Compliance

Financial institutions are required to comply with the due diligence and reporting requirements in the Inland Revenue Ordinance (Cap. 112) (IRO) and observe the Department’s Guidance for Financial Institutions which should be read to ensure consistency with the Commentaries on the Common Reporting Standard (CRS), CRS-related FAQs and CRS Implementation Handbook published by the Organisation for Economic Co-operation and Development (OECD).

Supervisory Activities

The Department takes a risk-based approach to ensure that reporting financial institutions comply with the due diligence and reporting requirements and seeks to minimise reporting financial institutions’ compliance costs while ensuring their level of compliance.

The Department will conduct desk-based reviews, on-site reviews and thematic reviews to ensure compliance. If the required information provided by the financial institutions under section 50C contains errors or omissions or the required procedures in section 50B have not been followed, the Department will take appropriate measures, including legal actions, to rectify the errors or to enforce compliance.

The Department will also review the non-reporting financial institutions to ensure they have satisfied the conditions set out in Schedule 17C for exemption from the due diligence and reporting requirements.

On-site Review

Before the commencement of an on-site review, the Department will send a notice to the financial institution regarding the scope of the review. The financial institution is expected to appoint a responsible officer with sufficient knowledge of its compliance system and process, including the required procedures in section 50B, so that assistance can be provided to the Department during the on-site review. The Department’s officers conducting the on-site review may:

interview the responsible officer and staff of the financial institution and service providers, making enquiry regarding the applying of the required procedures;
request a walk-through of the compliance system and process established and maintained;
examine the internal policy, procedural manual or handbook and staff training materials relating to the compliance of the standard for automatic exchange of financial account information;
conduct sample check of the evidence relied on and the record of the steps taken for carrying out the required procedures; and
review the correctness and completeness of the financial account information return.

Review Areas

Reviews and examinations will focus on areas assessed as high risks. The Department may take necessary actions to ensure that:

appropriate procedures for pre-existing accounts are in place to review electronically searchable data for indicia, perform paper record search and obtain self-certification and reasonable efforts are used to obtain TIN and date of birth of the account holders and controlling persons;
self-certifications are obtained upon opening of new accounts and their reasonableness is confirmed;
procedures are in place to determine whether there has been a change of circumstances in relation to the identity or reportable status of account holders and/or controlling persons;
undocumented accounts are properly classified and reported;
accounts that excluded from reporting are only those that meet the definitions and requirements of excluded accounts;
additional checking processes are in place if the account holder or controlling person declares themselves tax resident in a jurisdiction included on the OECD list as having a potentially high risk residence and citizenship by investment (CBI/RBI) scheme;
regular training is provided to ensure that frontline officers are aware of the required information and required procedures;
appropriate systems and procedures are in place to ensure complete and accurate information at the point of data extraction and return submission; and
procedures are in place to investigate and address the root causes of errors to prevent similar occurrences in future reporting and submit corrected data in a timely manner.

The above risk areas are quoted as examples only and not exhaustive. The Department may issue queries to request information and documents from financial institutions so as to review whether they fulfil their compliance obligations on AEOI. You can click here to view sample questions.

Record Keeping

In the course of reviews and examinations, the Department will ensure that:

sufficient records to support an account holder’s status (e.g. self-certifications and documentary evidence that assist in the determination of the account holder’s status) are retained and made available to the Department on request;
procedures that are designed to secure that any evidence relied on, and any record of the steps taken, for carrying out the procedures in relation to a financial account are kept for a period of 6 years beginning on the date on which the procedures are completed; and
sufficient records to the ascertainment of correctness and accuracy of the returns furnished by the reporting financial institutions are kept for a period of 6 years beginning on the date on which the return is furnished.

Criminal Sanctions

There are punitive provisions in the IRO to sanction financial institutions, service providers and others for offences committed. Three main categories of penalty are imposed to sanction non-compliance, submission of incorrect returns, and defrauding with intent. The levels of penalties (generally, penalty at Level 3 ($10,000) for the first two categories, and penalties at Level 3 ($10,000) or Level 5 ($50,000) with imprisonment for six months or three years for the last category) are laid down in sections 80B to 80F of the IRO.

In making a self-certification which is collected by a financial institution, if a person knowingly or recklessly makes a statement that is misleading, false or incorrect in a material particular, he/she will be liable on conviction to a fine at Level 3 ($10,000).