Skip to content

Banking Secrecy in Cyprus

Complete bank secrecy is fast becoming a matter of the past.  The Automatic Exchange of Information (AEOI) portal provides a comprehensive overview of the work the OECD and the Global Forum on Transparency and Exchange of Information for Tax Purposes in the area of the automatic exchange of information, in particular with respect to the Common Reporting Standard.

That is why your account provider (bank, building society, insurance or investment firm) may ask you to provide certain information about yourself and your tax residence status. Cyprus has a series of agreements in place that allow for sharing of information between tax authorities of different countries about a wide range of financial accounts and investments.


Who is affected?

Mostly people who open or already have an existing bank account. You may also be affected if you acquire or already hold investments through an insurance or investment firm, or are a trustee of or have an interest in some types of trusts.


The aim?

The aim is for treaty countries to collect data on foreign residents, and send it in bulk to their respective tax authorities.

Where previously a tax authority had to file an official request for exchange of information and needed a reasonable case in order to do so, the next goal is to have all this information provided automatically. Or as the OECD puts it:

“The automatic exchange of information is understood to involve the systematic and periodic transmission of “bulk” taxpayer information by the source country to the residence country concerning various categories of income (e.g. dividends, interest, royalties, salaries, pensions, etc.).”


Will collected date be kept confidential?

The OECD relies on the confidentiality provisions in tax treaties, Tax Information Exchange Agreements (TIEA) and multilateral instruments on mutual administrative assistance to determine how the data exactly can be used.  The questions arising are: how data is going to be stored, who has access to it and what exactly it will be used for. Yes, the data is going to be encrypted when it is sent; but what happens with it before and after that?

Since the OECD only provides a framework, their report “Keeping It Safe” only provides vague terms like: information exchanged “may only be used for certain specified purposes” and “may only be disclosed to certain specified persons”.  In short: financial data will be stored in a database of which it is yet unsure who can access it.  So what is exactly the legal framework based on which the automatic exchange of information will be based?

First of all bi-lateral treaties will have to be concluded and as in tax treaties the terms can differ.  In order for two jurisdictions to implement automatic exchange of information they will need to sign a Competent Authority Agreement (CAA). This agreement can easily be executed within one of these three already existing legal frameworks:

  • The exchange of information provision of a double taxation convention based on Article 26 of the OECD or UN Model Convention.
  • Article 6 of the Convention on Mutual Administrative Assistance in Tax Matters.
  • For EU member countries, domestic laws implementing EU directives which provide for automatic exchange (like the European Savings Directive).

What is left is for the countries to have the common Reporting and Due Diligence Standard (CRS) translated into domestic law.