FATCA: How to Reduce Ops Risk
Chris Kentouris – FinOps Report
In fulfilling the rules of FATCA, the US legislation designed to catch US tax evaders, financial firms would be well-served to take a chapter from Sarbanes-Oxley, say tax experts
The US meaure, adopted in 2002, in the wake of corporate mismanagement and accounting scandals, requires a pyramid of certified reporting. The Foreign Account Tax Compliance Act, or FATCA for short, practically does the same. To comply with Sarbanes-Oxley, chief financial officers must rely on separate certifications from employees responsible for ensuring various items in financial statements are accurate. In a similar fashion, global financial institutions needing to meet FATCA’S requirements may assign specific individuals with responsibility for certifying compliance with FATCA on an entity-by-entity basis. Those individuals will, in turn, need to rely on multiple certifications from operating units around the world, addressing separate functions, such as customer onboarding, withholding tax and reporting.
Shouldering Compliance Burden
At the core of FATCA is the need for foreign financial intermediaries to know and report whether securities accounts are owned by US persons who are deliberately trying to avoid paying their correct share of US taxes. The reporting may be communicated to either the US Internal Revenue Service or a local tax authority in the intermediaries’ home markets. Passed in 2010, the legislation has generated plenty of controversy and its effective date delayed several times as the worldwide securities industry clamored for changes to ease the compliance burdens. About 260,000 financial firms will likely be affected, say FATCA experts.
“It ultimately comes down to mitigating operational risk,” says Denise Hintzke, director and global tax leader of the FATCA initiative at Deloitte Tax LLP in New York. “The accuracy of the reporting depends on whether there is a combination of sufficient technology and oversight to determine whether or not an investor fits the IRS’ definition of a US person.” The oversight, she explains is necessary because the answer isn’t always black or white. Judgment calls may be required, so technology alone can’t make the ultimate decision.
Coming up with the right technology and procedures to capture all of the relevant information is the challenge faced by global custodians, investment fund managers and hedge fund managers among others. Failure to prove whether investors are subject to US tax on worldwide income will result in hefty financial penalties. The IRS will initially impose a 30 percent withholding tax on all US-sourced income of a “non-participating foreign financial intermediary” — aka a firm which doesn’t want to play ball with the IRS. Starting in 2017, such a withholding tax will also be imposed on the gross proceeds realized from the sale of US assets. A large global financial institution could easily end up paying more than US$100 million in fines, by some industry estimates.
Where the Buck Stops
Using anti-money laundering software alone won’t be enough to identify potential tax evaders. Financial firms will need to appoint a responsible officer (RO) to verify the firm is following the IRS requirements and did not assist tax evaders. Such an RO will likely be a compliance, financial or tax expert.
That designation might sound easy to understand, but job description may depend on the type of agreement the country has with the US government. Financial firms located in countries which have signed a Model I Intergovernental Agreement with the US will not have to appoint ROs, and will be able to report to their own national governments, which then share information with the IRS. It is not clear whether countries which have signed Model II Intergovernmental Agreements must designate ROs.
Designed to address concerns over potential violation of local data privacy rules, a Model I Intergovernmental Agreement (IGA) — signed by the UK, Ireland, and Cayman Islands among others — allows non-US financial institutions to forward information on account holders to their own tax authorities rather than the US. Model II intergovernmental agreements, signed by Switzerland and Japan, make compliance with FATCA mandatory under local law and authorize the reporting of information directly to the US government.
Making matters more complicated for financial firms is the lack of clear rules on just what ROs must do and the IRS’ requirement that financial firms rely on ROs to provide documentation necessary to obtain ID codes, or Global Intermediary Identification Numbers (GIINs), through an IRS established portal. The IRS is using the phrase “responsible officer” loosely to define anyone designated to access GIINs. Those officers don’t have the same legal requirements as that of those completing certifications for complying with FATCA.
Moving Ahead Nonetheless
Despite the lack of final definitions, large multinational financial firms appear to be going ahead with appointing ROs who will be operationally, if not legally, responsible for the firm’s obligations under FATCA. The reason: they will need to certify to either the IRS or even internally to upper management that they are complying with institutional policies and procedures.
ROs of financial firms which are not located in countries which have signed Model I IGAs, must submit their first external certification to the IRS in 2016 and repeat the process every three years. Financial institutions in countries which have not signed IGA agreements must not only certify their compliance with FATCA, but also include a representation that the institution does not have a policy for advising clients on ways to avoid reporting under FATCA..
“While it remains to be seen just what the certifications entail, particularly in countries which have signed IGAs, our corporate policy is likely to require that we appoint responsible officers for each of our foreign financial institutions, regardless of whether they are in Model I IGA, Model II IGA, or non-IGA markets,” says Jacob Braun, director of corporate tax services for BNY Mellon, the world’s largest custodian bank..
