Navigating through operational tax complexities

In the dynamic global financial environment, navigating the complexities of tax regulations such as the

Foreign Account Tax Compliance Act (FATCA), Common Reporting Standard (CRS), Directive on Administrative Cooperation 6, 7 and 8 (DAC6, DAC7 and DAC8), and the Central Electronic System of Payment information (CESOP) present considerable challenges.

Challenge 1 – Evolving regulations

Since the entry into force of DAC7, each Luxembourg financial institution (FI) is required to notify each reportable individual in the scope of CRS that their personal and financial information will be gathered and transmitted in accordance with the law. In this context, personal information refers to individual data such as name, address, jurisdiction of tax residency/residencies, and tax identification number, while financial information refers to the total gross amount paid or credited, and/or the value of the debt or equity position within the financial institution at the end of the calendar year or another relevant reference period. Reporting FIs must notify their individual clients and the controlling persons of passive non-financial entity clients subject to reporting under CRS about their personal and financial information which will be reported to the Luxembourg tax authority. This notification should be performed every year prior to the exchange of information with the authorities. In addition, the FI must provide those individuals with details about how to request the data controller, and also provide access to the information within a reasonable timeframe. If required, they will also allow the individuals to exercise their data protection rights. This requirement must be met before any information is shared with the Luxembourg tax authority.

During the year 2023, the following five jurisdictions were added to the list of reportable jurisdictions: Jamaica, Moldova, Montenegro, Thailand, and Uganda. Other participating jurisdictions, such as Kenya, Rwanda, Ukraine, may also be added to the list of reportable jurisdictions.

In this evolving context we recommend that:

• The notification process be integrated within the existing reporting process.
• Financial institutions remain informed about any modifications in reporting requirements and update their systems and processes for reporting preparation accordingly.

Challenge 2 – Data quality

To meet all the necessary data standards and legal requirements, Luxembourg financial institutions collect, maintain, and process data. It is critical for FIs to maintain a high level of data accuracy, and for that purpose, internal and external checks must be performed. 

To support FIs in their duties, the OECD, the IRS and the European Commission websites provide the opportunity to check plausibility of mandatory data, such as foreign tax numbers, addresses, GIIN, and VAT numbers, etc.

Storing and processing inaccurate data may lead to incorrect reporting and expose financial institutions and their clients to tax investigations and penalties.

Data is gold and we recommend that:

• A full data check be carried out from data collection to report submission.
• Financial institutions continually analyze and clean their data leading up to annual filing.

Challenge 3 – Complexity

It is important to mention that the (Automatic Exchange of Information (AEOI) requirements are closely related to Anti-Money Laundering (AML) rules, the Anti-Tax Avoidance Directive 2 (ATAD 2), and the General Data Protection Regulation (GDPR).

In addition to the regulations mentioned earlier, DAC8, a new directive, was issued in October 2023. This Directive focuses on imposing transaction reporting obligations on crypto-asset service providers, but it also extends its reach to existing directives, particularly DAC2 (CRS) and DAC6 (Mandatory Disclosure Regime).

A critical aspect of simplifying this complexity is ensuring data accuracy and integrity.

Tax topics cannot be handled in silos and we recommend that:

• Financial institutions develop and execute a comprehensive strategy that addresses these interconnected aspects of global finance.
• They continuously improve data security measures to maintain compliance.

Challenge 4 – Governance

Policies and procedures must be well documented, and FIs must remain informed about filing deadlines and changes to reporting requirements and schemes.

FIs must also be prepared to respond to various type of inquiries from tax authorities regarding data exchanged, governance and compliance programs, and evidence on proper tax data management.

Based on the statistics provided by the tax authority (Administration des contributions directes (ACD)), the penalties are more than doubling on a yearly basis and increased by 398% between 2021 and 2023. This confirms the increased scrutiny of the authorities and that penalties for instances of non-compliance are not only a possibility but a reality.