Tax transparency is not a new theme. What we are now seeing is the huge risks and the huge potential rewards of global data exchange in practice.
As a result we face the difficult questions of working out how far we are prepared to go for “transparency.” Are there limits? Should information exchange continue at any cost, despite the latest security scares?
There is certainly a reward for jurisdictions receiving valuable data on “offshore” financial interests. Whether it be fighting international crime, or raising government revenues by catching tax evaders and avoiders. The U.K.’s latest strategy document, No Safe Havens 2019, reveals that the automatic exchange of information now covers over 90% of global GDP.
As discussed below, 2019 saw the first major publicized data breach as a result of the information exchange to support international tax transparency. The fallout is telling in terms of questioning the limitations, if any, of transparency—the ideal versus the practical reality.
What is the Common Reporting Standard?
The Common Reporting Standard (CRS) is the brainchild of the Organisation for Economic Co-operation and Development (OECD) and is the culmination of decades of research and campaigning. It is also a marker of the political will evidenced in the G-20 meetings over recent years to combat tax evasion. The CRS is an information standard for the automatic exchange of information (AEOI) regarding bank accounts on a global level, between tax authorities. It was launched in its current form in 2014.
A key milestone of the CRS data exchange was reached in 2018—seeing more than 90 jurisdictions participating in the global transparency initiative and with information now exchanged on 47 million offshore accounts. The total value of the accounts reported under the CRS is estimated by the OECD to be 4.9 trillion euros ($5.4 trillion). The initiative is activated through 4,500 bilateral relationships and marks the largest exchange of tax information in history.
To check the progress of a specific country in the implementation of CRS see here.
What are the Rewards?
In June 2019, the OECD published preliminary analysis of the considerable impact AEOI is having on bank deposits in international financial centers (IFCs).
Deposits held by companies or individuals in more than 40 key IFCs increased substantially over the 2000–2008 period, reaching a peak of $1.6 trillion by mid-2008. These deposits have since fallen by 34% over the past 10 years, representing a decline of $551 billion.
This is seen largely as a direct result of countries adhering to tighter transparency standards. The OECD estimates that the AEOI initiative accounts for about two-thirds of the decrease, stating that “AEOI has led to a decline of 20% to 25% in the bank deposits in IFCs, according to preliminary data” (OECD, June 2019). A further updated study is expected to be published at the end of 2019 or early 2020.
The big reward for countries participating in the AEOI under the CRS standard is increased tax revenues. The OECD analysis estimates that the voluntary disclosure of offshore accounts in the run-up to full implementation of the CRS has resulted in more than 95 billion euros in additional revenue (tax, interest and penalties) for OECD and G-20 countries over the 2009–19 period.
What are the Risks?
There are several risks. In particular, a new concept of CRS avoidance has developed and the OECD is having to spend significant resource in tackling activity trying to circumvent AEOI.
Along with the desire to tackle tax evasion come the risks and challenges of data security. The concern when the CRS was launched was that any data leaks could lead to huge problems with identity fraud and fuel other criminal activity. Private individuals in certain countries were concerned about risk of kidnappings, corruption, blackmail and extortion.
In an attempt to counterbalance the risks, the OECD designed procedures to ensure the highest levels of security and support the safe transfer of data under the transparency agenda. However, it is clear that these procedures are now being put to the test in practice.
Bulgarian Data Breach and Swiss Reaction
In July 2019, the personal data of four million Bulgarian and foreign taxpayers was hacked from the Bulgarian National Revenue Agency.
The stolen data included names, addresses, personal identification numbers, dates of birth, annual tax returns; records of their income; “acts of administrative violations”; and health and social insurance status. Crucially, it also included full details of the tax information automatically exchanged with foreign governments. It is reported that the identities of 189 individuals have been publicly disclosed by the hackers. Of course, now these victims bear a heightened risk of impersonation by fraudsters.
In October 2019, the Swiss Federal Council canceled the automatic exchange of financial account information with Bulgaria, following confirmation of the data leak. Before the information exchange is resumed, Bulgaria’s corrective measures will have to be validated by the OECD Global Forum on Transparency and Exchange of Information for Tax Purposes.
Switzerland automatically exchanges personal financial account information with 75 countries, but has always maintained that it will only work with jurisdictions whose data security can be trusted.
