Tax treaties are usually positive or benign. The Obama Administration, the Organization for Economic Co-operation and Development (OECD), and tax officials in various national governments have marketed the Protocol amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters as just another tax treaty. It is nothing of the sort.
On October 29, 2015, the Senate Foreign Relations Committee held a hearing on the Protocol and seven other tax treaties. On November 10, 2015, the committee voted to approve these treaties, including the Protocol, for consideration by the full Senate.
Even worse than the Protocol is the follow-on OECD treaty—the Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information—that implements both the Protocol and the 311-page OECD Standard for Automatic Exchange of Financial Account Information in Tax Matters. Together, the proposed Protocol, the Competent Authority Agreement, and the OECD Standard constitute the tripartite constituents of the new automatic information-exchange regime that is being promoted by the OECD and international tax bureaucrats.
U.S. Information Sharing
U.S. tax return information may only be lawfully disclosed to a foreign government pursuant to a ratified treaty. Thus, the Protocol and Competent Authority Agreements are necessary to facilitate the contemplated automatic information sharing. The U.S. Department of the Treasury may not automatically share the information without Senate ratification of information-sharing treaties. The Treasury may currently share requested information about particular taxpayers authorized under the original Convention on Mutual Administrative Assistance in Tax Matters.
The Obama Administration has endorsed the OECD Standard, but has not yet signed the Competent Authority Agreement. Given the Administration’s strong support for automatic information sharing for tax purposes, it will probably sign the Competent Authority Agreement and present it to the Senate for ratification if the Protocol is ratified. The Senate should not ratify this treaty.
The Protocol, the Competent Authority Agreement, and the OECD Standard would commit the U.S. government to provide participating foreign governments—regularly, automatically, and in bulk—with the private tax, banking, brokerage account, and insurance information of almost all foreign individuals or businesses with accounts in the United States and of many American businesses and citizens. American businesses with operations abroad would be the Americans at the most serious risk, since their domestic operations are in principle relevant to foreign governments’ tax determinations and lawfully part of the contemplated automatic information exchange.
Both U.S. businesses with operations abroad and American businesses that export are at heightened risk given the information production requirements in Action Item 13 of the OECD Base Erosion and Profit Shifting project. These requirements would enable foreign governments to demand unprecedented information from U.S. companies related to transfer-pricing documentation. Americans living abroad or in the U.S. who have foreign bank accounts will have their information reported. However, it is highly likely that the contemplated bulk information transfers will include the tax information of those living domestically.
There are few incentives in place for U.S. authorities to ensure that irrelevant tax information is not included in the bulk transfers. The most serious overall risk is to foreigners who have accounts in the West and are political opponents of authoritarian governments or members of persecuted religious or ethnic minorities. The financial information about these dissidents, opposition groups, and minorities will almost certainly be used inappropriately by authoritarian governments.
In the OECD’s words, the new “standard consist of a fully reciprocal automatic exchange system.” “Automatic exchanges involves the systematic and periodic transmission of bulk taxpayer information.” Currently, 72 governments participate in the automatic information-exchange Protocol (the Amended Convention). Others, including the U.S., participate in the original multilateral information-sharing convention, which does not require automatic information exchange. If the U.S. ratifies the Protocol and implements the OECD Standard, the U.S. government would be providing information to the governments of China, Russia, Nigeria, Kazakhstan, Indonesia, Argentina, Colombia, and other governments that are either hostile to the United States, corrupt, or both.
The recent hacks of the federal Office of Personnel Management (OPM), the Internal Revenue Service, and private databases have increased the public’s uneasiness about breaches of confidential data. If the U.S. ratifies the Protocol and implements the OECD Standard, the Chinese and Russian governments—to the extent that they are behind these hacks—will no longer need to hack the U.S. government or U.S. companies to obtain some of the information that was obtained in the hacks. The U.S. government will provide them the information as part of a bulk transfer.
