TAX • PLANNING • 2025
Summary: FATCA and CRS both push financial institutions into the role of unpaid tax inspector, but they do it in slightly different ways. FATCA is a US-driven regime aimed at US persons, while CRS is the OECD’s multilateral standard based on tax residence, and the gaps between the two are exactly where banks and wealth managers keep getting tripped up. If you treat them as the same thing with different logos, you are almost certainly mis-reporting something.
- FATCA targets US persons and US-related accounts; CRS examines tax residence across 100+ participating jurisdictions, so the reporting population is much broader.
- Relying on sloppy or historic account holder data is where institutions get hammered – weak self-certification processes and poor remediation are now a regulatory risk, not just an operational annoyance.
- In 2025, with CRS amendments bedding in and FATCA enforcement still alive, institutions need a single AEOI framework that actually works in practice, not two parallel spreadsheets maintained by a stressed compliance manager.
Context: Who This Applies To
This is aimed at institutions on the front line of FATCA and CRS reporting, rather than individual clients. Banks, private banks, building societies, investment platforms, family offices, insurance-based investment providers, and anyone running a custody or brokerage platform with cross-border clients.
If you are holding financial accounts for US citizens, US tax residents, UK residents with offshore assets, or the usual globally mobile mix of entrepreneurs and expats, you are already inside the FATCA/CRS net, whether you like it or not. Even relatively small firms are now expected to have working due diligence processes, documented policies, and the ability to explain to a regulator why a particular account was or was not reported.
Rules & Thresholds (2025)
At a high level, FATCA is a US statute that requires non-US financial institutions to identify and report US accounts to the IRS, typically under a local intergovernmental agreement (IGA) and through their own tax authority. CRS is an OECD standard that requires participating jurisdictions to collect information on non-resident account holders and to exchange that data automatically annually.
FATCA focuses on US persons and certain foreign entities with substantial US ownership. Many IGAs allow de minimis thresholds for certain individual accounts, typically around USD 50,000, and carve-outs for low-risk products. CRS is blunter: there is no general reporting threshold, and almost all reportable accounts must undergo due diligence, including pre-existing accounts above relatively modest thresholds. For front-line staff, this means you cannot assume that a small balance account is automatically “out of scope” under CRS just because it might have been under a particular FATCA threshold.
CRS has also continued to evolve. The consolidated CRS text and subsequent amendments have expanded the scope to cover additional products, including certain electronic money and central bank digital currency exposures, and have tightened expectations around look-through for passive entities and controlling persons. That matters for wealth managers and family offices who love layered holding structures; what used to be a comfortable grey area is now much harder to defend.
| Planning Route | When It Helps | Tax Exposure | Admin Burden | Notes |
|---|---|---|---|---|
| Treat FATCA and CRS as separate programmes | Legacy: Where historic systems and contracts are already split, and you have the budget to maintain both. | Higher risk of inconsistent reporting, missed accounts and duplicate or conflicting submissions. | High | Common in older institutions, regulators are increasingly unimpressed when differences cannot be justified. |
| Single AEOI framework covering FATCA and CRS together | Preferred: When you want one client due diligence journey, one set of self-certifications and one control framework. | Lower, provided the taxonomy properly distinguishes FATCA and CRS triggers and local options. | Medium | Needs proper design, but once built it reduces firefighting and makes audits far less painful. |
| “Tick-the-box” minimum compliance | Short-term, when budgets are thin, AEOI is seen as a pure cost centre. | Significant regulatory, reputational and customer risk if misclassifications or data breaches occur. | Low at first, then very high when remediation reviews and regulatory enquiries arrive. | Tax authorities are increasingly using AEOI data analytics – weak programmes are now visible. |
Real-World Examples
People are still making decisions based on half-remembered FATCA training from a decade ago and vague statements about “global transparency”. That is how institutions end up underreporting obvious US accounts while oversharing data on non-reportable clients.
