Offshore Tax Informant Program (OTIP) v 2.0 – Privacy impact assessment summary
Compliance Programs Branch
High Net Worth Compliance Directorate
Canada Revenue Agency
Overview & PIA Initiation
Government institution
Canada Revenue Agency
Government official responsible for the PIA
Ted Gallivan
Assistant Commissioner
Compliance Programs Branch
Head of the government institution or Delegate for section 10 of the Privacy Act
Steven Morgan
Director General, ATIP Directorate
Name of program or activity of the government institution
International, Large Business and Investigations
Description of the class of record and personal information bank
Standard or institution specific class of record:
International and Large Business and Offshore and Aggressive Tax Planning Income Tax Audits and Examination CRA ILBIB 415
Standard or institution specific personal information bank:
Offshore Tax Informant Program CRA PPU 411
Legal authority for program or activity
Subsection 220 (1) of the Income Tax Act:
“The Minister shall administer and enforce this Act and the Commissioner of Revenue may exercise all the powers and perform the duties of the Minister under this Act.”
Subsection 275 (1) of the Excise Tax Act:
“The Minister shall administer and enforce this Part and the Commissioner may exercise all the powers and perform the duties of the Minister under this Part.”
Summary of the project / initiative / change
Overview of the program or activity
The Government of Canada is committed to protecting Canada's tax base and ensuring public confidence in the fairness and integrity of the tax system. Canadians are allowed to structure their tax affairs in such a way in order to reduce the amount of tax owing – Registered Retirement Savings Plans and Tax-Free Savings Accounts are two examples of legal, beneficial ways that Canadians can reduce their taxes owing.
Investments outside the country are not illegal. Canadians who invest outside the country are in compliance with Canada's tax laws as long as they report all of the income earned outside Canada.
However, the Government of Canada and Canadian tax administrators are concerned about international financial transactions and mechanisms to avoid or evade Canadian tax. When an individual or business does not fully comply with tax legislation, an unfair burden is placed on law-abiding taxpayers and businesses and the integrity of Canada's tax system is jeopardized.
Launched as part of the Canada Revenue Agency's (CRA) efforts to fight international tax evasion and aggressive tax avoidance, the new Offshore Tax Informant Program (OTIP) allows the CRA to make financial awards to individuals who provide information related to major international tax non-compliance that leads to the collection of taxes owing. The OTIP draws on international best practices from across the globe. A number of member countries of the Organisation for Economic Co-operation and Development (OECD) also provide rewards for information regarding taxpayer non-compliance. The United States Internal Revenue Service, for example, has a Whistleblower Office that rewards individuals who come forward with information on major cases of tax evasion. International tax non-compliance is a focus of all developed nations, particularly members of the G-20, and the CRA's actions to combat this non-compliance are part of this global effort.
OTIP’s primary objective is to encourage the participation of the public in the identification of major international tax non-compliance. The program will do this by offering graduated incentive rewards from 5% to 15% of the additional federal tax assessed and collected to individuals who come forward with credible information that leads directly to the assessment and collection of additional taxes in such cases. Among other requirements, there is a basic threshold; to qualify for a reward the lead must result in the collection of at least $100,000 in additional taxes.
The OTIP is similar to the existing Informant Leads program, but with a specific international focus and a contract-based incentive reward.
Information concerning the OTIP is available on the CRA’s website at:
What's new
Changes were made to reflect current operating practices more accurately and to improve clarity about the program's security categorization of informant information. Since the first privacy impact assessment (PIA) was approved in 2013, the preliminary review process to determine auditability as well as if the program criteria are met, has changed. Offshore Tax Informant Program (OTIP) files are now referred to the Offshore Workload Development Section for audit determination analysis earlier, where previously, files would only be referred after informant contracts were initiated. The program has been renamed to OTIP from International Paid Informants Program (IPIP), a new division named Offshore Compliance Division (OCD) was created and a new Assistant Commissioner was also nominated.
Scope of the Privacy Impact Assessment
In terms of scope, this PIA is limited to the activities that relate to the collection of information from informants, the initial checks to assess the merits of the lead, whether they meet program *criteria, the eligibility of the informant for a reward, the development of recommendations for review by an Oversight Committee comprised of senior CRA managers, the initiation of contracts with informants, the sharing of information with program areas, the monitoring of the progress of OTIP files through established CRA review processes, such as audits, non-filer and enforcement actions, which may or may not culminate in (re)assessments, appeals, or collection activity.
