We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

SARS’s automatic exchange of information practices and POPI

May 2015

The Organisation for Economic Co-operation and Development (OECD), in conjunction with the G20 countries, has been working on an action plan on base erosion and profit shifting, or "BEPS" to prevent the double non-taxation of corporate profits.

Linked to the action plan are the OECD's efforts in facilitating the automatic exchange of information between various revenue authorities across the globe. It is said that the co-operation between tax administrations is crucial in the battle against tax evasion and an important component of that co-operation is the exchange of information.

The OECD describes the automatic exchange of information as a systematic and periodic transmission of taxpayer information by the source country to the residence country concerning various categories of income (for example dividends, interest, royalties, salaries, pensions, etc).  The system is able to provide timely information on non-compliance where tax has been evaded either on an investment return or the underlying capital sum even where tax authorities have had no previous knowledge of past non-compliance.

A Declaration on Automatic Exchange of Information in Tax Matters was endorsed during the OECD’s annual Ministerial Council Meeting in Paris in May 2014 by 34 member countries, including South Africa.

The US was the first country to implement measures to facilitate the automatic exchange of information. South African Minister of Finance Mr Nhlanhla Nene, and US Ambassador to South Africa Mr Patrick Gaspard, signed an intergovernmental agreement (IGA) on 9 June 2014 to improve international tax compliance and to implement the US's Foreign Account Tax Compliance Act (FATCA).

FATCA is a US law, enacted in 2010 to combat offshore tax evasion and to recover much needed revenues. FATCA therefore requires non-US foreign financial institutions and non-US non-financial entities to identify and disclose their US account holders and members or become subject to a new 30% US withholding tax.

In order to comply, South Africa’s Foreign Financial Institutions (FFIs) have to collect and report on certain required information under FATCA and the OECD Common Reporting Standard to SARS with effect from 1 July 2014.

SARS has been working closely with industry bodies to ensure that all FFIs are fully prepared to comply with the reporting requirements. It has also published a draft general guide on the implementation of the IGA to assist FFIs further.

In terms of the IGA, FFIs are required to submit the required information for the period 1 July 2014 to 28 February 2015 to SARS by 30 June 2015. This information will be exchanged with the US Treasury by 30 September 2015. Thereafter, the required information must be submitted annually at the end of May for the reporting period ending February.

In the open sharing of information between the two countries' revenue authorities, a possible concern may be whether there will be a breach of the stipulations contained in South Africa's Protection of Personal Information Act 4 of 2013 (POPI).

The aim of the abovementioned Act is to regulate the processing of personal information. Personal information relates to any information in connection with an identifiable, living natural person or juristic person (companies etc) and includes, but is not limited to:

  • Contact details: email, telephone, address etc.
  • History: employment, financial, educational, criminal, medical.

"Processing" includes collecting, storing, distributing and destruction or erasure of personal information.

Would SARS's actions in distributing and sharing South African taxpayers' personal information with cross-border revenue authorities constitute a contravention of POPI?

POPI seeks to protect personal information whereas FATCA was passed to force access to personal information. There is a clear conflict of intentions in both pieces of legislation.

POPI contains certain exclusions whereby the processing of personal information is permissible. Section 6(1)(c)(ii) allows a public body to process information if the purpose is the prevention, detection, including the assistance in the identification of the proceeds of unlawful activities, investigation or proof of offences, the prosecution of offenders or the execution of sentences or security measures.

In terms of the SARS guide issued on 22 April 2015, regarding the implementation of the IGA, it is indicated that even where the data subject indicates that they are not prepared to consent to the information relevant to them being made available to a third party, the obligation in terms of the IGA remains.

Taxpayers need assurances that the integrity of their personal information will be safeguarded and processed solely for the purpose of detecting possible unlawful tax evasion activities. The future will tell if taxpayers' rights in terms of POPI are adequately protected when SARS processes and exchanges their personal information.

Revenue authorities will be eagerly awaiting the receipt of taxpayers' information to ensure that they are able to collect revenue that has been evading them in the past.

Loading data