FATCA & CRS Compliance Policy¶
| Code | PRI-004 |
| Domain | Privacy & Data Rights |
| Owner | Chief Financial Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD02 |
| Review date | 2027-03-25 |
Regulations: FATCA · CRS / AEOI¶
Purpose¶
Govern the platform's privacy obligations in relation to FATCA and CRS customer due diligence, including the collection, use, and accuracy of tax identification information and self-certification data.
Scope¶
All customers subject to FATCA or CRS due diligence, and all personal information collected from customers for the purpose of FATCA/CRS classification and reporting.
Policy statements¶
The platform SHALL collect tax residency information and Tax Identification Numbers (TINs) from customers as part of FATCA and CRS due diligence. The purpose of collection SHALL be disclosed to customers at the time of collection.
Self-certification forms SHALL request only the information required for FATCA/CRS classification. The platform SHALL NOT use FATCA/CRS self-certification data for purposes unrelated to tax reporting without the customer's consent.
The platform SHALL take reasonable steps to verify the plausibility of self-certification information against other information held. Where information is inconsistent, the platform SHALL request clarification from the customer before relying on the self-certification.
TINs and other FATCA/CRS classification data are sensitive personal information. Access to this data SHALL be restricted to staff and systems with a documented need. Access SHALL be reviewed quarterly.
Customers have the right to access and correct their FATCA/CRS classification data. Correction requests SHALL be processed within the timeframe required by applicable privacy law and in coordination with any reporting obligations under REP-011.
FATCA/CRS classification data SHALL be retained for the period required by applicable tax reporting rules and then securely deleted or anonymised.
The Privacy Officer SHALL be consulted before any change to the FATCA/CRS due diligence process that affects the collection or use of personal information.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-060 | FATCA/CRS/AEOI reporting engine | LOG |
Customer financial data disclosed to overseas tax authorities (IRD/ATO) under FATCA/CRS is logged — every cross-border data transmission is recorded with recipient, data scope, legal basis, and transmission timestamp. |
Part of Privacy & Data Rights · Governance overview
Compiled 2026-05-22 from source/entities/policies/PRI-004.yaml