Fatca reviews

8/15/2019 Fatca reviews

1/20

June 2013

Building effective internal controlsand processes to promote complianceand certication

Taking control

of FATCA

www.pwc.com/us/fatca


2/20

Table of contents

Taking control of FATCA Building effective internal controls and processes to promote compliance and certification


3/20

Introduction 1

Focus on certication 3

Building a FATCAcontrols framework 8

Developing acertication framework 11

Conclusion 14

Contacts 15



4/201

Introduction



5/202

1 These provisions are being phased in over a number of years beginning in 2014.

2 A recalcitrant account holder is an account holder of a participating foreign financial institution (“PFFI”)who does not provide adequate documentation or information within a prescribed timeframe.

FATCA was enacted with theprimary goal of providing theInternal Revenue Service (“IRS”)

with an increased ability to detectUS tax evaders concealing theirassets directly in foreign accountsor indirectly through offshoreentities. It aims to accomplish thisgoal by requiring US and non-US entities to comply with a new

set of tax information reportingand withholding rules as wellas investor due diligence anddocumentation requirements. Theconsequences of non-complianceinclude being subject to or liablefor a 30% withholding tax onincome from US sources andeventually on the gross proceedsfrom the sale of securities thatcould produce US sourced interestand dividends.

The purpose of this paper is tohighlight the need for entitiesimpacted by FATCA to developand maintain:

• Sufcient controls aroundthe areas directly impacted byFATCA, such as customer on-boarding, account maintenance,

withholding, reporting, andthe technology and operationalareas that support these

processes;

• Adequate infrastructure toenable ongoing compliance withFATCA’s requirements, both

within and potentially outsidethe enterprise; and

• A FATCA compliance programsufcient to make periodiccertications to the IRS ordemonstrate compliance in anIRS examination, as needed.

Although the provisions ofFATCA became law in March2010, the statute provided onlythe basic framework for FATCA’srequirements. Much of thedetails about implementation

were left to the discretion ofthe US Department of Treasury(“Treasury”) and the IRS. Afterissuing preliminary guidance, theIRS and Treasury issued the nal

regulations (“Final Regulations”)on January 17, 2013. In addition,Treasury continues to work witha number of foreign jurisdictionsaround the globe on completingIntergovernmental Agreements(“IGAs”) designed to improveinternational tax compliance andenable the implementation of theFATCA provisions. The IGAs maychange how FATCA complianceactivities are performed in certain

jurisdictions (such as complying with local law concepts versus theUS regulations) and companiesshould monitor these changes.

The requirements of FATCA,and to varying degrees the IGAs,broadly include:1

• Enhanced due diligenceon account holdersand investors – Financialinstitutions must employprescriptive due diligenceprocedures on their accountholders, investors and other

persons and obtain additionaldocumentation as required.

• Tax reporting – Financialinstitutions will be required toreport more transactions andnancial account relationshipsto either the IRS or their localgovernment.

• Tax withholding – Financialinstitutions will need to

withhold US tax from a variety of payments that aremade to recalcitrant accountholders and non-participatingforeign nancial institutions(“NPFFIs”).2

• Governance – FATCArequires many foreign nancialinstitutions (“FFIs”) to enterinto an agreement with the IRS(“FFI Agreement”). The nalregulations also require many

FFIs to appoint an RO who, onbehalf of an FFI is required toprovide certications to the IRSabout the FFI’s compliance withFATCA.

In January 2013, the Foreign Account Tax Compliance Act (“FATCA”) nal regulations were issued, whichprovide an internal control certication requirementfor the responsible ofcer (“RO”).



6/20

Focus on certication

3 Taking control of FATCA Building effective internal controls and processes to promote compliance and certification


7/20 4

While FATCA’s requirementsapply broadly to both FFIs and US

withholding agents (“USWAs”),certain FFIs are required toregister with the IRS and enter intoFFI Agreements. These FFIs willneed to make certain certicationsto the IRS regarding compliance

with the FFI Agreement. To makecertain that FFIs who enter into

Agreements with the IRS are incompliance, the IRS will requiresuch participating FFIs (“PFFIs”)to appoint an RO who will makethese certications. Failing tomake the required certicationscould constitute a default under

the FFI Agreement, which mayresult in the IRS terminating theFFI Agreement and subjectingthe entity to US tax withholdingunder FATCA. As such, an internalsub-certication program shouldbe implemented to facilitate thisprocess. For USWAs that do notneed to certify, an internal sub-certication program should be

considered, as an industry leadingpractice, to enable consistentcompliance with FATCA across theorganization.