*The program criteria is:
- whether it identifies major international tax non-compliance;
- whether it has a potential to recover additional federal tax greater than $100,000; and
- whether the informant is eligible to participate.
The information provided must have merit and include sufficient, specific, and credible facts that will allow the CRA to verify the allegation; it cannot already be known to the CRA, or be speculative.
Only individuals can participate in the OTIP. You are not eligible for this program in certain situations, including where:
- you have been convicted of tax evasion concerning the situation of non-compliance you are reporting;
- you are a CRA employee;
- you are or were a federal, provincial, or municipal employee, official, or representative, and acquired the information in the course of your employment duties;
- you are or were a contractor and acquired the information in the course of your duties for a federal, provincial or municipal government;
- you have been convicted of an offence listed in section 750 of the Criminal Code;
- you are the taxpayer involved in the non-compliance);
- you are currently an authorized representative of the taxpayer involved;
- you are legally required to disclose the information to the CRA; or
- you are providing the information anonymously;
- In addition, if the program determines that an ineligible individual provided you with the information, no reward will be made.
Informant information is collected directly from the informant, either in their written submission or in person if the files goes to contract. If we enter into contract, a formal meeting is scheduled at which time we will confirm the identity of the informant. If they are a Canadian resident, the information is compared to information in the CRA systems. If they are not Canadian resident, OTIP relies on documents provided - i.e. passport, driver licence. In addition, the informant will be required to provide a certificate of non-conviction obtained from a local law enforcement office to ensure they have not been convicted of tax evasion relating to the non-compliance or of fraud.
Taxpayer information is collected indirectly from the information submitted by the informant and also from the CRA systems.
Excluded from the scope of this PIA are established programs and activities such as audit, non-filer and investigations that conduct the detailed reviews of approved leads. In other words, OTIP-initiated reviews of taxpayer files will be processed in the same way as any other taxpayer file. Also out of scope is the existing Informant Leads program for which a separate PIA will be completed.
Risk identification and categorization
A) Type of program or activity
Criminal investigation and enforcement / National Security
Level of risk to privacy: 4
Details:
Information provided to the CRA in the context of this program is used to identify and follow up on instances of alleged tax non-compliance. Even among the small number of leads that meet all of the program criteria and qualify for reward payments, most will be treated as civil audits. While a small number of leads could be referred to the CRA criminal investigations programs, the OTIP program is intended to focus primarily on programs and activities that have administrative consequences. Nevertheless, the risk has been categorized at the highest level based on the possibility of criminal enforcement activity.
B) Type of personal information involved and context
Sensitive personal information, including detailed profiles, allegations or suspicions, biometrics, and/or the context surrounding the personal information is particularly sensitive
Level of risk to privacy: 4
Details:
Personal information about the alleged non-compliant taxpayer: Most of the personal information about the alleged non-compliant taxpayer would probably fit into category 3 above since it is sensitive information that relates to assets, financial transactions, property, etc. However, a fraction of the personal information provided by an informant about the taxpayer could qualify as risk category 4 on the basis that it is essentially a suspicion or allegation about the taxpayer’s non-compliance conveyed to the CRA in confidence by another party. The unauthorized disclosure of such allegations or findings could cause harm to the taxpayer’s reputation.
Personal information about the informant: Information that identified or gave clues to the identity of the informant in the context of the OTIP could be extremely sensitive personal information, particularly in rare cases where the safety of the informant was at issue. In extremely rare cases, injury might include severe physical harm or even loss of life.
Personal information about others: Information provided by informants could include information about business associates, family members and friends of the subject taxpayer including information that could implicate them in the non-compliance and adversely affect reputations.
Informant information is collected directly from the informant, either in their written submission or in person if the files goes to contract. If we enter into contract, a formal meeting is scheduled at which time we will confirm the identity of the informant. If they are a Canadian resident, the information is compared to information in the CRA systems. If they are not Canadian resident, OTIP relies on documents provided - i.e. passport, driver licence. In addition, the informant will be required to provide a certificate of non-conviction obtained from a local law enforcement office to ensure they have not been convicted of tax evasion relating to the non-compliance or of fraud.
