In this regard, the FBR has issued revised standing operating procedure (SOP) for AEOI Zones here on Tuesday. The FBR said that the SOP issued vide C # 2(103)Int. Taxes (Ops)/14(pt) dated 12th June, 2017 has been amended. The revised SOP is as under which shall be strictly followed in FBR (HQ), concerned LTUs/RTOs and all the AEOI Zones.
Establishment of AEOI Zones: Pursuant to approval of the Board-in-Council, six Automatic Exchange of Information (AEOI) Zones have been established, including Commissioner Inland Revenue, AEOI Zone, Peshawar; Commissioner Inland Revenue, AEOI Zone, Islamabad; Commissioner Inland Revenue, AEOI Zone, Lahore; Commissioner Inland Revenue, AEOI Zone, Multan; Commissioner Inland Revenue, AEOI Zone, Karachi; and Commissioner Inland Revenue, AEOI Zone, Quetta.
The number of the AEOI Zones and of the officers/staff in each Zone may be increased by the Board according to the requirements. The database administrators of PRAL in the concerned LTU/RTO will provide technical support to the AEOI officers of each AEOI Zone in discharge of their functions. The concerned chief commissioners will report to Member (IR-Policy) with respect to processing and utilizing of AEOI information.
The IR-Policy Wing shall supervise the functions of AEOI Zones and issue necessary instructions from time to time. The Administration and IT Wings of FBR will provide full administrative, logistic and infrastructure support to the AEOI Zones for their establishment and smooth functioning.
All the officers and staff posted in the AEOI Zones shall strictly observe confidentiality measures and data safeguards. The concerned Chief Commissioner Inland Revenue (CCIR) shall take into account all the aspects of confidentiality and data safeguards before posting of officers and staff in the AEOI Zones. Only officers and staff of proven integrity, professional competence and IT expertise will be posted in the AEOI Zones.
Any breach of confidentiality measures and data safeguards will warrant strict proceedings under the Efficiency and Discipline Rules, 1973 and other applicable laws in the country. The officers and staff of AEOI Zones will be imparted trainings on confidentiality and data safeguards.
The Administration and IT Wings of FBR and the concerned LTUs/RTOs will provide complete infrastructure and logistic support to the AEOI Zones, including IT infrastructure, including computers and printers. The FBR said that an isolated Center, dedicated for receipt of information and data processing, has been established in the FBR Headquarters.
The Center has been secured both physically and virtually. All the AEOI data shall be accessed, processed and transferred only from the AEOI Center by dedicated human resource. All activities and transactions in the AEOI Center will be monitored and recorded. The monitoring of AEOI zones will also be carried out virtually through this Center.
Only the following officers will have access to the AEOI Center of FBR Headquarters: Chairman, FBR; Member (Inland Revenue-Policy), FBR; Chief (International Taxes), FBR; Secretary (Exchange of Information), FBR; notified PRAL Officials and assigning Jurisdiction to AEOI cases.
The information received from various jurisdictions on automatic basis under a bilateral or multilateral agreement/instrument shall be cross-matched with the existing database in the AEOI Center. In case the reported person is an existing taxpayer, the information shall be passed on to the concerned AEOI Zone as per the aforementioned jurisdiction.
In case the reported person is not registered with FBR, the Secretary (Exchange of Information) shall assign jurisdiction of the case to the relevant AEOI Zone based on the current address. The entire sorting and cross-matching exercise along with assigning of the jurisdiction and any other function related thereto will be carried out only in the AEOI Centre of FBR (HQ) by the designated officials.
Based on the above jurisdiction, the information shall be transferred electronically from the AEOI Centre to the desktop of the Commissioner of relevant AEOI Zone through a secured channel. The Commissioner (AEOI) will not have any access whatsoever to the information pertaining to other AEOI Zones.
