WMEWM MR 2 2915 Steven Morgan Director General Audit Review Branch ofthe evaanada so-Wctoria 1st Fleet KIA 11-13 . 000973 Morgan: Your letter dated December 23, 2015 I Impact Assessment (PIA) on . Information Reporting We would, to thank you for your? - input and insight regarding-this matter and the haponant' observations reg You ?nd below the CRAIs mad. approach which We trust yell gm helpful in your assessment and understanding of our perspective on. your meg/ca as, 5 ans. egg 1 ?v First recommendation: 1% 07-43% to mitigate risks of overwllec?on the CRA should engage in ongoing ouir rivities with FIs to-help me that Foreign Account Tqa? Compliance Act (FATC are consistently a?cawatebz interpreted 27w .shauld?nmediag??dg?wse ofmypersonal information that it receives which it is not-necessaay to wetratz'on ofthe IGA. s' recommendation. We would also you that when develop? . .- f. ??gfda?U?. IGA and legislation me: Pan of the Income Tax Act, - i ego ,epa?meni. of Finance eare??ly considered as .wepledged in pre-imgf?? tation meetings with your o?oe. Comprehensive guidance documents were (of deve?o continuing censu'lta?ons are taking place Financial Ins?tutions (FIs) will continue to closely with F15, andprovide them with ongoing ack on over-collection, including case-speci?c feedback. The: CRA will also keep a rking with taxpayers and their representatives to assist them in better lmderstan'dihg new reporthg requirements. I 92" xvi? - Canad'?'. -2- ever-collected information. has ?eveloped-an electronic schema as prescnj ,1 .ofFIsfor'repomng. .1 ?eelech?om. I populate.? in the event'that the'CRA infomatien dueth'ave the-ERA contact them and?len we; urination. 1 A Secend recommendation: CRA should are-evaluate Mprajes- ?Tn-for eke- r?ten?tz?on prersanal injbma?onabtained'mder the I the reten?on period ignotjuslz?ed it should be gajusredaccordingbv to the 31: your recommendation, the CRA 2 . 5: apply the seven year period for Part related information "if consistency. Thin recommendation: The. ORA should update to re?ect allpra?posed uses and quemonal bg?rmza?on coll'e FATCA comm memes. 1h . aemrdencewzh the Privacy-Act, personal '1 s' collectedander the FATCA IGA should only be used ?ir purposes week! 7 puzp?asejbr whisk if was obtaiized "The CRA with your reeom the PIA-shame re?ect all proposed uses and disclosures ofpex'sonal info ected under'FATCA chmp?anee measures. For greaterelarity, mese uses are ?e?y to those required for tax . . "The will ensure to in or?er to inehlde all necessary Morma?on regarding the use and disclosufifegxe?fy?the collected information under the Canada-US. IGA :regarding'the general use h; Apia! 30, 2016. Then, once the strategy for the use ofthe .FATCA and-the-Co Standard (CR8) infome?on is ?nalized andthe cons?mtionel court je with respect to me infanna?on collected under the IGA are tesolx?red, the?CRA ?ance any ?lrtherupdates needed. The also enmneto includethis mega; in the PIA that he prepared for the f? - Final recon gag/hon: 17w CR4 should update the PIA to include a ofthe A eat weessment (TEA) mdertnken?ar its use Qf-the Interna?onal Data Etc 1 Any risk mitigation memes identi?ed as ofthatpfacess should?addressed in an action plan, with speci?c datesjbr 19? of Pat of the Income TaxAct requires to eleehonically?le mforma?on retums in presumed $90 me Mayzad ofeahh year. are We, hfoma?on transmissions 316 {We TRAs. The ?nst infatuation reiates to 4% .inW?on? ?nalismnuaily mailed by Fe cm {in paticurar, me Infaana?on or?infoDec', the for processing infon?nation received from third panies). The-Second inma?on transmission reiatee to infoan that excimged batman the CRA and the RS. InfoDee has a separate TRA on the app?ca?on that captures, processes ands?ores infoma?on rela?ng to the ?rsthanenissien. The TRArefexred?to in ?ats-letter ?reiatesto ?iese?cond inplaee 31,2016. IDES is the datatransmission tool developed 3:190 7 to :mppart PATCH. The a-review of the secm?y reqmeemems, protocol and assessments Moreover, the ?e applied by?the in the development is by?the anemic Co- and Exchange - .ups in the pera?on and Development (GECD) and Glebal fF' - on . ef Informatl. .'on far TaxPurpe sesend is being relied upon development efthe . . ThefollOwing mi?ga?en strategies have ggbeen completed or are ongoing: Implemented physical and - emity safeguards cemeieted Use of ORA-approved s_ de ces and services - Completed ORA Count: - Complee? . The . plated in August 2015. Two security a?ces in the CRA, the Finance and A, 'on Infernaa?on Security Services and the IT Seem-Ry Division, endorsed the igeptember 201-5 and ?nal sign-offwas received on September 23, 2015. The 5' reviewed manually taking into account any changes to the ?Iecommendations .. .. . . -4- We ?meme wmeet inpeman .t'o axe-sen w. more ??ly and/or?respond to any Fm?ier, ifyou-have any?- ..-.. .- . pr need for elabOra?on' you can comment tbs: b?lbw, or Sue Competent Division, "Intema?onal End Large Business 613-957-0850. Sincerely, Ted Assistant Commissioner Compliance Programs Branch rh . c? Bene?t??