Nowhere to Hide: The Death of Financial Secrecy
The exchange of tax information between nations has traveled a remarkable distance—from a marginal mechanism of cooperation to the most powerful tool in the arsenal of revenue authorities worldwide. What required painstaking bilateral negotiations and the breaching of bank-secrecy walls just two decades ago now happens automatically, massively, and in near-real time. The transformation has been unprecedented: more than a hundred and twenty jurisdictions, representing roughly seventy-five per cent of global financial wealth, generating millions of reports annually. The system of automatic information exchange has become the foundation of the global fight against tax fraud, avoidance, and evasion.
For Polish taxpayers conducting international business, maintaining foreign accounts, operating holding structures, or investing in crypto assets, understanding this ecosystem isn’t optional—it’s a necessity driven by genuine legal and fiscal risk.
The Architecture of Global Information Exchange
The contemporary landscape of tax-information exchange comprises several overlapping but not identical legal frameworks. Each system has its own history, specific scope, and enforcement mechanisms.
Double Taxation Agreements: The Foundation
Treaties to avoid double taxation represent the oldest and most widespread form of international tax coöperation. Poland is party to approximately ninety such agreements, covering O.E.C.D. countries and developing economies alike.
Though the primary purpose of these treaties is to eliminate double taxation by allocating tax rights between a country of residence and a country of income source, modern agreements contain extensive articles (typically Article 26, or its equivalent) governing information exchange. The standard has evolved from requiring information deemed “necessary” to the considerably broader criterion of “foreseeably relevant.”
Key elements include the allocation of tax rights for different income categories (dividends, interest, royalties, capital gains); maximum withholding-tax rates; definitions of permanent establishment; mutual-agreement procedures; exchange of information on request—where the proper authority may demand information about a specific taxpayer or transaction; spontaneous exchange—where an authority informs a partner about circumstances that might lead to revenue loss; and, increasingly, automatic exchange of certain categories of information.
Most treaties are based on the O.E.C.D. Model Convention. The U.N. Model grants greater taxation rights to the source country.
The practical significance: these treaties form the basis of most requests for information exchange directed to and from Poland. The Polish National Revenue Administration actively uses Article 26 provisions to investigate cross-border transactions—profit transfers, holding structures, royalty and interest payments.
Tax Information Exchange Agreements: Exchange Without a Treaty
T.I.E.A.s are specialized bilateral agreements focussing exclusively on information exchange, without comprehensive treaty provisions regarding the allocation of tax rights or withholding-tax reductions.
Developed by the O.E.C.D. at the turn of the millennium as a way to establish coöperation with jurisdictions that either have no income tax (traditional offshore financial centers) or possess an insufficient network of double-taxation agreements, T.I.E.A.s have distinctive characteristics: exchange of information “foreseeably relevant” to administering and enforcing domestic tax law; no “domestic interest” clause—information must be collected even if not needed for domestic purposes; confidentiality commitments protecting exchanged data; coverage of bank information, beneficial-owner data, trust structures; the possibility of conducting tax investigations on a partner state’s territory (with consent); and no elimination of double taxation.
Poland has signed T.I.E.A.s with Jersey, Guernsey, the Isle of Man, Gibraltar, San Marino, and Andorra, among others.
T.I.E.A.s traditionally functioned exclusively on an E.O.I.R. basis—Exchange of Information on Request—where one country demands specific information about an identified taxpayer or transaction. This paradigm underwent fundamental change with the adoption of the Common Reporting Standard, in 2014, which introduced automatic exchange of financial information. In contemporary practice, T.I.E.A.s remain important tools for jurisdictions not fully covered by C.R.S., or for inquiries exceeding the automatic-reporting standard (concerning particular business structures or historical transactions, for instance).
The crucial difference: T.I.E.A.s provide no tax benefits—zero withholding tax, no protection from double taxation. They serve transparency alone.
FATCA: American Unilateralism
The Foreign Account Tax Compliance Act, passed by Congress in March, 2010, as part of the HIRE Act, represents a unilateral, extraterritorial model of enforcing fiscal transparency. The mechanism is simple and brutal: all foreign financial institutions worldwide must identify and report accounts belonging to U.S. persons—citizens, residents, certain entities—under threat of a thirty-per-cent withholding tax on all payments originating from the United States.
The enforcement mechanism is elegant in its coercion: F.F.I.s reporting to the I.R.S. (directly or through national authorities) obtain “FATCA-compliant” status; non-reporting F.F.I.s are treated as “non-participating” and subject to thirty-per-cent withholding. Because most global financial institutions have exposure to the American capital market, practically all had to comply.