On receipt of information, in case of existing taxpayer, the Commissioner AEOI Zone shall seek physical record from the concerned Large Taxpayers Unit or Regional Tax Office where the case exists. Once such request is made to the existing office, the jurisdiction of the case shall cease to exist in that office and shall be deemed to be transferred to the concerned AEOI Zone.
The Commissioner of the existing Zone shall transfer the case to the concerned AEOI Zone along with its complete record and a summary identifying pending issues, assessments, recoveries, etc. The Commissioner AEOI Zone shall open and maintain separate confidential covers pertaining to the information received and keep the confidential covers in safe custody, inaccessible to irrelevant and unauthorized staff or persons.
The Commissioner AEOI Zone shall also record entry in the manual stock register for AEOI cases and keep such registers in safe custody. The FBR said that the all transfer of information from AEOI Center to the Commissioners AEOI Zones will take place through Virtual Private Network (VPN) Tunnel. The information will be encrypted and digitally signed.
The FBR said that the information will only be accessible on a dedicated computer in AEOI room of the concerned LTU/RTO. Access to the dedicated computer will be password protected. Each AEOI room will be virtually monitored both in the concerned LTU/RTO and FBR (HQ). Access to the AEOI room shall be restricted to authorized personnel through biometric verification.
No storage device including USB, hard-drive, mobile phones, cameras, etc, shall be allowed in the AEOI rooms. No internal intranet access will be available on the dedicated computer and AEOI room. Registration of unregistered Persons: In case of unregistered person, the concerned Commissioner (AEOI) shall register the person as prescribed in Chapter VIII of Income Tax Rules, 2002.
Seeking Documents/ Information; The Commissioner (AEOI) will issue notice u/s 176 of Income Tax Ordinance, 2001 to the reported person seeking any information or documents as deemed appropriate. The information and documents sought in the notice may, inter alia, include CNIC/NICOP/POC/NTN, details about the financial account, sources of investment, etc.
The Commissioner (AEOI) may also seek information u/s 176 of Income Tax Ordinance from any other person or authority, as deemed appropriate, while taking into account confidentiality of AEOI information received. The Commissioner (AEOI) may also summon the reported person for investigation u/s 176 (1) (b) of the Income Tax Ordinance, 2001.
Proceedings in the Case: In case of unsatisfactory reply to the notice u/s 176 of the Income Tax Ordinance, 2001, or no reply at all, the Commissioner (AEOI) shall issue notices u/s 114(4) and 116(1) of the Income Tax Ordinance, 2001, in cases where income tax return and wealth statement have not been filed. Once response to the aforementioned notices is received, or no reply is received at all, as well as cases where income tax return and wealth statement has already been filed, the Commissioner (AEOI) shall proceed in the case in accordance with the provisions of Income Tax Ordinance, 2001.
The final outcome of the case shall be reported to the Board. Confidentiality and Data Safeguards: All matters related to confidentiality and data safeguards in AEOI Centre, AEOI Zones and any other AEOI related persons, or jurisdiction, will strictly be governed under Income Tax Ordinance, 2001, Sales Tax Act, 1990, Federal Excise Act 2005, Prevention of Electronic Crimes Act, 2016, Efficiency and Discipline Rules 1973, Government Servants Conduct Rules 1964, Official Secrets Act 1923, Electronic Transactions Ordinance, 2002 and other applicable laws for the time being in force.
Any breach of confidentiality and data safeguards will be taken very seriously and proceedings initiated against the concerned persons under the aforementioned laws. All the concerned wings of FBR and PRAL will ensure that proper confidentiality clauses are incorporated in all the contracts of goods or services, if any, related to the Data Center, AEOI Center and AEOI Zones for automatic exchange of information.
It shall also be specified in such contracts that any breach of confidentiality by any person, including contractors and their employees, during the term of contract or afterwards, shall attract criminal prosecution under the applicable laws.
Steps to be taken in case of any suspicion or attempt of the breach of Confidentiality or Data Safeguards: The Member (IR-Policy) and the concerned chief commissioner shall keep regular oversight of matters related to confidentiality and data safeguards.