Alongside Bulgaria, Switzerland named seven other countries which do not yet meet the international requirements on confidentiality and data security: Belize, Costa Rica, Curaçao, Montserrat, Romania, Saint Vincent and the Grenadines and Cyprus. Switzerland also named four countries which chose not to receive Swiss data under the AEOI initiative: Bermuda, British Virgin Islands, Cayman Islands and Turks and Caicos Islands.
Many individuals and businesses will be pleased to see decisive action taken by the Swiss authorities as a result of data security concerns. Switzerland is also seen as leading the way in monitoring and acting to prevent unsecure data transfer. The challenge now for many countries, with support from the OECD, is to improve data security and invest in technology to do so.
How is the U.K. using CRS Data?
In the U.K., HM Revenue & Customs (HMRC) takes a multifaceted approach to the use of CRS data. Until 2018 the focus was on encouraging voluntary disclosure. Indeed, specific legislation called the “Requirement to Correct” (RTC) demanded a review for offshore tax affairs to make disclosure where necessary. Under this program, over 18,000 taxpayers notified HMRC that they wanted to correct past misdemeanors with a connection to offshore. This was seen to be driven by the RTC deadline of September 30, 2018.
Since October 2018, HMRC is heavily focused on reviewing the CRS data: it is a big task, in that year it received CRS records relating to 5.67 million bank accounts. This is aided by advanced technology called the “Connect” system. Connect does the cross-referencing, data mining and sophisticated analysis of all taxpayer data, national and international.
In March 2019, HMRC revealed that Connect had cross-referenced 22 billion lines of data. Connect also identifies more than half a million cases for enquiry every year. From the CRS data, HMRC learnt that one in ten U.K. taxpayers has an offshore financial interest.
The focus is now on investigations, including tax return inquiries and more serious Code of Practice 8 and 9 tax investigations. In some instances, there are criminal investigations, including those linked to the Panama or Paradise papers. Certainly, it seems that the reward is there for HMRC, which says that it has raised 2.9 billion pounds ($3.7 billion) since 2010 by focusing on offshore tax non-compliance.
The data is not only used locally for domestic tax collection: the U.K. is also a member of the Joint International Task Force on Shared Intelligence and Collaboration (JITSIC)—a powerful network of 40 countries tackling cross-border tax avoidance and evasion.
What Action to Take?
Tax authorities need to build integrity in their data security and use of CRS data for the purposes intended.
Taxpayer trust will decline if there are thefts of data or CRS information is frequently used to interrogate those who are fully tax compliant—a concern of many tax professionals.
The authorities must demonstrate that they are using information to catch the non-compliant and not wasting government resources trying to catch out compliant taxpayers. It also defeats the overall purpose of transparency to reduce tax evasion and stop other criminal activity.
For international business and individuals with assets in multiple jurisdictions, the action is twofold: cross-checking tax compliance and data security.
- Many tax authorities are investing in sophisticated technology to ensure data is processed, cross-referenced and risk assessed accurately. For those who have uncertain, out-of-date or simply irregular tax affairs, then the time for voluntary disclosure is undoubtedly now. In the U.K., the general rule is that individuals who make a full unprompted disclosure of historical tax irregularities can bring their affairs up to date via a civil route, thus, being spared a criminal tax investigation. Public naming and shaming may also be spared under a voluntary disclosure.
- The Bulgarian data breach will confirm many individuals’ worst nightmares. That is, CRS does bring an increased risk of data theft and all the ensuing fallout. With huge volumes of data being openly transmitted around the world, and with full public knowledge, it is plain to see that CRS data will remain a hot target for hackers. For many individuals, it is wise to speak to the financial institutions in the particular country where they hold investments or accounts. Like Switzerland, people will be reassured to see action taken after data theft and the highlighting of countries considered to have insufficient security. Most support the ideal of transparency, however the exchange of such personal information must be done with the tightest security (supported by the checks, measures and safeguards developed by the OECD). Private individuals are also seeking their own cyber security advice. It remains true that if you have “nothing to hide” then why hide it? Of course, for many private individuals it is not a question of “hiding,” it is simply a question of personal security, privacy and wider concerns beyond tax.
In conclusion, tax transparency brings huge rewards for governments but also carries significant risks for taxpayers. The balance is now being tested on a global scale.
Dawn Register is a Tax Partner at BDO U.K.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.