreement and, commensurate with this, agree that a jurisdiction may determine its non-reporting FIs, it is difficult to see how the OECD would expect the lack of frustration of the CRS to be enforced and who would determine it. This must surely be a matter for the competent authorities of participating jurisdictions.

Status changes

One issue that was brought to the fore in the UK in relation to the change of HMRC position on holding companies and treasury centres was how to deal with a change in status. If an entity has already registered as an FI then how does it ‘de-register’ if its status changes? If there is a change in the law in the UK or elsewhere, how can this be addressed? It is likely that this will only be determined as matters arise and develop.

Foreign ‘passthru payments’

One issue that remains unresolved at present in the context of FATCA is that of ‘foreign passthru payments’. This is a complex area, which involves an FI being required to withhold not only on withholdable payments under FATCA, but also amounts ‘attributable’ to such withholdable payments. How to define this has been the subject of controversy since it exposes foreign source payments to the FATCA regime. Withholding on ‘foreign passthru payments’ will not be required until 2018 at the earliest, but the IRS has reserved its position on how it plans to address this area. A typical IGA includes an indefinite exemption from such withholding, with the countries agreeing to work towards an appropriate solution in relation to it. As stated, this point is applicable only to FATCA.

Global issues in the future

More and more countries are likely to adopt the CRS in some form but, as discussed in the previous part, it is impossible to expect a universal international standard in all areas. This results in a number of outstanding questions regarding the future of global information exchange. Additionally, a number of other issues have arisen surrounding the CRS, especially in relation to data protection, privacy and security. The notion that only those endeavouring to conceal their assets and evade tax have anything to fear from disclosure is not necessarily shared in all jurisdictions.

Some jurisdictions may want to attract investment from those for whom privacy is important, and thus may adopt the CRS to a limited extent. Certain countries are already giving this kind of indication; one of these is the Bahamas, which, as discussed earlier, has stated that it intends to implement the concepts of the CRS in local law and specific bilateral agreements, without committing itself to the regime on a wider level. Equally, the US, having FATCA, is highly unlikely to adopt the CRS in any form. Additionally, there remains debate concerning the treatment of certain entities, such as trusts, under the CRS globally. The law in a number of jurisdictions does not entertain the trust concept and has no distinction between legal and beneficial ownership. Accordingly, there is an issue in relation to how such jurisdictions might treat a trust. This chapter addresses some of these wider issues and their implications.


Privacy is a major concern for many individuals, especially those of a very high net worth who may reside in jurisdictions where kidnapping and similar crimes are a significant risk. In the context of the CRS, various questions regarding the sometimes complex structures established by such individuals are already being asked with a view to information exchange. In a number of cases, individuals have been uneasy about providing information, despite being fully compliant in their home jurisdictions in relation to their tax obligations. Under the CRS, the information needed for a reportable account includes the person’s name, address, tax identification number, date and place of birth, and the total gross amount paid or credited to the account in respect of the relevant reporting period and the account balance as at the end of the relevant reporting period. The closure of any account held by a reportable person must also be reported. Where controlling persons of a non-financial entity are disclosed, their name, address and tax identification number must be reported. Certain individuals are wary of any of the foregoing information being the subject matter of a report.

The OECD has been keen to reassure on this point and the preamble to the MCAA includes the following: ‘[w]hereas, the Jurisdictions have, or are expected to have, in place by the time the first exchange takes place (i) appropriate safeguards to ensure that the information received pursuant to this Agreement remains confidential and is used solely for the purposes set out in the Convention.’ It adds that entry into the MCAA is ‘subject to the confidentiality and other protections provided for in the Convention, including the provisions limiting the use of the information exchanged’.

In this context, the ‘Convention’ is the Convention on Mutual Administrative Assistance in Tax, as amended by the protocol amending the Convention on Mutual Administrative Assistance in Tax Matters. In the Convention, Article 22 deals with secrecy and confidentiality and provides, broadly speaking, that information given under the Convention should be protected to the same extent as it would be in a person’s jurisdiction of residence. It can also only be used for the purposes agreed between the party jurisdictions, unless it could be used for other purposes in the person’s jurisdiction of residence and that jurisdiction agrees to such use. Jurisdictions are prohibited from implementing laws on privacy designs to circumvent the Convention.

