AEOI self-certification requirements
This page sets out the tax information you must collect from customers so that Griffin can meet our joint obligations under the Common Reporting Standard (CRS) and Foreign Account Tax Compliance Act (FATCA).
Griffin is the Reporting Financial Institution and submits an annual return to HMRC. Where you onboard customers, you are responsible for collecting this information, validating it against the other information you hold, keeping it current, and passing it to Griffin.
You must obtain a self-certification from every customer at or before account opening, regardless of where they appear to be tax resident.
Data collection
For every customer you must collect:
- name
- address
- all jurisdictions of tax residence
- a Taxpayer Identification Number (TIN) for each reportable jurisdiction, or a reason code (A, B or C) where none can be provided. TIN requirements by country are available in our documentation.
You must also collect the following customer-specific details:
- Individuals: date of birth.
- Sole traders: treated as individuals.
- Entities: CRS classification. Only where the entity is a Passive NFE, you must collect the same information as for an individual for each controlling person tax resident in a reportable jurisdiction. You do not need to collect TINs for controlling persons of Financial Institutions or Active NFEs. HMRC provides guidance on how Financial Institutions and Non-Financial Entities (including Passive and Active classification) are defined:
- Financial Institutions: link here to HMRC
- Non-Financial Entities: link here to HMRC
Self-certification
You must obtain positive affirmation from the customer (digital or otherwise) that the information they have provided is accurate, together with an undertaking to notify you within 30 days of any change affecting their tax residence. For HMRC examples of what constitutes a self-certification, see the link here.
Notifying account holders
Your customers must be made aware that the information they share with us, where required, will be shared with HMRC, and from there may be shared with the government of another jurisdiction in accordance with any relevant agreement. For more information on notifying customers about data sharing with local and foreign tax authorities, see the link here.
Our latest privacy policy is available on our website and forms part of customer MSAs. It gives further information on how we handle and share personal data, and stipulates that we may share personal data with law enforcement or regulatory bodies.