Country Correspondent – Mukhta Toofanee

The Commonwealth Association of Tax Administrators (CATA) and the Mauritius Revenue Authority co-hosted a 5-day workshop from 21st to 25th October 2019 in Mauritius. The workshop with the theme ‘Security for Automatic Exchange of Information’ was attended by some 20 tax officials from Kenya, Lesotho, Malawi, Mauritius and Seychelles. Ms Gill Ince, Messrs Jon Swerdlow, Stu Murtha and Chris Ball were the resource persons.

In his opening speech, Mr Sudhamo Lal, the President of CATA and Director-General of MRA, referred to the collaboration between CATA and HMRC in providing officers of tax administrations with an understanding of the security requirements necessary to comply with the global standard on AEOI. He also mentioned the importance of information being received under the Common Reporting Standard (CRS) and which is used in tax risk assessment and tax investigation purposes.

Confidentiality of taxpayer information is a fundamental cornerstone for the proper implementation of CRS. Confidentiality and safeguarding data is a matter of both the legal framework and systems and procedures to ensure the legal framework is respected in operational practice. In his speech, he further stressed on the consequences of a breach of confidentiality, which may be far reaching and even lead to a suspension of exchange of information. He referred to the culture of care instilled within the MRA and have made sure that confidentiality measures are incorporated into all the operations of the organization.

The Director-General of MRA also highlighted that, even though AEOI is critical to stemming the tide of illicit flows from Africa, African countries are not taking advantage of the AEOI process. In fact, the amount of African wealth held offshore is proportionately much greater than that in developed countries, which are AEOI-compliant. According to the Director-General, if African countries are to get the full benefit of the improvements in global tax transparency that have occurred in the last five years, they must be able to participate in AEOI.

The MRA has indeed put in place the necessary systems and procedures in relation to employees including background checks and training, restricting access to sensitive documents, systems to protect the data with audit trails to monitor access, restrictions on transmitting the data and appropriate information disposal policies. In addition, our income tax legislation also imposes penalties or sanctions for improper disclosure or unauthorized use of taxpayer information.

On the basis of its robust data safeguard and security systems in place, Mauritius has in fact been able to exchange information with participating jurisdictions for the past two consecutive years. Information obtained and exchanged is treated as secret and protected in the same manner as information obtained under the domestic law.

The contents of the workshop particularly revolved around the security requirements necessary for compliance with the global standard on AEOI and how they may be implemented by participants in their respective revenue administrations. Mr Jon Swerdlow from HRMC, who is also the Vice Chair of CATA, highlighted the various aspects of CRS and the security issues as being a critical element in the transmission mechanism process during his presentation.

During the workshop much emphasis was laid on ‘security policies’ and participants were provided with detailed insight on acceptable use policies, password policies, data classification, retention and disposal. Participants also got the chance to go through some security incidents and learn on the importance of planned regular backups such as the use of updated hardware and software to mitigate to prevent information security breaches.

At the end of the workshop, the expressions of the participants were sought and the appreciation of one of the participants is noted as follows:

‘This workshop has broadened our knowledge and highlighted areas of high importance such as information and physical security, the different cyber threats, security incident occurring, how we manage risks and how we continue our work after a disruption in our day-to day operation. This course is useful not only for officers involved in the AEOI process but also for the organization as a whole.’

Other participants reckoned the fact that their knowledge have increased in this highly specialized area and they feel that with the advent of globalization, new risks are mushrooming and therefore the need is utterly felt to keep abreast of development in security matters.