However, responsible officers realistically can’t be expected to fulfill their obligations on their own. They must ultimately depend on the responses provided by business line specialists who have direct day-to-day oversight of their respective units. The responses, coined “sub-certifications,” in turn, depend on representations from specific business lines, legal entities or regional operational units that they have complied with specific internal policies and procedures.
Building Certification Pyramid
Braun says that BNY Mellon will likely end up with multiple ROs, drawn from senior management around the world who are familiar with all of the operations of the specific legal entities for which they are responsible. Sub-certifications will come from numerous operations units located in the US, Europe, the Middle East and Asia and Asia-Pacific which may support multiple legal entities around the world. Those units are likely to include those supporting business lines in multiple entities such as custody, corporate trust and transfer agency businesses.
It is anticipated that each responsible officer will provide compliance certifications to his or her legal entity or entities to BNY Mellon’s FATCA governance office co-chaired by Braun. That office will, in turn, submit the certification to tax authorities in the US and elsewhere.
Hintzke recommends that large financial firms — such as custodians — designate responsible officers for each legal entity within their parent organization and ensure that sub-certifications fall to those officers to manage regardless of whether or not the business line resides within one legal entity or crosses multiple ones. Fund management firms, in turn, may need a separate responsible officer for each fund they manage.
“It will be work in progress and likely require workflow management tools to determine what steps have been taken and need to be taken to meet FATCA’s requirements,” says Hugh Campbell, senior vice president of regulatory compliance for AxiomSL, a New York-headquartered firm specializing in regulatory reporting software. Among its offerings: an RO (FATCA workflow) module and a GRC monitoring module for governance, risk and compliance.”
Those workflow management tools, which can be adapted to the requirements of each firm, are based on completing operational benchmarks to ensure that the required function can be finished correctly and on time. Meeting the benchmarks will likely require business lines to interact with technology units to ensure the correct software is in place even if the IT units aren’t the ones providing the sub-certifications.
To the extent that FATCA requires the aggregation of accounts, such a process, says Campbell, will entail consolidating the holdings of each account holder across legal entities and lines of business. It will also involve filtering accounts by Model I IGAs, Model II IGAs, and countries which didn’t sign IGAs ith the IRS
The key function is correctly identifying US persons with US sourced income, which are either existing customers or are signing up to become new customers. “Financial firms can implement rules on exactly what needs to be accomplished by a particular timeframe,” explains Campbell. “Doing so, allows business line specialists to keep track of progress and inform responsible officers of whether they are meeting their requirements.”
Case in point: determining just what percentage of existing customers have the correct paperwork to establish their identities.” A firm might decide that if it has the correct paperwork to correctly classify [by IRS designated types of account holders] say 80 percent of its customers by a certain date, it is on target to meet its goal of 100 percent by 2014 so that a sub-certification can be provided,” explains Campbell. “If it hasn’t met that percentage it must take quick action to do so or it won’t make an internal deadline for preparedness and reporting to the IRS or local tax authority.”
Regardless of the operating procedures and technology adopted by financial firms, one thing is certain: as is the case with all legislation, it is better to err on the side of safety. Starting early will go a long way to ensuring accurate reporting. “The reputational risk of being exposed as non-compliant and the financial risk of paying penalties will be substantial so no one can afford to make mistakes,” says Hintzke. “There is plenty of room for error.”
Tel: +44 (207) 749-9700+44 (207) 749-9700; Email: firstname.lastname@example.org
AxiomSL is the global leader in regulatory reporting and risk management solutions for the financial services industry. Established more than 20 years ago, AxiomSL empowers financial institutions to meet regulatory reporting and risk requirements across multiple regulators and jurisdictions. Via the strategic data-driven platform, firms can meet demands from various regulations, including Basel III, FINREP/COREP, Dodd-Frank, CCAR, AIFMD, EMIR, FATCA and Solvency II, as well as liquidity, market and credit risk management requirements.
Leading financial firms use AxiomSL’s data management, regulatory reporting and risk management solutions to administer all internal data procedures, simplify, standardize and automate processes, and improve data integrity to successfully enhance decision making. The AxiomSL platform integrates clients’ source data from disparate systems and locations, without any data conversion, in a cost-effective manner, providing flexibility, transparency, traceability and the ability to drill down into data sources. It also delivers analytical applications in the areas of data integration and warehousing, financial risk management, regulatory reporting, compliance and financial control. This solution enables financial institutions to have full control over every step of the process and can adapt quickly to evolving regulations.
AxiomSL’s suite delivers a fully integrated solution from data sourcing to final reports including XBRL submission. www.axiomsl.com