GLOBAL PAYMENTS KNOWLEDGEISO 20022 / SWIFT / SEPA / MT / MX

Fraud & Compliance / Learning brief

FATCA, CRS, and Tax-Information Exchange

Your notes

What this means in plain language

FATCA and the Common Reporting Standard make financial institutions report account information to tax authorities. They share plumbing with anti-money-laundering checks but answer to a separate set of duties.

Not every reporting duty a bank carries is about crime. A large family of rules exists purely for tax transparency: making sure people pay tax on money held abroad. Two frameworks dominate. The Foreign Account Tax Compliance Act (FATCA) is a United States law that pushes foreign financial institutions to identify and report accounts held by US persons. The Common Reporting Standard (CRS) is an international framework, developed by the Organisation for Economic Co-operation and Development (OECD), for tax authorities to automatically exchange account information with one another. Both depend on knowing who your customer is and where they are tax-resident, which overlaps with anti-money-laundering checks, yet they answer different questions. This guide keeps the two purposes clear.

Understand the full idea, step by step

Suppose you hold a bank account in a country you do not live in. Your home tax authority would quite like to know about it. That simple wish — letting tax authorities see money held abroad — is the whole reason two large reporting frameworks exist, and why a bank may ask where you pay tax.

Foreign Account Tax Compliance Act (FATCA)a United States law targeting offshore tax evasion by US persons

FATCA places an obligation on financial institutions outside the United States to identify accounts held by US persons and report them. The pressure behind it is sharp: institutions that do not comply can face withholding on certain US-source payments. That single incentive reshaped account-opening practices well beyond America's borders — which is why a bank in another country asks about US status at all.

Common Reporting Standard (CRS)the OECD's multilateral tax-transparency standard

Developed by the Organisation for Economic Co-operation and Development (OECD), CRS does something similar on a many-to-many basis. Instead of one country reaching outward, participating jurisdictions automatically exchange financial-account information with each other's tax authorities. Because it generalises FATCA's idea into a global system, it is sometimes informally called GATCA. Both rest on customer due diligence and on correctly identifying a customer's tax residency.

FATCA vs CRS
FATCACRS
OriginA United States lawAn OECD standard adopted by many jurisdictions
DirectionOne country reaching outwardMany jurisdictions exchanging with each other
Reports onUS personsResidents of the other participating jurisdictions
LeverWithholding on US-source paymentsMutual agreement between jurisdictions

Same data, different master

Tax-transparency reporting and AML reporting overlap in their plumbing but not in their purpose. Both need reliable know-your-customer (KYC) information, so firms usually gather it once and reuse it. But they answer to different rules. FATCA and CRS ask who owes tax and where; AML reporting concerns the proceeds of crime. The same identity file feeds both — while the duties stay separate.

COMMON CONFUSION

A FATCA or CRS report is a kind of suspicion report — telling the authorities the customer may be a criminal.

It is nothing of the sort. A CRS or FATCA filing is a routine tax-information return: it reports account details for residents or US persons whether or not anything is wrong. A suspicious-activity report is a different document, on a different track, to a different authority. A tax filing is not a suspicion; a suspicion is not a tax return.

You may be wondering: if the customer has done nothing wrong, why report the account at all?

Because tax transparency does not assume wrongdoing. The idea is simply that a person's home tax authority should be able to see income and balances held abroad, so tax owed can be assessed correctly. Reporting is automatic and routine — the default, not an accusation. Historically it was the absence of reporting that let offshore evasion hide.

FOR NOW, REMEMBER

  • FATCA and CRS exist for tax transparency, not to fight crime.
  • FATCA is a US law reporting on US persons; CRS is an OECD standard with jurisdictions exchanging mutually.
  • Both reuse KYC and tax-residency data that AML also relies on — shared plumbing, separate duties.
  • A tax-information filing is not a suspicious-activity report.