The MCAA sets out certain additional provisions. Section 5, entitled ‘Confidentiality and Data Safeguards’, provides:

‘1.           All information exchanged is subject to the confidentiality rules and other safeguards provided for in the Convention, including the provisions limiting the use of the information exchanged and, to the extent needed to ensure the necessary level of protection of personal data, in accordance with the safeguards which may be specified by the supplying Competent Authority as required under its domestic law and listed in Annex C.

2.            A Competent Authority will notify the Co-ordinating Body Secretariat immediately regarding any breach of confidentiality or failure of safeguards and any sanctions and remedial actions consequently imposed. The Co-ordinating Body Secretariat will notify all Competent Authorities with respect to which this is an Agreement in effect with the first mentioned Competent Authority.’

Section 7 provides that entering into any agreement pursuant to the MCAA is subject to a jurisdiction demonstrating it ‘has in place adequate measures to ensure the required confidentiality and data safeguards standards are met and attaching the completed confidentiality and data safeguard questionnaire, to be included in Annex D’.

Annex C and Annex D are left blank in the model confidentiality agreement, presumably for jurisdictions to complete.

The provisions detailed above are clearly somewhat subjective and dependent upon the jurisdictions involved. Additionally, whatever is technically provided for is of relatively little application to the concerns of those to whom the issue of privacy is important. The inescapable problem is that, for the first time, the private information of individuals will be gathered by jurisdictions around the globe, and individuals are facing the prospect of their account details in certain structures being revealed to tax authorities. For example, an individual resident in Venezuela, but with an account with a high value in a developing nation, will face the prospect of the tax authorities in that nation being aware of their personal details. They may feel that, however unlikely, there is a risk that, through bribery or otherwise, the information may find its way into the wrong hands. It is very difficult to see how much comfort the technical wording of the OECD can offer in such situations.

Given this privacy issue, certain jurisdictions may well attract investment by a lighter touch in implementing the CRS with a greater emphasis on privacy and data protection.

Lack of uniformity in compliance

Beyond the lack of uniformity in certain definitions and in the jurisdiction in which law applies, there is also a lack of uniformity in compliance obligations and forms. This has manifested itself in a vast plethora of differing forms that have found their way to account holders, each asking similar questions but varying widely in terms of format and precise content. This creates an overwhelming and confusing burden for many.

A common complaint among account holders is a lack of clarity as to whether information is required by the CRS, CDOT or FATCA – or not. Frequently, the preamble to various forms states ‘in order to comply with our obligations under’ and then proceeds to ask for various pieces of information. However, a number of entities in various jurisdictions pre-empted the operation of the CRS and asked, in 2015, for information on residence jurisdiction, purportedly under FATCA or CDOT. As was discussed earlier, FATCA requires only the identification of US persons, and confirmation that a person is not a US person or has no US controlling persons is sufficient. Similar limitations on jurisdiction apply under CDOT. Accordingly, it is erroneous to suggest that these regimes mandate details of the jurisdiction of residence, wherever that may be, of an account holder or controlling person. Therefore, account holders were left uncertain as to whether to complete the forms in full or simply to supply the more limited information required by the statute under which the form is purportedly issued. This may well continue as time progresses. Some jurisdictions will legitimately be implementing the CRS at this point, but others will not and do not require global information at this time. Further confusion will arise in terms of the adoption or otherwise of the ‘wider approach’ discussed earlier. Jurisdictions adopting this approach in its entirety will be required to obtain information on all account holders. However, jurisdictions may not adopt this approach and thus need not request information on residents in non-participating jurisdictions and should not represent that they are legally required to do so. More confusingly, a number of jurisdictions have left the adoption of the wider approach optional to financial institutions. Therefore, the financial institutions may require jurisdiction information from all account holders, although they are not required by law to do so. Sometimes, these jurisdictions are difficult to ascertain since the OECD website tends to list under ‘wider approach’ all those jurisdictions that give financial institutions the option of adopting it, without distinguishing as to whether this is mandatory.

