When the United States signs a reciprocal Model 1 Inter-Governmental Agreement (IGA) with a partner jurisdiction, each jurisdiction receives account information from its financial institutions with respect to partner’s residents and transmits the information to the partner jurisdiction.
Data Safeguarding is an essential element of the technical platform for the reciprocal automatic exchange of information. Before the reciprocal exchange of information can begin, both jurisdictions must be satisfied that the information received will be kept confidential and that the partner jurisdiction’s laws and practices safeguard against the unauthorized disclosure of the information.
The IRS has developed a Data Safeguards/Infrastructure Workbook (“Workbook”) for FATCA implementation. The structure of the Workbook follows the Data Safeguard Checklist that the OECD is developing.
The Workbook has been developed for the reciprocal evaluation of FATCA Partner Data Safeguards and Infrastructure. Article 3(8) of the Model 1A (reciprocal) IGA contemplates that the jurisdictions will exchange information once they are satisfied that the other jurisdiction has in place (i) appropriate safeguards to ensure that the information received remains confidential and is used solely for tax purposes; and (ii) the infrastructure for an effective exchange relationship (including established processes for ensuring timely, accurate, and confidential information exchanges; effective and reliable communications; and demonstrated capabilities to promptly resolve questions and concerns about exchanges or requests for exchanges).
In developing the Workbook, the IRS relied on internal guidance, ISO 27000 standards, and the “Keeping It Safe” Guide prepared by the OECD and endorsed by the Global Forum on Transparency and Exchange of Information for Tax Purposes.