Lighten the load

In recent years governments have enacted multiple regimes that compel the automatic exchange of financial account holder information between tax authorities.

This increase in scope, along with the complexity of this legislation and the associated penalties for non-compliance are putting additional pressure on tax, compliance and legal teams to implement robust procedures. Due to the volumes of data now required to be gathered and analysed, non-US financial institutions (‘FIs’) are focusing on finding ways to increase the efficiency and accuracy of their data management and analysis processes.

Increasing focus on data

The widespread reach and disclosure requirements under FATCA raised various legal and data privacy matters. In order to address some of these concerns, the US Treasury Department entered into bilateral intergovernmental agreements (IGAs) with the UK, France, Spain, Germany and Italy shortly after the enactment of FATCA. The IGA was aimed at facilitating effective and efficient implementation of FATCA information reporting by removing legal restrictions on information reporting, but it also mandated compliance by FIs tax resident in IGA jurisdictions. Many countries followed these leaders and there are now over 100 countries that have entered into an IGA with the U.S.

The OECD’s Common Reporting Standard (CRS) uses a similar framework to facilitate the automatic exchange of information by FIs across the globe. This global model is based upon countries signing either a bilateral (reciprocal or nonreciprocal) or a multilateral agreement with other jurisdictions that have agreed to adopt CRS (Participating Jurisdictions). These agreements lift legal restrictions on cross-border reporting and mandate compliance by FIs in these Participating Jurisdictions. They also provide the terms and conditions for the exchange of financial account information and the transposition of CRS into domestic law. However, they do not require all jurisdictions to implement the exact same provisions, which means specific legal interpretations may differ by jurisdiction.

Based on the fundamental principles of FATCA, CRS requires FIs located in a Participating Jurisdiction to perform due diligence on their financial account holders by gathering and analysing their personal information to identify their tax residency and whether they are exempt from reporting. If no exemption exists, FIs must report certain financial information on account holders that are tax resident in a different Participating Jurisdiction than the FI (same-country reporting is currently not required), but only if that Participating Jurisdiction has entered into an agreement with the FI’s Participating Jurisdiction. There are currently more than 100 Participating Jurisdictions and this number is expected to rise in the coming years. To date the US has not joined CRS which means that FATCA will continue to exist alongside CRS.

Though FATCA required FIs to implement wide ranging policy and procedure changes to ensure compliance, in particular with regard to due diligence, FATCA and CRS regulations (together the Automatic Exchange of Information (AEOI) regulations) have greatly increased the burden on FIs by expanding the scope and complexity of these requirements. Increasing the account holders subject to these regimes (from US tax residents to tax residents of all Participating Jurisdictions) and making technical changes to the rules, including the removal of de minimis exemptions, will exponentially increase the volume of data FIs are required to gather and analyse. Identifying ways to more efficiently manage and analyse data and document decisions will be the keystone of building an effective compliance programme.

Prior to AEOI, there was a greater divide between the types of FIs that needed tax technology solutions. Primarily driven by the differences in the volumes of information required to be gathered, banks, for example, had little choice but to implement systems to analyse this data. Many funds, on the other hand, have traditionally been able to meet regulatory requirements with more basic technology such as spreadsheets and investor databases. However, AEOI increases the volume and complexity of data required to be analysed by all FIs. Most FIs are finding it difficult, if not impossible, to traverse this new landscape without the aid of technology solutions to assist in managing this exercise. However, technology solutions cannot take the problem away completely and they often need to be complemented by offline processes.

Challenges of technology in data management

Although technology can increase the efficiency and accuracy of an FI’s AEOI compliance program, there are a number of challenges that must be considered. Many of these challenges are brought about by the actual requirements of the regulations, but many practical considerations must also be considered. 

The design of CRS does not allow for automation to replace human decision making. As CRS relies on a structure of bilateral or multilateral treaties rather than one overarching agreement to exchange information with other Participating Jurisdictions, reporting obligations in one country may be different than reporting obligations in another. Furthermore, as individual governments are required to adopt the rules based on OECD principles, there will likely be different rules among member countries. Finally, accurately applying these rules in determining reporting obligations is largely dependent on the quality of the data captured from systems and account holders. In many ways this creates an atmosphere where technical interpretation is required, and without specific rulesets technology continues to need the support of human judgement.

Data organisation and formatting

Is hold their underlying account holder information (including AML/KYC data, applications and subscription documents, etc) in different formats and different systems (including paper). Using technology to assist in data analysis can only be done if the relevant data is identified, organised, and formatted in such a way (including from paper to electronic) that it can be imported into a technology solution for analysis. To capture information from an FI’s existing systems, exporting data points or the use of application programming interfaces (APIs) can be used to electronically gather existing customer data. In many instances companies will still have paper records (or will collect paper self-certifications, discussed below) which will need to be rekeyed into the systems manually or via the use of optical character recognition (‘OCR’) together with fuzzy logic technology (technology used to recognise imprecise characters) for automated upload. However, in many cases these tools do not provide 100% accuracy. As a result, offline processes need to be in place in conjunction with data import technology to ensure the information coming into the system is accurate.

Once in a database this information must be easily accessible by a user in order to create the intended efficiencies, so data organisation is essential. For example, under AEOI each FI has a legal obligation to perform due diligence on its own account holders , so an FI needs to be electronically connected to its own account holders. In a private equity fund structure this can become quite complex due to the large number of entities across multiple jurisdictions often invested into by a common group of account holders (investors) that may hold several different investments in entities throughout the structure. If the entity and investor relationship is not linked, account holders may receive multiple self-certification requests when only one is required.