Added to this difficulty of determining the technical requirements under which requests are made and thus ascertaining what is necessary in terms of information provision is the practical element of account on-boarding. Obviously, FIs are free to impose their own requirements on account holders. Accordingly, if an FI requests information that is not forthcoming, it may refuse to open an account. However, there is a difference between an investor who simply refuses to provide information and one who resists providing certain information on the basis that it is not required by law. Sometimes, given the plethora of ‘precedent’ forms available, FIs may erroneously send out a request based on a different jurisdiction or on an approach that demands certain information. For example, some jurisdictions might require the type of controlling person named for a passive NFFE, or the reason why a tax identification number (TIN) cannot be given, and others do not. Thus, it is worth ascertaining specifically what information is actually required. Although this may entail undertaking some additional work, those opening accounts tend to object to suggestions that information is ‘required by law’ when it is not and, equally, to request more information than is necessary without adequate explanation.


Trusts are generally a difficult area to address in a global context. Many jurisdictions have no distinction between legal and beneficial ownership, and the concept of a trust is thus difficult to understand. Unfortunately, the approach to trusts in the CRS appears to be based on an assumption of tax avoidance, and the information sometimes required is frequently incongruous in context. Trusts are referenced at the very outset in the introduction to the CRS and emphasis is laid on the fact that reportable accounts include accounts maintained or held by entities that are trusts. The institutions (often including the trust itself) responsible for reporting on these accounts are also required to look through passive entities to report on individuals that ultimately control these entities. It is clear that there is an agenda in the CRS to ensure that trusts cannot be used by individuals as a shield against reporting requirements. This almost certainly accounts for the seemingly excessive reporting obligations found within the CRS in respect of trusts.

Within global information exchange, a trust is generally an FI or a passive NFE, although in rare cases a trust could be an active NFE. The FI classification situation tends to arise when a trust is managed by a professional trustee or asset manager. Otherwise, a trust tends to be a passive NFE.

As FIs, trusts have an obligation to report on any ‘reportable account’, namely an account held by a reportable person, that is, a resident of a CRS signatory state unless the wider approach is adopted in which case any person. An account holder is any person who, in relation to a trust that is an FI in the form of an ‘investment entity’, has an ‘equity or debt interest’ in the trust.

Under the CRS, ‘an equity interest is considered to be held by any person treated as a settlor or beneficiary of all or a portion of the trust, or any other natural person exercising ultimate effective control over the trust’. According to the CRS Commentary, beneficiaries who are purely discretionary beneficiaries (ie, have no vested interests in the trust) should only be considered as account holders in relation to a particular reporting period if there has been a distribution to them during that reporting period.

In the case of a trust that is resident in one of the early adopter countries, distributions made to a discretionary beneficiary in 2015 may already trigger disclosure obligations in the course of 2017, because accounts will be categorised as ‘pre-existing’ by looking at the position in December 2015.

It is important to note that a person who is a beneficiary as well as a settlor of a trust that is an FI (qualifying as an account holder in both instances) would be treated as having two accounts with that trust. These will need to be assessed and reported on separately.

Any person who has made a loan to a trust is also an account holder, holding a ‘debt interest’.

The CRS does not provide any guidance in relation to the determination of the value of the interest of a beneficiary, settlor or person exercising ultimate effective control. The question therefore arises as to what values should be attributed to these parties’ interests in an FI trust (ie, the value of their ‘accounts’) for reporting purposes.

The value of a vested beneficiary’s interest in the trust is likely to be linked directly to the value of the vested interest. In the case of a discretionary beneficiary, the value of their interest in the trust is likely to be equal to the aggregate amount of distributions in their favour in any given reporting period.

More difficult questions arise as to what the value is of a settlor’s interest in an irrevocable trust compared with a revocable trust. Similarly, in the case of a person exercising ultimate effective control over the trust (eg, a trustee or a protector with significant powers), should the full value of the trust be attributed to that person? These difficulties derive from the somewhat inappropriate way that trusts are addressed within the CRS. How can a settlor in an irrevocable trust have a continued interest in that trust? Equally, how can a protector be regarded as having an interest of the type deemed reportable under the CRS?

