fatca reviews
TRANSCRIPT
-
8/15/2019 Fatca reviews
1/20
June 2013
Building effective internal controlsand processes to promote complianceand certication
Taking control
of FATCA
www.pwc.com/us/fatca
-
8/15/2019 Fatca reviews
2/20
Table of contents
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
3/20
Introduction 1
Focus on certication 3
Building a FATCAcontrols framework 8
Developing acertication framework 11
Conclusion 14
Contacts 15
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
4/201
Introduction
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
5/202
1 These provisions are being phased in over a number of years beginning in 2014.
2 A recalcitrant account holder is an account holder of a participating foreign financial institution (“PFFI”)who does not provide adequate documentation or information within a prescribed timeframe.
FATCA was enacted with theprimary goal of providing theInternal Revenue Service (“IRS”)
with an increased ability to detectUS tax evaders concealing theirassets directly in foreign accountsor indirectly through offshoreentities. It aims to accomplish thisgoal by requiring US and non-US entities to comply with a new
set of tax information reportingand withholding rules as wellas investor due diligence anddocumentation requirements. Theconsequences of non-complianceinclude being subject to or liablefor a 30% withholding tax onincome from US sources andeventually on the gross proceedsfrom the sale of securities thatcould produce US sourced interestand dividends.
The purpose of this paper is tohighlight the need for entitiesimpacted by FATCA to developand maintain:
• Sufcient controls aroundthe areas directly impacted byFATCA, such as customer on-boarding, account maintenance,
withholding, reporting, andthe technology and operationalareas that support these
processes;
• Adequate infrastructure toenable ongoing compliance withFATCA’s requirements, both
within and potentially outsidethe enterprise; and
• A FATCA compliance programsufcient to make periodiccertications to the IRS ordemonstrate compliance in anIRS examination, as needed.
Although the provisions ofFATCA became law in March2010, the statute provided onlythe basic framework for FATCA’srequirements. Much of thedetails about implementation
were left to the discretion ofthe US Department of Treasury(“Treasury”) and the IRS. Afterissuing preliminary guidance, theIRS and Treasury issued the nal
regulations (“Final Regulations”)on January 17, 2013. In addition,Treasury continues to work witha number of foreign jurisdictionsaround the globe on completingIntergovernmental Agreements(“IGAs”) designed to improveinternational tax compliance andenable the implementation of theFATCA provisions. The IGAs maychange how FATCA complianceactivities are performed in certain
jurisdictions (such as complying with local law concepts versus theUS regulations) and companiesshould monitor these changes.
The requirements of FATCA,and to varying degrees the IGAs,broadly include:1
• Enhanced due diligenceon account holdersand investors – Financialinstitutions must employprescriptive due diligenceprocedures on their accountholders, investors and other
persons and obtain additionaldocumentation as required.
• Tax reporting – Financialinstitutions will be required toreport more transactions andnancial account relationshipsto either the IRS or their localgovernment.
• Tax withholding – Financialinstitutions will need to
withhold US tax from a variety of payments that aremade to recalcitrant accountholders and non-participatingforeign nancial institutions(“NPFFIs”).2
• Governance – FATCArequires many foreign nancialinstitutions (“FFIs”) to enterinto an agreement with the IRS(“FFI Agreement”). The nalregulations also require many
FFIs to appoint an RO who, onbehalf of an FFI is required toprovide certications to the IRSabout the FFI’s compliance withFATCA.
In January 2013, the Foreign Account Tax Compliance Act (“FATCA”) nal regulations were issued, whichprovide an internal control certication requirementfor the responsible ofcer (“RO”).
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
6/20
Focus on certication
3 Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
7/20 4
While FATCA’s requirementsapply broadly to both FFIs and US
withholding agents (“USWAs”),certain FFIs are required toregister with the IRS and enter intoFFI Agreements. These FFIs willneed to make certain certicationsto the IRS regarding compliance
with the FFI Agreement. To makecertain that FFIs who enter into
Agreements with the IRS are incompliance, the IRS will requiresuch participating FFIs (“PFFIs”)to appoint an RO who will makethese certications. Failing tomake the required certicationscould constitute a default under
the FFI Agreement, which mayresult in the IRS terminating theFFI Agreement and subjectingthe entity to US tax withholdingunder FATCA. As such, an internalsub-certication program shouldbe implemented to facilitate thisprocess. For USWAs that do notneed to certify, an internal sub-certication program should be
considered, as an industry leadingpractice, to enable consistentcompliance with FATCA across theorganization.
In addition to core FATCAcertication requirements,IGAs must also be considered.
