Wednesday, 23 March, 2016

Exchange of Information: A Violation of Fundamental Rights?

Walter Stresemann, Managing Director of Vistra Geneva, recently produced this article for the Association Romande des Intermédiaires Financiers (ARIF) Newsletter. Walter is Treasurer and a member of the ARIF Committee which  is a private non-profit association of public utility, whose purpose is to assist in the prevention of and the fight against money laundering in relation with the Swiss Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector (MLA).


The global movement of recent years towards greater tax transparency has thrust upon us the automatic exchange of tax information (“AEOI”), embodied in the OECD’s Common Reporting Standards (“CRS”). In effect, the edicts of the OECD, a non-elected organization of bureaucrats, have shifted tax information from away from national parliaments to new “international common standards”.

These CRS norms have been almost universally accepted as a necessary evil, although only grudgingly by the financial sector, given the immense implementation costs. Surprisingly little concern has been voiced regarding the unconditional, across the board CRS approach to big data collection, especially when witnessing the hysterical reactions in some countries to Facebook, or Google data transfer issues.

Yet, one may argue that the CRS – the reach of which goes far beyond the US “FATCA” reporting system - raises questions with respect to its compatibility with the legal systems of individual nations and that of the European Union (EU) in particular. Indeed, one may argue that the provisions of the CRS raise important issues in relation to the fundamental right to privacy and to the protection of personal data.

A study of the European Banking Federation has drawn an analogy between CRS and a significant decision of the European Court of Justice, which in 2014 invalidated the so-called “Data Retention Directive” on the basis of the European Charter on Fundamental Rights. The Court ruled that “the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives”.

Similar principles of proportionality exist in the national data protection laws and jurisprudence of many European countries and it may be legitimately asserted that the CRS provisions, mandating the collection and reporting of very comprehensive items of information pertaining to the identity and financial situation of each person, may constitute a similar, serious violation of Articles 7 and 8 of the European Charter of Fundamental rights.

Indeed, the vast scope of CRS makes every citizen a potential suspect: it applies to everyone, everywhere, even when there is no evidence of tax evasion. The CRS data collection and processing is not limited to a particular time period and/or to a specific geographical zone, neither is it limited to a circle of particular persons suspected or likely, in one way or another, to be linked to acts of tax evasion.

Moreover, the access by national authorities to the collected data is not dependent on any independent prior review and there is a total absence of any specific, related criteria for limiting the access, subsequent exploitation and use of the data collected through AEOI to what is strictly necessary in the light of the objective pursued.

This unregulated, constant and continuous financial surveillance of taxpayers’ private life may in Europe further undermine trust in governments and lead to legal challenges against them and perhaps also financial institutions.

Meanwhile, here in Switzerland the Federal Council has repeatedly emphasized the importance of a level playing field and strict data protection rules in implementing AEOI. It is now well known that the USA is not participating in CRS. Furthermore, the most recent choice of South Korea as an AEOI partner – a country which according to the Swiss Federal Data Protection Commissioner has insufficient data protection standards – should at the very least stimulate further debate.



Managing Director,
+41 22 319 18 94