Key Takeaways

• The Common Reporting Standard (CRS) allows the ATO to gain access to foreign bank information. The CRS impacts data collaboration between the ATO and banks internationally by providing specific requirements and mandates that should be followed. It was implemented by Australia and other OECD countries
• The UK General Data Protection Regulation (UK GDPR) ensures that everyone using personal data follows strict rules (data protection principles). They have to ensure that the information is used transparently, lawfully, and fairly.
• Through Currency Transaction Reports (CTRs), banks are mandated by federal law to report currency transactions of over $10,000 conducted in a single day to the IRS.

Introduction

Case Studies for Tax Authorities' Data Collaboration with Banks

1. The US Tax Authority (Internal Revenue Service)

i) How the Collaboration is Established

• First, through Currency Transaction Reports (CTRs), banks are mandated by federal law to report currency transactions of over $10,000 conducted in a single day.
• The IRS can then use "CTR information to identify cash activity that is not accurately reported on income tax returns." Bank deposits can also be used by the IRS to analyze potential taxable income.
• Because of information statements such as Form W-2 and Form 1099 under citizens' Social Security Numbers, the IRS can access financial accounts because:

• When one receives over 10% interest in the bank during the year, the bank is mandated to report this interest to the IRS using Form 1099-INT.
• For those that get paid through merchant accounts like VISA or PayPal, with enough transactions, the IRS can see the amounts of these transactions on Form 1099-K.
• In case of a revenue audit or back tax issue, the IRS revenue officer can request bank account information by summoning it directly from the bank. However, the IRS needs to prove that the summon is for a legitimate reason and that the information is relevant.
• Banks are also required to report unusual or suspicious activity among depositors by filing a Suspicious Activity Report and the IRS can then access the account information.

ii) The purpose of the Collaboration

• The IRS reviews bank accounts (collects information from banks) to:
•  Conduct an official audit. 
•  Review a foreign account. 
•  Analyze suspicious deposits.  
• An IRS audit is an official investigation of all of an individual's accounts, including bank accounts. An audit compares the income reported on the tax return and bank account statements.

iii) The Information that is Shared

• The information that banks share with the IRS, when necessary, is general bank account information such as deposits and transactions.

iv)How Often the IRS Receives the Data

• There is no set or specific period for data sharing. The information is shared when the IRS determines that it is reasonably required. For instances like the Credit Transaction Report, banks share the data with IRS when they deem financial transactions suspicious.

2. The UK Tax Authority (HMRC)

i) How the Collaboration is Established

• Her Majesty's Revenue and Customs (HMRC) has the power to obtain relevant information from third parties such as banks to check whether they are paying the correct amount on Capital Gains Tax, income tax, VAT, and Corporation Tax.
• This information is obtained after HMRC issues a third-party notice.
• However, HMRC cannot issue a third-party notice without the tax tribunal's or taxpayer's approval. Also, it has to prove that the information is reasonably required.
• For data that is collected for exchange with tax authorities of other countries, the collaboration is established through the automatic exchange of information which is the "exchange of information between countries without having to request it." Through these agreements, HMRC is allowed to collect data from banks to share with other countries.

ii)The purpose of the Collaboration

• Automatic Exchange of Information agreements that are made between the UK and other countries allow for the exchange of information between multiple countries. This helps identify information surrounding financial investments and accounts to tackle and deter non-compliance such as tax evasion.
• Also, they allow for the exchange of information surrounding specific hallmarks that can be used to evade or avoid tax.

• Bank account details that are collected from banks as third parties are used when:
• HMRC needs to comply with a legal obligation. 
• It is necessary for the performance of a task that is carried out in the public interest.
• When HMRC is exercising its official authority as a government department. For example, in relation to income and inheritance tax.
• It is "necessary for the purposes of the prevention, investigation, detection, or prosecution of criminal offenses."

iii) The Information that is Shared

• The data that is provided by banks to HMRC in relation to Automatic Exchange of Information agreements includes:
• The account holder's:
•  Name.  
•  Address.  
•  Date of birth.  
•  Place of birth.  
•  Tax identification number.  
•  Account number.  
•  "Account balance, or value, at the end of the calendar year, or another appropriate period."
• "Interest, dividends, other income, or gross proceeds" paid by the account provider "during the calendar year, or another appropriate period."
• Where the account holder is a resident for tax purposes.
• Details of reportable agreements that the account holder is involved in.
• The name and identifying number of the account provider.

