Investors fearful of CRS data breaches: OMI survey

Pedro Gonçalves
clock • 3 min read

A majority of international advisers say their clients are worried about the Common Reporting Standard (CRS), either because they do not understand it or are afraid of personal data breaches, a new survey reveals.

Research carried out by Old Mutual International, part of Quilter, reveals that 59% of advisers say their clients have concerns about the CRS in some way.

The main reasons why clients are worried about the CRS are that they do not understand it (25%) or that they want to simplify the process, with less personal data being shared (22%).

The information requested under the Common Reporting Standard includes, name, address, place and date of birth (for individual and controlling persons) countries and jurisdictions of tax residence, tax payer identification numbers, place of registration and incorporation for entities, entity type (for entities) and controlling person type for certain entity types.

This information is stored at financial firms and also communicated and shared with tax authorities—thereby creating additional points for unauthorised access.

Countries in the EU have exchanged financial information about accounts held by overseas residents since the introduction of the “common reporting standard” in 2017, designed to reduce tax evasion.

Research shows that in 2017, over 2.6 billion records were breached worldwide in 1,765 separate incidents. The vast majority of these breaches were caused by malicious outsiders gaining access to the data, but another major cause was accidental loss.

“With the CRS there is a lot of data moving around the world, not necessarily in a secure fashion, and this could lead to devastating consequences if people’s records are compromised.

“We know that data is at its most vulnerable when it is being transmitted, so it stands to reason that someone with complex financial affairs will want to find ways to mitigate the risks of their personal data being intercepted,” Jason Pearce, head of technical sales for Hong Kong and Northeast Asia at Old Mutual International, said in a statement.

“The data breaches experienced by companies such as Tesco Bank in the UK and Equifax in the US drive home just how badly things can go wrong. If the same thing were to happen to personal data being transferred by tax authorities around the world, the consequences could be exponentially higher,” he added.

One way to reduce the risk of data breach is to invest in assets such as bank deposits, exchange-traded funds, open-ended funds and hedge funds that can be held in a portfolio bond, according to Old Mutual International.

Rather than the managers of these individual assets reporting back and forth between various tax authorities, only the provider of the portfolio bond is required to report the surrender value to the relevant authority.

While clients have issues with the CRS, advisers said that they themselves either had a good understanding of the Standard (47%), a slight understanding (25%) or a strong understanding (19%). However, 9% of advisers surveyed said they had no understanding at all.

“The standard is designed to help combat tax evasion and therefore any customer who is not infringing the rules should feel that they have nothing to worry about,” Pearce said.

Several countries have started sharing bank account details with international partners, including Switzerland and Panama.