August 2014

OECD issues Standard for Automatic Exchange of Information in Tax Matters

Tax Alert

  • Share

Executive summary

On 21 July 2014, the Organisation for Economic Co-operation and Development (OECD) published the Standard for Automatic Exchange of Information in Tax Matters (the Standard).

The Standard consists of the Model Competent Authority Agreement, intended as a template for intergovernmental agreements, and the Common Reporting Standard (CRS) that contains the reporting and due diligence standard that underpins the automatic exchange of information. There are also extensive commentaries and guidance on technical solutions for information exchange as well as a number of appendices.

The Standard has no direct legal force but it is expected that jurisdictions will follow it closely in adopting local rules and regulations, with many countries already agreeing to early adoption in 2016. There is, however, significant scope for variations to be incorporated as part of that implementation process.

The CRS represents an additional global compliance burden for financial institutions (FIs) and increases the risks and costs of servicing globally-mobile customers and non-individual customers in general.

One positive note for FIs is that the OECD has modelled the CRS on the intergovernmental approach to the Foreign Tax Account Compliance Act (FATCA), which means that in part it should be possible to leverage existing and planned FATCA processes and systems. It should be noted, however, that the data required under the CRS is different, and the volumes of customers and clients affected are likely to be significantly greater.

This Alert summarizes the background to the release of the Standard, the process for global implementation and key issues for effected FIs.


The Standard is intended by the OECD to be a ”step change” in the way in which jurisdictions share tax information to combat tax evasion.

The OECD acknowledges that many jurisdictions already exchange information automatically, often on certain common types of income, most notably within the EU. However the Standard is intended to be global in scope and to focus on a universal set of information relating to financial accounts, drawing heavily on the intergovernmental approach adopted under FATCA.

The Standard consists of a Model Competent Authority Agreement and the Common Reporting Standard on reporting and due diligence for financial account information. It contains detailed Commentary on both components and technical solutions for information exchange.

Model Competent Authority Agreement

The Model Competent Authority Agreement (Model CAA) links the CRS and the legal basis for information exchange (such as the OECD’s Multilateral Convention on Mutual Assistance in Tax Matters or a bilateral tax treaty).

The Model CAA contains clauses setting out representations on the due diligence and domestic reporting undertaken as well as on data confidentiality and infrastructure in place for effective information exchange. There are also sections dealing the type of information to be exchanged, along with the time and manner of such exchanges. Other sections include provisions for collaboration between competent authorities on the issues of compliance and enforcement.

In order to encourage as much uniformity in such agreements as possible, the OECD has published a model bilateral agreement and a model multilateral agreement. There is also a model nonreciprocal agreement, to be used where one contracting state does not wish to receive information on its residents’ banking activities in the partner country (for example, in a jurisdiction where no income tax regime exists).

The Common Reporting Standard

The CRS contains the reporting and due diligence requirements that are the foundation of automatic information exchange.

Participating jurisdictions will have to enact rules in domestic laws that are consistent with the provisions of the CRS.

FIs covered by the scope of the CRS will be required to report financial account information on account holders that are tax resident in other participating jurisdictions.

The CRS draws heavily on the FATCA Model 1 Intergovernmental Agreement (IGA) albeit with some important differences to accommodate a global exchange of information, rather than one which is aimed at identifying and reporting financial accounts heldby US persons only.

FIs in scope include custodial institutions, depository institutions, investment entities and specified insurance companies, unless they pose a low risk of being used for tax evasion and are therefore excluded from reporting. It is worth noting that the scope is broader than under FATCA in that a number of exemptions such as local Foreign Financial Institutions are not provided in the CRS.

The financial information to be reported includes interest, dividends, account balance or value, income from certain insurance products, sales proceeds from financial assets and other income generated with respect to assets held in the account or payments made into the account.

Reportable accounts include those held by individuals and entities (including trusts and foundations) and there is a requirement to look through passive entities to reporton the relevant controlling persons.

As with FATCA, there are detailed due diligence requirements for new and pre-existing accounts held by individuals and entities. The diligence requirements are similar to those required under the Model 1 IGA, although significantly, the respective de minimis thresholds for individuals (US$50,000) and entities (US$250,000) are not available under the CRS.

