CRS Reporting

The Common Reporting Standard (CRS), developed by the OECD and endorsed by the G20, is the global standard for automatic exchange of financial account information between tax authorities. CRS is implemented in domestic legislation by over 110 participating jurisdictions through the Multilateral Convention on Mutual Administrative Assistance in Tax Matters and bilateral Competent Authority Agreements. Financial institutions (FIs) must identify the tax residency of account holders — for individual accounts using self-certifications (akin to FATCA W-8 series), for entity accounts using entity classification (investment entities, passive NFEs with controlling persons) — and report annually to their domestic tax authority information including account holder details, TIN, account balance, and income/proceeds. The OECD CRS XML Schema v2.0 is the standard submission format. Domestic tax authorities then exchange this data bilaterally with the account holder's country of tax residence under CRS exchange relationships. The 2023 Crypto-Asset Reporting Framework (CARF) extends CRS-like reporting to crypto-asset service providers, with implementation timelines being set by participating jurisdictions.

The engineering complexity of CRS is driven by entity classification logic and multi-jurisdiction scope. Unlike FATCA (which focuses on US persons), CRS requires FIs to determine the tax residency of all non-resident account holders — a potentially global set of jurisdictions. Entity account classification requires determining whether an entity is an investment entity (either an FI or a passive NFE), an active NFE, a FATCA-exempt equivalent, or a government entity — using legal form, income and asset tests, and business activity analysis. For passive NFEs, the look-through requirement mandates identifying all controlling persons (individuals owning more than 25%, or in some jurisdictions a lower threshold) and their tax residencies. This controlling person identification can require piercing multi-tier ownership structures through multiple holding companies. The remediation and self-certification collection processes for large existing customer populations at CRS implementation are typically the most labor-intensive aspect — requiring outreach workflows, document collection, and quality review at scale.

CRS and FATCA are operationally linked but technically distinct, creating "dual-track" compliance programs that share data sources but diverge in classification logic, reporting formats, and submission infrastructure. Jurisdictions that are both CRS participating and have FATCA IGAs (most major financial centers) require FIs to maintain both FATCA GIIN status and CRS compliance simultaneously. The 2023 CARF framework adds a third track for crypto-asset service providers that may be entirely new to tax reporting obligations. Domestic implementations of CRS vary: some jurisdictions apply enhanced due diligence thresholds different from the OECD standard model, some have different pre-existing account review timelines, and some impose additional local reporting requirements beyond the CRS standard. For financial institutions with branches or subsidiaries in multiple CRS jurisdictions, each entity may have different domestic CRS regulations while using a shared global customer data platform.

We build CRS compliance platforms with entity classification engines that implement OECD CRS due diligence procedures as code — income tests, asset tests, and business activity analysis implemented as configurable rule sets that can be updated when domestic legislation deviates from the OECD model. Our controlling person identification workflows support multi-tier ownership resolution with configurable jurisdiction-specific thresholds and escalation to relationship managers when automated resolution is insufficient. CRS XML v2.0 submissions are validated against OECD schema and against domestic tax authority submission guidelines before filing.

Compliance-Native Architecture Guide

Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.