FATCA, IGAs and AML Technology
“It’s a slow train, but it’s moving on”. This great line from an old song by the Staples Singers feels very applicable not just to life, but also to the Foreign Account Tax Compliance Act, writes Jeroen Dekker, senior product manager, risk & compliance, Fiserv (right).
After a long wait, the first real implementation deadlines are now just around the corner. To meet the new account identification requirements, which will come into force for most countries on 1 January 2014, foreign financial institutions should be in the process of implementing the necessary upgrades in their on-boarding and overall compliance systems and processes.
Various types of systems are likely to be used for this purpose, but particular attention should be given to Anti-Money Laundering monitoring technology. It did not take long for the financial industry and its regulators to see that there are many connections between FATCA and AML. Apart from tax evasion being a financial crime much like money laundering in that society is the victim, it also often involves similar mechanisms like international money movement, use of complex company structures and, of course, offshore jurisdictions.
Importantly, these connections extend into organisations themselves, since the processes, data elements and technologies that the FATCA regulatory requirements call for are also common to AML. This covers the onboarding process, ongoing monitoring, remediation, reporting to a regulator in a prescribed format, and as dictated by compliance best practices, having a required second or even third line of control.
So, are financial institutions doing enough currently? Well, thus far most institutions have focussed on expanding their data capture and arming their front line staff with the right forms and procedures. Whilst this is of course an important step (just like AML started with Customer Due Diligence), some institutions run the risk of stopping there and presuming that the rest is just a matter of pulling some reports from core systems or a data warehouse.
The job is not done when the CDD boxes have been checked however – checks for accuracy, completeness, discrepancies and exceptions must take place, and an alert system for when accounts change is also a necessity. Technology needs to keep track of this and keep records and audit trails for the future regulatory examinations that will surely come.
It’s clear that the AML monitoring concepts of detection, workflow, case management and reporting provide important and proven capabilities to help implement a sound and cost-effective compliance program for FATCA or, if relevant, an Intergovernmental Agreement struck between any given country and the United States.
Finding Needles in the Haystack
Under FATCA, and the model IGAs, a new individual customer is not relevant until and unless the aggregated balance of their depository accounts exceeds $50,000 on the last day of a given calendar year beginning with 31 December 2014. Only when that threshold is met is there a requirement to ask a customer for self-certification, and confirm the reasonableness of that self-certification against information collected at account opening.
In this instance, an AML monitoring system should be able to easily select and alert institutions to customers who fit this description once a year. This would minimize the work that needs doing, whilst maximizing the time available to do it and ensure that institutions avoid potentially alienating local customers who don’t fit the criteria. By aggregating end-of-year balances across accounts opened by a client after a certain date, it could simply create a list of people every January 1st from which self certification is needed to be obtained in the next 90 days.
That said, many institutions do choose to make self-certification a standard part of their onboarding Know-Your-Customer (KYC) process. The rationale being that once a customer has gone through account opening, getting them to respond to this sort of request at some point in the future may be more difficult.
Either way, an AML monitoring system can automatically check each customer’s self-certification claim against the relevant AML data it received, such as address, phone number and country of birth. The system can then provide a “stamp for approval” if no contradictions are found, or issue an alert and/or trigger a remediation workflow if something is wrong or missing.
The need for automated logic extends to other parts of FATCA as well. Applying the regulations’ thresholds can reduce the number of pre-existing accounts for which the institution needs to search electronic and paper records for U.S. indicia. Similarly, it can pre-select only those entity, account and payment types relevant to the regulation. Further, you must also consider how you can prevent unnecessary work for customers who went through remediation or self-certification last year. It’s this kind of slicing-and-dicing that AML monitoring systems have been doing for years, so leveraging that capability for FATCA is both effective and efficient.
Preparing for the auditor
Regulators and FATCA teams alike are currently focused on ensuring that institutions can continue to do their jobs when the deadlines hit. However, in years to come we should expect some form of examination to follow. The IRS (or its local government proxy) will probably want to gain confidence that any reported number of U.S. accounts should not have been much higher.
It is important therefore to leverage a system that not only facilitates compliance, but also demonstrates it to auditors and examiners. The system should be able to track that checks were completed and produce details on how decisions were made, by whom, and why.
Such systems should also be able to govern processes and enforce consistent procedures. The solution should support multiple authorization levels to approve FATCA classifications and help track the timetables for completion of cases. Mature AML vendors have learned these things as their clients have over the years, and have geared their systems accordingly.
Change will surely come
FATCA is not a one-time exercise; individuals who may not have been U.S. citizens last year may have moved to the U.S., and entities could have changed location, structure or ownership. Monitoring for “changes in circumstances” is an important consideration and alerting technology will be needed to do this, so that the required remediation can happen. FATCA is likely to evolve over time, and a global move to crack down on tax evasion is likely to lead to more regulations relating to finding taxpayers from other countries as well. The first signs of this have already appeared from the G20 and the large European countries.
An AML system has had to deal with different perspectives on who is foreign, what constitutes a lot of money, and how regulations translate into processes for the institution and its compliance team, especially if deployed in different countries and at different types of institutions, making it an obvious candidate for FATCA compliance.
This is why some AML systems have grown into financial crime risk management platforms. Feed the platform with data, and use it now and in the future for the ever-evolving fight against tax evasion and other financial crimes.