The FBR said that any access to AEOI facilities and information is strictly prohibited to all officers and officials of FBR and PRAL, other than AEOI officers posted in AEOI Centre or AEOI Zones. Any technical, administrative, logistic or otherwise support to the AEOI Units will take place under the personal supervision of Commissioner (AEOI) or Chief (International Taxes), as the case may be.
Periodic inspections will be conducted to ascertain that necessary measures are being taken to ensure confidentiality and protection of AEOI data. Whoever associated with AEOI, including the officers and staff in the AEOI Center/Data Center and AEOI Zones, who has any suspicion or comes to know of any attempts of breaches of Confidentiality or Data Safeguards pertaining to the infrastructure, systems and information of AEOI, shall immediately report to the concerned Commissioner (AEOI) in case of AEOI Zones and the Chief (International Taxes) in case of Data Center and AEOI Center.
The report will specify the nature and grounds of the suspicion or attempt of any breach of confidentiality and data safeguards and also provide the details about the suspects and evidence, if any. In case of an urgent situation, the Commissioner (AEOI) and Chief (International Taxes), as the case may be, can also be informed verbally which shall be followed by a written report later on.
The Commissioner (AEOI Zone) and the Chief (International Taxes) will conduct a preliminary investigation, respectively, on the report and also take any immediate steps or damage controls which the situation may warrant. The Commissioner (AEOI Zone) and the Chief (International Taxes) will discuss the matter forthwith with the Chief Commissioner and Member (IR Policy) respectively.
The Chief Commissioner and Chief (International Taxes), as the case may be, will secure the respective premises in all respects, including blocking of all the User IDs in the concerned premises. The user IDs of the entire premises will be blocked by Secretary (Exchange of Information) on the directions of the Chief Commissioner or Chief (International Taxes).
The matter shall also be reported to the Member (IR Policy) by the Chief Commissioner of the concerned AEOI Zone, directly or through Chief (International Taxes), in respect of AEOI Zone and by the Chief (International Taxes) in respect of AEOI Center and Data Center.
A fact-finding inquiry will be initiated by the Member (IR Policy) which shall be completed in a fortnight, unless there are specific reasons for extension of the time frame, which shall be recorded in writing by the enquiry officer and approved by Member (lR-Policy).
The Chief Commissioner and Chief (International Taxes), in consultation with Member (lR-Policy), will take all necessary measures to ensure that confidentiality of the data is not compromised during the inquiry. The inquiry officer or a committee entrusted with the fact-finding may also seek assistance of law enforcement agencies u/s 178 of Income Tax Ordinance, 2001.
The user IDs will be restored once all the necessary steps are taken to ensure confidentiality and data safeguards in the premises. Approval for the restoration of user IDS will be sought from the Member (IR Policy).
Once the identity is ascertained and it is found that the person committing the offence is an FBR employee, necessary proceedings will be initiated under the Efficiency and Disciplinary Rules, 1973, Prevention of Electronic Crimes Act, 2016, relevant provisions of Tax Laws, the Official Secrets Act, 1923, Electronic Transactions Ordinance, 2002 or any other applicable laws for the time being in force.
In case of PRAL employee, proceedings will be initiated under the PRAL Rules, 2014, Prevention of Electronic Crimes Act, 2016, the Official Secrets Act, 1923, Electronic Transactions Ordinance, 2002, relevant provisions of tax laws or any other applicable laws for the time being in force.
In case of any other person, not being a current FBR or PRAL employee, a case will be registered for his/her prosecution and punishment in accordance with the relevant provisions of Tax Laws, the Official Secrets Act, 1923, Electronic Transactions Ordinance, 2002 or any other applicable civil and criminal laws for the time being in force. This revised SOP is being issued with the approval of Chairman, FBR/Secretary, Revenue Division. The Board may issue any further instructions in this regard from time to time, the FBR added.