• Data collected for use internally includes general bank account information.

iv) How Often the HMRC Receives the Data

• For collaboration that is done under the Automatic Exchange of Information Agreements between the UK and other countries:
• Data from UK banks is collected annually by 31st May and "information on reportable arrangements is provided to HMRC on an ongoing basis."

• Data collected for use internally is received when HMRC determines that the information is reasonably required. 

International Banks

• Data pertaining to UK tax residents from international banks is collected through the relevant tax authority in the other country.

3. The Australian Tax Authority (Australian Tax Office)

i) How the Collaboration is Established

• The ATO has strong legal powers to access personal bank information. These powers allow it to get Australian bank statements directly from the bank.
• Organizations like banks have a legal obligation to report information to the ATO. This means that the collaboration is through legislated data collection.

ii) The purpose of the Collaboration

• The ATO collects personal information from third parties like banks to make sure that the information provided by taxpayers is accurate.
• Collecting information from banks helps with identifying those that are not complying with their taxation obligations.
• The data is used for data matching whereby it is validated and matched against the ATO's information to identify "where people and businesses may not be reporting all their income."
• If required, the ATO can access bank records to audit tax affairs.

iii) The Information that is Shared

• Banks must send the ATO information surrounding their "customers’ investments and investment income."
• Under a tax audit, the ATO collects the following information:
• The amounts withdrawn from the bank account.
• The amounts deposited in the bank account.
• The payments received electronically from the bank account.
• The payments made electronically from the bank account.
• Generally, the ATO can collect any information that they deem necessary for the intended purpose.

iv) How Often the ATO Receive the Data

• Data collected for use internally is received when HMRC determines that the information is reasonably required 

Regulations/laws Governing Data Collaboration between the Tax Authorities and Banks Internationally

Australia

1. The Common Reporting Standard

• The Common Reporting Standard (CRS) allows the ATO to gain access to foreign bank information. The CRS impacts data collaboration between the ATO and banks internationally by providing specific requirements and mandates that should be followed, as detailed below. It was implemented by Australia and other OECD countries
• It is a "legal requirement for the automatic exchange of financial account information between a foreign bank and the ATO."
• It came into effect on July 1, 2017.
• Under the CRS, the foreign bank reports the following information to the ATO concerning Australians' foreign bank accounts:
•  Name. 
•  Address.  
•  Taxpayer Identification Number.  
•  Date and place of birth.  
•  Account number.
• The name and identifying number of the reporting financial institution.
• The "account balance or value as of the end of the relevant calendar year (or another appropriate reporting period)."
• The "details of any accounts closed in the relevant calendar year (or another appropriate reporting period)."
• Depending on the account type, information regarding dividends, interest, capital gains, and others.
• Any inconsistencies between the information that is reported by the foreign bank to the ATO and the information that an Australian citizen reports to the ATO surrounding their foreign income may lead to an "audit of tax affairs to investigate the discrepancy."

Instances that It has Been Applied

• The CRS was first used in 2018 when the first exchange of information occurred.
• Under the CRS:
• The "first review of preexisting individual accounts of high value", "the first review of preexisting entity accounts," " and the first report of reportable accounts," were completed on 31st July 2018.
• The "first exchange of reportable accounts was conducted with exchange partners" on 30th September 2018.

2. Standard for Automatic Exchange of Financial Account Information

• The Standard for Automatic Exchange of Financial Account Information is an international consensus developed by the OECD with G20 countries, containing the international consensus on the "automatic exchange of financial account information for tax purposes, on a reciprocal basis"
• Australia is part of the over 60 jurisdictions that have committed to the standard and the ATO relies on the standard's regulations when obtaining data/establishing data collaborations with banks in foreign jurisdictions.
• The standard, therefore, impacts data collaboration between the ATO and banks internationally by ensuring that as the world becomes increasingly globalized, it is easy for all taxpayers to manage investments through banks outside Australia.
• However, the focus is on ensuring that the vast amounts of money that are kept offshore do not go untaxed, meaning that the taxpayers fail to comply with the tax obligations in their jurisdictions.
• Through the exchange of information financial standards, data collaboration is impacted.

