OECD assesses confidentiality and data security on behalf of participating jurisdictions


The Global Transparency Forum will assess confidentiality and data security so that participating jurisdiction do not have to self-assess this
1. It is astounding that several CRS participating jurisdictions such as Switzerland, Hong Kong, Bahamas and Singapore are still of the opinion that they can delay implementing a CRS Competent Authority Agreement if they subjectively judge that the partner country has inadequate data security and confidentiality controls.


Jurisdictions demonstrating they have no idea of confidentiality assessment has been taken out of their hands by OECD
The OECD issued an information brief in January 2016 that they would undertake the data security and confidentiality assessment on behalf of CRS participants. There was an update on the progress of this assessment in November 2016. Some jurisdictions are issuing statements which demonstrate they are completely unaware of the OECD updates.
2. OECD PDF document update January 2016 that they will assess the data security and confidentiality of Global Forum Members thereby reducing the need for each jurisdiction to conduct its own assessment of the information security practices of each of the many jurisdictions committed to implementing AEOI. Page 8: Question: How is the confidentiality of the information exchanged ensured?

Answer:
The Standard contains specific rules on the confidentiality of the information exchanged and the underlying international legal exchange instruments already contain safeguards in this regard. More detail is contained in the Commentaries on the Model CAA. Where these standards are not met (whether in law or in practice), countries will not exchange information automatically.

To facilitate the decision making by Global Forum members as to which jurisdictions they will automatically exchange information with, the Global Forum AEOI Group is undertaking high level assessments of the confidentiality and data safeguards of jurisdictions committed to AEOI.

Centralising this work in the Global Forum will further assist jurisdictions in speedily implementing AEOI, by reducing the need for each jurisdiction to conduct its own assessment of the information security practices of each of the many jurisdictions committed to implementing AEOI. The process is now underway with the first batch of around 50 assessments due to be finalised by the end of 2015 and the assessments with respect to the remaining committed jurisdictions due to be finalised by mid-2016.
3. OECD PDF document plenary of G20 November 2016 that the Global Forum committee has completed the assessment of 80 countries and will complete the list shortly Page 3 Par (6) An Expert Panel drawn from member jurisdictions has carried out preliminary assessments of the confidentiality and data safeguards framework of more than 80 jurisdictions, with the remainder to be finalised shortly. Any gaps identified will need to be addressed, with support and assistance being provided by the Global Forum Secretariat as necessary. The Global Forum has also started assessing the domestic legal frameworks requiring financial institutions to collect and report the data of each implementing jurisdiction. This risk-based gap analysis focuses on the key building blocks of the AEOI Standard which, if not legislated correctly, could undermine its effectiveness. Members agreed on a process to assess whether agreements are being put in place with all “interested appropriate partners” (being those interested in receiving information and which meet the required standards in relation to confidentiality and the proper use of data), a key element to the commitments made and to the delivery of a level playing field.