TRY IT YOURSELF

During onboarding, a customer truthfully states they are tax-resident in another CRS jurisdiction. A new analyst wants to file a suspicious-activity report. Is that right?

Yes — foreign tax residency is itself suspicious and warrants a SAR.

Not this one — Foreign tax residency is ordinary and expected; it is exactly what CRS is built to handle through routine reporting. It is not, by itself, grounds for suspicion.

No — this calls for CRS reporting of the account, not a suspicion report; the two are different tracks.

Correct — Correct. CRS reporting is a routine tax-information return triggered by residency, filed whether or not anything is wrong. A SAR requires a reasonable suspicion of criminal proceeds, which residency alone does not create.

No report of any kind is needed; tax residency is the customer's private matter.

Not this one — CRS exists precisely so account information for residents of participating jurisdictions is reported automatically. The routine tax filing is still required — it just is not a suspicion report.

So far the duties sit with banks. Next: how AML obligations reach lawyers, accountants, casinos, and charities — and how the risk-based approach decides who does what.

KEEP GOING

Three things to remember

  1. 01

    The Foreign Account Tax Compliance Act (FATCA) is a US law: foreign financial institutions must identify and report US-person accounts or face withholding on certain US-source payments.

  2. 02

    The Common Reporting Standard (CRS) is an OECD framework for automatic exchange of financial-account information between participating tax authorities, informally nicknamed GATCA as a multilateral counterpart to FATCA.

  3. 03

    Both rely on customer due diligence and knowing a customer's tax residency, which overlaps with anti-money-laundering know-your-customer work, but tax reporting and criminal-proceeds reporting remain separate duties.

Where you would use this

USE CASE 01

An onboarding team collecting a customer's tax residency and any US-person status alongside the identity checks it already performs for AML.

USE CASE 02

A financial institution reporting reportable accounts to its local tax authority, which then exchanges the data with partner jurisdictions under CRS.

USE CASE 03

A compliance function reusing the same identity documents for both AML KYC and tax-transparency classification, while keeping the two decisions and record trails distinct.

Put the idea into a real situation

Illustrative example: A fictional customer, Dana Okafor, opens an investment account at Meridian Bank in Country A. During onboarding the bank confirms Dana's identity for anti-money-laundering purposes and, separately, records that Dana is tax-resident in Country B and is not a US person. Under the Common Reporting Standard, the bank reports the account to Country A's tax authority, which exchanges it with Country B. Had Dana been a US person, the bank's FATCA process would have applied instead. Same customer file, two different reporting duties.

Evidence & review

REVIEWED 2026-07-13

FATCA (United States law) and CRS (OECD standard). Participation, thresholds, and detailed due-diligence rules vary by jurisdiction and by intergovernmental agreement.

What this brief simplifies: FATCA/CRS mechanics compressed to purpose and data-sharing; withholding, due-diligence, and reporting detail are omitted as out of scope.

Sources for this brief1
  1. Simplified educational illustration

    Payments Signal editorial teaching modelsPayments Signal

    This site's own simplified teaching models. · Checked 2026-07-12

    Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.

Learn this properly

Related briefs

View Fraud & Compliance archive

Information-sharing requests (314(a))

Section 314(a) of the USA PATRIOT Act lets authorities ask financial institutions to search their records for named subjects of money-laundering or terrorism investigations. Firms search, report matches confidentially, and — unlike sanctions screening — freeze nothing.

READ BRIEF

Screening for politically exposed persons (PEPs)

Politically exposed persons hold prominent public roles that carry higher corruption risk. Screening flags them so a bank applies enhanced due diligence — a deeper, documented review and senior sign-off — rather than the hard payment stop a sanctions match triggers.

READ BRIEF

Adverse media screening

Adverse media screening checks a customer against negative news linking them to crime or misconduct. It surfaces risk that official lists miss and feeds due diligence rather than blocking payments — while generating false positives a programme must control.

READ BRIEF