DAC6 – The biggest compliance challenge since the Bribery Act

Register for our DAC6 email updates

DAC6 core group meeting photo of experts
From left to right: VinciWorks’ COO Josh Goodhardt, VinciWorks’ Legal and Research Exec Ruth Cohen, Freshfield’s Senior Knowledge Lawyer Brin Rajathurai, Transfer Pricing Services’ Founder Adrian Luca, VinciWorks’ CEO Howard Finger and VinciWorks’ Director of Best Practice Gary Yantin

29 January 2020, London

Over 100 people from 50 top law firms, accounting firms and banks gathered at the offices of Freshfields Bruckhaus Deringer in a meeting organised by VinciWorks to fire questions at HMRC regarding the latest EU tax transparency law, DAC6.

HMRC have just published legislation implementing DAC6 and firms are scurrying to fully get to grips with the tremendous impact it will have on how law firms, banks and accountants do business. In response to a question about the impact of DAC6, the head of compliance at a top-five global law firm described the Directive as “the most difficult piece of legislation we’ve ever had to grapple with”.

Aimed at promoting tax transparency and information sharing across tax authorities, Directive 2011/16/EU (DAC6) requires the mandatory reporting and exchange of tax information amongst EU member states.

It is set to come into force on 1 July 2020 but applies retroactively to all transactions made since June 2018.

Any financial transaction that crosses EU borders and provides a tax benefit could be subject to DAC6. In that event, lawyers, tax advisors or bankers involved in the transaction must report the transaction to the local tax authorities. Those authorities will subsequently share that information across borders, or at least coordinate amongst themselves as to who will report and in which country.

A majority of the transactions that are reportable under DAC6 will be fully legal and innocuous, but the compliance burden on law firms is likely going to be substantial.

In a survey conducted by VinciWorks, 25% of law firms believe that DAC6 will impact 1 in 5 clients. A further 25% believe it will impact at least 1 in 10 clients.

The administrative burden of DAC6 is immense. Clients must be notified that transactions are now going to be reported (and asked to waive privilege), all historical transactions dating back to 2018 must be reviewed and all matters need to be regularly analysed for DAC6 compliance. A typical global law firm usually has over 25,000 open matters at any time.

In addition, each EU country has implemented DAC6 slightly differently. DAC6 names certain “hallmarks” or criteria for reporting. These hallmarks include questions such as: 

  • Is the transaction from a high-tax jurisdiction to a low-tax jurisdiction? 
  • Does the transaction involve selling a loss making company?

In some countries, the hallmarks are worded differently to encompass more transactions. In others, DAC6 has been expanded to domestic transactions. All of these issues combine to one of the biggest challenges for compliance in years.

DAC6 requires fundamental changes to the ways law firms do business, it involves changes to client communication, IT changes and significant administrative burden. Based on the principle that there is no competitive advantage in compliance, VinciWorks is continuing to consult with leading firms to help establish best-practice DAC6 compliance.

According to VinciWorks’ CEO, Howard Finger, “The concept of collaboration with competing firms on establishing a compliance standard has been working since 2004 and continues to produce outstanding products that establish best practice, mitigate regulatory risk and reduce the cost of compliance”.

Over 90% of firms say that DAC6 will bring fundamental changes to the way law firms operate

VinciWorks conducted an extensive survey of views towards DAC6 compliance. Here are some of the findings:

  • Over 90% of firms say that DAC6 will bring fundamental changes to the way law firms operate
  • 25% of law firms believe that DAC6 will impact 1 in 5 clients. A further 25% believe it will impact at least 1 in 10 clients

Click here for full survey results

Click here for more information about DAC6

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.