Mid-sized bank relying on historic KYC
A mid-sized European bank had built its FATCA process around a one-off remediation of pre-existing accounts when FATCA first came in. KYC files were updated, then largely left alone. Ten years later, the bank was relying on those same files to support CRS classifications. Several “US indicia” flags were out of date – addresses, place of birth, phone numbers – and relationship managers were ignoring new information picked up in day-to-day contact.
On review, a number of accounts had quietly become reportable under FATCA (because the client moved back to the US or regained US tax residence) and under CRS (because the client became non-resident elsewhere). The bank had to undertake a multi-year look-back and voluntary disclosure. None of this was caused by obscure law; it was caused by assuming the data was good enough.
Wealth manager misunderstanding entity status
A wealth management firm classified a series of family holding companies as non-reporting under both FATCA and CRS, on the basis that they were “operating businesses”. In reality, they were passive investment entities with portfolio management services. For CRS purposes, they were Investment Entities managed by another Financial Institution, bringing with them the need to identify and report Controlling Persons who were tax residents in other jurisdictions.
The mistake only surfaced when an overseas tax authority queried why a named high-net-worth individual was not showing up in CRS feeds. The fix required re-papering the entities, collecting missing self-certifications and putting through multiple years of corrected reports. The underlying rules had been around for years; the institution simply did not want to accept that the structures they had designed fell squarely within the Investment Entity definition.
Digital platform ignores joint and dormant accounts
A digital investment platform decided that joint accounts and dormant accounts were “too small to worry about” and excluded them from its AEOI scoping logic. That assumption might survive a very narrow reading of certain FATCA thresholds, but it is flatly inconsistent with the way CRS expects institutions to treat reportable persons on joint accounts and to review pre-existing accounts.
When the platform upgraded its reporting engine, the vendor pointed out the gap. By then, several years of data had already been exchanged by other institutions and tax authorities had a reasonably clear picture of the client base. The discrepancy was obvious in the analytics. The platform ended up burning more time and goodwill fixing the past than it would have spent building the rules properly in the first place.
Records to Keep (Audit-Ready)
- Clear, dated self-certifications for each account holder and controlling person, including any changes in tax residence or US status over time.
- Evidence of the due diligence performed for pre-existing and new accounts – screening processes, risk flags, escalation notes and any reliance on third-party data.
- System configuration documentation showing how FATCA and CRS rules have been implemented in onboarding, KYC and reporting engines.
- Copies of all reports filed, acknowledgements from tax authorities and any error messages or resubmissions.
- Data protection impact assessments and security documentation covering encryption, access controls and data transfer mechanisms for AEOI reporting.
Further Reading and Resources
- FATCA vs CRS: Reporting obligations for financial institutions
- Full remittance / FIG regime guide (for globally mobile clients whose personal tax position interacts with AEOI data)
- UK–Spain tax advice for expats
- Free PDF – US & UK Taxes For Expats
- Free PDF – UK Property Tax eBook
Read full guide on InternationalTaxesAdvice.com
Book a 1:1 Tax Consultation
If you are responsible for FATCA/CRS reporting, or you are a senior adviser worried that your institution’s current approach would not stand up to scrutiny, it is worth having a frank, off-the-record review before the next reporting cycle.
Book with Optimise Accountants
England & Wales focus. Cross-border advice available (US/UK/Spain).
Action List
- Map your current FATCA and CRS processes and confirm whether you are genuinely running one unified AEOI framework or two half-finished programmes.
- Review your self-certification forms and onboarding scripts to ensure they clearly distinguish between U.S. status and multi-jurisdictional tax residence.
- Run a targeted review of high-risk populations – US-born clients, complex holding structures, cross-border entrepreneurs – against your current reporting outputs.
- Test your reporting data for apparent anomalies: missing TINs, inconsistent residence information, accounts with indicia but no corresponding reports.
- Document your rationale for key classification decisions and be ready to explain them to a regulator who has the AEOI data for your peer group on screen.
Disclaimer (heading only bolded): This article provides general information and not personalised tax, legal, or investment advice. Rules change and facts matter — seek tailored guidance.
Hashtags: #fatca, #crs, #taxreporting, #financialcompliance, #aeoi