Form validation and reasonableness

The regulatory requirement to confirm the accuracy of forms provided by account holders has existed for many years with respect to US withholding tax forms (Forms W-8/W-9) but now also applies to the receipt of self-certifications for AEOI. The use of technology to perform automated data analysis can be useful in this area, though there are a number of reasons that automation alone is not sufficient.

Generally form validation is a process that can largely be automated as it requires confirming data contained on the face of the form against a defined rule set, i.e. are all the mandatory fields included and does any information conflict. Some particular validation requires FIs to review data for accuracy, such as confirming the account holder’s global intermediary identification number (‘GIIN’). While automated validation checks can compare account holder data to source data, like the IRS GIIN list, to confirm accuracy, data quality frequently hinders this otherwise straightforward process as, in this example, GIINs with missing or transposed numbers and abbreviated or misspelled names can prevent GIIN confirmation. However, data quality frequently hinders an otherwise straightforward process as GIINs with missing or transposed numbers and abbreviated or misspelled names can prevent GIIN confirmation without human assistance.

If any errors exist to invalidate the form, there are particular requirements that must be followed which may require the FI to obtain additional documentation from the account holder. Some technology solutions attempt to limit errors (and account holder outreach) by requiring the account holder to enter data into an online portal or directly into a PDF with built-in validation checks (that notify account holders of their errors prior to submission). However, in practice, a large number of account holders print the form to complete it with a pen rather than a computer; others do not complete the FI’s bespoke form and provide the FI with a form they had previously completed for a different institution. Not only does this limit the effectiveness of electronic validation checks, it requires the rekeying to get the data into an electronic format; which increases the chances of additional errors. Inevitably this requires at least a minimal amount of rekeying to get the data into an electronic format.

Once a form is deemed to be valid, the FI is required to confirm that it is reasonable. Determining reasonableness is largely done by comparing the information included on a valid form to existing information that the FI has on file. While comparing data line by line can highlight inconsistencies,  in many cases these inconsistencies will not invalidate the form. For example, although an account holder may have its primary mailing address in Guernsey its tax residency may be the UK. In this case this jurisdictional difference may appear to make a form invalid, it is not per se invalid as additional information may validate this information.

Although automation cannot fully replace human involvement, it can assist FIs by organising the data and highlighting where differences may exist. In order for this reasonableness check to occur both existing and new account holder information must be held together in one place. For example, Deloitte’s information management tool stores existing AML/KYC data imported from the FI’s systems and data uploaded from self-certifications and performs an automatic comparison highlighting possible issue areas by flagging differences that exist between the data.

Workflow

As gathering account holder information, primarily through use of self-certifications, is required in many instances, managing account holder outreach is essential. This can be made even more complex if the FI manages the overall process in one jurisdiction but has a number of different onboarding/investor relations teams located in other jurisdictions. In order to effectively manage the process, tasks must be allocated to different team members and appropriately monitored. This exercise becomes increasingly difficult if it is performed using multiple systems and information databases. To solve these challenges companies have developed web-based systems to hold all relevant information where teams across multiple jurisdictions can be allocated roles and responsibilities and the actions they take in performance of these responsibilities is captured in this core system. This allows project managers to have more control over their teams and review and sign off documentation collected across the company. However, there are internal and legal challenges with using this type of system that must be considered.

Though sharing of account holder data has become easier, especially within the EU, local data privacy laws must always be considered. Internal policies must also be adhered to which may mean restricting certain account holder data from teams within the company that may not have authorisation to see this data. For example, limiting a local country client’s onboarding team the ability to access headquarter country company executive information. Finally, when passing data across borders data security becomes an even greater consideration and companies must ensure appropriate steps are taken to ensure the data does not fall into the wrong hands.

Determining reporting obligations

Outside of US withholding tax considerations, the area of AEOI where data analysis is perhaps the most essential, but certainly not the most straightforward, is in determining account holder reportability. While FIs will generally identify factors that impact reporting, like tax residency, during the validation and reasonableness analysis of due diligence, this analysis cannot be a one-off exercise. Account holder information can change and FIs must have processes in place to monitor those changes and determine if a change impacts AEOI reporting, for example, a change in an account holder’s tax residence. However, monitoring these changes is only half the battle. FIs must also ensure these changes are properly documented.

As FATCA will co-exist alongside CRS we are living in a world where FIs have to follow the rules of two separate regimes. While the rules for these regimes are very similar, some differences do exist which adds complexity to data analysis. Generally, a reporting obligation under CRS is based on an account holder’s end of the year tax residency. However, reporting obligations under FATCA are generally based on whether that account holder was a US tax resident at any point in the year. Therefore, if an account holder was a US tax resident for the first half of the year but then moved to a non-Participating Jurisdiction for the remainder of the year, a system that displayed current account holder status or a year-end snapshot of account holder status would result in less accurate reporting than a system that records an end-of-year snapshot and changes that occur throughout the year.

The AEOI regime has brought data management and analysis to the forefront. Due to the volumes of information and the complexity of the analysis that is required, many FIs will find compliance challenging without the aid of technology to support their compliance process. With tax authorities expecting robust controls, not only does technology need to assist in ensuring reporting accuracy, it will need to document actions taken and decisions made in order to build an audit trail.