Under Article 22, Section 2, of the Protocol, the data provided may be lawfully used only for tax purposes. The Treasury Department is cognizant that the new information-sharing regime raises serious confidentiality issues. In testimony delivered in October 2015, Treasury Deputy Assistant Secretary for International Tax Affairs Robert B. Stack said:
One of the critical principles under today’s existing international standards for information exchange upon request is that the country receiving information must ensure that exchanged information is kept confidential and only used for legitimate tax administration purposes. Consistent with this standard, the United States will not enter into an information exchange agreement unless the Treasury Department and the IRS are satisfied that the foreign government has strict confidentiality protections. Specifically, prior to entering into an information exchange agreement with another jurisdiction, the Treasury Department and the IRS closely review the foreign jurisdiction’s legal framework for maintaining the confidentiality of taxpayer information. Before entering into an agreement, the Treasury Department and the IRS must be satisfied that the foreign jurisdiction has the necessary legal safeguards in place to protect exchanged information.
In other words, “Don’t worry. The IRS will protect us.”
Given the recent IRS track record of abusing taxpayer information and failing to protect its own databases, the Senate should be reluctant to ratify any agreement that relies so heavily on the IRS to protect American taxpayers.
Even assuming that the IRS was serious and diligent in protecting U.S. citizens’ private information and willing to terminate information sharing with a noncompliant foreign government, there is little reason to believe that it has the means to detect internal government transfers of data from, for example, the Russian or Chinese tax agencies to other Russian or Chinese government agencies, such as the Federal Security Service of the Russian Federation (FSB) or the Chinese Ministry of State Security.
The idea that the Russian, Chinese, and other countries’ tax authorities will not share the information with their intelligence services, other government agencies, and businesses (whether state-owned or private) is extraordinarily naïve. It is also naïve to think that the U.S. government can detect this intragovernmental transfer of data between foreign government agencies or ensure that it does not take place.
Moreover, even making the heroic assumption that the participating governments will all operate in good faith and seek to protect the information on businesses and individuals rather than unlawfully use or disseminate it, there is little reason to believe that many of these governments’ data protection methods are as good as those of technologically advanced Western governments. Even Western governments with their resources and technology have proven unable to protect the collected information. Developing countries such as Nigeria, Kazakhstan, Indonesia, Argentina, and Colombia will not have sophisticated breach prevention technologies and information technology personnel. Thus, there is every reason to believe that the databases of bulk taxpayer information created in compliance with the Protocol will be hacked and U.S. taxpayer data will be compromised.
Furthermore, the Protocol will enable authoritarian governments to abuse the shared information to suppress dissidents, political opponents, and disfavored ethnic or religious minorities. These governments will know precisely who has financial resources outside the country and where. The data will also be a rich source of information for corrupt governments, corrupt officials within those governments, and the criminal organizations to which they sell the data to engage in identity theft, conduct industrial espionage, or identify targets for kidnapping or extortion. Governments will likely use the information for deleterious purposes. A 2015 World Bank study found that disclosure has a negative impact on firms operating in countries with weak property rights protection and high levels of corruption.
Why Financial Privacy Matters
Financial and personal privacy is a key component of life in a free society. Unlike totalitarian regimes, free societies allow individuals a private sphere free of government involvement, surveillance, and control. The U.S. Constitution enshrines this right in its Fourth Amendment. All liberal democracies recognize this right to varying degrees and in varying ways.
In general, individuals should control who has access to information about their personal or financial lives. Individuals should be free to lead their lives unmolested and unsurveilled unless there is a reasonable suspicion that they have committed or may commit a crime. Any information-sharing regime needs to include serious safeguards to protect the privacy of individuals and businesses.
Financial privacy can be the difference between the survival or systematic suppression of an opposition group in a country with an authoritarian government. Many dissident and human rights groups maintain accounts outside the countries where they are active for precisely this reason. Similarly, business people who oppose an authoritarian government will often maintain financial resources beyond the reach of that government. Financial privacy can help to prevent corrupt officials from abusing their trust by selling information for identity theft, identifying kidnapping victims, or financial fraud. Financial privacy is the instrument that citizens can use to protect themselves from corrupt or authoritarian governments and from criminals working independently or in league with governments or government officials. Financial privacy can allow people to protect their life savings when a government confiscates its citizens’ wealth, whether for political, ethnic, religious, or “merely” economic reasons. Businesses need to protect their private financial information, intellectual property, and trade secrets from competitors to remain profitable. In short, financial privacy is of deep and abiding importance to freedom because many governments have shown themselves willing to routinely abuse private financial information.
