Law firm Mishcon de Reya has taken legal steps against the Common Reporting Standard (CRS) and the Beneficial Ownership registers in order to, the firm said, “call into question the wider repercussions for fundamental rights and the relationship between individuals and the State.“
The majority of UK bank account holders living in one of the 100 plus countries that have joined the CRS will be affected by this, with many of these countries having lesser standards of data protection and/or information security.
The CRS and the Beneficial Ownership registers have been introduced to fight tax evasion and money laundering. In addition, Beneficial Ownership registers should (in the eyes of their proponents) provide additional economic benefits by making information about the ownership of companies fully accessible to the public.
In the UK, ultimate beneficial ownership information has been available online since 2016 and other EU Member States will have to remove the need to demonstrate a "legitimate interest" by 2020. Practically, anyone owning a substantial interest in a private company based in Europe (or with a European subsidiary) will see their details published, regardless of where they are resident, the nature of the business or the nature of their involvement in that business.
Mishcon de Reya’s contention is that the publication of sensitive data concerning the internal governance and ownership of private companies by the Beneficial Ownership Registers is not necessary to achieve the stated objectives.
Similarly, it said it believes that “the exchange of information under the CRS is excessive, as information is exchanged indiscriminately and affects all account holders regardless of the size of the account.”
The law firm added that information exchanged under the CRS includes sensitive personal data (such as the name, date/place of birth and tax identification number of the account holder) as well as financial data about the financial account itself such as the account number and balance. Mishcon said this exposes compliant account holders to risk of hacking and data loss: it could lead to identity theft on a grand scale.
The challenge, as stated by a European data protection authority (Article 29 Working Party) in a letter to the OECD and the EU dated 12 December 2016, is to "identify methods to pursue the legitimate aim of fighting tax evasion through efficient mechanisms that do not expose individuals' rights to disproportionate interference".
The firm added that multiple letters have been written to Her Majesty's Revenue and Customs (HMRC) and Companies House to ask for confirmation that they will not exchange or publish information under the CRS or the UK version of the Beneficial Ownership Registers (a.k.a. 'PSC' registers). HMRC has already formally refused to provide such confirmation.
Accordingly, a formal complaint has now been issued by Mishcon de Reya to the UK's Information Commissioner under the GDPR copying in the EU's data protection authorities.
Mishcon de Reya partner, Filippo Noseda, who is leading this legal action, said: "After more than three years of assiduous campaigning on this issue and the publication of a comprehensive report by the Mishcon Academy, the time has come to take action. There is a wealth of objective evidence supporting our proposition not least the comparisons made between the CRS and the Data Retention Directive – the latter of which was effectively declared illegal by the European Court of Justice in 2016. In a democratic society, the rights to privacy and data protection are an essential safeguard to protect compliant citizens against potential abuses and must be treated with the appropriate seriousness by the authorities."
|RATE THIS ARTICLE|
THIS WEEK'S TOP STORIES
PAM (Private Asset Managers) and its sister website PAMonline combine to provide "...the best guide available to the leading firms in private client fund management" (FINANCIAL TIMES). PAM compares managers on a level playing field by key data such as fees and charges, minimum investment thresholds and so on.