Although a requirement forcompliance certication is notexplicitly included in the modelIGAs, global organizations thatoperate in both FATCA and IGA
jurisdictions should consider aglobal compliance program.
In IGA jurisdictions, evidence of acontrol framework may needto be provided to local regulatorsif the entity is questionedregarding its compliance or istrying to remediate instances ofnon-compliance.
FATCA’s tax information reporting, withholdingand investor due diligence requirements areimposed on nancial institutions both in the USand abroad.
Type of certification Frequency When is certification
required?
Completion of due diligence and
documentation requirements on pre-existing
accounts
One-time 60 days after the 2nd
anniversary of the FFI
Agreement
No formal or informal practices or procedures
in place from August 6, 2011 through the dateof such certification to assist account holders
in the avoidance of chapter 4.
One-time 60 days after the 2nd
anniversary of the FFI Agreement
Certications required under the nal regulations
Although the IRS has not yet published a draft of the FFI Agreement,the Final Regulations outline the following series of “one-time”certications regarding PFFI compliance.
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
8/20
In addition to the one-timecertications shown above, theRO must also periodically certifyto maintaining effective internalcontrols to the IRS, specically
stating:1. The RO (or its designee) has
established a complianceprogram that is in effectas of the date of the FFI
Agreement, and that thecompliance program hasbeen subject to a review of itseffectiveness.
2. There were no material failuresduring the certication period,
or, if there were materialfailures, appropriate actions
were taken to remediate suchfailures and to prevent suchfailures from reoccurring; and
3. With respect to any failure to withhold, deposit, or reportto the extent required underthe FFI agreement, the FFI hascorrected such failure by payingtaxes due (including interest
and penalties) and ling theappropriate return (or amendedreturn).
Considering that the certicationperiod begins with the effectivedate of the FFI Agreement,there are about 6 months left todesign and implement a FATCA
controls framework to comply with the periodic certicationrequirements.
The role of theresponsible ofcerand the need foreffective controls
FATCA’s rules are far reachingand complex, affecting many legal
entities, lines of business, and various functions, all of whichmust be analyzed and potentiallymodied to achieve compliance. Ina large organization, data sourcesand business processes can varyacross products and geographies,only adding to the complexity.
The Final Regulations do notdictate who in the organizationshould ll the role of the RO,
so PFFIs must make their owndetermination of who is bestqualied for the job. Although
FATCA is essentially a taxregulation, its impact goes
well beyond the traditionalrole of corporate tax, as itsignicantly impacts client on-
boarding and maintenance, andtransaction processing such astax withholding and calendar
year-end reporting. As such,the RO may not necessarilybe someone within the taxdepartment. However, the personchosen should have sufcientauthority in the organizationto enable compliance across a
wide variety of functions, andhave a broad view of the entity’s
operations to effectively monitorcompliance. Considering thatthe RO certies compliance, heor she has a vested interest in thedevelopment and implementationof FATCA compliance policies andprocedures.
While organizations are currentlyfocused on the process andtechnology changes necessaryto become FATCA compliant by
the impending deadlines, theymust not lose sight that FATCAcompliance will be an ongoing,
FATCA checkpoint:
If your organization has
multiple FFIs located aroundthe world, how will you
ensure that each FFI is in
compliance?
5 Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
9/20
and complicated responsibility.Organizations should take astep back from their currentimplementation focused activitiesand consider whether it is more
efcient and effective to establishthe appropriate complianceframework now, or revisit theserequirements later. USWAs,FFIs and large multinationalorganizations that have begun toconsider compliance certicationsand controls as part of their FATCAprograms have started to realizethat existing controls related totax information reporting areoften inadequate or non-existent.
Designing and implementing
the controls framework now hasthe added benet of evaluatingnew business models that arebeing adjusted to meet regulatoryrequirements to potentially head
off control issues before theypresent challenges in 2014, post-implementation.
Although an FFI’s requirementto establish a robust controlsframework to comply with FATCAis relatively new, the concept of acontrols framework is not new tothe IRS or information reportingaudits. The IRS Internal RevenueManual notes that, “Evaluationof the written procedures (or
lack thereof) may provide theexaminer with an indicator ofthe overall reliability of the USentity’s existing withholding taxfunctions such as withholding
and reporting for non-residentaliens. This assessment mayassist in determining the extentof additional audit procedures,such as the review of accountles statements and withholdingcerticates”. As such, havinga robust controls frameworkis important and a potentiallyoverlooked factor for US entitiesas well.
6
While the requirement for anRO is one individual per FFI,some organizations have alreadydetermined that a supportstructure, consisting of multiplefunctional competencies, is critical.Under this model, organizationshave begun plans to establish anRO at the top of the organization
to provide guidance and oversightto various functional areas. Thebenet of such a structure is toensure that FATCA certicationsand the supporting sub-certications are performed at theappropriate levels throughout theenterprise.
Key action items for the responsible ofcer
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
10/207
Regardless of the structure, a single RO in a smaller
organization or the “Responsible Ofce” in larger ones
may have the following responsibilities:
• Ensure that sub-certifying ofcers are in place acrosseach relevant key process/jurisdiction, etc., and that
they have the appropriate authority to execute their
responsibilities.
• Communicate FATCA policies and procedures across
the organization.
• Development and maintenance of effective internal
controls to ensure compliance with the regulations.• Ensure that FATCA-related compliance training on
policies and procedures is conducted regularly for all
impacted parties.
• Leverage internal audit, compliance, risk
management, or external parties to self-test
compliance in each relevant territory/area.
• Periodically review that the appropriate procedureshave been performed across the organization, for all
impacted legal entities. If key functions (e.g., account
setup, reporting, income payment processing, tax
withholding, etc.) have been outsourced to a third
party service provider, develop/execute a program to
ensure the provider is FATCA compliant with respect
to the nancial institution’s accounts/processes.
• Review all sub-certications and follow up onany issues identied. Certify to the IRS in a timely
manner and disclose any material failures. Ensure
that schedules are in place to monitor required
certications to the IRS.
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
11/20
Building a FATCA controls framework
8Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
12/209
When building an effective controls framework,organizations must begin with a detailedunderstanding of what is required underFATCA regulations.
A FATCA controls frameworkshould be designed aroundbusiness processes that have astheir foundation, regulatory andbusiness requirements. Thesebusiness processes span manyFATCA-impacted areas, such asthe creation, purchase, sale andliquidation of legal entities (e.g.,identifying USWAs or FFIs),
client account due diligence,transaction processing, tax
withholding, reporting, andcertication/governance. Thecontrols framework should specify
objectives aimed at mitigatingrisks of non-compliance,and also provide “industryleading practice” controls fororganizations to follow. Within theframework, organizations shouldnot only document controls, butassess if there are any gaps (e.g.,no control to meet a particularobjective or inconsistent controls
across territories, etc.). Forexample, the table below providesa limited excerpt of how this maytake shape.
Example FATCA controls framework (excerpt)
Area FATCA summary
requirement
Risk Control
objective
Sample key
control
Legal entitymonitoring
The creation,purchase,
liquidation and
sale of non-US
entities should
be monitored
for their FATCA
classification.
A new legalentity that should
be classified
as an FFI is
not identified
and registered
with the IRS
resulting in non-
compliance.
Controls providereasonable
assurance that
changes in the
enterprise’s legal
entity structure
are appropriately
identified and
approved by
appropriate
personnel.
The approvalof new entities
includes a
determination
of their FATCA
classification and
required next
steps (e.g., FFI
registration) are
taken.
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
13/2010
Example FATCA controls framework (excerpt)
Area FATCA summary
requirement
Risk Control objective Sample key control
Client
account
assessment
Review information collected
with respect to an individual
account holder claiming to be
non-US for US indicia.
Certification of compliance
is incorrect as a review for
potential US indicia was not
completed.
Controls provide reasonable
assurance that non-US
accounts are adequately
reviewed for US indicia.
Evidence of review of a non-
US account was performed
and completed by the
appropriate personnel.
Periodically, an exception
report highlighting accounts
without required approval
is produced and reviewedfor follow up by authorized
personnel.
Certification
procedures
The RO must make periodic
certifications with regards
to ongoing compliance and
effective controls.
Sub-certifications do not
cover all business functions
impacted by FATCA, or
areas of the organization are
not included in the FATCA
compliance program.
Controls provide reasonable
assurance that the
certification process includes
all relevant business functions
impacted by FATCA.
All functional areas of FATCA
impacted legal entities have
been identified and included
in the compliance program.
The sub-certification structure
is reconciled to the list of all
functional areas to ensure all
key business functions have
been properly included.
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
14/20
Developing a certication framework
11 Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
15/2012
In addition to a controls framework, a certicationframework should also be established to ensurethat every relevant part of the organization isrepresented in the certication process.
The RO or Responsible Ofce ofan FFI should consider appointingsub-certifying ofcers acrosseach of the relevant businessesor functions and assign themthe responsibility of certifyingcompliance for their respectiveareas.
Because of the complexity ofensuring compliance, nancialinstitutions may need to viewtheir operations from severalperspectives to determine whothe most appropriate sub-certifying ofcers should be. Theframework will vary from onenancial institution to the nextdepending on the structure ofthe organization. For example,in organizations with a regionalfocus, the head of each region
might be assigned the role ofsub-certifying ofcer. In otherorganizations, this role might be
lled by business unit leaders.Depending on the size andcomplexity of the organization,there may be several additionalsub-certifying ofcers below theselevels – for instance, functionalheads, or individuals assignedto legal entities. There must beenough sub-certifying ofcersassigned to ensure that all
parts of the organization whichare affected by FATCA are incompliance with its requirements.These ofcers must have therequisite expertise so that the ROhas the condence that all sub-certications are performed timelyand accurately. For USWAs, thedevelopment of a sub-certicationstructure is a leading practice toensure that FATCA compliancecontinues to be achieved. A
sample certication framework isillustrated below.
FATCA checkpoint:
• Have you
developed a sub-
certication process to
enable disparate
reporting units to
provide assurance
to the RO?
• Are all sub-
certifying ofcers
well qualied forthe position?
Sample responsible officer governance structure
Territory level
sub-certification
Legal entity level
sub-certification
Process/business unit
level sub-certification
Legal entity 1sub-certifying officer
Legal entity 2sub-certifying officer
Legal entity 3sub-certifying officer
Process Asub-certifying officer
Process Bsub-certifying officer
Process Csub-certifying officer
Country X sub-certifying officer
Country Y sub-certifying officer
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
16/2013
Financial institutions frequentlyuse third party service providersto perform functions that fallunder the scope of FATCA (e.g.,an administrator that providesservices to an investmentcompany). The RO mustinclude such service providerrelationships into its enterpriseFATCA compliance program.
This may include the oversight
of third parties and the reviewof relevant documentation thatgives the RO comfort that controlsare in place at third parties toensure compliance. This changesthe relationship between PFFI’sand their service providers who
will have to work more closelytogether to allow the RO to makethe necessary certications.
Considerations for third party providers
Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
17/20
Conclusion
Most organizations implementing FATCA are
currently focused on addressing core requirements
around due diligence, withholding and reporting. However, leading organizations are beginning to
simultaneously address governance, compliance and
controls frameworks. Early “lessons learned” from
such governance activities indicate that the level of
complexity to implement controls will be signicant,
the controls and sub-certication framework will likely
be multi-dimensional (e.g., by function, business unit,
and geography) and the FFI Agreement certicationsby the RO will require signicant coordination and
communication across the enterprise. In our view,
institutions should focus on designing a compliance
and controls framework concurrent with the core
FATCA implementation effort.
14Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
18/20
Contacts
15 Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
19/20
For more information, please contact:
Jeff Trent
Partner
+1 646 471 7343
Dominick Dell’Imperio
Partner
+1 646 471 2386
Scott Dillman
Principal
[email protected]+1 646 471 5764
Alan Pisano Partner
[email protected]+1 617 530 7216
Stuart Finkel
Partner
+1 646 471 0616
Richard Inserro
Principal
[email protected]+1 646 471 2693
Dave Trerice
Partner
[email protected]+1 617 530 7450
Rebecca Lee
Principal
+1 415 498 6271
Timothy Mueller
Principal
+1 646 471 5516
Stephen Chapman
Partner
[email protected]+1 646 471 5809
Ellen Walsh
Principal
[email protected]+1 646 471 7274
Gail Vennitti
Principal
+1 646 471 7408
Chris Joline Managing Director
[email protected]+1 646 471 5659
Jon Lakritz
Managing Director
[email protected]+1 646 471 2259
Matt Giordano
Director
+1 646 471 0187
16Taking control of FATCA Building effective internal controls and processes to promote compliance and certification
-
8/15/2019 Fatca reviews
20/20
www.pwc.com/us/fatca
IRS Circular 230 DisclosureThis document was not intended or written to be used, and it cannot be used, for the purpose of avoidingUS federal, state or local tax penalties. This includes penalties that may apply if the transaction that is thesubject of this document is found to lack economic substance or fails to satisfy any other similar rule of law.This document has been prepared pursuant to an engagement between PricewaterhouseCoopers LLP and itsClient and is intended solely for the use and benefit of that Client and not for reliance by any other person.
© 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refersto the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legalentity. Please see www.pwc.com/structure for further details. This content is for general information purposesonly, and should not be used as a substitute for consultation with professional advisors.
Solicitation