Euro Pacific Bank

General Data Protection Regulation (GDPR)

What is the GDPR?

The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on May 25, 2018 and brings with it the most significant changes to data protection law in two decades. The primary goal of these changes is protection of personal data and rights, while meeting the requirements of the digital age.

The 21st century brings with it, the broad use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing of personal data, affording individuals stronger, more consistent rights to access and control their personal information.

Our Commitment

Euro Pacific Bank (EPB) (‘we’ or ‘us’ or ‘our’) is fully committed to upholding the privacy and rights of our customers, including:

  • Ensuring the security and protection of personal information that we process
  • Providing a compliant and consistent approach to data protection
  • Developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for the new Regulation

We have always had a robust and effective data protection framework in place which complies with existing law and abides by the data protection principles. However, we recognize the requirement and importance of updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.

Our preparation plans for the GDPR have been summarized in this statement and includes the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum compliance at all times.

Frequently Asked Questions

When does the GDPR come into force?
The GDPR comes into force across the EU on the 25th May 2018 where it will replace the current data protection rules in each EU country.

What information does the GDPR apply to?
The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to a specific data point (ex. name, ID number, etc.).

Does the GDPR only apply to EU organizations?
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.

Who does the GDPR apply to?
The GDPR applies to ‘controllers’ ‘joint controllers’ and ‘processors’ of personal data. A controller determines the purposes and means of processing personal data (see Article 24 of GDPR). A joint controller shares pre-agreed responsibilities with another controller (see Article 26 of GDPR). A processor is responsible for processing personal data on behalf of a controller (see Article 28 of GDPR).

How is processing defined?
The GDPR definition of ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Will Consent be covered in the Terms & Conditions?
No, it is no longer satisfactory to have consent bundled into another document or agreement. It needs to be explicit and unambiguous, and recordable.

What data protection policies and procedures are required under GDPR?
The key data protection policies and procedures under GDPR include:

  • Data Protection Policy
  • Subject Access Request Policy
  • Breach Management Policy
  • Privacy Policy
  • Data Retention Policies
  • IT Policy (usage of IT equipment)

Where can I find the EPB Privacy Policy?
The EPB Privacy Policy can be found on our website along with our Cookies Policy for the EPB website use.

Common Reporting Standard (CRS)

The Common Reporting Standard (CRS), calls on countries to obtain information from their financial institutions and exchange that information with other countries automatically on an annual basis. The CRS sets out the financial account information to be exchanged, the financial institutions required to report, the different types of accounts and taxpayers covered, as well as common due diligence procedures to be followed by financial institutions.

Euro Pacific Bank and its subsidiaries have the obligation to comply with the Organization for Economic Co-operation and Development (OECD) Common Reporting Standard (CRS).

To whom is the information reported:

  • For accounts held by Euro Pacific Securities, Inc. (Global Trading), the required information will be reported to Financial Services Commission (FSC) of the British Virgin Islands.
  • For accounts held by Euro Pacific Intl. Bank Inc., there is no reporting since the United States and Puerto Rico are non-participating jurisdictions.

When will reporting take place and for what timeframe:

  • For accounts held by Euro Pacific Securities, Inc. (Global Trading), the information will be reported for the first time in May 2018 for new accounts opened in the period of November 20th to December 30th 2017

For further information on the Common Reporting Standard you may access the OECD informative website at

What is an economic purpose?

An economic purpose is the original reason for your incoming or outgoing payment:

  • What product or service did the sender buy from you?
  • What product or service did you buy from the beneficiary?

As a licensed financial institution, we are required to know the economic purposes of the payments and/or attain any supporting documentation verifying these purposes, in order to comply with international anti-money laundering (AML) regulations.

A vague or incomplete description of your payment may result in delay or cancellation.

US Source Income Reporting

Does this apply to me?

If your account earns US source ‘fixed or determinable, annual or periodical (FDAP) income’, Euro Pacific Bank (and Euro Pacific Securities, Inc.) is mandated to report this US source FDAP income to the IRS on your behalf, regardless of your residence jurisdiction.

The United States requires all withholding agents to file an information return, known as a Form 1042-S, Foreign Person’s U.S. Source Income Subject to Withholding, to report amounts paid to foreign persons that are described under the Amounts Subject to NRA Withholding and Reporting, which includes all Fixed or determinable, annual or periodical (FDAP) income.


Please note as of January 2017, IRS Section 871(m), has expanded the scope of reporting requirements to include single stock CFDs with a US equity as an underlying asset.

How much does the filing cost?

The cost of filing is $200.00 per account, each year that an account holds investments that pay interest or dividends attributed as ‘US source income’. This means that even if a investment/security has a one-time payment, a filing will need to be made.

This reporting is mandatory and required of all firms offering investments, whereby those investments pay interest or dividends attributed as ‘US source income’. Unfortunately, due to the prohibitive cost of complying, Euro Pacific Bank and Euro Pacific Securities must pass on the cost of these filings to our clients.

Can I avoid this annual filing cost?

You may avoid future withholding and resulting $200 filing cost by requesting to disable all US Equities (i.e. Stocks, Bonds and ETFs) and single stock CFDs in your brokerage account. Please be aware that this does not guarantee that filing will be avoided, as ‘US source’ attribution rules are complex and frequently change.

In the case that a filing is required, even if US equities and single stock CFDs have been disabled, the $200 fee will be withdrawn at that time.

If you do not earn US source FDAP income during the year in question, we will ‘hold’ the $200 until the next year, and release the funds when you close your account.

For any questions about these developments please do not hesitate to contact our Client Services team. For the most up-to-date information on the Bank’s reporting requirements to the IRS please review their website directly.

Where is the bank regulated?

Euro Pacific Intl. Bank Inc. is licensed and regulated by the Office of the Commissioner of Financial Institutions (OCIF) in Puerto Rico as an International Financial Entity (license # IFE-033). International Financial Entities (IFEs) are licensed and regulated by the Office of the Commissioner of Financial Institutions pursuant to Act No. 273 of September 25, 2012, as amended (the IFE Act) and Regulation No. 5653.

Does the St. Vincent government offer banking/depository insurance?

As an international bank in Puerto Rico the Bank does not offer any type of banking/depository insurance for depositors. The Bank is not insured by the FDIC in the United States. Typically this type of insurance becomes necessary in a system where banks are lending out a substantial portion of their capital, thus exposing them to substantial counter-party risk. Since Euro Pacific Bank makes no loans and keeps a 100% reserve deposit ratio, depositors can be assured that the risk of default is extremely low. To read more about the the strong solvency provisions undertaken by the bank, please review the previous question.

Does Euro Pacific Bank make any loans, extend leverage, or use client assets in any way?

Euro Pacific Bank is unique in the banking world as it is a transactional only bank. This means that the bank keeps a deposit ratio of 100%. Contrast this to most banks worldwide, where they operate on a fractional reserve system, typically lending out 90%+ of client deposits. What this means for depositors is that the bank is not susceptible to a ‘bank run’. If all of the bank’s depositors request their capital withdrawn, this request can be fulfilled in full without compromising the solvency of the bank. Again, contrasting this with the majority of banks globally, if even a small ratio of depositors request withdrawals (10%+) the bank is at risk of insolvency and the loss of client deposits, at the very least a banking holiday.