A new measure allows HMRC to obtain access to taxpayer data held by financial institutions. Financial Institution Notices (?FINs?) allow HMRC to demand taxpayer information from a financial institution without obtaining tax tribunal approval. HMRC believes that this will allow it to respond to international information requests quickly and bring the UK into line with international standards on tax transparency. Financial institutions will need to comply with these notices while managing their customer relationships.

FINs are part of a wider drive from HMRC to gather more data using its formal powers, either during an enquiry or as part of testing whether tax has been underpaid. Some financial institutions have raised concerns that FINs may be high frequency, lengthy and lacking in context for the recipient regarding why the information is required by a tax authority.

There are several key differences between FINs and other HMRC information requests.

The information request for which HMRC may be gathering data is likely to have come from an overseas tax authority. However, the FINs will not disclose which jurisdiction will ultimately receive the data provided. The process by which a FIN is issued also involves less oversight than the traditional third-party information notices. There is no tribunal approval before a FIN is issued, and no taxpayer or third-party appeal short of judicial review. These factors mean that it is important that a financial institution's internal governance procedures across the tax, legal and data teams are robust and provide a solid basis for replying to FINs.

There has also been publicity about HMRC's intention to use and share data received under the Common Reporting Standard (?CRS?). For example, HMRC could potentially use CRS data to generate prompts on online income tax self-assessment returns and to help collect UK tax debts using overseas assets. Financial institutions should anticipate that customers will be aware that detailed data on them could be exchanged with tax authorities first under the CRS and then under FINs.

Awareness is a different matter from acceptance, though, and financial institutions may face difficult conversations with their customers on this point, particularly if the data exchanged is later found to be misleading or flawed. This underlines the importance of effective cooperation between business functions, backed by evidence of robust processes, procedures and clear audit trails in relation to customer data that is reported.

In many cases, financial institutions will already have an embedded process for handling and sharing client data when it has been legally requested. FINs may present new challenges and so these processes could be reassessed, the relevant team trained on responding to FINs, and top-level oversight reinforced. Financial institutions may also want to update their customer policies to reflect how their data would be shared if the institution receives a FIN.

Finally, as speed is a priority for HMRC under FINs, financial institutions should take time now to check that detailed information requests can indeed be addressed within a 30-day deadline.

This publication has been written in general terms and we recommend that you obtain professional advice before acting or refraining from action on any of the contents of this publication. Deloitte LLP accepts no liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication.

Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 1 New Street Square, London EC4A 3HQ, United Kingdom.

Deloitte LLP is the United Kingdom affiliate of Deloitte NSE LLP, a member firm of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"). DTTL and each of its member firms are legally separate and independent entities. DTTL and Deloitte NSE LLP do not provide services to clients. 

© 2021 Deloitte LLP. All rights reserved.