Tax Transparency: Unveiling Amendments to the Common Reporting Standard

insight featured image
On 17 October 2023, the Council of the EU adopted DAC8, the 7th amendment to the Directive on Administrative Cooperation (“DAC”).


The Directive will enter into force on 13 November 2023, and Member States will have until 31 December 2025 to transpose the Directive into national law, after which the provisions would come into effect as of 1 January 2026.

DAC8 broadly aligns with the OECD Crypto-Asset Reporting Framework (CARF) and its enjoined amendments to CRS.

The Directive is wide reaching in scope, and it can be summarized as comprising the following:  

  1. The introduction of a new reporting regime for crypto-asset service providers, or DAC8 proper.
  2. Amendments to previous iterations of the DAC:
    • DAC1: Broadening the list of income subject to mandatory Automatic Exchange of Information (AEoI) to include ‘non-custodial dividend income.’
    • DAC2: Enhancing the requirements of the Common Reporting Standard (CRS), which will be the focus of this article.
    • DAC3: Extending the AEoI regarding advance cross-border rulings for certain high net worth individuals.
    • DAC6: Amending the EU Mandatory Disclosure Rules, where “Legal Professional Privilege” is extended to all communications between lawyers and their clients, not just advice relating to the exercise of the rights of defence.

Whereas the new crypto-asset reporting regime represents the major addition to AEoI, the CRS amendments will be more consequential for financial institutions that have been implementing the regime since 2016. We will describe below the nature of those significant changes and their implications.

Inclusion of new financial products

Depository Accounts, as a category of financial accounts, are no longer restricted to the ‘traditional’ definition linked to banking or to interest-bearing accounts held with insurance companies. Added to this list is any account representing electronic money (e-money) or Central Bank Digital Currencies (CBDC.)

Consequently, any entity that holds e-money or CBDC for the benefit of customer will now fall under the term “Depository Institution”, a category of Reporting Financial Institutions under CRS.

To note that these new accounts would be reportable under CRS, with the exception of e-money accounts whose 90-day rolling average does not exceed USD 10,000 at any day during the year.

Expanding the definition of Investment Entities

To ensure consistency in regulations, derivatives linked to Crypto-Assets have been incorporated into the definition of Financial Assets. The definition of Investment Entity has also been broadened to include the activity of investing in Crypto-Assets, bringing these entities under CRS, given that the previous definition encompassed Financial Assets and money only.

Addition of new reportable data elements

The most substantial change to CRS will be the inclusion of new data in the annual reports, whose aim is viewed as improving the quality and usability of CRS reporting. Such a change will nonetheless require significant amendments to financial institutions’ IT systems and to their overall AEoI processes. These new reporting requirements will cover the following: 

  • Whether the Account Holder has provided a valid self-certification.
  • Whether the account is a joint account and, if so, the number of joint account holders.
  • Whether the account is pre-existing or new.
  • The account category: depository, custodial, debt or equity interest, or cash value insurance.
  • The role(s) a reportable person has when they hold an equity interest in an investment entity.

In addition, since its inception, CRS had allowed, through its XML schema, for reporting the role of a Controlling Person in relation to an entity account holder. Nevertheless, there was no legal mandate to include such data since the requirement was omitted from both the text of the Standard and OECD Commentary. The new Directive reconciles the requirements with the schema by mandating the inclusion of the role of Controlling Persons in relation to entity account holders.  

Qualifying certain capital contribution accounts as Excluded Accounts

Capital contribution accounts, intended to hold funds temporarily for new company incorporation or pending capital increases, will now be categorized as Excluded Accounts for a maximum period of 12 months from account opening date, if appropriate safeguards are placed.

Customer due diligence

When onboarding new entity accounts, and when determining the Controlling Persons of these entities, financial institutions may rely on information collected pursuant to AML/KYC procedures. The CRS amendment now stipulates that these procedures must be consistent with the EU Anti-Money Laundering Directive, where legally required.

Exclusion of genuine charities from reporting requirements.

Under existing CRS rules, non-profit entities are not excluded from being classified as “investment entities” and, consequently, Reporting Financial Institutions. The CRS amendments now allow for an optional new “Non-Reporting Financial Institution” category for genuine non-profit entities if they satisfy certain conditions and if they undergo adequate verification procedures by tax authorities.

Next steps

These impending changes to CRS may appear to provide a generous timeframe, given that they are set take effect on 1 January 2026. But financial institutions must recognize that the lead time is crucial for seamless implementation. Beyond the requisite IT modifications, institutions must dedicate considerable effort to reassess their existing client portfolios to ensure the availability of new reportable information, particularly the existence of valid self-certifications, or lack thereof. Therefore, it is essential for institutions to manage their CRS compliance and reporting obligations, and have robust systems in place in order to remain fully compliant under the regime.

How can Grant Thornton help?

We can assist financial institutions in implementing effective processes to ensure compliance with the new requirements as follows:

  • Impact assessment report;
  • Training and awareness;
  • Governance and procedures;
  • Ongoing compliance management;
  • Data health checks
  • Reporting and filing.