The Common Reporting Standard (CRS): The lessons for banks

Where are we and what happens next?

CRS has been keeping us and our bank clients very busy over the last few months. The first reporting deadline of 30 June 2017 (which was effectively extended to 31 July 2017 in both Guernsey and Jersey) has passed. But that does not mean that it is over – there are a lot of lessons that can be learned from the first round of reporting, due diligence procedures are ongoing, reporting is annual and new business needs to be brought within the regime.

Common problem areas

Some of the issues Guernsey and Jersey reporting financial institutions (including banks) have had to deal with include:

  • Whether a particular person is reportable – a careful and thorough analysis of the CRS legislation and account records is needed to identify who to report on. The risk of getting it wrong (by either failing to report or unnecessary reporting) could be severe
  • The form and content of self-certification forms and notifications to individuals that they will be reported on
  • Whether reporting on a particular individual will be a breach of the financial institution's duty of confidentiality or its data protection obligations
  • The exemptions to the reporting requirements which also require careful analysis

CRS is a complex area. Because it is new and Guernsey and Jersey are early adopters, there is little guidance and no examples of how certain aspects will be treated by the tax authorities and the courts. On the plus side, we can use our experience to improve systems and procedures for next year and to become leaders in this field, ahead of jurisdictions who will not be reporting until 2018 or after.

What you should do now

Banks should, over the next few months, examine their CRS policies and procedures, identifying what went well for the 2017 reporting and what did not, and to make any necessary changes.

For example banks should consider the following:

  • Client agreements and terms and conditions should be reviewed to ensure they adequately deal with disclosures under CRS and provide sufficient protection in the event of a challenge to the bank's reporting
  • Data protection policies in the lead up the introduction of the General Data Protection Regulation (GDPR) in May 2018. From a CRS perspective, particular attention should be given to ensuring the bank's data protection policies comply with its CRS obligations and are compatible with its CRS policies. Whilst reporting under CRS in most, if not all, cases will not of itself be a breach of data protection legislation, it will be a breach if the reporting is not in accordance with the bank's data protection obligations
  • The bank's self-certification forms and notices may need fine-tuning
  • The bank's CRS resources

Hopefully over the next twelve months banks will feel better equipped to deal with the 2018 reporting, having gone through it once. Also there may well be further guidance issued by the Guernsey and Jersey authorities and/or the OECD on the most common issues which have arisen.

Related articles

Insight +
Approaching digital assets as a professional trustee
10/07/25 As demand grows for trusts to hold digital assets, professional trustees must navigate fid...
Insight +
Trust briefing: Challenges to trustee decisions
03/07/25 It is often thought that a discretionary decision made by a trustee is difficult or someti...
Insight +
Sanctions versus contractual liability in Jersey law
24/06/25 The Jersey Royal Court decision of OWH v RTI [2025] JRC137 on 22 May 2025 addresses the ch...
Insight +
Trust briefing: When the child was a child
20/06/25 The beneficial class in many Jersey discretionary trusts will often be defined by referenc...