Commentaries on the Model CAA and CRS

For each section of the Model CAA and CRS, there is an accompanying detailed Commentary, which is intended to further explain the provisions with a view to ensuring consistency in application across jurisdictions. The OECD notes that in some situations the Commentary does allow for alternative approaches to be adopted.

The Commentary deals with some key uncertainties and concerns expressed by industry, including the following:

  • One particular concern expressed has been the treatment of new accounts for pre-existing customers. The Commentary deals with this issue and generally follows the position taken under FATCA, namely allowing new accounts for existing customers to be linked to the pre-existing account relationship. This will mean that due diligence requirements can be adapted from FATCA.
  • The Commentary includes specific guidance on the definition and use of publicly available information to classify entity account holders, which will be welcome to all affected FIs. The definition in particular is widely drawn and should allow many FIs to leverage existing solutions built for FATCA purposes.

The Commentary also specifically indicates that participating jurisdictions will be expected to help taxpayers determine their tax residency and the OECD will support the distribution of information to help taxpayers determine their residency. This should help to alleviate FIs’ concerns that customers may look to them to determine their tax residency.

The final release of the Commentary is a positive development for financial institutions and competent authorities as it provides detailed guidance on the requirements of the CRS.

The next step for both parties will be to understand the differences between approaches that have already been adopted for FATCA and those required for the CRS, in order to be able to assess the level of change necessary.

However, until participating jurisdictions implement the CRS into law, uncertainty will remain. So for financial institutions with operations in countries which have committed to early adoption of the rules from 2016, there will now be a focus on engaging with competent authorities to ensure the CRS can be implemented as efficiently – and as uniformly - as possible.

Technical solutions

The Standard contains guidance on relevant technical implementation recommendations. It includes a schema to be used to exchange information and provides a standard in relation to the information technology (IT) aspects of data safeguards of confidentiality and the transmission and encryption of information.


The Standard is dependent on the relevant governmental bodies of participating jurisdictions entering into CAAs, either bilaterally or multilaterally, and appropriately incorporating the CRS into domestic law.

A key concern will be whether jurisdictions will take different positions in terms of implementation and interpretation. The industry hope is that any such differences are few and far between. An additional concern, given the number of adopting jurisdictions, will be how FIs will monitor such differences to ensure they remain compliant.

An OECD Background Information Brief released in February 2014 acknowledges this concern and states that the standard will be a “living system” and so may need to “evolve over time.” Helpfully, the OECD also notes that “The OECD, working with G20 jurisdictions, will seek to ensure that the Standard remains a single Standard also over time and that as much as possible it continues to be interpreted and operated consistently across different jurisdictions.”


An Early Adopters Group (EU nations, along with the UK Crown Dependencies and Overseas Territories, as well as some others) indicated in March 2014 that they will implement the CRS with a view to the first exchange of information taking place in 2017. This would mean reporting FIs needing to implement new on-boarding requirements by 1 January 2016.

Which countries are committed to the CRS?

Early adopters group

Argentina, Belgium, Bulgaria, Colombia, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, the Faroe Islands, Finland, France, Germany, Greece, Hungary, Iceland, India, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Malta, Mexico, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, South Africa, Spain, Sweden, and the United Kingdom; the UK’s Crown Dependencies of Isle of Man, Guernsey and Jersey; the UK’s Overseas Territories of Anguilla, Bermuda, the British Virgin Islands, the Cayman Islands, Gibraltar, Montserrat, and the Turks & Caicos Islands.

Other committed parties (excluding the United States)

Anguilla, Australia, Austria, Brazil, Canada, the People’s Republic of China, Chile, Colombia, Costa Rica, Montserrat, Indonesia, Israel, Japan, Korea, Luxembourg, Malaysia, New Zealand, Russian, Saudi Arabia, Singapore, Switzerland, and Turkey.

Implementation from 2016

A joint statement released by the Early Adopters Group envisages that the CRS will be implemented from 2016, with the probable timeline in those countries being:

  • 1 January 2016: New account due diligence
  • 31 December 2016: Complete review for high value individual accounts
  • 31 December 2017: Complete review for low value individual accounts and entity accounts

First exchanges of information are due to take place in September 2017, which means that reporting by reporting FIs should take place between March and June 2017.