The Multilateral Convention on Mutual Administrative Assistance in Tax Matters
The Multilateral Convention on Mutual Administrative Assistance in Tax Matters was agreed to on January 25, 1988, and entered into force in 1995. The United States ratified the convention on January 30, 1991. Article 4 of the original convention states: “The Parties shall exchange any information, in particular as provided in this section, that is foreseeably relevant to…the assessment and collection of tax, and the recovery and enforcement of tax claims.”
However, Article 5 provides that this obligation is only upon request by a government “for information referred to in Article 4 which concerns particular persons or transactions.” Article 6 permits but does not require automatic exchange of information. Article 22 contains provisions designed to protect the privacy of the information exchanged by the contracting states.
Countries around the world have entered into more than 500 bilateral tax information exchange agreements modeled on the OECD model Agreement on Exchange of Information on Tax Matters. Article 5 of the model treaty makes it clear that the information must be provided only upon request and that automatic provision of the information is not required. Article 8 of the OECD model contains privacy protections.
The New Automatic Information Exchange Regime
Together, the proposed Protocol, the Competent Authority Agreement, and the OECD Standard constitute the tripartite constituents of the new automatic information-exchange regime.
The Protocol. The proposed Protocol amending Multilateral Convention on Mutual Administrative Assistance in Tax Matters was opened for signature on May 27, 2010, and entered into force on June 1, 2011. The United States signed the Protocol on May 27, 2010. On February 26, 2014, the Senate Foreign Relations Committee held a hearing on a number of tax treaties including the Protocol. On April 1, 2014, the Protocol was reported out of the committee favorably, but it was not ratified by the U.S. Senate. On October 29, 2015, the Senate Foreign Relations Committee held a hearing on the Protocol and seven other tax treaties. On November 10, 2015, the committee voted to favorably report these treaties for consideration by the full Senate.
Perhaps the greatest difference between the amended convention and the original is that the amended convention is open to all countries, not just members of the OECD or the Council of Europe as was the case with the original convention. To date, 90 governments have signed either the original convention or the amended convention. This means that a great many states that either are hostile to the United States, have serious corruption problems, have inadequate privacy protections, or have a combination of these attributes are participating or will participate in the automatic information exchange contemplated by the amended convention.
However, Article 6 of the amended convention requires automatic information exchange only in the case of mutual agreement. Thus, although the Protocol lays the groundwork for automatic information exchange, it is the subsequent agreement made by the U.S. and other countries with the G20 endorsement of the OECD Standard for Automatic Exchange of Financial Account Information in Tax Matters and the multilateral Competent Authority Agreement that actually implement the automatic exchange of information contemplated by the Protocol.
The Protocol also provides that exchanged information may be used for criminal tax purposes without the need of the prosecuting government to receive clearance from the government providing the information. This raises the potential for abuse. Authoritarian governments have often abused Interpol Red Notices. Since even the IRS has used uneven enforcement of the tax laws to influence the political process, there is little doubt that unaccountable foreign governments will use tax enforcement as an additional means to oppress opponents.
The Protocol imposes a new obligation on the government receiving an information request to “use its information gathering measures to obtain the requested information, even though the requested State may not need such information for its own tax purposes.” This new obligation will impose costs on the U.S. government that only aid foreign states in collecting their own taxes. It also raises the possibility that the U.S. government will become a party to illegitimate “tax” information requests that really have a different, ulterior motive. Moreover, as discussed below, it will impose additional costs and obligations on U.S. financial institutions and will have a disproportionate adverse impact on small financial institutions.
The Protocol prohibits “a requested State to decline to supply information solely because the information is held by a bank, other financial institution, nominee or person acting in an agency or a fiduciary capacity or because it relates to ownership interests in a person.” Therefore, bank secrecy laws are not a basis for rejecting information requests.