In addition to core FATCAcertication requirements,IGAs must also be considered.

Although a requirement forcompliance certication is notexplicitly included in the modelIGAs, global organizations thatoperate in both FATCA and IGA

jurisdictions should consider aglobal compliance program.

In IGA jurisdictions, evidence of acontrol framework may needto be provided to local regulatorsif the entity is questionedregarding its compliance or istrying to remediate instances ofnon-compliance.

FATCA’s tax information reporting, withholdingand investor due diligence requirements areimposed on nancial institutions both in the USand abroad.

Type of certification Frequency When is certification

required?

Completion of due diligence and

documentation requirements on pre-existing

accounts

One-time 60 days after the 2nd

anniversary of the FFI

Agreement

No formal or informal practices or procedures

in place from August 6, 2011 through the dateof such certification to assist account holders

in the avoidance of chapter 4.

One-time 60 days after the 2nd

anniversary of the FFI Agreement

Certications required under the nal regulations

Although the IRS has not yet published a draft of the FFI Agreement,the Final Regulations outline the following series of “one-time”certications regarding PFFI compliance.



8/20

In addition to the one-timecertications shown above, theRO must also periodically certifyto maintaining effective internalcontrols to the IRS, specically

stating:1. The RO (or its designee) has

established a complianceprogram that is in effectas of the date of the FFI

Agreement, and that thecompliance program hasbeen subject to a review of itseffectiveness.

2. There were no material failuresduring the certication period,

or, if there were materialfailures, appropriate actions

were taken to remediate suchfailures and to prevent suchfailures from reoccurring; and

3. With respect to any failure to withhold, deposit, or reportto the extent required underthe FFI agreement, the FFI hascorrected such failure by payingtaxes due (including interest

and penalties) and ling theappropriate return (or amendedreturn).

Considering that the certicationperiod begins with the effectivedate of the FFI Agreement,there are about 6 months left todesign and implement a FATCA

controls framework to comply with the periodic certicationrequirements.

The role of theresponsible ofcerand the need foreffective controls

FATCA’s rules are far reachingand complex, affecting many legal

entities, lines of business, and various functions, all of whichmust be analyzed and potentiallymodied to achieve compliance. Ina large organization, data sourcesand business processes can varyacross products and geographies,only adding to the complexity.

The Final Regulations do notdictate who in the organizationshould ll the role of the RO,

so PFFIs must make their owndetermination of who is bestqualied for the job. Although

FATCA is essentially a taxregulation, its impact goes

well beyond the traditionalrole of corporate tax, as itsignicantly impacts client on-

boarding and maintenance, andtransaction processing such astax withholding and calendar

year-end reporting. As such,the RO may not necessarilybe someone within the taxdepartment. However, the personchosen should have sufcientauthority in the organizationto enable compliance across a

wide variety of functions, andhave a broad view of the entity’s

operations to effectively monitorcompliance. Considering thatthe RO certies compliance, heor she has a vested interest in thedevelopment and implementationof FATCA compliance policies andprocedures.

While organizations are currentlyfocused on the process andtechnology changes necessaryto become FATCA compliant by

the impending deadlines, theymust not lose sight that FATCAcompliance will be an ongoing,

FATCA checkpoint:

If your organization has

multiple FFIs located aroundthe world, how will you

ensure that each FFI is in

compliance?



9/20

and complicated responsibility.Organizations should take astep back from their currentimplementation focused activitiesand consider whether it is more

efcient and effective to establishthe appropriate complianceframework now, or revisit theserequirements later. USWAs,FFIs and large multinationalorganizations that have begun toconsider compliance certicationsand controls as part of their FATCAprograms have started to realizethat existing controls related totax information reporting areoften inadequate or non-existent.

Designing and implementing

the controls framework now hasthe added benet of evaluatingnew business models that arebeing adjusted to meet regulatoryrequirements to potentially head

off control issues before theypresent challenges in 2014, post-implementation.

Although an FFI’s requirementto establish a robust controlsframework to comply with FATCAis relatively new, the concept of acontrols framework is not new tothe IRS or information reportingaudits. The IRS Internal RevenueManual notes that, “Evaluationof the written procedures (or

lack thereof) may provide theexaminer with an indicator ofthe overall reliability of the USentity’s existing withholding taxfunctions such as withholding

and reporting for non-residentaliens. This assessment mayassist in determining the extentof additional audit procedures,such as the review of accountles statements and withholdingcerticates”. As such, havinga robust controls frameworkis important and a potentiallyoverlooked factor for US entitiesas well.

