Financial institutions are required to comply with the due diligence and reporting requirements in the Inland Revenue Ordinance (Cap. 112) (IRO) and observe the Department’s Guidance for Financial Institutions which should be read to ensure consistency with the OECD’s Commentaries on the Common Reporting Standard (CRS), CRS-related FAQs and CRS Implementation Handbook.
The Department will conduct desk-based reviews, on-site reviews and thematic reviews to ensure compliance. If the required information provided by the financial institution under section 50C contain errors or omissions or the required procedures in section 50B have not been followed, the Department will take appropriate measures, including legal actions, to rectify the errors or to enforce compliance.
The Department will also review the non-reporting financial institutions to ensure they have satisfied the conditions set out in Schedule 17C for exemption from the due diligence and reporting requirements.
Before the commencement of an on-site review, the Department will send a notice to the financial institution regarding the scope of the review. The financial institution is expected to appoint a responsible officer with sufficient knowledge of its compliance system and process, including the required procedures in section 50B, so that assistance can be provided to the Department’s officers during the on-site review. The Department’s officers may:
- interview the responsible officer and staff of the financial institution and service providers, making enquiry regarding the applying of the required procedures;
- request a walk-through of the compliance system and process established and maintained;
- examine the internal policy, procedural manual or handbook and staff training materials relating to the compliance of the standard for automatic exchange of financial account information;
- conduct sample check of the evidence relied on and the record of the steps taken for carrying out the required procedures; and
- review the correctness or completeness of the financial account information return.
Reviews and examinations will focus on areas assessed as high risks to ensure that:
- appropriate procedures for pre-existing accounts are in place to review electronically searchable data for indicia, perform paper record search and obtain self-certification and reasonable efforts are used to obtain TIN and date of birth of the account holders and controlling persons;
- self-certifications are obtained upon opening of new accounts and their reasonableness is confirmed;
- procedures are in place to determine whether there has been a change of circumstances in relation to the identity or reportable status of account holders and/or controlling persons;
- undocumented accounts are properly classified and reported;
- regular training is provided to ensure that frontline officers are aware of the required information and required procedures;
- sufficient records are kept for a period of 6 years beginning on the date on which the return is furnished.
There are punitive provisions in the IRO to sanction financial institutions, service providers and others for offences committed. Three main categories of penalty are imposed to sanction non-compliance, submission of incorrect returns, and defrauding with intent. The levels of penalties (generally, penalty at Level 3 ($10,000) for the first two categories, and penalties at Level 3 ($10,000) or Level 5 ($50,000) with imprisonment for six months or three years for the last category) are laid down in sections 80B to 80F of the IRO.
In making a self-certification which is collected by a financial institution, if a person knowingly or recklessly makes a statement that is misleading, false or incorrect in a material particular, he will be liable on conviction to a fine at Level 3 ($10,000).