You can run, but you can’t hide: As Kenya adopts CRS, calls for balancing tax transparency with data privacy concerns emerge.

  • 16 Feb 2024
  • 3 Mins Read
  • 〜 by Jewel Tete

Kenyan commercial banks have started implementing the Common Reporting Standards (CRS), a tax procedures regulation of 2023. This regulation requires all Kenyan banks, trusts, and other financial institutions to report and share information about foreign account holders with the Kenya Revenue Authority (KRA) as the taxman endeavours to nab tax evaders and beneficiaries of illicit wealth. The CRS, developed by the Organisation for Economic Co-operation and Development (OECD), is a comprehensive framework that obliges participating countries to exchange taxpayer information. This includes account balances and identification details for individuals, as well as registration and control information for corporate entities.


Under the CRS, banks are required to provide the KRA with details on both low and high-value account holders. For accounts with a balance of less than KES 1 million, banks must report the account holder’s name, address, tax identification number, and the account’s balance or value at the end of the year. For high-value accounts, defined as those with a balance of KES 1 million or more, banks must provide additional information. This includes the account holder’s date of birth, place of birth, and the account’s gross proceeds and gross withdrawals or payments during the year. Kenya’s participation in the CRS will enable the KRA to access information on Kenyan residents with offshore accounts. In return, Kenya will reciprocally share information with other tax authorities. The goal is to uncover assets held by Kenyans in low-tax jurisdictions and bring them into the tax net.


Over and above, this move is set to propel Kenya towards increased tax compliance by creating a more equitable and transparent fiscal landscape. The primary objective of CRS is to combat tax evasion by ensuring that income earned and assets held by taxpayers in foreign jurisdictions are reported to their home country’s tax authority. By sharing information with the KRA, Kenyan banks can help ensure that foreign account holders are complying with their tax obligations. Additionally, these efforts are set to level the playing field for all taxpayers by subjecting all to the same tax reporting requirements and reducing the tax advantages for all taxpayers with offshore accounts.


The prospect of automatic exchange of information under CRS acts as a deterrent to individuals seeking to evade taxes by hiding income and assets offshore. With greater transparency and scrutiny, taxpayers may be less inclined to engage in tax evasion schemes. Furthermore, the CRS promotes international cooperation in tax matters by establishing a framework for the automatic exchange of financial account information between participating countries. This exchange of information allows tax authorities to identify and address tax evasion more effectively.


Needless to say, this move has raised concerns about privacy as individuals cite reservations over the idea of their data being shared with tax authorities, particularly if they have legitimate reasons for holding assets abroad, such as business operations or international investments. This could impact investment decisions and capital flows. Banks may expect fund outflows due to transfers by individuals unwilling to share their personal data. This concern needs to be addressed effectively for banks to maintain positive customer relationships. Sharing of customer data under the CRS framework is, however, in accordance with the provisions of the Data Protection Act, Section 25, which provides for principles and obligations of personal data protection and Section 48, which provides for conditions to transfer personal data outside Kenya.


Banks additionally face the burden of increased compliance and the risk of non-compliance. As data processors and data controllers, banks are required to bolster their technology to collect, process, store and share data with the KRA per the Data Protection Act. The move additionally presents the risk of data breaches in an era with proliferated concerns around cyberattacks. Sharing financial information increases the risk of data breaches and unauthorised access to sensitive information. Commercial banks ought to anticipate incurring increased costs associated with setting up the technology, training staff, and developing the systems and processes for collecting and reporting financial information. 


While the CRS aims to promote transparency, banks and the KRA should uphold customer confidentiality per the Data Protection Act. The KRA has assured account holders that their information will be used solely for tax purposes and shared only with tax authorities in other participating countries. Kenya’s adoption of the Common Reporting Standards represents a significant step towards enhancing tax transparency and combating tax evasion. However, this move also raises valid concerns about privacy, data security, and the potential impact on investment decisions and capital flows. Banks and tax authorities need to address these concerns effectively and ensure that the implementation of CRS is done in a manner that upholds customer confidentiality and complies with data protection regulations.