Instances that it Has Been Applied

• In March 2015, Australia was the "first jurisdiction to sign a joint declaration with Switzerland to exchange data based on the Standard for Automatic Exchange of Financial Account Information.
• In 2020, Taiwan's Ministry of Finance completed its "first provision to and received from" Australia financial data concerning 2019.

3. Model Competent Authority Agreement

• The Model Competent Authority Agreement (CAA) links the Common Reporting Standard (CRS) and the legal basis for the exchange of data between the ATO and foreign banks.
• The legal basis could be a bilateral tax treaty or the Convention.
• The Model CAA consists of clauses that provide modalities for the exchanges to make sure that the flow of information is appropriate. This impacts data collaboration between the ATO and international banks.
• The clauses contain "representations on confidentiality, safeguards, and the necessary infrastructure for establishing and maintaining an effective exchange relationship."
• There is also a section that deals with the type of information that should be exchanged, the manner and time of the exchange, and the data and confidentiality safeguards that should be respected.

Instances that it Has Been Applied

• The agreement between Singapore and Australia was concluded on September 6, 2016.
• The entry into force and effective dates were February 27, 2017. 
• On April 28, 2014, the U.S. and Australian governments signed the competent authority agreements between their jurisdictions.

The UK

1. Requirement to Correct (RTC)

• The RTC legal requirement creates an obligation for those with "undeclared UK tax liabilities that involve offshore matters to disclose the relevant information surrounding this non-compliance to HMRC.
• For careless and innocent mistakes, the assessment deadline is April 5, 2026.
• This requirement relates to liabilities to Inheritance Tax, Income Tax, and Capital Gains that involve offshore matters or transfers.
• This means that any UK taxpayer with an overseas bank account should declare this income to HMRC, indicating that this has an impact on data collaboration with banks internationally. When citizens disclose account details such as deposits, transfers, and account balances to HMRC, it directly impacts the data collaboration.

Instances that it Has Been Applied

• In 2018, before the Common Reporting Standard was introduced among OECD countries, a requirement to correct deadline was introduced whereby for anyone that had offshore affairs, the deadline allowed them to correct non-compliance voluntarily.
• The RTC requirement is still being enforced by HMRC with ongoing assessments.

2. Double Taxation Agreements (DTA)

• Double Taxation Agreements are treaties between countries to avoid international double taxation of income.
• The primary purposes of DTAs are to divide the taxation rights between the countries in the contracts, avoid differences, and prevent tax evasion.
• Individuals with permanent residence and tax liability in either of the contracting countries are entitled to reductions or exemptions from taxation of income based on the provisions of the agreements. Without these agreements, the income would be subject to double taxation.
• Such agreements require that the governments (in this case, the UK and the other government in the contract) obtain information on the income through bank accounts to determine that there is a need to prevent double taxation. Anyone applying for reduction or exemption has to provide supporting details like the foreign income.

Instances it Has Been Applied

• The UK has concluded a DTA with the U.S. and "companies can apply for relief at source from UK Income Tax under the United Kingdom/United States Double Taxation Convention (SI 2002 Number 2848)."
• The UK has concluded a DTA with Japan and "companies can apply for relief at source from UK Income Tax under the United Kingdom/Japan Double Taxation Convention (SI 2002 Number 2848)."

3. Tax Information Exchange Agreements (TIEAs)

•  Tax Information Exchange Agreements are used by the UK to cooperate with other countries.
• This helps with obtaining financial information for taxpayers.
• This is indispensable for the collection of tax revenues.

• Under such agreements, the UK requires the other parties to provide information related to taxation such as foreign bank accounts so long as this is not conflicting with the domestic laws.

Instances where it Has Been Applied

• The UK has signed several bilateral TIEAs based on the Organization for Economic Co-operation and Development (OECD) Model on the exchange of information on tax matters.

The U.S.

1. Foreign Account Tax Compliance Act (FATCA)

• The Foreign Account Tax Compliance Act (FATCA) governs the collaboration of the IRS with international financial institutions, including banks.
• It contains conditions and rules that impact data collaboration with banks in foreign jurisdictions (Foreign Financial Institutions).
• Under the FATCA, foreign banks have to report on the foreign assets that are "held by their U.S. account holder."
• Failure to report subjects them to withholdable or withholding payments.

