What Trust and Corporate Service Providers Need to Meet New Tax Compliance Challenges

If regulations are often a moveable feast, then the Automatic Exchange of Information (AEOI) agreements are a veritable mobile banquet.

Periodic updates to Common Reporting Standard (CRS) and Foreign Account Tax Compliance Act (FATCA) registration and reporting rules have long complicated financial institutions’ submissions data requirements, forcing firms to keep on their toes. Major amendments to the CRS (CRS 2.0) – published in finalised form in June 2023 and now being implemented by Crown Dependencies, the UK and other participating jurisdictions – will only add to Trust and Corporate Service Providers’ (TCSPs) data challenges.

Shifting landscape

Since the introduction of FATCA in 2014 and CRS in 2016, TCSPs have been required to submit annual returns to their local tax offices that detail balances and payments to account holders – information that is shared with other participating tax authorities as part of a concerted global drive to crack down on tax evasion.

Until recently, tax offices’ enquiries and visits have focussed on ‘getting it done’. Generally, this meant firms having written procedures and filing on time.

The focus is now shifting towards ‘getting it right’. The implications are significant. While in the past some TCSPs received fines for late filings, the potential penalties for filing inaccurate data going forward may be far greater.

Combined with the new obligations arriving in 2027 for 2026 data submissions under CRS 2.0 and the Crypto Asset Reporting Framework (CARF), this change in focus represents a major shift in the risk surrounding AEOI and puts a heightened emphasis on accurate data.

For example, CRS 2.0 requires two additional fields: one to identify accounts as ‘Pre-Existing’ or ‘New’, and the other to confirm that a valid self-certification is held for the account holder. Although seemingly trivial, the additions raise the potential for tax office investigation. Tax authorities will find it relatively easy to spot when a CRS submission indicates an account is ‘New’ but that the TCSP does not hold a valid self-certification for the account holder.

Why data accuracy really matters (and what happens when it goes wrong)

Across the Crown Dependencies, regulators are sharpening their focus on data reliability as two big changes come into effect:

1. Launch of the OECD’s new CARF, which is built on the same principles as CRS and is designed to track transactions in crypto-assets.
2. CRS 2.0 amendments, which centre on two main workstreams:
   1. Expanding the scope of financial accounts, financial assets and investment entities to include digital money products (electronic money products and central bank digital currencies) for the tracking of crypto-asset holdings. Financial institutions will need to ensure they can capture information related to e-money products and CBDCs, which may require enhancements to client onboarding processes, account classification systems and data collection mechanisms.
   2. New provisions aimed at improving due diligence procedures and reporting outcomes. Firms will need to collect and report additional information, including the role of account controlling persons (e.g. beneficial owners and trustees), whether an account is new or pre-existing, and the type of account being reported (e.g. depository, custodial or other). Reporting institutions also have a greater responsibility for scrutinising client-provided information to assess the validity of self-certifications. Compliance may involve updating client questionnaires, identifying high-risk Citizenship-by-Investment (CBI) and Residence-by-Investment (RBI) schemes, and implementing systems to track the new data elements and monitor changes in OECD guidance.

The implication is clear: bad data isn’t a minor operational issue, it’s a regulatory risk.

Key data reliability obligations: penalties are real and rising

Under the Guernsey Income Tax Regulations, 2025, a new enforcement power has been introduced enabling the Director of Revenue Services to impose a penalty of up to £10,000 if an Account Holder, Controlling Person or Entity fails to provide a valid self-certification. The rule applies even where the failure is procedural, not deliberate.

Earlier amendments to Guernsey’s CRS framework under the Guernsey Income Tax Regulations, 2021 set out sizable financial penalties that could be levied where CRS reports are inaccurate:

• If inaccuracies result from negligence, penalties are up to 0.5% of the balance or value of the account(s) to which the failure relates.
• In cases of fraud, the penalty is up to 1% of the account balance or value.

No penalty is payable though if a complete and accurate return is submitted before the Director opens an enquiry into potential non-compliance.

The Jersey Taxation Regulations 2015 take a simpler but still uncompromising approach to CRS reporting accuracy, with anyone who knowingly provides inaccurate information to the Jersey tax authorities liable to a penalty of up to £3,000.

The Isle of Man’s Income Tax Regulations 2015 stipulate that providing inaccurate information when meeting CRS obligations can result in a fine of up to £3,000. For significant non-compliance, the Assessor has powers to issue penalties of up to £10,000.

Directors and senior management: the buck stops here
Regulators across jurisdictions increasingly take the line that data quality is a governance issue, not just an operational one.

For example, Guernsey’s CRS and FATCA Compliance Information guidance stipulates that financial institutions’ Board or Senior Management equivalent:

• Should understand the institution’s CRS and FATCA obligations.
• Must ensure procedures are in place that accurately detail the firm’s CRS and FATCA obligations.
• Are responsible for “ensuring the financial institution provides complete and accurate data.”
• Should review whether appropriate ongoing compliance assurance reviews and/or audits are undertaken to ensure completeness and accuracy.
• Must review any “product and promotional material that includes information about CRS and FATCA, and confirm it is current and accurate.”

Failure here isn’t just a “systems problem” – it’s a management issue with real consequences.

The takeaway

Across Guernsey, Jersey and the Isle of Man, the direction of travel is evident:

• Bad or missing data now carries explicit financial penalties.
• Account values increasingly determine the size of those penalties.
• Boards and senior management are on the hook for ensuring data accuracy, controls and oversight.

Regulators expect you to be confident your data is right – and able to prove it.

Tax compliance solution

Technology that enables TCSPs to identify anomalies, gaps and errors can pre-empt data issues and the risk of CRS and FATCA non-compliance.

Embedding the complex rules that surround CRS and FATCA in automated rules-based monitoring of live data allows staff to spot and fix issues as they arise, rather than in a panic as the filing deadline approaches. Management information dashboards help business leaders develop a data-focussed culture and train staff to understand the requirements. Plus, using intelligent technology can reduce the time internal teams or external resources spend on data remediation or day-to-day checking.

As Gartner observed: “Data quality refers to the usability and applicability of data used for an organization’s priority use cases — including AI and machine learning initiatives. Data quality is usually one of the goals of effective data management and data governance. Yet too often organizations treat it like an afterthought.”

Without proper tools or technologies, warned Gartner, data quality processes end up manually-intensive and time-consuming, making them ineffective and costly in both resources and potential penalties.

Tax compliance today demands a whole lot more.