DAC6 – Category D: Specific hallmarks concerning automatic exchanges of information and beneficial ownership

Register for our DAC6 email updates

Editors note: HMRC announced on 31 December that as part of the Brexit agreement there will be major changes in the UK’s approach to DAC6. The changes restrict reporting obligations to only those arrangements that would be reportable under the OECD’s MDR, namely arrangements included in the Category D hallmark of DAC6. You can learn more about the changes here.

13 months ago, the Economic and Financial Affairs Council of the European Union (ECOFIN) adopted the 6th Directive on Administrative Cooperation (the “DAC6”). This new directive requires tax intermediaries to report specific cross-border arrangements that contain at least one of the hallmarks that are defined in DAC6.

Within DAC6, there are five different hallmark categories that represent an indication that a transaction may have a potential risk of tax avoidance.

This blog focuses on the category D hallmarks which are classified as generic hallmarks and may include one of the following:

1. Arrangements undermining reporting obligations – This could include those arrangements undermining European Union legislation, other equivalent agreements which take advantage of the lack of legislation or agreements in place.

2. Ownership Chains – Arrangements involving non-transparent legal or beneficial ownership chains.

An example of a category D hallmark would be if a German taxpayer transfers money to a relative in Chile, a country that does not have a treaty enabling it to automatically exchange Financial Account information with Germany.

DAC6 reporting and training requirements

DAC6 screenshot of interactive flowchart
DAC6: Advanced follows an interactive flowchart to help intermediaries fully understand their reporting requirements under DAC6

If you do not report a cross-border transaction under DAC6, you could face harsh and problematic penalties. VinciWorks has released a DAC6 reporting and training solution to help businesses reach full compliance with DAC6. This includes a secure, enterprise-wide data management portal for recording all cross-border tax transactions and two new courses:

  • DAC6 reporting portal — Record all cross-border tax transactions that may require reporting according to DAC6
  • DAC6: Advanced course — Follow an interactive flow-chart navigation to help establish which transactions you are required to report
  • DAC6: Fundamentals course — Interactive training for staff, providing an overview of the key elements of the Directive
How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.