FIs may be skeptical of these deadlines, given the delays in the FATCA timelines. However, the evident determination of the OECD and the Early Adopters Group in particular means that FIs should not underestimate the likelihood that these timelines will become effective in some, if not all, of the 44 jurisdictions committed to early adoption.

Treaty relief and compliance enhancement

Throughout the process of developing the Standard, the OECD has indicated its intention to align the adoption of the CRS to the Treaty Relief and Compliance Enhancement (TRACE) project.

TRACE focuses on simplifying the process by which portfolio investors claim reduced rates of withholding tax pursuant to a double tax treaty or under relevant domestic law. Now that the Standard has been released it is anticipated that work on incorporating TRACE at an OECD level will begin.

These developments are positive for FIs with an interest in this area, such as asset-servicing organizations and portfolio investors. Such organizations should consider approaching their respective industry organizations to encourage engagement with both the OECD and relevant national governments to register support for this initiative.

Detailed comments

Due diligence requirements

The overall process for obtaining customer classifications is broadly the same as the FATCA Model 1 IGA with one key difference being that the nature of the classifications is based on tax residency rather than citizenship or nationality. The OECD has recognized the significant investment in FATCA by the financial services industry and this will hopefully mean that FIs can leverage a significant amount of the work already performed for FATCA purposes when complying with this new standard.

The Commentary clarifies some of the due diligence requirements and provides much needed detail on the interpretation of requirements. The majority of requirements are as set out in the EY Global Tax Alert, OECD releases Common Reporting Standard, dated 20 February 2014, while some key differences to the FATCA Model 1 IGA are highlighted here:

  • Focus on tax residency of individuals and entities rather than citizenship as under FATCA. The rules for reporting specified entities resident in participating jurisdictions are maintained from FATCA and are likely to have significantly more impact under the CRS due to the cross-border nature of companies within Europe and Asia
  • Removal of de minimis limits for existing and new individual accounts and also in relation to insurance contracts. However, the ability to rely on a residential address for pre-existing accounts should minimize the impact
  • On benefit of the removal of de minimis limit is that aggregation challenges are eliminated for a number of accounts. Aggregation will be required to determine higher value accounts (higher than US$1m) for review and for entities, but it may be possible to apply more tactical solutions for these requirements based on business area or other criteria
  • The CRS introduces the concept of an “undocumented account,” which will be reported as such to the competent authority. These accounts will generally arise when an FI is unable to obtain information for a pre-existing account. It is not clear what needs to be reported in respect of undocumented accounts; however it is clear from the guidance that the number of accounts reported will drive the extent of any inquiry (see Enforcement section below)

Compared to the Model 1 IGA, more detailed guidance has been provided as to who must be deemed a Controlling Person, particularly in respect of a trust. Under the CRS, beneficiaries must always be treated as the Controlling Persons, regardless of whether or not any of them exercises control over the trust, and several other clarifications and definitions are included. This appears to set a more rigorous requirement than under FATCA.

For all accounts, FIs may not rely on certifications or documentary evidence if the FI (or, in the case of certain high-value accounts, a relationship manager) knows or has reason to know the certification or documentary evidence is incorrect or unreliable. This will require Fis to have processes to cross-validate information received against the information held for Know Your Customer/Anti-Money Laundering purposes.

As there is no globally standardized start and end date for the review of pre-existing accounts, it will be a challenge for multinational organizations to design and rollout a program, and it is likely that identifying all non-domestic customers during any review will be the market standard.

Local implementation

Exchange of information

The expectation expressed in the Model CAA is that data will be exchanged through XML via a common schema, the specifications for which are provided in Annex 3 of the OECD publication.

Beyond this, the model CAA leaves discretion to participating jurisdictions to agree between themselves as to how data will be exchanged, while providing ”appropriate minimum standards” of secure transmission and encryption. In particular, the use of memory sticks and other portable media is discouraged.

The CRS does not give an indication of how data will be exchanged between reporting FIs and competent authorities, leaving it to each jurisdiction to determine how best to collect the required information. A concern for multinational financial services groups will be the potential need to deploy a mixture of different technology solutions across the organization, depending on the protocols agreed upon in each country.


