Last updated: 18 Oct 2025
United Kingdom — Regulatory framework
Overview of the key legal sources, supervisory responsibilities and technical standards in the United Kingdom for FATCA (Model-1 IGA), CRS/AEOI and the QI regime – including interfaces and practice notes.
Key points
- FATCA under a Model-1 IGA: reporting to HM Revenue & Customs (HMRC), onward transmission to the IRS.
- CRS/AEOI under OECD standard: automatic exchange of information via HMRC with partner jurisdictions.
- QI remains a US regime (IRS) but can leverage UK Approved KYC standards where recognised.
Who is in scope?
- Banks, investment firms, custodians, funds/asset managers
- Insurance undertakings with relevant cash value / investment policies
- Other reporting financial institutions as defined under FATCA/CRS
1) Legal sources (selection)
| Area | Source | Content / focus |
|---|---|---|
| FATCA | UK–US IGA (Model-1) + Annex I/II | Definitions, due diligence rules, reportable data; Annex II exemptions for UK institutions/products. |
| FATCA/CRS (national) | International Tax Compliance Regulations 2015 (ITCR) + updates | Domestic implementation of FATCA and CRS: reporting obligations, HMRC responsibilities, enforcement and penalties. |
| CRS/AEOI | OECD CRS standard; EU DAC2 (for legacy); HMRC guidance notes | Automatic exchange of financial account information with partner jurisdictions via HMRC. |
| QI | IRS QI Agreement; Approved KYC (United Kingdom) | US withholding tax and documentation regime; recognition of UK KYC processes within the QI framework. |
| AML/KYC | Money Laundering Regulations 2017 (as amended); JMLSG guidance; FCA rules | Customer due diligence, ongoing monitoring, record-keeping; basis for “reason-to-know” and documentation quality. |
| Data protection | UK GDPR; Data Protection Act 2018 | Legal grounds for processing/transfer; transparency duties, retention periods, data subject rights. |
2) Responsibilities
- HMRC: central competent authority and reporting hub for FATCA & CRS/AEOI; technical specifications, receipt/validation, onward transmission and enforcement.
- FCA / PRA: prudential and conduct supervision, including governance, systems & controls, and AML/KYC (with indirect impact on FATCA/CRS data quality and processes).
- HM Treasury: policy and secondary legislation in the AEOI/FATCA space.
- IRS: primary supervisor for QI (QI Agreement, Periodic Review, certifications and QDD obligations).
3) Interfaces: FATCA ↔ CRS ↔ QI
- Ensure consistency of identifiers (US TIN, GIIN), client data and documentation status across all regimes.
- Clearly distinguish Annex II exemptions (FATCA) from CRS reporting obligations for the same products/entities.
- Leverage UK KYC and AML processes for QI (Approved KYC) while reflecting FATCA/CRS-specific due diligence and reporting nuances.
4) Technical requirements (high level)
- FATCA/CRS XML based on the currently applicable schemas; secure electronic submission via the channels defined by HMRC.
- Plan for versioning, change management and test transmissions before going live or after major system changes.
- Define a robust process for corrections/deletions (amended returns, cancellations, replacement files) including governance and evidence.
5) Useful references
- United Kingdom hub: UK overview page
- Reporting mechanisms: Submission & technology
- Supervision & penalties: Reviews & measures
Note: This page provides a practice-oriented summary. The authoritative sources are the most recent official documents
(UK–US IGA and Annexes, International Tax Compliance Regulations 2015 and amendments, HMRC guidance, OECD CRS schema and commentary,
IRS QI Agreement, UK AML rules and supervisory guidance).