Instances that it has Been Applied

• In 2014, the U.S. government entered into an agreement with the Australian government to implement FATCA and improve international tax compliance.
• The Intergovernmental Agreement between the U.S. and the UK for the implementation of FACTA was signed in September 2012.

2. Hiring Incentives to Restore Employment Act (HIRE Act)

• The HIRE Act governs foreign bank account tax reporting practices. This provides an alternative for banks that do not want to use the FACTA. In this case, data collaboration between the IRS and these institutions is impacted as follows:
• Under this Act, foreign financial institutions can "elect to report as if they were a U.S. person" under:
• Sec. 6041. 
• Sec. 6042- "returns regarding payments of dividends and corporate earnings and profits."
• Sec. 6045- returns of brokers.
• Sec. 6049- "returns regarding payments of interest."
• This would require that the foreign bank reports on each account holder that is a specified U.S. person or U.S.-owned foreign entity as if the account holder were a citizen of the U.S.
• This impacts the collaboration between foreign banks and the IRS since this is the body to whom all tax reports are filed.

Instances that it Has Been Applied

• This provision in the HIRE Act has been used by foreign financial institutions (FFI) that do not elect to abide by the FATCA.

3. Report of Foreign Bank and Financial Accounts (FBAR) through the Bank Secrecy Act (BSA)

• Each year, individuals are mandated to file a Report of Foreign Bank and Financial Accounts (FBAR).
• This applies to foreign accounts such as bank accounts. Any account in a bank located outside the U.S. is deemed a foreign financial account even though there are FBAR exceptions for some accounts such as those that are maintained on a U.S. military banking facility and others.
• Any U.S. person (citizen, corporation, resident, partnership, trust, or estate) must file an FBAR to report a financial interest/signature/other authority over a bank account located outside the U.S. if:
• The value of the foreign bank account exceeds $10,000 at any time during the calendar year.
• This reporting of foreign bank accounts indicates data collaboration with banks internationally and the rules provided by the IRS, BSA, and FBAR impact this data collaboration.
•  Data and information that is shared in the FBAR include:
•  The name on the account.  
•  The account number.  
•  The name and address of the foreign bank.
• The type of account. 
•  The maximum value during the year.
• The IRS is directly involved and can access these bank details. Also, those that are exempted from e-filing mail their paper FBAR form to an IRS address.

 

Source

 

Instances that it Has Been Applied

•  1,163,229 Reports of Foreign Bank and Financial Accounts (FBARs) were filed in 2015.
• By 2016, FBAR filings had grown average by 17% per annum during the previous five years.

Regulations/Laws for Data Collaboration between the Tax Authorities and Banks Locally

Australia

1. Australian Transaction Reports and Analysis Centre (AUSTRAC)- Reporting of Suspicious Cash Transactions

• The Australian Transaction Reports and Analysis Centre is a government agency that monitors "financial transactions to identify money laundering, organized crime, tax evasion, welfare fraud, and terrorism."
• According to AUSTRAC'S regulations, banks should report suspicious transactions to the authority.
• For example, when an individual makes suspicious cash deposits that can be deemed to be for tax evasion or other crimes, the bank has to report the suspicions and transactions to AUSTRAC within three days.
• This regulation directly impacts the data collaboration between the ATO and banks since through the AUSTRAC, banks are obligated to share information surrounding suspicious cash deposits to the ATO.

Instances that it has Been Applied

• AUSTRAC provides case studies of how reporting suspicious cash transactions has helped with tax issues in collaboration with the ATO.
• In one example, a suspicious matter report (SMR) submitted by a bank triggered an investigation into an individual that has deposited more than "A$1 million in cash and a personal cheque for A$570,000 into his term deposit account." The investigation revealed that the offender was attempting to avoid transaction reporting requirements and evade tax.
• Other instances in the case studies are about various situations whereby bank employees were suspicious of their customers' cash transactions and reported this to AUSTRAC.

2. Australian Transaction Reports and Analysis Centre (AUSTRAC)- Reporting of Cash Transactions of Over $10,000

• All cash transactions of $10,000 and above must be reported by banks to AUSTRAC within 10 days.
• This also includes cash deposits or $10,000 or more in Australian bank accounts.
• This regulation impacts data collaboration between banks and the ATO.
• The ATO can access all the reports made to AUSTRAC for these transactions.
• Therefore, these transactions, which are the banks' information are subject to audit and review by the ATO through this mandatory data sharing regulation.