To facilitate implementation and resolve conflicts with domestic law (particularly data-protection regulations), the U.S. Treasury developed two models of Intergovernmental Agreements. Under Model 1 I.G.A. (reciprocal and non-reciprocal versions), F.F.I.s report to their national tax authority, which transmits data to the I.R.S.; in the reciprocal version, the U.S. commits to reciprocity. Under Model 2 I.G.A., F.F.I.s report directly to the I.R.S., requiring consent and support from national authorities.
Poland signed a Model 1 I.G.A. (reciprocal version) in 2014, implemented by statute in 2015. Polish financial institutions report to the Head of the National Revenue Administration, who transmits data to the I.R.S.
Reportable information under FATCA includes identifying data (name, address, U.S. tax-identification number); account number; account balance or value at year-end; interest, dividends, other income paid to the account; and gross proceeds from sale or redemption of assets.
The controversies are significant. There’s a lack of genuine reciprocity—the U.S. committed to it in Model 1 I.G.A.s, but implementation has been severely limited; American banks have no obligation to report a comparable scope of information. The costs are disproportionate—estimates suggest that global F.F.I. compliance costs significantly exceed U.S. tax revenues from FATCA (around eight hundred million dollars annually versus multibillion-dollar costs). And there’s a lack of Congressional authorization for reciprocity—the legal foundations of U.S. commitments in Model 1 I.G.A.s are contested.
Despite the controversies, FATCA created a template that influenced all subsequent automatic-exchange systems. It proved that a global reporting system was technologically feasible and politically enforceable.
Common Reporting Standard: The Multilateralization of FATCA
The Common Reporting Standard represents the culmination of the process begun by FATCA—a global, multilateral, reciprocal automatic exchange of information about financial accounts. Developed by the O.E.C.D. in 2014 at the request of the G20, C.R.S. has been adopted by more than a hundred and twenty jurisdictions and has become the de-facto global standard.
Key differences from FATCA: it’s multilateral and reciprocal by design—all participating countries exchange among themselves; there’s no withholding mechanism—enforcement relies on domestic regulations and international pressure; it has a broader scope—covering residents of all participating jurisdictions, not just one country; and it employs refined due-diligence procedures based on FATCA experience.
The legal basis for C.R.S. exchange includes the Multilateral Convention on Mutual Administrative Assistance in Tax Matters (more than a hundred and forty parties); bilateral agreements based on Article 26 of the O.E.C.D. Model; and regional frameworks (particularly in the E.U.—DAC2).
Poland has participated in C.R.S. since the first exchange, in September, 2017 (implementation through DAC2). Polish financial institutions report to the Head of the National Revenue Administration, which exchanges data with approximately a hundred jurisdictions.
Reportable accounts include depository accounts; custodial accounts; equity or debt interests in investment entities; insurance policies with cash value; and annuity contracts.
Due-diligence procedures require self-certification of tax residence (mandatory when opening an account); electronic-record search for preëxisting accounts; enhanced review for high-value accounts (above a million dollars); and identification of controlling persons for passive entities.
As of November, 2025: more than a hundred and twenty jurisdictions participating; nearly five thousand bilateral exchange relationships; approximately seventy-five per cent of global financial wealth covered by the system; millions of accounts reported annually.
Countries outside the system: roughly ninety-seven countries remain uncovered by C.R.S., but most are of marginal significance for international finance. The crucial exception is the United States, which doesn’t participate in C.R.S., applying only FATCA and selective bilateral exchange.
The EU Directive on Administrative Coöperation: European Maximum
The European Union is developing its own, more advanced framework for information exchange through successive amendments to the Directive on Administrative Coöperation (Council Directive 2011/16/EU). DAC is obligatory for all E.U. member states and extends significantly beyond the global C.R.S.
The evolution of DAC unfolds like a legislative thriller. DAC1, from 2011, established the original framework for administrative coöperation—exchange on request and spontaneous exchange. DAC2, from 2014, introduced automatic exchange of financial-account information, implementing C.R.S. in the E.U.; all E.U. states exchange data annually, with strict deadlines and standard formats. DAC3, from 2015, mandated automatic exchange of advance cross-border tax rulings and advance-pricing arrangements—transparency of tax-planning structures approved by other member states. DAC4, from 2016, required Country-by-Country Reporting for multinational enterprises, implementing O.E.C.D. BEPS Action 13; enterprises with consolidated revenues above seven hundred and fifty million euros must file reports automatically exchanged between tax authorities. DAC5, from 2016, granted access to beneficial-ownership information, requiring maintenance of central beneficial-owner registries and ensuring access for tax authorities.
DAC6, from 2018, introduced Mandatory Disclosure Rules. Intermediaries—tax advisers, accountants, lawyers—and, in certain cases, taxpayers must report potentially aggressive cross-border tax-planning arrangements. Reportable arrangements are identified by hallmarks: confidentiality clauses, contingent fees, standardized documentation, circumventing C.R.S. or other automatic-exchange-of-information mechanisms.
Implementation in Poland came through a 2019 statute on tax schemes (M.D.R.). The reporting obligation falls on promoters (advisers) and taxpayers. The first reporting, covering the period from June 25, 2018, to June 30, 2020, occurred in July, 2020.
DAC7, from 2021, established digital-platform reporting. Digital-platform operators—Airbnb, Uber, eBay, Allegro, OLX—must collect and report information about sellers generating income through their platforms, including identifying data, address, tax-identification number, financial-account data, and transaction value and number.
Implementation in Poland: amendment to the tax-information-exchange statute, 2022. First exchange: 2024, for the year 2023.
DAC8, from 2023, mandated crypto-asset reporting and C.R.S. extensions, transposing the O.E.C.D. Crypto-Asset Reporting Framework into E.U. law. Crypto-asset service providers—crypto exchanges, brokers, custodians—must report transactions in crypto assets. Additionally, C.R.S. was extended to cover e-money and digital assets.
Transposition deadline: December 31, 2025. First exchange: 2027, for the year 2026.
DAC9, from 2025, enables exchange of Pillar Two (global minimum tax) information, implementing reporting of the GloBE Information Return in the E.U. Multinational enterprises covered by Pillar Two must file Top-up Tax Information Returns, automatically exchanged between member states.
Crypto-Asset Reporting Framework: The End of Pseudonymity
CARF is the newest addition to the global transparency architecture, addressing the challenge of crypto assets operating outside traditional financial-institution reporting frameworks. Published by the O.E.C.D. in June, 2023, CARF extends the automatic-exchange paradigm to digital assets.
Reporting Crypto-Asset Service Providers include centralized exchanges (Binance, Coinbase, Kraken); crypto-asset brokers and dealers; custodial-wallet providers; crypto-A.T.M. operators; and selected DeFi platforms (if exercising actual control).
A key O.E.C.D. interpretation from October, 2024: non-custodial service providers, including those operating in a decentralized manner, may meet the R.C.A.S.P. definition. This significantly expands CARF’s potential reach beyond centralized exchanges.
Reportable transactions include exchanges of crypto assets for fiat currency; exchanges between different crypto assets; crypto-asset transfers (including airdrops, staking income, crypto loans); and Reportable Retail Payment Transactions (merchant payments in crypto, with a fifty-thousand-dollar annual threshold).
Reportable information includes personal data (name, address, jurisdictions of tax residence, tax-identification number, date and place of birth); account identifier; aggregate amounts by type of crypto asset and transaction type; and number of units and value of transfers.
Transactions are reported in aggregate by crypto-asset type, not transaction by transaction.
Exclusions: Central Bank Digital Currencies—by definition transparent to the state; e-money products meeting specified regulatory criteria; and closed-loop crypto assets (loyalty points).
Implementation timeline: sixty-one jurisdictions committed to implementation as of November, 2024; December 31, 2025, is the deadline for transposition into domestic law (E.U. via DAC8); 2026 is the first reporting year; 2027 marks the first CARF data exchange.
Parallel C.R.S. extension (C.R.S. 2.0): e-money accounts covered by C.R.S.; CBDC providers as Financial Institutions; extended reporting on indirect investments in crypto assets.
Practical implications: starting in 2027, regulated crypto exchanges will report all user transactions to tax authorities in their countries of residence. The pseudonymity of blockchain will be pierced by K.Y.C. at the on-ramp and off-ramp level. Decentralized solutions—self-custody wallets, peer-to-peer, non-K.Y.C. decentralized exchanges—remain theoretically possible but practically limited; at the moment of conversion to fiat, the system will catch the user through the bank.
BEPS and Country-by-Country Reporting: Corporate Transparency
The Base Erosion and Profit Shifting initiative (O.E.C.D./G20, 2013-15) fundamentally changes the corporate-tax landscape. Though none of the fifteen BEPS Actions focusses directly on intensifying information exchange, effective BEPS implementation depends critically on robust information sharing.
BEPS Action 13—Transfer Pricing Documentation and Country-by-Country Reporting—requires multinational enterprises with consolidated revenues above seven hundred and fifty million euros to prepare and file a Country-by-Country Report showing global allocation of income, taxes paid, economic activity (employment, tangible assets), and the nature of business activity.
The report is filed in the country of the Ultimate Parent Entity and automatically exchanged with all jurisdictions where the M.N.E. has subsidiaries or permanent establishments.
Implementation status, as of 2023: more than ninety countries introduced C.b.C. reporting; thirty-three hundred bilateral C.b.C. exchange relationships; tens of thousands of C.b.C. Reports exchanged annually.
Poland: implementation by statute, 2016 (Articles 27c-27f of the Corporate Income Tax Act). C.b.C. Reports are filed with the Head of the National Revenue Administration, which exchanges them with proper jurisdictions based on the Multilateral Competent Authority Agreement.
BEPS 2.0—Pillar One and Pillar Two—represents the next phase. Pillar One reallocates tax rights for the largest and most profitable M.N.E.s to market jurisdictions; a Multilateral Convention is under negotiation. Pillar Two establishes a global minimum tax of fifteen per cent for M.N.E.s with revenues above seven hundred and fifty million euros, with implementation in more than fifty jurisdictions by 2025. The GloBE (Global Anti-Base Erosion) Model Rules require detailed reporting of effective tax rates and top-up taxes by jurisdiction.
The GloBE Information Return is automatically exchanged in the E.U. under DAC9. Global G.I.R. exchange is in development.
Projected revenue impact: BEPS 2.0 is estimated to generate approximately a hundred and fifty billion dollars in additional global tax revenue annually.
Polish Legal Framework: Implementation and Enforcement
The Tax Information Exchange Act
The primary statute regulating Polish participation in international tax-information exchange is the Act of March 9, 2017, on the exchange of tax information with other states.
The statute defines legal frameworks and principles for tax-authority operations in information exchange; obligations of reporting financial institutions (FATCA, C.R.S.); obligations of reporting entities (C.b.C., DAC7, DAC8); competent-authority jurisdictions for data exchange; due-diligence procedures; and sanctions for non-compliance.
The competent authority: the Head of the National Revenue Administration (formerly the Minister of Finance as Head of the N.R.A.).
When Can Polish Authorities Refuse to Transmit Information?
The statute defines situations when the Head of the N.R.A. may refuse to transmit information to an authority of a member state or third country:
Exhaustion of domestic means—justified presumption that the foreign-state authority hasn’t exhausted all possibilities of obtaining information in its own country, or that another authority from that state can provide such information. The rationale: protection against a flood of international requests generating unnecessary administrative workload for Polish authorities.
Lack of legitimacy—the foreign authority has no legal basis to obtain information under its own domestic law.
Protection of secrecy—transmitting information would violate business secrecy, industrial secrecy, professional secrecy, or production-process secrecy.
Inadequate safeguards—the requesting state’s domestic-law provisions don’t secure confidentiality at a level comparable with Polish standards.
Public order—transmitting information would violate the public order of the Republic of Poland.
These protective mechanisms are an international standard (found in the O.E.C.D. Model and most DTA and T.I.E.A. agreements), but in practice they’re rarely applied. International pressure for full compliance with automatic exchange of information is substantial, and the O.E.C.D. Global Forum evaluates jurisdictions precisely on the effectiveness of exchange.
Scope of Automatically Transmitted Information
Exclusions from the statute’s scope: E.U. provisions on coöperation within V.A.T. (separate VIES and MOSS systems); customs and excise (Customs Information System); social-insurance contributions; stamp duty; and contractual obligations.
In the remaining scope, a foreign state’s tax authority may request data transmission (exchange on request via DTA or T.I.E.A.).
Automatic exchange ex officio occurs at least once a year, within six months after the end of the tax year, and includes data concerning income earned in the tax year by personal-income-tax taxpayers from employment relationships, service relationships, coöperative employment relationships; outwork; cash benefits paid by an employer; activity performed personally; pensions or annuities; and other domestic benefits shown in declarations.
This exchange covers Polish tax residents working abroad and foreign residents working in Poland.
FATCA and C.R.S. automatic exchange: Polish financial institutions report to the Head of the N.R.A., which exchanges data with proper jurisdictions according to the Multilateral Competent Authority Agreement and bilateral Competent Authority Agreements.
Inspection and Enforcement
Powers of the National Revenue Administration:
In connection with implementing tax-information-exchange provisions, N.R.A. representatives may ask questions of witnesses and parties during interrogations; review and record documents and other evidence related to the case; conduct inspections at reporting financial institutions; and demand access to due-diligence documentation.
A taxpayer or reporting entity has an obligation to coöperate with the authority, also in view of Fiscal Criminal Code provisions.