Taxpayer information is collected indirectly from the information submitted by the informant and also from the CRA systems.
C) Program or activity partners and private sector involvement
Within the institution (amongst one or more programs within the same institution)
Level of risk to privacy: 1
Details:
Program activities are largely confined to OTIP employees. Information will be shared on a need-to-know basis with other program groups within the CRA, such as Audit, Non-Filer, and Criminal Investigations.
The initial analysis of leads will be conducted within the Offshore and Aggressive Tax Planning Directorate (OATPD) by a small number of designated employees. This analysis may involve consultations with subject matter experts, such as foreign investment and High Net Worth Individuals auditors. These consultations will be done without sharing informant’s identity; however, the taxpayer’s identity may be shared in certain circumstances - for example, in a discussion with workload development of various sections to establish audit potential.
Each informant that provides a lead will be notified in writing that regardless of whether the information provided ultimately results in a contract with the CRA or a payment under the program, the CRA can use the information that has been provided by an informant to carry out its mandate to ensure all taxpayers pay the correct amount of tax under the law.
A recommendation report to the senior OTIP Oversight Committee will be comprised of a summary of the information provided by the informant, including a description of the alleged international tax non-compliance. The OTIP officer’s analysis of the lead as well as the informant’s eligibility into the program, and the OTIP’s recommendation to proceed to the contracting stage will be included. This will not include the informant’s identity except in rare circumstances where the committee has a “need to know” considering the case particulars and the informant’s identity is required in order to carry out tasks effectively, such as a high profile informant. OTIP officers follow the "need to know" principal which states that the information is shared only if needed to accomplish the work. For instance to make a decision to go to contract with an informant. Acceptance by Oversight Committee triggers the OTIP to arrange a contract with the informant. Limited personal data related to informants in approved lead case files will be used for purposes of setting up a contract with the informant. The involvement of Legal Services will be on a case-by-case determination. OTIP employees are provided guidance and instruction by way of the OTIP Information Security Policy.
Limited information on approved lead case files may be routed for review/action by other CRA specialists. Case information will be routed to established CRA program divisions including but not limited to: Non-Filer, Voluntary Disclosures Program, Audit, and a small number to Criminal Investigations. Regardless of whether these review activities are organized within the OTIP or not, such as the leads program (LP) forwarding an OTIP lead to Business Intelligence and Quality Assurance (BIQA), the program will not share information about informants except in extremely rare cases and in accordance with strict criteria that satisfy Privacy Act Section 8(2) and ITA Section 241. The processes have been created and agreed to between each of the sections; there are still some sections within the CRA which OTIP has not dealt with and as such similar criteria will be created when a different sections are approached.
All of the above-described activity is internal to the CRA.
D) Duration of the program or activity: Long-term program
Level of risk to privacy: 3
Details:
The OTIP will become a permanent continuing CRA program with no scheduled end date.
E) Program population
The program affects certain individuals for external administrative purposes.
Level of risk to privacy: 3
Details:
The program will affect a small number of taxpayers who are the subjects of the information provided to the CRA by informants under the OTIP program. The population will include personal and business taxpayers as well as individuals associated with businesses that are the subject of allegations provided by informants. It may include the taxpayer’s family members and business associates. The population would also include the confidential informants who provide information to the CRA under the program and, in some cases, their representatives.
F) Technology & privacy
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information?
Risk to privacy: No
Does the new or modified program or activity require any modifications to IT legacy systems and/or services?
Risk to privacy: No
The new or modified program or activity involves the implementation of one or more of the following technologies:
Enhanced identification methods - this includes biometric technology (i.e. facial recognition, gait analysis, iris scan, fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy pass technology, new identification cards including magnetic stripe cards, "smart cards" (i.e. identification cards that are embedded with either an antenna or a contact pad that is connected to a microprocessor and a memory chip or only a memory chip with non-programmable logic).
Risk to privacy: No
Details: n/a
Use of Surveillance - this includes surveillance technologies such as audio/video recording devices, thermal imaging, recognition devices , RFID, surreptitious surveillance / interception, computer aided monitoring including audit trails, satellite surveillance etc.