Instances that it has been Applied

• AUSTRAC, in collaboration with the ATO, investigated a suspect who had been evading tax for approximately nine years, with an unpaid tax bill of over A$2 million. The individual was structuring cash withdrawal from his bank accounts to evade the $10,000 threshold. He made "20 cash withdrawals that were just below the A$10,000 threshold from two bank accounts within 30 days." The suspect was found guilty after reports were filed by the banks and he was sentenced to five months in jail.
• A drug syndicate was found guilty of different crimes, including tax evasion after "two threshold transaction reports (TTRs) submitted to AUSTRAC" alerted law enforcement about the syndicate's financial activity. This is because members of the syndicate were making cash deposits that were just below the $10,000 threshold into their accounts.

3. Data-matching Program (Assistance and Tax) Act

• The ATO uses data matching to collect data from banks and then validates the data against its own information to identify where businesses and people are not reporting all their income.
• Data-matching is possible since banks have a legal obligation to report information to the ATO.
• Data matching is regulated by the Data-matching Program (Assistance and Tax) Act.
• The Act impacts data collaboration by providing regulations surrounding:
• Compliance and reporting.
•  Notifying individuals.
•  Confirming the validity of matches.

Instances that it has been Applied

• Through the pre-filing service that is attached to the data matching program, taxpayers access bank data and other data to review their tax returns and avoid follow-up activities.
• When a person makes an error due to poor record-keeping, the data matching program is used to combine bank and other data to correct tax returns.

The UK

1. Commissioners for Revenue and Customs Act 2005

• HMRC is a statutory body whose duty of confidentiality is set out in the Commissioners for Revenue and Customs Act of 2005.
• According to the Commissioners for Revenue and Customs Act, HMRC should only share information with third parties where it is legally required to do so, and following the provided guidelines.
• This affects data collaboration with banks within England because it guides the sharing of data.
• According to the ACT, banks cannot share data that is not related or applicable to the functions of HMRC.

Instances where it Has Been Applied

• As the Act that establishes the HMRC, the Commissioners for Revenue and Customs Act has been used for reference purposes when determining the actions that HMRC is legally allowed to perform.

2. UK General Data Protection Regulation (UK GDPR)

• The UK General Data Protection Regulation (UK GDPR) ensures that everyone using personal data follows strict rules (data protection principles). They have to ensure that the information is used transparently, lawfully, and fairly.
• HMRC is not exempt from this regulation and when collecting personal data about people from banks, it complies with the UK GDPR.
• This impacts data sharing with banks since this has to be done in accordance with the Act. 

•  Individual rights.
•  Legitimate interests. 
•  Consent.

Instances that it Has Been Applied

• Both HMRC and Companies House (CH) collect accounts from businesses annually. These accounts contain key bank account information about companies. Some companies take advantage of this to file different accounts for the two organizations. By inflating accounts at CH and lowering figures at HMRC, they reduce their tax liabilities. The UK GDPR, in a way, aided them because HMRC could not share the companies' accounts with CH for comparison purposes.
• However, after the Digital Economy Act was introduced, HMRC can now disclose some company account information to CH even though this is still regulated by the UK DGPR. This helps identify fraudulent activity and false account filing.

3. The Data Protection Act (DPA) 2018

• The Data Protection Act (DPA) of 2018 ensures that everyone using personal data follows strict rules (data protection principles). They have to ensure that the information is used transparently, lawfully, and fairly.
• HMRC is governed by this Act when sharing information with banks.
• This, therefore, impacts data collaboration between the HMRC and banks.
• Data protection laws state that any personal information that is collected from banks:
• Must be used fairly, lawfully, and in a transparent way.
• Should be collected only for valid reasons that are clearly explained to the user and not leveraged in a way that is not compatible with those purposes.
• Needs to be relevant, adequate, and limited to only what is necessary based on the purposes for which it is processed.
• Should be kept in a form that only identifies the user for as long as necessary based on the identified purposes.
• Must be kept securely.

Instances that it Has Been Applied

• The Data Protection Act has guided HMRC during investigations into individuals and companies by ensuring that their privacy is upheld. For example, whenever HMRC is sharing data collected from banks, it ensures that all the provisions of the Act are followed.

The U.S.