The OECD Standard. On February 23, 2014, the G20 finance ministers endorsed the Common Reporting Standard (CRS) for automatic exchange of tax information, which is now incorporated into the full version of the OECD Standard for Automatic Exchange of Financial Account Information in Tax Matters. On May 6, 2014, all 34 OECD member countries along with several nonmember countries endorsed the OECD Declaration on Automatic Exchange of Information in Tax Matters. The OECD Council approved the OECD Standard on July 15, 2014. On July 21, 2014, the OECD released the full version of the OECD Standard. The OECD expects the first automatic information exchanges under the CRS to occur in 2017.
The OECD Standard provides for governments to annually and automatically collect and exchange with other participating governments bulk financial account information, such as balances, interest, dividends, investments, and proceeds from sales of financial assets. It covers accounts held by individuals and entities, including businesses, trusts, and foundations. Not just banks, but broker-dealers, investment funds, and insurance companies are required to report.
The CRS will impose still another compliance burden on financial institutions. There are no exemptions for small financial institutions. It will have a disproportionately large adverse impact on small financial institutions, such as community banks, because costs do not increase linearly with size. Accordingly, the CRS can be expected to further harm small banks and broker-dealers and lead to a further concentration in the banking and brokerage industries. The CRS would add hundreds of pages of rules to the voluminous tax information reporting, “know your customer,” and anti–money-laundering provisions with which financial institutions must currently comply.
The OECD Standard has two parts. First, the CRS contains the reporting and due diligence rules. Second, the model Competent Authority Agreement contains the detailed rules on the exchange of information. The financial information to be reported on “reportable accounts” includes all types of investment income—including interest, dividends, income from certain insurance contracts, and other similar types of income—plus information about account balances, investments, and proceeds from the sale of financial assets. Not only are banks and custodians required to report, but also other financial institutions such as brokers, investment funds, and insurance companies. Reportable accounts include accounts held by individuals and entities, including trusts and foundations. The OECD Standard includes a requirement to look through passive entities to report on the individuals that ultimately control these entities. The CRS also requires financial institutions to follow due diligence procedures to identify reportable accounts.
Under the OECD Standard, a preexisting entity account becomes a reportable account when the aggregate balance or value exceeds $250,000. All new accounts are subject to the CRS reporting requirements. For purposes of the CRS, financial institutions include not only banks but also other financial institutions, such as brokers, certain “collective investment vehicles,” and insurance companies.
Competent Authority Agreement. Paragraph 1.1 of Section 2 of the Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information provides that:
Pursuant to the provisions of Articles 6 and 22 of the Convention and subject to the applicable reporting and due diligence rules consistent with the Common Reporting Standard, each Competent Authority will annually exchange with the other Competent Authorities, with respect to which it has this Agreement in effect, on an automatic basis the information obtained.
Thus, it commits participating governments to automatic information exchange, and it incorporates by reference the OECD CRS, which OECD bureaucrats can and will change without any additional action by the Senate or, for that matter, the U.S. government. It then details what bulk taxpayer information must be provided (e.g., names, identification numbers, account balances, income, and insurance policy information) and how to provide the information.
Principles of Proper Intergovernmental Information Exchange
The first business of government is to protect the life, liberty, and property of its citizens. Accordingly, international information sharing directed at preventing terrorism, crime, and fraud is an important and appropriate function of government. It is, however, important to recognize four important qualifications:
- Not all governments can be trusted to share these goals. For example, habitual human rights abusers and terrorist allies—such as Iran, Cuba, and Syria—are members of Interpol and United Nations bodies involved in information sharing. Liberal democratic governments need to be careful regarding with whom they share information. Similarly, reports about abuse of Interpol Red Notices for political purposes should prompt a reevaluation of uncritical information sharing.
- Many governments have troubling elements within them. Corruption or ideology makes information sharing with such governments highly problematic. Shared information can be used to oppress political opponents, support terrorism, identify kidnapping targets, facilitate financial fraud, enable identity theft, or advance other nefarious purposes.
