CRS: The first reporting is nearly over - what happens next?

We have been busy over the last few weeks providing advice to trustees in Guernsey on issues in respect of the Common Reporting Standard (CRS) which have cropped up at the last minute, despite the first reporting deadline of 30 June 2017 having already passed.

The effective extension of the deadline to 31 July 2017 by the Guernsey tax authorities (which have vowed not to impose any penalties if CRS reporting and due diligence requirements are complied with on or before this second date) has given trustees additional time to complete their due diligence procedures, pull together the information to report and take advice on any remaining problem areas. In addition, the requirement under the Guernsey regime to give individual reportable persons 30 days' notice that information on them will be reported has caused issues for some trustees as it has given individuals the chance to question whether they are reportable and, in some extreme cases, to threaten legal action in the lead up to the reporting deadline.

Common problem areas

The main issues we have been advising on are:

  • Whether reporting on a particular individual will be a breach of the trustee's duty of confidentiality or its data protection obligations
  • Whether a particular person is reportable - economic settlors unnamed in trust documents, protectors and appointors with no economic interest and beneficiaries whose interests who are contingent have been causing the most problems (click here for our article on reporting on protectors)
  • The form and content of self-certification forms and notifications to individuals that they will be reported on
  • The extent to which Guernsey pension schemes are exempt from CRS reporting now that Guernsey has introduced a regulatory and supervisory framework for pension schemes and gratuity schemes (click here for our update on the new regime)

CRS is complex and, because it is new and Guernsey is one of the early adopters, we have the added disadvantage of having little guidance on some of the more tricky areas and no examples as to how certain aspects will be treated by the tax authorities and the courts. However, in every case we have advised on, we and our clients have been able to find a pragmatic and commercial solution to minimise risk. Plus we can use the experience we, as an industry, have gained in 'going first' to improve systems and procedures for next year and to become leaders in this field, enabling us to assist our colleagues in other jurisdictions for whom reporting does not start until 2018.

What next?

Guernsey reporting institutions still have some time to complete their due diligence procedures and carry out their first reporting before any penalties for late reporting will be applied after 31 July 2017. This means there is still an opportunity to take advice on any remaining problem areas.

Obviously CRS does not end after 31 July, although trustees would be forgiven for breathing a short sigh of relief when the first reporting is complete. Due diligence procedures are ongoing, reporting is annual and new business needs to be brought within the regime. However, hopefully over the next twelve months trustees will feel better equipped to deal with the 2018 reporting, having gone through it once. Also there may well be further guidance issued by the Guernsey authorities and/or the OECD on the most common issues which have arisen.

Trustees should use the time over the next few months to review their CRS policies and procedures, identifying what went well for the 2017 reporting and what did not, and to make any necessary changes. For example, self-certification forms and notices may need fine-tuning and CRS resources may need to be reviewed. Client agreements and terms and conditions should be reviewed to ensure they adequately deal with disclosures under CRS and provide sufficient protection in the event of a challenge to the trustee's reporting.

Trustees should also review their data protection policies, which they should be doing in any event in the lead up the introduction of the General Data Protection Regulation (GDPR) in May 2018. From a CRS perspective, particular attention should be given to ensuring a trustee's data protection policies take into account its CRS obligations and are compatible with its CRS policies. Whilst reporting under CRS in most, if not all, cases will not of itself be a breach of data protection legislation, it will be a breach if the reporting is not done in accordance with the trustee's data protection obligations.

Finally, whilst trustees should not attempt to 'get around' their reporting obligations, in some cases it may be that the reporting requirements have identified structures which would benefit from careful review to ensure that they remain fit for purpose and that the class of reportable persons is not unnecessarily wide (for example, where there are complex but obsolete protector committee arrangements or a very wide class of beneficiaries who are unlikely or not intended to benefit).

Please do not hesitate to contact us with any queries on your obligations under CRS or if we can assist with reviewing your CRS policies and procedures, or any particular structures for which CRS has caused any issues.