Is your FATCA and CRS compliance program ready to grow? has been saved
Is your FATCA and CRS compliance program ready to grow?
Going beyond FATCA and CRS tax compliance
In the years since FATCA and CRS tax compliance became required, global exchange of information regulations have become more complicated and expansive. Global Financial institutions need to understand the dynamic and evolving landscape. Are they ready?
- A FATCA compliance program is no longer enough
- What’s all the fuss about?
- The complexity mounts
- You want to get this right
- What is an FI to do?
The web of global information reporting is expanding
It’s been more than eight years since FATCA first came into force and five years since countries started rolling out the OECD’s Common Reporting Standards (CRS). Today, more than 100 tax authorities around the world are signed up to global information exchange agreements. And the landscape continues to evolve.
In Europe, Financial Institutions (FIs) must now comply with the EU’s Directive 2011/16 in relation to cross-border tax arrangements (otherwise known as DAC6). Finland recently became the first jurisdiction to implement the OECD’s Treaty Relief and Compliance Enhancement (TRACE) package with more soon expected to follow. A number of countries have instituted beneficial owner registries. And the Cayman Islands have taken the step of requiring a compliance certification that asks FIs for information on accounts they deemed to be non-reportable.
Behind the scenes, many Competent Authorities are inking bilateral agreements to share taxpayer information. And soon, these rules will be extended to include e-Money operators, digital marketplaces and cryptocurrencies.
What’s all the fuss about?
Simply put, the movement towards global tax cooperation is all about promoting bank transparency and addressing tax evasion. The sharing of tax information through FATCA compliance programs and those for other agreements allows tax authorities to compare data, identify potential issues and target enforcement activities. But instead of tax authorities collecting the data themselves (and building the supporting infrastructure, capabilities and resources required to manage it), they are looking to the Financial Institutions to do the heavy lifting.
The underlying premise is fairly straightforward: Tax Authorities expect Financial Institutions to know who their account holders and investors are and where they are tax resident, as well as, balance information and payments. FIs then need to be able to identify whether the account holder or investor in question is reportable to a Tax Authority and report the required information to their own home-country Tax Authority so that it can be shared. That may sound simple enough. But the reality is proving to be much more complicated.
The complexity mounts
Start with the basic premise of a FATCA compliance program—knowing who your account holders and investors are and where they are tax resident. While the vast majority of FIs maintain fairly strong AML and KYC processes, there are growing signs their current data may not be sufficient. As it turns out, much of the data they have on customers was collected by third parties, manually and on non-standard forms. Often, the information collected does not include data on tax residency or taxpayer identification numbers. Few, if any, are reviewed and verified before being loaded into databases. Some are already outdated.
Where data is being collected, many FIs are finding it challenging to ensure they are dealing with it appropriately. It’s not just that they need to keep their systems and customer data secure from cyber-threats; FIs will also need to make sure they are abiding by the various relevant data protection regulations (such as the General Data Protection Regulations, or GDPR, in Europe).
Yet the biggest problem isn’t necessarily the data collection and management. It is in managing the hodge-podge of rules and regulations that govern it. Take the OECD’s CRS standards, for example. While more than 100 Competent Authorities have signed up to follow the same set of rules, the standard itself provides for a number of options and jurisdictions are—for the most part—at liberty to implement them as they see fit. That means that most FIs are dealing with a patchwork of compliance requirements, each of which continues to evolve. The complexity is enormous.
You want to get this right
The complexity may be enormous. But so, too, are the risks of getting it wrong. Competent Authorities have the ability to hand down unprecedented fines and penalties for instances of non-compliance. In Australia, fines can reach up to A$500,0001. The British Virgin Islands (BVI) recently announced penalties2 of US$100,000 for any FIs that do not submit their policies and procedures for review. Cayman’s new compliance regime is supported by potential enforcement penalties3 of up to KYD 50,000 per Financial Institution.
The penalties are sizable. But they may seem small in comparison to the reputational damage that non-compliance could bring. Particularly in today’s environment, no Financial Institution wants to be front-page news accused of aiding and abetting tax evasion. And no executive wants to be arrested on charges related to willfully circumventing the regulations.
Leading Financial Institutions recognize that global information reporting is becoming more complex, more expensive, and riskier. And they know they can’t simply throw more bodies and resources at the problem
What is an FI to do?
Leading Financial Institutions recognize that global information reporting is becoming more complex, more expensive, and riskier. And they know they can’t simply throw more bodies and resources at the problem. The scale of the challenge requires new approaches and models.
Non-traditional Financial Institutions—particularly FinTechs and digital marketplaces—are also taking note as they, too, soon may be drawn into the regulators’ focus. They are watching the traditional FIs carefully and asking themselves how they would address these rules if required.
Perhaps not surprisingly, most traditional and non-traditional FIs are now looking to technology to help improve efficiency, manage risks and enhance reporting. They are integrating different aspects of a compliance ecosystem and ensuring they have a strong compliance framework in place. They are focusing on data management and improving the application of reporting rules. Additionally, they are providing centralized platforms that support the management and monitoring of filing obligations while executing submissions to dozens of jurisdictional authorities.
Deloitte is working with a number of global and national Financial Institutions to provide a range of strategic and tactical tax advisory services from helping to compile, analyze, and review data through to assisting with preparation of multi-multijurisdictional filing submissions. And in doing so, our network is helping reduce the complexity and the costs, as well as helping to improve the efficiency of global information reporting.
Let’s face it
If Financial Institutions hope to remain on top of the ever-changing regulatory and data requirements, they will need to start thinking strategically about how they integrate a sustainable, seamless, and cost-effective compliance framework into their day-to-day business operations. The trend towards greater (and more complex) information reporting appears to be here to stay.
1 Australian Taxation Office, Automatic exchange of information - CRS and FATCA | International Arrangements, Section 6 Compliance
2 BVI Amended AEOI Law No.8 of 2018, Section 6 (4)
3 Tax Information Authority (International Tax Compliance) (Common Reporting Standard) Regulations, (2018 Revision), Part 3