Edward Snowden shocked the world when he revealed the breadth and depth of the US government’s worldwide surveillance state.
What caused particular outrage was that this nearly all-seeing apparatus was aimed at millions of normal people without any proof of wrongdoing. Innocent people justifiably do not like having their privacy violated… for the most part.
While the world cried foul on the NSA’s shenanigans, another totalitarian threat to privacy is plowing ahead at full speed.
That is the threat to your financial privacy from a worldwide system of automatic exchange of information is very real. This is informally known as GATCA and is based on the atrocious FATCA law.
While this system is not operational yet, it will be in the years ahead.
For now at least, financial information exchanges between countries still take place through what is known as Tax Information Exchange Agreements (TIEAs) and DTAs (Double Taxation Avoidance agreements).
To find out more about what the heck these things are and how they affect your privacy, I’ll turn it over to International Man contributor Streber for all the details.
Until next time,
How TIEAs and Requests for Financial Information Work
What is a TIEA?
A TIEA is a Tax Information Exchange Agreement. The term “tax treaty” is used as an umbrella term for TIEA and DTA (Double Taxation Avoidance agreement). Historically, DTAs did not contain a clause for EOI (Exchange of Information) but this has changed in recent years with OECD recommending that DTAs also contain clauses for EOI.
Who can request information?
Each jurisdiction will have what’s called a competent authority (sometimes competent body—a government authority), which is usually that country’s FIU (Financial Intelligence Unit) or FSC (Financial Services Commission), tax authority, or ministry of finance. In some countries, these two are one and the same authority.
Law enforcement authorities themselves are rarely empowered to request information under a TIEA, but will instead request assistance from the competent authority.
How does a request work?
The competent authority in Jurisdiction A sends a request to the competent authority in Jurisdiction B.
The request is usually in the form of an email with an enormous PDF attached, which contains the actual letter of request and an authorized signature. This is typically enough for Jurisdiction B to get started on the request. At the same time, a physical letter is also sent to Jurisdiction B’s competent authority. Information will typically not be released until the physical letter from Jurisdiction A has reached Jurisdiction B.
Under most TIEAs, from receipt of request, the receiving competent authority should complete the whole process within 90 days. If it fails to do so, Jurisdiction B must give good reason for it. There are no known penalties for failing to provide information in a timely manner aside from a tarnished reputation. OECD uses speed of fulfilment of EOI requests as a metric in assessing the reputability of jurisdictions.
Jurisdiction B is supposed to only honor the request for information under TIEA if the competent authority in Jurisdiction A has exhausted all other means of retrieving information and Jurisdiction A can show reasonable suspicion (somewhat comparable to probable cause in criminal law) that the person on whom information is requested, does indeed have a company or bank account in Jurisdiction B.
The request must also fulfill detailed requirements. A request that is too vague will not be honored, as Jurisdiction B will deem it to be a so-called fishing expedition (frivolous extraction of information).
If the request is for a bank account, the request must contain at least the bank name and ideally bank account number. There is currently a lack of universally agreed-upon standards here; some jurisdictions may decline requests for EOI that other jurisdictions would honor.
A request for information about a company must contain the name of the company. It is not sufficient to ask for all companies belonging to a person without stating the name of each company.
Supposing that the request is for information about a bank account, the competent authority in Jurisdiction B will contact the bank in question. Again, this is usually done by email with gigantic PDFs in attachment. In some cases, it will be delivered by fax, registered mail, courier, or a personal visit.
The bank will then collect the information and provide it to the competent authority of Jurisdiction B. The bank must revert to the competent authority within 60 days. During that time, the bank can review the request to determine if it is legal. If the bank deems the request unlawful, they can refuse the request. The case may then either be taken to court or dropped.
Only account details for the bank(s) stated in the request will be disclosed. The competent authority in Jurisdiction A will not go looking in other banks.
In case the request is for a company, the competent authority in Jurisdiction B will contact the registered agent. The procedure is then the same as a bank account information request.
The competent authority of that jurisdiction must usually pay for all of Jurisdiction B’s costs of retrieving or attempting to retrieve the information, although this varies.
What information is disclosed?
TIEAs do not specify exactly what information is to be disclosed. It is up to the requested party to comply with the requesting party’s request in as much as is possible under domestic law.
For bank accounts, all information that domestic law allows should be disclosed. This can mean everything from account balance, to transactions, cards associated to the account(s), IP addresses of logins to e-banking, and so on. However, from what I’ve seen, information disclosures from banks usually contain transaction history and balance.
For companies, all information about the company which is in the registered agent’s possession can be disclosed. This means all company documents, identity documents for directors and shareholders, and—if stored there—financial statements.
How real is the risk?
Some FIUs/FSCs issue annual reports stating how many EOI requests were received and how many were fulfilled. The OECD will sometimes publish this number in a Peer Review. There are rarely more than a few hundred requests each year in total for the largest jurisdictions, where hundreds of thousands of companies, trusts, foundations, and bank accounts are registered.
TIEAs are rarely used, and it’s questionable how much of a threat they pose to secrecy provisions under laws of offshore jurisdictions. Some jurisdictions have signed TIEAs which they cannot honor.
Furthermore, they can cost a lot of money and take several months to produce any result, making them unappealing to the requesting competent authority. You need to be high on someone’s list of priorities for them to consider a request under a TIEA.
The future, however, is with something called AEOI (Automatic Exchange of Information). Under AEOI, jurisdictions will gather and send an annual report to all jurisdictions whose subjects (tax residents and/or citizens, as applicable) it has information about. Some see this is as good, while others see it as bad.
Editor’s Note: At International Man, we unambiguously view the automatic exchange of information between governments as very bad, but unfortunately inevitable. We believe that privacy is essential in preserving human dignity. Absent any proof of wrongdoing, a person’s privacy should remain secure; however, with the automatic exchange of information, this is not the case. The global system of automatic exchange of information (informally known as GATCA) was only made possible after the US government paved the way by cramming FATCA down the throats of the rest of the world. For more on that, see this must-read overview of where the world is headed.
Streber works as a consultant and director for a wide range of companies and has broad experience in offshore banking, offshore incorporation (formation and maintenance of offshore companies), taxation, privacy, ecommerce, merchant accounts, online payments, and all other things the privacy-minded entrepreneur might find interesting. You can read Streber’s blog on offshore incorporation and offshore banking.