FATCA & Privacy Year End Is Upon Us
Given that the departments usually handling FATCA, CRS and GDPR are swamped with a variety of other year-end tasks, this post may not be welcome . . . but you’ll thank me later!
FATCA: Deregister Now & Avoid 2021 Reporting
If you sell, liquidate or otherwise terminate a Reporting Foreign Financial Institution (FFI) by December 31, 2019 make sure you deregister it from the IRS FATCA portal. Certain jurisdictions require that a Reporting FFI submit a FATCA report even when the FFI has no FATCA reportable accounts.
Many foreign jurisdictions cross reference the entities that submitted reporting in the local jurisdiction against the IRS FFI list. If an entity is still on the IRS FFI list during 2020 and fails to submit a nil report in 2021, the local jurisdiction may assess penalties.
File RO Certifications
Did you deregister an entity during 2019? The Responsible Officer (RO) may be required to submit to the IRS a Certification of Preexisting Account (COPA) or Periodic Certification within six months of deregistration. Double check your records.
FATCA permits an RO to delegate compliance tasks to other personnel. The RO may require that such personnel complete sub-certifications to provide assurance to the RO that the assigned compliance tasks have been completed.
The FATCA regulations do not require a sub-certification process. However, sub-certifications can be a useful part of the internal control process under an FFI’s FATCA policies and processes. Now is the time to ensure staff are aware of the tasks they should have been performing before the certification period concludes on December 31.
[See my July 10, 2018 blog post: FATCA: Sub-Certifications as Part of FATCA Compliance].
Review Service Providers
Were you satisfied with your FATCA/CRS reporting process last year? If not, speak with your account manager or obtain estimates from other service providers. The first round of reporting in March 2020 will sneak up on you quickly and you could be stuck with another year of unsatisfactory performance. And in fairness to your service providers, they need to have time to resolve your complaints to ensure a smooth timely, reporting cycle.
How about GDPR issues with your service providers? Have you completed your data mapping and discovered that some of your service providers are not adequately protecting your clients’ data? Set a deadline for the service provider to become compliant or start researching other service providers. You are the one accountable to the EU Supervisory Authority for failure to safeguard data.
P&Ps, P&Ps, P&Ps!
For some of you, you have had the wonderful excuse that your business is growing so rapidly that you have not had time to prepare FATCA, CRS or GDPR policies and processes. Unfortunately, the IRS, foreign tax authorities and the EU Supervisory Authority will likely not accept rapid growth as a valid excuse for lack of compliance. The policies and processes document is the backbone of your compliance efforts.
[See my August 17, 2017 blog post: FATCA & CRS: Perfect Reporting Process But Still Non-Compliant; May 23, 2019 blog post: GDPR: 1 Year of Non-Compliance; July 30, 2019 blog post: GDPR US Trust Companies’ Jaunts to EU].