If the trustee of a trust is not a professional corporate trustee, the trust may well not be an FI. It would therefore be classified as an NFE, and be either active or passive. As stated above, the chances are that such a trust will be a passive NFE. However, as discussed earlier, the CRS also defines a passive NFE as including any ‘investment entity’ that is so classified due to being managed by another FI that is resident in any country that has not signed up to the CRS. The effect is to require FIs, which maintain accounts for trusts that are resident in a non-CRS country, to identify the ‘controlling persons’ in relation to those trusts and report on those controlling persons where they are resident in a country that has signed up to the CRS.

The term ‘controlling persons’ is defined in the case of a trust as meaning ‘the settlor, the trustees, the protector (if any), the beneficiaries or class of beneficiaries and any other natural person exercising ultimate effective control over the trust’.

From this definition, it is clear that a person can be a controlling person of a trust without exercising any control over it (eg, a beneficiary). Perhaps for this reason, the CRS gives participating countries the option of distinguishing between discretionary and vested beneficiaries in the same way as would be the case for reportable accounts. Therefore, only those discretionary beneficiaries that receive an award will be treated as controlling persons. However, as discussed earlier in this article, this option is not available under the DAC. However, even with this option being used, the remit of controlling persons in the context of trusts does seem to be inordinately wide. Protectors and trustees are expressly brought within the controlling persons definition. This is to be distinguished from the position of a trust that is an FI where trustees and protectors are not automatically included as account holders, although either might be persons exercising ultimate effective control over a trust. The net effect of this is that any trust that is a passive NFE and has an account with a bank resident in a CRS signatory state may have to supply such bank information in relation to all its beneficiaries, settlors and protectors. This seems a potentially bizarre result since, presumably, this could involve reporting classes of beneficiary or beneficiaries who are unaware they are beneficiaries.

Overall, it would appear that the CRS does not seem to understand trusts well, assuming they are generally used for tax avoidance, and has thus adopted a ‘sledgehammer’ approach in that virtually every party associated in some way with a trust structure is reportable, certainly when a trust is regarded as a passive NFE. This all seems somewhat excessive and modifications may be made in the future.

Implementation barriers

Despite the clear enthusiasm for information exchange, it cannot be denied that practical barriers may result in problems with the system, especially given the involvement of a number of developing countries. The rules require ‘reciprocity’ in information exchange but this may prove difficult for poorer countries. For example, wealthy Nigerians are far more likely to have assets secretly located in Switzerland than wealthy Swiss are likely to have located their assets secretly in Nigeria. If Nigeria does not have the capacity or resources to set up the data collection processes for relevant information (including the privacy provisions described above), then they will not be able to receive information under the CRS, even if they wish to do so. It is not clear at this point how wide this problem might be, but it has certainly been raised as a potential issue. There is the option for jurisdictions to be ‘participating’ but not ‘reporting’ so that they report to others through the CRS but do not receive information and are thus not required to have all requisite systems and safeguards in place. However, this option is typically associated with jurisdictions that do not impose taxes and that do not, therefore, have any use for the information they may receive. It is less palatable to a country that would actually benefit from the receipt of information.

Non-participating countries as ‘information exchange havens’

Obviously, certain countries will not participate in the CRS. Especially in the context of the US, there has been speculation that individuals seeking privacy or, indeed, seeking to conceal their assets, will deploy them in structures in jurisdictions outside the CRS. This may, however, require some careful structuring. Although the use of financial institutions in jurisdictions outside the CRS may be beneficial, care must be taken that a structure does not use an entity that is not regarded as a passive NFE solely by virtue of the ‘managed by’ test, since, as previously discussed, this would result in disclosure of ‘controlling persons’. This factor is often forgotten by those who consider moving their assets to a non-CRS jurisdiction. Nonetheless, the use of bank accounts in non-participating jurisdictions would be a way to avoid reporting. It is likely that certain individuals will take advantage of this and certain other jurisdictions will encourage it. As stated earlier in this section, it may be that some jurisdictions attempt to find a balance between being attractive for investment but still compliant with the CRS.


It may be early days but there are clearly global complications with the CRS. As with any form of law based on an international instrument, it will only be as effective as implementation between various jurisdictions will allow.



[*]    Jennifer Wheater is counsel, tax at Linklaters in London.


Back to top