What is a TIEA?
A TIEA is a Tax Information Exchange Agreement. The term tax treaty is used as an umbrella term for TIEA and DTA (Double Taxation Avoidance agreement). Historically, DTAs did not contain a clause for EOI (Exchange Of Information) but this has changed in recent years with OECD recommending that DTAs also contain clause for EOI.
Who can request information?
Each jurisdiction will have what’s called a competent authority (sometimes competent body; a government authority), which is usually that country’s FIU (Financial Intelligence Unit) or FSC (Financial Services Commission), tax authority, or ministry of finance. In some countries, these two are one and the same authority. See Links for a list of (some) offshore FIUs.
Law enforcement authorities themselves are rarely empowered to request information under a TIEA, but will instead request assistance from the competent authority.
How does a request work?
The competent authority in Jurisdiction A sends a request to the competent authority in Jurisdiction B.
The request is usually in the form of an email with an enormous PDF in attachment, which contains the actual letter of request and an authorized signature. This is typically enough for Jurisdiction B to get started on the request. At the same time, a physical letter is also sent to Jurisdiction B’s competent authority. Information will typically not be released until the original letter from Jurisdiction A has reached Jurisdiction B.
Under most TIEAs, from receipt of request, the receiving competent authority should complete the whole process within 90 days. If it fails to reach this, Jurisdiction B must give good reason for it. There are no known penalties for failing to provide information in a timely manner aside from a tarnished reputation. OECD uses speed of fulfilment of requests EOI as a metric in assessing the reputability of jurisdictions.
Jurisdiction B is supposed to only honour the request of information under TIEA, if the competent authority in Jurisdiction A has exhausted all other means of retrieving information and Jurisdiction A can show reasonable suspicion (somewhat comparable to probable cause in criminal law) that the person, for whom information is requested, does indeed have a company or bank account in Jurisdiction B.
The request must also fulfil detail requirements. A request that is too vague will not be honoured, as Jurisdiction B will deem it to be so-called fishing expedition (frivolous extraction of information).
If the request is for a bank account, the request must contain at least the bank name and ideally bank account number. There is currently a lack of universally agreed-upon standards here and some jurisdictions may decline requests for EOI that other jurisdictions would honour.
A request for information about a company must contain the name of the company. It is not sufficient to ask for all companies belonging to a person, without stating the name of each company.
Supposing that the request is for information about a bank account, the competent authority in Jurisdiction B will contact the bank in question. Again, this is usually done by email with gigantic PDFs in attachment. In some cases, it will be fax, registered mail, courier, personal visit, or what have you. It varies a lot. The bank will then collect the information and provide it to the competent authority of Jurisdiction B. The bank must revert to the competent authority within 60 days. During that time, the bank can review the request to determine if it is legal. If the bank deems the request unlawful, they can refuse the request. The case may then either taken to court or dropped.
Only account details for the bank(s) stated in the request will be disclosed. The competent authority in Jurisdiction A will not go looking in other banks.
In case the request is for a company, the competent authority in Jurisdiction B will contact the registered agent. The procedure is then the same as bank account information request.
The competent authority of that jurisdiction must usually pay for all of Jurisdiction B’s costs of retrieving or attempting to retrieve the information, although this varies.
What information is disclosed?
TIEAs do not specify exactly what information is to be disclosed. It is up to the requested party to comply with the requesting party’s request in as much as is possible under domestic law.
For bank accounts, all information that domestic law allows should be disclosed. This can mean everything from account balance, to transactions, cards associated to the account(s), IP addresses of logins to e-banking, and so on. However, from what I’ve seen, information disclosures from banks usually contain transaction history and balance.
For companies, all information about the company which is in the registered agent’s possession can be disclosed. This means all company documents, identity documents for directors and shareholders, and – if stored there – financial statements.
How real is the risk?
Some FIUs/FSCs issue annual reports stating how many EOI requests were received and how many were fulfilled. OECD will sometimes publish this number in a Peer Review. There are rarely more than a few hundred requests each year in total for the largest jurisdictions, where hundreds of thousands of companies, trusts, foundations, and bank accounts are registered.
TIEAs are rarely used and it is questionable how much of a threat they pose to secrecy provisions under laws of offshore jurisdictions. Some jurisdictions have signed TIEAs, which they cannot honour.
Furthermore, they can cost a lot of money and take several months to produce any result, making them unappealing to the requesting competent authority. You need to be high up on someone’s list of priorities for a TIEA to be risk.
The future, however, is something called AEOI (Automatic Exchange Of Information). Under AEOI, jurisdictions will gather and send an annual report to all jurisdictions whose subjects (tax residents and/or citizens, as applicable) it has information about. Some see this is a good, others see it as bad.