While FATCA relies on withholding and presumptions of US citizenship to manage non-responders, the CRS relies solely on the reporting of undocumented accounts (i.e., if the residency of the account owner cannot be documented, then the account is reportable). Therefore enforcement procedures adopted by local competent authorities will be critical to ensure global compliance.

The CRS sets out a number of rules and procedures that jurisdictions must employ in order to ensure effective implementation and compliance with the reporting and due diligence procedures.

In summary these include:

  • Rules to prevent practices intended to circumvent the reporting requirements and due diligence procedures
  • Administrative procedures to verify reporting FIs’ compliance and follow-up steps when undocumented accounts are reported
  • Effective enforcement provisions to address non-compliance

While recognizing that jurisdictions will already have a number of antiavoidance rules in place, the CRS states that the effectiveness of the rule is more important than its form. The Commentary provides several situations for which it is expected that such anti-avoidance rules would apply as a minimum. These include the movement of accounts to nonparticipating jurisdictions, transfers of balances over year-end and the manipulation of data quality.

A notable inclusion in the CRS is the treatment of undocumented accounts, which will primarily apply to pre-existing accounts for which the financial institution cannot obtain documentation. The Commentary states there is always “cause for concern” if undocumented accounts arise, whether from inadequate processes being implemented by a reporting FI in obtaining the necessary information or as a result of the account holder being non-compliant.

A number of courses of action may be expected by a jurisdiction receiving information on undocumented accounts. This will range from a simple inquiry to the reporting FI in the case of a small number, up to a full audit where there is a larger than average number or a noticeable year on year increase.

Significantly, the Commentary adds that a jurisdiction may implement rules that provide for the imposition of fines or other penalties where a person does not provide information which could include a failure by an individual to provide selfcertification.

It also suggests that jurisdictions may wish to make self-certification a condition of account opening, which could cause issues for a number of sectors, particularly where third parties are involved in any compliance process.

Local discretion on implementation

The CRS allows for a number of jurisdictional based variations and potential inconsistencies to be included on transposition into local legislation. Key areas include:

  • Classification of Non-Reporting FIs may vary by jurisdiction depending on the application of local legislation and whether the entity presents a low risk of being used to evade tax. There may be some inconsistencies depending on the application of this definition
  • Certain accounts may also be classified as Excluded Accounts by meeting a number of low risk requirements

The Commentary attempts to reduce any such inconsistencies, stating that they would typically expect excluded account definitions to be consistent with those excluded under FATCA IGAs.

Industry focus – Asset Management

A key difference between the CRS and FATCA is that under the CRS, the definition of financial account includes interests in funds that are regularly traded on a stock exchange. This means that exchange traded funds in jurisdictions that adopt the CRS will be within the scope for reporting under the CRS but not FATCA.

This will have a significant impact on the Exchange Traded Fund (ETF) industry and will be a challenging requirement to meet as listed funds do not perform due diligence on investors when they purchase shares. This issue is partly covered in the Commentary, where it is suggested that where due diligence is carried out by brokers, such brokers could be required to provide all information to the fund to enable the fund to comply with its obligations.

Another significant difference between the CRS and FATCA is the treatment of investment entities from jurisdictions that have not adopted the CRS. Under the CRS these will be classified as passive non-financial entities (NFEs). This will require FIs in jurisdictions that have adopted the CRS to classify the Controlling Persons of any investment entity outside a CRS jurisdiction that holds an account.

Industry focus – Insurance

There is no material difference between a specified insurance company as defined under FATCA for Model 1 IGA purposes and one as defined under the CRS. The focus remains squarely on identifying accounts described as Cash Value Insurance (CVI) contracts where there is a cash value payment on termination or surrender, or through collateralizing the account.

Under the CRS more individual accounts will be potentially reportable as in scope accounts are not limited to those valued at more than US$50,000 as under the FATCA Model 1 IGA. There are, however, a list of excluded accounts which include term life insurance, tax favored policies, and retirement and pension accounts. Reinsurance policies are also specifically excluded. There also appears to be an opportunity to exclude other “low risk” accounts which should help smaller product producers.