6

While the requirement for anRO is one individual per FFI,some organizations have alreadydetermined that a supportstructure, consisting of multiplefunctional competencies, is critical.Under this model, organizationshave begun plans to establish anRO at the top of the organization

to provide guidance and oversightto various functional areas. Thebenet of such a structure is toensure that FATCA certicationsand the supporting sub-certications are performed at theappropriate levels throughout theenterprise.

Key action items for the responsible ofcer



10/207

Regardless of the structure, a single RO in a smaller

organization or the “Responsible Ofce” in larger ones

may have the following responsibilities:

• Ensure that sub-certifying ofcers are in place acrosseach relevant key process/jurisdiction, etc., and that

they have the appropriate authority to execute their

responsibilities.

• Communicate FATCA policies and procedures across

the organization.

• Development and maintenance of effective internal

controls to ensure compliance with the regulations.• Ensure that FATCA-related compliance training on

policies and procedures is conducted regularly for all

impacted parties.

• Leverage internal audit, compliance, risk

management, or external parties to self-test

compliance in each relevant territory/area.

• Periodically review that the appropriate procedureshave been performed across the organization, for all

impacted legal entities. If key functions (e.g., account

setup, reporting, income payment processing, tax

withholding, etc.) have been outsourced to a third

party service provider, develop/execute a program to

ensure the provider is FATCA compliant with respect

to the nancial institution’s accounts/processes.

• Review all sub-certications and follow up onany issues identied. Certify to the IRS in a timely

manner and disclose any material failures. Ensure

that schedules are in place to monitor required

certications to the IRS.



11/20

Building a FATCA controls framework

8Taking control of FATCA Building effective internal controls and processes to promote compliance and certification


12/209

When building an effective controls framework,organizations must begin with a detailedunderstanding of what is required underFATCA regulations.

A FATCA controls frameworkshould be designed aroundbusiness processes that have astheir foundation, regulatory andbusiness requirements. Thesebusiness processes span manyFATCA-impacted areas, such asthe creation, purchase, sale andliquidation of legal entities (e.g.,identifying USWAs or FFIs),

client account due diligence,transaction processing, tax

withholding, reporting, andcertication/governance. Thecontrols framework should specify

objectives aimed at mitigatingrisks of non-compliance,and also provide “industryleading practice” controls fororganizations to follow. Within theframework, organizations shouldnot only document controls, butassess if there are any gaps (e.g.,no control to meet a particularobjective or inconsistent controls

across territories, etc.). Forexample, the table below providesa limited excerpt of how this maytake shape.

Example FATCA controls framework (excerpt)

Area FATCA summary

requirement

Risk Control

objective

Sample key

control

Legal entitymonitoring

The creation,purchase,

liquidation and

sale of non-US

entities should

be monitored

for their FATCA

classification.

A new legalentity that should

be classified

as an FFI is

not identified

and registered

with the IRS

resulting in non-

compliance.

Controls providereasonable

assurance that

changes in the

enterprise’s legal

entity structure

are appropriately

identified and

approved by

appropriate

personnel.

The approvalof new entities

includes a

determination

of their FATCA

classification and

required next

steps (e.g., FFI

registration) are

taken.



13/2010

Example FATCA controls framework (excerpt)

Area FATCA summary

requirement

Risk Control objective Sample key control

Client

account

assessment

Review information collected

with respect to an individual

account holder claiming to be

non-US for US indicia.

Certification of compliance

is incorrect as a review for

potential US indicia was not

completed.

Controls provide reasonable

assurance that non-US

accounts are adequately

reviewed for US indicia.

Evidence of review of a non-

US account was performed

and completed by the

appropriate personnel.

Periodically, an exception

report highlighting accounts

without required approval

is produced and reviewedfor follow up by authorized

personnel.

Certification

procedures

The RO must make periodic

certifications with regards

to ongoing compliance and

effective controls.

Sub-certifications do not

cover all business functions

impacted by FATCA, or

areas of the organization are

not included in the FATCA

compliance program.

Controls provide reasonable

assurance that the

certification process includes

all relevant business functions

impacted by FATCA.

All functional areas of FATCA

impacted legal entities have

been identified and included

in the compliance program.

The sub-certification structure

is reconciled to the list of all

functional areas to ensure all

key business functions have

been properly included.



14/20

Developing a certication framework



15/2012

In addition to a controls framework, a certicationframework should also be established to ensurethat every relevant part of the organization isrepresented in the certication process.