- Information sharing for law enforcement purposes should be limited to crimes that any liberal democratic state would regard as criminal. Terrorism, violent crime, and fraud would meet that test. Speaking out against one’s government, peaceful political or labor organizing, gambling, tax evasion, and homosexual behavior would not. No liberal democratic government should share or be required to share information to enforce laws that criminalize behavior that is not illegal under the laws of the government from which the information is being requested. This is sometimes known as the principle of dual criminality.
- Many governments are more than willing to exploit information-sharing arrangements for inappropriate commercial purposes such as industrial espionage. Steps need to be taken to limit this risk and to protect the commercial interests of countries participating in good faith in information-exchange regimes.
Information sharing for tax collection requires a different analysis. First, tax evasion is not a crime in many liberal democratic states, only a civil violation. Second, the willingness to impose costs on the private sector and to violate the privacy interests of ordinary people for tax purposes should be less than for preventing terrorism or crime. This is because the benefit of preventing terrorist attacks or crime is higher. All information-sharing programs need to be subject to serious cost–benefit analysis. Typically, the only factor seriously considered by proponents of tax information sharing agreements is whether they will raise revenue. Compliance costs, economic effects, and privacy rights are disregarded in practice. For example, the vociferous criticism by strong U.S. allies in Europe and Canada of the U.S. Foreign Account Tax Compliance Act as extraterritorial overreach should give U.S. policymakers pause. Third, tax information sharing programs are quite often a veiled attempt to stifle tax competition from low-tax jurisdictions. Tax competition is salutary and limits the degree to which governments can impose unwarranted taxation.
The best means of achieving these goals is to replace the current patchwork of international agreements with a well-considered, integrated international convention that ensures robust information sharing to prevent terrorism, crime, and fraud, but provides enforceable legal protections for the financial and other privacy interests of member states’ citizens and the legitimate commercial interests of their businesses.
Membership in this convention should be restricted to governments that (1) are democratic; (2) respect free markets, private property, and the rule of law; (3) can be expected to always use the information in a manner consistent with the security interests of the member states; and (4) have in place—in law and in practice—adequate safeguards to prevent the information from being obtained by hostile parties or used for inappropriate commercial, political, or other purposes.
Such an arrangement would facilitate law enforcement and anti-terrorist aims by allowing the safe and more expeditious exchange of more information. It would also provide, for the first time, enforceable legal protections for the rights of citizens of the member states.
Financial and personal privacy is a key component of life in a free society. Free societies allow individuals a private sphere free of government involvement, surveillance, and control. The U.S. Constitution enshrines this right in its Fourth Amendment.
The Protocol amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters would largely end financial privacy. It would lead to substantially more transnational identity theft, crime, industrial espionage, and suppression of political opponents and religious or ethnic minorities by authoritarian and corrupt governments, including Russia, China, Colombia, and Nigeria. The Protocol is simply the first step in a contemplated new and extraordinarily complex international tax information sharing regime involving not only the Protocol, but also the Competent Authority Agreement on Automatic Exchange of Financial Account Information, the OECD Standard for Automatic Exchange of Financial Account Information in Tax Matters, and certain provisions in the OECD Base Erosion and Profit Sharing project. Unlike the original multilateral convention, the amended convention is open to all governments. This means that many states that either are hostile to the United States, have serious corruption problems, have inadequate privacy protections, or have a combination of these attributes are participating or will participate in the contemplated automatic information exchange regime.
The Protocol will put Americans’ private financial information at risk. American businesses that have operations abroad or sell abroad are at particular risk. The Protocol will impose substantial additional compliance burdens on financial institutions that will have a disproportionate adverse impact on smaller businesses, such as community banks and small broker-dealers. The Protocol will create a rich source of sensitive financial information, scattered in databases around the world, held by corrupt governments or governments with inadequate safeguards, ready to be hacked by or sold to criminals or hostile governments. The Protocol will also aid governments that want to confiscate their citizens’ wealth for “merely” economic reasons.
The Senate should not ratify the Protocol.
—David R. Burton is Senior Fellow in Economic Policy in the Thomas A. Roe Institute for Economic Policy Studies, of the Institute for Economic Freedom and Opportunity, at The Heritage Foundation.