top of page
  • Elizabeth McMorrow

Perfect Internal Processes But Still at High Risk

FATCA 2014. CRS 2016. Your organization has studied the rules for these regimes and employees know exactly what needs to be done. You’re thrilled that everyone has been doing their jobs well over the past years. But did you document these processes and update them? If not, you may still be subject to penalties.


FATCA and CRS seek to create transparency in taxation across jurisdictions. The local tax authority collects certain information from Financial Institutions (FIs) through the reporting process and shares that information with relevant tax authorities. You may have created effective, streamlined processes that leave you confident in your reporting compliance. However, it is necessary to take this internal process knowledge one step further by documenting it.

Written Compliance Program

As part of the compliance program, you must establish policies and procedures to foster a strategic alignment between tax, legal, operations, other internal functions and external service providers. There must be clear lines of communication with data and document sharing between the groups.

You also cannot simply rely on the policies and procedures that you drafted when a regime commenced. The document should be reviewed and updated on a regular cycle.

Form of Policies & Procedures

Written policies and procedures are not a “one size fits all” situation. Your policies and procedures should be appropriate for your type of institution and your account holders. The level of detail of the policies and procedures will depend on the extent to which processes are completed internally or delegated to third parties.

As you likely noticed through years of reporting, the due diligence and reporting processes differ between these two tax transparency regimes. These differences must be reflected in your policies and procedures.

Some FIs add sections to an existing compliance manual. Others create a desktop manual with greater detail. Key members of the departments working on FATCA and CRS compliance can determine which type of policies and procedures framework is the most effective for a particular FI.

Cayman Islands Penalties

One notable example of the risk for penalties for failure to create written policies and procedures is the Cayman Islands. In its guidance notes, the Cayman Islands makes clear that where the TIA is notified of or identifies significant non-compliance by a Reporting Cayman Islands FI, the TIA may exercise any compliance measures under its regulations.

The failure to establish appropriate governance or due diligence processes is specifically listed by the Cayman Islands tax authority as an example of what the TIA would regard as significant non-compliance.

British Virgin Islands

BVI law requires that a BVI FI “establish, implement and maintain written policies and procedures”. This law also authorizes the ITA to request that an FI share the policies and procedures with the ITA. As we saw this spring, the BVI ITA has done just that.

(For details see my May 6, 2020 post No Policies & Procedures Could Cost You US$100K).

Next Steps

Don’t turn a blind eye to drafting policies and procedures. Depending on the firm, it could be the CEO, CFO, General Counsel, Compliance Director or some other person who is the appropriate person to ensure written polices and procedures are drafted. Initiate an internal discussion and get drafting.

For assistance, please contact me via my contact page or at

Recent Posts

See All

BVI Posted New CRS Video

The British Virgin Islands International Tax Authority (BVI ITA) posted the video from its live June 5, 2024 program for custodial institutions, depository institutions, and specified insurance compan

World Elder Abuse Awareness Day

June 15, 2024 is World Elder Abuse Awareness Day. How are you protecting your loved ones and clients from elder financial exploitation? One form of elder abuse is financial exploitation which is the i


Commenting has been turned off.
bottom of page