Sanctions: The Fiscal Criminal Code
Article 80c: A fine of up to a hundred and eighty daily rates is imposed on one who, acting in the name or interest of a reporting financial institution, contrary to provisions of the Act of March 9, 2017, on the exchange of tax information with other states, fails to fulfill the obligation of applying due-diligence rules and procedures; applying reporting procedures; recording activities undertaken within due diligence; collecting documentation required in applying due-diligence procedures; or removing irregularities indicated as a result of inspection within the deadline.
Daily fine rate: from one-thirtieth to four hundred times the minimum wage (2025: from approximately a hundred and forty-one złotys to a hundred and sixty-nine thousand two hundred złotys).
Maximum fine: a hundred and eighty times a hundred and sixty-nine thousand two hundred złotys equals thirty million four hundred and fifty-six thousand złotys (more than thirty million złotys, or roughly seven million dollars).
This is a very serious sanction, particularly for smaller financial institutions. In practice, the N.R.A. actively monitors compliance—especially regarding the correctness of self-certifications, completeness of reporting, and quality of due-diligence procedures.
What Does This Mean for Polish Taxpayers and Enterprises?
If You Have Foreign Accounts or Structures
Full transparency: forget about “hidden” accounts. If you’re a Polish tax resident and have an account in Switzerland, the Head of the N.R.A. receives an annual report with complete information (balance, income, transactions).
A trust in Jersey? A foundation in Liechtenstein? A holding company in the Caymans? All these structures must disclose their controlling persons. The bank reports not only on the structure’s accounts but also on beneficial owners.
Put your affairs in order—now: if you haven’t properly settled foreign accounts or structures, it’s time to act. Active remorse allows voluntary disclosure of arrears before proceedings are initiated by the office, significantly reducing penalties.
If You Invest in Cryptocurrencies
The end of pseudonymity (starting in 2027): regulated exchanges will report all transactions. Every sale, exchange, transfer—visible to the Polish revenue office.
If you profited from crypto in the past and didn’t settle—you still have time for voluntary disclosure. After 2027, when the N.R.A. begins receiving CARF data, options will be far more limited.
The New Reality of Fiscal Transparency
The global architecture of tax-information exchange has undergone a revolutionary transformation—from the bank-secrecy paradigm of the post-Second World War era to a comprehensive automatic-exchange system in 2025. The system encompasses treaties to avoid double taxation with extended information-exchange clauses; specialized tax-information-exchange agreements; FATCA (controversial but influential); the multilateral Common Reporting Standard covering more than a hundred and twenty jurisdictions and approximately seventy-five per cent of global financial wealth; E.U. DAC Directives successively extending scope (financial accounts → tax interpretations → C.b.C. reporting → aggressive planning → digital platforms → crypto assets → Pillar Two); and the developing Crypto-Asset Reporting Framework, closing the cryptocurrency gap.
The estimated annual impact on budget revenues ranges from hundreds of millions to billions in individual systems. Beyond direct collection, there’s a powerful deterrent effect, encouraging voluntary compliance.
For individuals and companies conducting legitimate business, settling transparently—C.R.S. and related systems pose no threat. On the contrary, they eliminate unfair competition from tax evaders.
For those attempting to avoid taxation, options have been exhausted. One can adapt and pay taxes due. One can voluntarily disclose past irregularities (active remorse). One can ignore reality and wait for the system to catch up—and sooner or later it will.
The era of offshore tax avoidance has ended. The era of bank secrecy has ended. The coming CARF implementation also closes the cryptocurrency loophole. This isn’t a question of “whether”—it’s a question of “when,” and for most the answer is: it’s already happened.
Founder and Managing Partner of Skarbiec Law Firm, recognized by Dziennik Gazeta Prawna as one of the best tax advisory firms in Poland (2023, 2024). Legal advisor with 19 years of experience, serving Forbes-listed entrepreneurs and innovative start-ups. One of the most frequently quoted experts on commercial and tax law in the Polish media, regularly publishing in Rzeczpospolita, Gazeta Wyborcza, and Dziennik Gazeta Prawna. Author of the publication “AI Decoding Satoshi Nakamoto. Artificial Intelligence on the Trail of Bitcoin’s Creator” and co-author of the award-winning book “Bezpieczeństwo współczesnej firmy” (Security of a Modern Company). LinkedIn profile: 18 500 followers, 4 million views per year. Awards: 4-time winner of the European Medal, Golden Statuette of the Polish Business Leader, title of “International Tax Planning Law Firm of the Year in Poland.” He specializes in strategic legal consulting, tax planning, and crisis management for business.
