DAC6 – dealing with transactions that change over time

Register for our DAC6 email updates

Gif showing VinciWork' DAC6 reporting solution
VinciWorks’ DAC6 reporting tool guides intermediaries through the process of determining whether a transaction is reportable

One of the big challenges that intermediaries face in reporting transactions under DAC6 is what to do when things change. Client projects which may have been deemed non-reportable, or which may not even have involved any cross-border elements at the outset, may transform into a potentially reportable arrangement later on. The delay between starting work for a client and the matter becoming reportable may be months or even years.

Download a guide to DAC6 compliance

VinciWorks’ DAC6 solution, powered by Omnitrack, guides intermediaries through the process of determining whether a transaction is reportable. It also integrates with existing client and matter management tools via its open API standard. And it now has pre-built integrations with leading matter management tools, such as Intapp Intake, for seamless onboarding of new transactions. However, if a transaction becomes reportable much later on, how should this be handled?

This question can be broken down into two parts:

  1. How should I deal with changing transactions from a technical perspective in Omnitrack?
  2. How should I deal with changing transactions from a personnel perspective in terms of getting people to be aware of what they need to do?

Changing transactions – the technical side

Most firms are adding a ‘screening’ question to Intapp or their other matter intake software to make an initial determination of whether a matter may be reportable under DAC6. That question may be “Do you expect this matter to involve a cross-border transaction at any stage?”

The best way to handle a matter that changes over time is to set up your matter software to trigger a new DAC6 entry via Omnitrack’s API if the answer to that screening question changes from a “No” to a “Yes” at any point in time. Once the entry exists in Omnitrack, it can then be updated and reported to the tax authorities as needed. Within Omnitrack, you can move an entry from the Archive to the Inbox, so even if at one point you establish that something isn’t reportable, you can still change your mind later on.

Changing transactions – the personnel side

Keeping personnel informed of their responsibilities is slightly more challenging than the technical side (as questions involving people so often are). Some professional service firms have considered sending regular reminder emails to supervising partners for every open matter that the firm is working on. This theoretically would provide blanket coverage of all relevant matters to check whether a reportable arrangement has cropped up.

In practice, this approach seems doomed to fail. This would generate an overwhelming number of reminder emails sent to the busiest people in the firm, with those emails almost certainly being discarded or ignored over time.

We recommend an approach focused on awareness and training on DAC6 so that those involved in a matter recognise the change and can report it to the compliance team at the appropriate time. The regulatory requirement is is similar to firms’ ‘ongoing monitoring’ obligations under AML, and firm-wide training has proved to be effective in that area. Firm-wide training that is relevant to each employee needs to be clear and succinct to communicate what all members of staff need to be aware of, and how internal reports should be made.

DAC6 compliance resources

Screenshot of VinciWorks' DAC6 flowchart
VinciWorks’ DAC6 training includes an interactive flowchart to help users establish what their reporting requirements are

VinciWorks is continuing to offer training, guidance, webinars and collaborative working meetings to help firms understand their responsibilities under DAC6 and implement practical processes to ensure compliance. To learn more, complete the short form below and a member of our team will contact you.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.