The RO or Responsible Ofce ofan FFI should consider appointingsub-certifying ofcers acrosseach of the relevant businessesor functions and assign themthe responsibility of certifyingcompliance for their respectiveareas.

Because of the complexity ofensuring compliance, nancialinstitutions may need to viewtheir operations from severalperspectives to determine whothe most appropriate sub-certifying ofcers should be. Theframework will vary from onenancial institution to the nextdepending on the structure ofthe organization. For example,in organizations with a regionalfocus, the head of each region

might be assigned the role ofsub-certifying ofcer. In otherorganizations, this role might be

lled by business unit leaders.Depending on the size andcomplexity of the organization,there may be several additionalsub-certifying ofcers below theselevels – for instance, functionalheads, or individuals assignedto legal entities. There must beenough sub-certifying ofcersassigned to ensure that all

parts of the organization whichare affected by FATCA are incompliance with its requirements.These ofcers must have therequisite expertise so that the ROhas the condence that all sub-certications are performed timelyand accurately. For USWAs, thedevelopment of a sub-certicationstructure is a leading practice toensure that FATCA compliancecontinues to be achieved. A

sample certication framework isillustrated below.

FATCA checkpoint:

• Have you

developed a sub-

certication process to

enable disparate

reporting units to

provide assurance

to the RO?

• Are all sub-

certifying ofcers

well qualied forthe position?

Sample responsible officer governance structure

Territory level

sub-certification

Legal entity level

sub-certification

Process/business unit

level sub-certification

Legal entity 1sub-certifying officer



Process Asub-certifying officer

Process Bsub-certifying officer

Process Csub-certifying officer

Country X sub-certifying officer

Country Y sub-certifying officer



16/2013

Financial institutions frequentlyuse third party service providersto perform functions that fallunder the scope of FATCA (e.g.,an administrator that providesservices to an investmentcompany). The RO mustinclude such service providerrelationships into its enterpriseFATCA compliance program.

This may include the oversight

of third parties and the reviewof relevant documentation thatgives the RO comfort that controlsare in place at third parties toensure compliance. This changesthe relationship between PFFI’sand their service providers who

will have to work more closelytogether to allow the RO to makethe necessary certications.

Considerations for third party providers



17/20

Conclusion

Most organizations implementing FATCA are

currently focused on addressing core requirements

around due diligence, withholding and reporting. However, leading organizations are beginning to

simultaneously address governance, compliance and

controls frameworks. Early “lessons learned” from

such governance activities indicate that the level of

complexity to implement controls will be signicant,

the controls and sub-certication framework will likely

be multi-dimensional (e.g., by function, business unit,

and geography) and the FFI Agreement certicationsby the RO will require signicant coordination and

communication across the enterprise. In our view,

institutions should focus on designing a compliance

and controls framework concurrent with the core

FATCA implementation effort.



18/20

Contacts



19/20

For more information, please contact:

Jeff Trent

Partner

[email protected]

+1 646 471 7343

Dominick Dell’Imperio

Partner

[email protected]

+1 646 471 2386

Scott Dillman

Principal

[email protected]+1 646 471 5764

Alan Pisano Partner


Stuart Finkel

Partner

[email protected]

+1 646 471 0616

Richard Inserro

Principal


Dave Trerice

Partner


Rebecca Lee

Principal

[email protected]

+1 415 498 6271

Timothy Mueller

Principal

[email protected]

+1 646 471 5516

Stephen Chapman

Partner


Ellen Walsh

Principal


Gail Vennitti

Principal

[email protected]

+1 646 471 7408

Chris Joline Managing Director


Jon Lakritz

Managing Director


Matt Giordano

Director

[email protected]

+1 646 471 0187



20/20

www.pwc.com/us/fatca

IRS Circular 230 DisclosureThis document was not intended or written to be used, and it cannot be used, for the purpose of avoidingUS federal, state or local tax penalties. This includes penalties that may apply if the transaction that is thesubject of this document is found to lack economic substance or fails to satisfy any other similar rule of law.This document has been prepared pursuant to an engagement between PricewaterhouseCoopers LLP and itsClient and is intended solely for the use and benefit of that Client and not for reliance by any other person.

© 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refersto the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legalentity. Please see www.pwc.com/structure for further details. This content is for general information purposesonly, and should not be used as a substitute for consultation with professional advisors.

Solicitation

Date post:	05-Jul-2018
Category:	Documents
Upload:	chabala-lwando
View:	227 times
Download:	0 times

Fatca reviews

Documents