Risk to privacy: No
Details: n/a
Use of automated personal information analysis, personal information matching and knowledge discovery techniques - for the purposes of the Directive on PIA, government institutions are to identify those activities that involve the use of automated technology to analyze, create, compare, identify or extract personal information elements. Such activities would include personal information matching, record linkage, personal information mining, personal information comparison, knowledge discovery, information filtering or analysis. Such activities involve some form of artificial intelligence and/or machine learning to uncover knowledge (intelligence), trends/patterns or to predict behavior.
Risk to privacy: Yes
Details:
Once it has been determined that the basic program criteria have been satisfied and the lead is eligible for further consideration under the program, an official in the OTIP office will conduct more detailed analysis by comparing details about the alleged non-compliance provided by the informant to details and data related to the taxpayer in the CRA files and systems; refer to the following CRA PIBs:
- Individual Returns and Payment Processing PPU 005
- Corporate Returns and Payment Processing PPU 047
- Collections CRA PPU 050
- Non-Filer Compliance PPU 025
- Detection and Investigations PPU 095
- Voluntary Disclosures PPU 220
- Leads Program (PIB Under Development)
Other information examined includes public data sources available to the CRA - i.e. – internet, etc. Authority for these activities is the same as the authority cited for the program, i.e., subsection 220(1) of the Income Tax Act and part IX of the Excise Tax Act.
Risk assessment tools that use aggregate data will be used. This information is restricted through the use of user identification, passwords and need-to-know. Access to mainframe information is monitored through the use of computer logs.
The CRA would be using the systems and tools available to conduct checks and analysis on all taxpayer files to determine whether the lead should be rejected or referred to the OTIP Oversight Committee for contract, and subsequently to Audit, or to other areas within the CRA such as, Non-filers, Large File Audit or Criminal Investigations.
G) Personal information transmission
The personal information is transferred to a portable device or is printed.
Level of risk to privacy: 3
Details:
Based on the importance of protecting the identities of confidential informants, the program collects information using mostly non-automated modes. Information is transmitted within the CRA based on Security Requirements for Handling Protected CRA Information – Finance and Administration Manual.
The CRA’s electronic data, including data on the CRA tax files of the alleged non-compliant taxpayer and other aggregate risk assessment data, will be analyzed and compared to verify and validate the information received from the informant. Protected B information is shared via CRA secure servers within password protected folders with limited access.
When the information is Protected C, only the informant submission is temporarily transferred to an encrypted USB key in order to be moved to a stand-alone computer in a secure room. The USB key is formatted and re-encrypted after each use. Furthermore, the sharing of Protected C information is paper-based and is hand delivered to the auditor. These processes are aligned with the Agency Storage of Protected and Classified Information and Assets Standards.
H) Risk impact to the individual or employee
Details:
While not all of the information received, used and transmitted internally will be information that could identify an informant in context, there remains a possibility that disclosure of such details could have very serious consequences such as serious injury to an informant, in rare cases possibly even death.
It is expected that most of the information the program will receive can be carefully safeguarded as Protected B; in cases where an informant expresses fear for their physical safety or otherwise could be at risk of retribution (e.g. related to organized crime), the program will safeguard this information as Protected C, based on Security Requirements for Handling Protected CRA Information – Finance and Administration Manual.
I) Risk impact to the institution
Details:
Publicity about a failure by the CRA to manage sensitive personal information that had been provided voluntarily to the CRA in the context of the OTIP program would likely cause embarrassment to the institution and have an adverse impact on overall credibility. It would likely also cause prospective informants to lose trust in the CRA. This would reduce their willingness to come forward with information, despite the prospect of a reward. In other words, it could impact the success of the program and the ability of the CRA to access a promising source of tax revenue.
In a rare, worst-case scenario, an unauthorized disclosure of personal information could result in severe harm to a confidential informant. If that happened because of a failure by the CRA to safeguard the information, and assuming that there was publicity, there would be decreased confidence by the public in the CRA’s ability to manage sensitive information. This would put the Minister and senior officials into the spotlight and cause embarrassment to the organization.
Page details
- Date modified: