Reporting is almost over and you can take a breath. You followed FATCA, IGA, CDOT and CRS requirements in your reporting and due diligence. But did you document these processes? If not, you may still be subject to penalties.
FATCA, CDOT and CRS each seeks to create transparency in taxation across jurisdictions. The local tax authority collects certain information through the reporting process and shares that information with relevant tax authorities.
It is incumbent on the reporting financial institution to create internal processes that allows it to collect and report the required FATCA/CDOT/CRS account holder data. You may have created effective, streamlined processes that leave you confident in your reporting compliance. However, it is necessary to take this internal process knowledge one step further by documenting it.
Written Compliance Program
In an effort to comply with requirements under FATCA, CDOT and CRS, it is necessary to establish and maintain a written compliance program. As part of this compliance program, you must establish policies and procedures to foster a strategic alignment between tax, legal, operations, other internal functions and external service providers. There must be clear lines of communication with data and document sharing between the groups.
FATCA v CDOT v CRS
As you likely noticed through three years of reporting, the due diligence and reporting processes vary among the three tax transparency regimes. These differences must be reflected in your written policies and procedures. You cannot simply rely on the FATCA policies and procedures that you drafted in 2014.
Another misstep by some procrastinating financial institutions is to disregard documenting their CDOT policies and procedures now that CDOT has merged into CRS. You complied with CDOT so document the processes you followed and you will be better prepared in case of audit.
Form of Policies & Procedures
Written policies and procedures are not a “one size fits all” situation. Your policies and procedures should be appropriate for your type of institution and your account holders. The level of detail of the policies and procedures will depend on the extent to which processes are completed internally or delegated to third parties.
Some financial institutions add sections to an existing compliance manual. Others create a desktop manual with greater detail. Key members of the departments working on FATCA/CDOT/CRS compliance can determine which type of policies and procedures framework is the most effective for a particular financial institution.
Cayman Islands Penalties
One notable example of the risk for penalties for failure to create written policies and procedures is the Cayman Islands. In its guidance notes, the Cayman Islands makes clear that where the TIA is notified of or identifies significant non-compliance by a Reporting Cayman Islands Financial Institution, the TIA may exercise any compliance measures under its regulations.
The failure to establish appropriate governance or due diligence processes is specifically listed by the Cayman Islands tax authority as an example of what the TIA would regard as significant non-compliance.
Don’t turn a blind eye to drafting policies and procedures. Depending on the firm, it could be the CEO, CFO, General Counsel, Compliance Director or some other person who is the appropriate person to ensure written polices and procedures are drafted. Initiate an internal discussion and get drafting.