1. The Bank Secrecy Act (BSA)

• The Bank Secrecy Act is also known as the Currency and Foreign Transactions Reporting Act.
• This is a U.S. legislation that was enacted in 1970.
• By preventing financial institutions from being leveraged as tools by criminals to launder or hide money, it impacts data collaboration between the IRS and banks locally.
• U.S. banks are required to file reports of transactions greater than $10,000 (the daily aggregate amount) and report suspicious activity that could signify tax evasion, money laundering, and other criminal activity.
• This is done by filing a Currency Transaction Report (CTR). Once such as report is filed, the IRS can access it for investigation (tax-related).
• This is in line with the general rule by the IRS that any person in a business or trade should file Form 8300 when they receive more than $10,000 in cash from a buyer.

Instances that it has Been Applied

• According to the FDIC, since the FBAR was introduced, it has helped uncover money laundering and criminal activities that had previously gone undetected. With the reporting of suspicious transactions, the IRS is able to follow up.

2. Privacy Act of 1974

• The Privacy Act impacts data collaboration between the IRS and banks through the matching provisions. 
• The Act states that any data matches that are performed by a government agency as its principal function in relation to the enforcement of criminal laws are subject to its provisions.
• This means that any "civil law enforcement investigation" of a person done by the IRS for the purpose of gathering evidence against them that leverages bank account information has to abide by the Privacy Act.
• For example, the IRS cannot disclose bank records obtained during the investigation to any person or other agency without written consent of the individual to whom the information belongs.
• There are, however, exceptions such as if the disclosure is:
• To a recipient who provides the agency with written assurance that the record will be used for statistical research.
• To the Census Bureau for planning or survey purposes.

Instances where it Has Been Applied

• The IRS commits to protecting the privacy rights of American taxpayers by following the Privacy Act of 1974.

3. Consumer Financial Protection Act of 2010

• The Consumer Financial Protection (CFA) Act has rules and regulations surrounding the way banks should deal with their customers' information.
• Essentially, it contains provisions that mandate banks to protect consumer's data.
• This directly affects any instances of data collaboration with the IRS since banks have to consider the provisions in the Consumer Financial Protection Act before sharing any data.

Instances where it Has Been Applied

• While there are not specific available instances for the application of the CFA, it has been instrumental for the protection of consumers since it was enacted.

Best Practices for Tax Authorities' Data Collaboration with Banks

BP#1: Ensuring that there is a Clear Legal Basis for the Collaboration

• For tax authorities to gain the full benefits of data sharing and collaboration with banks, they have to follow the existing legal framework. On the other hand, banks have to follow the legislation for them when sharing this data with tax authorities.
• The established legal frameworks such as the Common Reporting Standard and the Foreign Account Tax Compliance Act have been developed to guide any practices surrounding data sharing.
• These frameworks should be strictly followed by tax authorities, including all the provisions that prevent sharing of confidential information. 
• This is a best practice because all the tax authorities that have been discussed above (HMRC, the IRS, and the ATO) emphasize the importance of following regulations and legislation in all their data-sharing activities with banks and other third-party institutions. Most importantly, they all emphasize the importance of ensuring that there is a legal basis or (reasonable purpose) for the collection or sharing of data.
• For example, the HMRC states that it only obtains data from third parties (including banks) only in circumstances when it deems reasonable. Reasonability can be proved if there is a legal basis for the data collection.

BP#2: Safeguarding the Appropriate Use and Confidentiality of the Exchanged Data

• Taxpayers worldwide value the fairness that transparency and the exchange of information for tax purposes offer.
• Tax authorities should treat taxpayers' personal information exchanged automatically and on request in the "pursuit of tax fairness with the highest standards of care."
• Tax authorities handling the information that is shared under frameworks like the Common Reporting Standard (CRS) and other exchanged data should establish and implement information security arrangements in adherence to the internationally recognized standards.
• The Global Forum on transparency and exchange of information for tax purposes states that proper use of information and confidentiality are necessary practices for all tax authorities participating in the exchange of financial data with banks.
• In line with appropriate use, tax authorities participating in the exchange of information should have "security information arrangements aligned with international standards before they receive information.
•  HMRC has established standards of its own that enable it to adhere to the exchange of information/data with banks, use the information appropriately, and uphold confidentiality.

Research Strategy