As with FATCA, most life insurance companies are likely to be FIs and in scope of CRS for account due diligence and reporting, while general insurance companies and insurance brokers will not. It should be noted, however, that the CRS does not contain a “FATCA like” concept of Fixed, Determinable, Annual, Periodical (FDAP) income payments.

Life insurance companies in scope of CRS and that operate within the EU may have additional due diligence work to perform on their insurance back book for CRS purposes than they have had to carry out under FATCA, where the back book is out of scope for a significant number of CVI products. The CRS retains the FATCA approach of exempting from review those pre-existing CVI accounts where the FI is effectively prevented by law from selling their products into the reportable jurisdiction. EU law, however, requires the free movement of services so that in theory a policy holder is able to effectively shop around the EU for their policy. Consequently, where an EU insurer is not prevented by law from selling their products into reportable jurisdictions within the EU the preexisting exemption may not apply.

As many EU countries are expected to be early adopters of the Standard, due diligence of the back book will be an immediate and additional burden for life insurers as soon as CRS goes live.

Technology, Data and Reporting Implications

The Standard contains guidance on the use of technology solutions which will form a fundamental component of the reporting mechanism.

The OECD’s approach is to set the expected level of standards around information exchange, data security, encryption, confidentiality and integrity, while allowing for variations in solutions that meet these standards. It does not mandate a single solution for data transmission or encryption, effectively allowing further use of systems and practices already in use, which vary by reporting financial institution and competent authority.

From a reporting FI’s perspective, the main technology focus will be to firstly identify the reportable accounts, and then to compile the annual CRS reports for submission in the specified format to their local competent authority. This process will need to be replicated, addressing local variations from the common standard, for each jurisdiction the FI operates in. This presents a management control challenge and coordinating activities will require sharing of management information on reporting activities.

For competent authorities, the task of collecting data from domestic FIs, together with the production of the CRS reports and the receipt of reciprocal reports, will be a new task to resource and manage. A dedicated reporting solution, which includes the relevant data security and encryption standards may be required if the existing reporting mechanisms are not suitable for this new reporting activity.

In summary, while efforts at standardization have clearly been made, in practice there will be multiple variations from the standard which will require clarity of understanding of these variances in order to design the reporting technology support plus robust management of the technology solutions.

What next?

The approach adopted by FIs will be influenced by, among other things, the extent to which they consider that the anticipated timetable for implementation of the OECD proposals may change.

FIs will need to decide the best time to initiate a systems review and modification to ensure they can satisfy the requirements of the CRS, taking into account, in particular, the time required for implementing changes to customer classification processes.

Comparing the IRS FATCA and OECD schemas

A comparative analysis of the IRS FATCA Schema v1.1 and OECD Schema (Annex 3) illustrates that there are approximately 100 separate data elements across the two schemas. Of these 100, about one third have the same definition, one third have similar but different definitions, and the other third appear only in one, not both, of the schemas.

By way of example of the challenges of local implementation, the UK FATCA Submission schema also contains further differences. In many jurisdictions, it is likely that there will be more differences than similarities between the reports needed for FATCA and CRS reporting.

FIs should take therefore immediate steps to understand the key differences and similarities between the CRS and FATCA, and the corresponding impact on their approach to FATCA compliance. For example, there may be opportunities to reduce effort by combining FATCA planned activities with the CRS requirements, such as the review of high value accounts.

Local implementation of the rules will be critical to this process, and engagement with local tax authorities or other competent authorities may help ensure that businesses can comply with the CRS in a way that minimizes cost and disruption.

Using existing FATCA solutions

One of the most significant drivers determining the challenge, cost and complexity of CRS implementation will be the current capability of the FATCA compliance program and the ability to use existing programs to deliver CRS compliance.

FIs that have developed strategic solutions based on the Model 1 IGA may be able to amend those processes and system solutions to cater for CRS with relative ease, leveraging the investment made for FATCA.

Alternatively, organizations that have built ”tactical” solutions for FATCA, organizations that have designed their solutions for compliance with FFI Agreements and US banks that have aligned Chapter 3 solutions with FATCA compliance may find that they have a more challenging task to adopt CRS in all countries.


Download the Tax Alert (pdf, 211kb) .