FATCA and CRS compliance considerations

The US was a catalyst in these efforts, passing the Foreign Account Tax Compliance Act (FATCA) into law in 2010. FATCA targets US residents and citizens who hold assets in other countries but don’t declare those assets on their US tax returns. The legislation initially met with resistance but has since become a model for similar laws across the globe.

Initial resistance arose from concerns that the US did not have the authority to enforce the regulation across jurisdictions and that related administrative burdens would paralyse the global finance industry. These concerns were addressed in part by the introduction of Intergovernmental Agreements (IGAs), or agreements between the US and other countries that recognise FATCA. IGAs reduce administrative burdens, including lessening the need for a 30 percent withholding requirement and ending the need for direct communication with the US Internal Revenue Service (IRS) for companies in most jurisdictions.

In 2014, the Organisation for Economic Co-operation and Development (OECD) — which has for decades been providing guidance on and promoting tax transparency — approved its own global version of FATCA, known as the Common Reporting Standard (CRS).

Over 110 jurisdictions now use the CRS to exchange information, and more jurisdictions have committed to joining the program. As a result of this widespread adoption, use of a zero- or low-tax rate offshore territory for non-legitimate reasons is now increasingly rare, and embracing a transparent tax landscape is a globally accepted approach. Indeed, in some territories the approach is positively good for business. Given these trends, traditional offshore jurisdictions such as the UK crown dependencies (Jersey, Guernsey and Isle of Man), Cayman Islands and BVI have publicly promoted tax transparency initiatives. They have implemented CRS requirements in part to illustrate that their respective financial services industries are operating as legitimate businesses in the global finance market, and that their regulatory regimes meet the highest standards.

Entity classification

FATCA and CRS-related laws are designed primarily to identify and prevent the use of offshore accounts and corporate structures designed to illegitimately avoid paying domestic tax. As a result, they significantly affect parties that hold assets outside of their home jurisdiction, not least because the laws have increased administrative burdens on tax-neutral asset planning vehicles.

To open any bank or investment account, an organisation or individual must classify all entities under both CRS and FATCA regulations (these classifications may differ for a given entity). Given the respective regulations’ complexities, classification can be difficult, even for a simple corporate structure. To take FATCA classification as an example, an organisation or individual must understand each FATCA classification type — including Participating Foreign Financial Institution, Registered Deemed Compliant Foreign Financial Institutions, Sponsoring Entity, Limited FFI or Limited Branch, and others — and classify the entity appropriately. Furthermore, foreign financial institutions (FFIs) in a country without an IGA will have different classification considerations than those in a country with an IGA. And those countries with an IGA are classified as either Model 1 or Model 2 (depending on whether the entity sends information to the local government or directly to the IRS), which also affects classification considerations.

Unfortunately, there are consequences to misclassification. Entities that fail to correctly classify can for example see delays in opening accounts. This can lead to missed transaction deadlines and investment opportunities, and resultant financial losses. In extreme cases, incorrect classification can lead to significant fines and even imprisonment if authorities deem that misclassification was intended to avoid reporting and evade paying taxes.

GIIN registration and other considerations

For some entities, the administrative burdens of FATCA and CRS do not end with classification. If an entity is some form of financial institution (FI), it must do or consider the following:

• Register with the IRS to obtain a Global Intermediary Identification Number (GIIN) for FATCA purposes. Registration is a reasonably straightforward process, but it involves sometimes confusing terminology and selection options. Failure to understand and correctly follow the process can cause problems, particularly reporting problems. Entities in certain jurisdictions must also certify annual compliance to the IRS through its reporting portal.
• Register with local authorities where required. Depending on the entity’s domicile, it may have to register with the local authorities using their portal, and the entity may have to confirm its compliance and status on an annual basis.
• Implement processes to ensure required data is collected and maintained in accordance with regulations, including deadlines.
• Report to local authorities on an annual basis and in the correct format. Producing correctly formatted reports can be challenging, particularly without dedicated software. Entities should also be aware that local authorities routinely change formatting requirements.

Auditing, compliance and enforcement

FATCA and CRS requirements have been in effect for several years, but entities must continually review and if necessary enhance their processes and controls. There are no more enforcement grace periods, and tax authorities expect compliance, including the ability to demonstrate the efficacy of related processes and controls. Company directors are ultimately responsible for ensuring compliance. (See table.)

2018 saw the first prosecution under the FATCA regime. The US Department of Justice carried out a sting operation involving two undercover agents who met with a senior executive of a Hungarian bank. The agents discussed how to use the bank to avoid detection by FATCA authorities. Ultimately, an executive from the bank was extradited from Hungary to the US, pleaded guilty and served prison time.

Those involved in finance should assume the case will not be the last of its kind. It sends a message that FATCA and other transparency initiatives must be taken seriously.

OECD implementation guidance on the CRS indicates that local regulators should make compliance with the CRS a regular part of their regulatory or tax audit programs of financial institutions. These audits are likely to include reviews of a financial institution’s reporting accuracy and the processes and controls the institution has in place to ensure ongoing CRS compliance.

In 2020, the BVI International Tax Authority (ITA) contacted a number of BVI entities, requesting they submit copies of their written FATCA policies and processes or risk sanctions. We expect tax authorities in other jurisdictions to make similar requests. FIs should be prepared, then, to demonstrate their own policies and practices related to FATCA and CRS, not just to submit annual filings.

Even entities that do not deem themselves to be FIs should keep in mind that in our digital age, information is widely available and frequently scrutinised by tax authorities everywhere. They too must be able to demonstrate CRS and FATCA compliance.

Other considerations

Organisations should keep in mind that the CRS and FATCA are subject to change. The OECD, for example, recently updated the CRS to include cryptocurrency and digital assets.

Organisations should also be aware that there are other regulations related to tax structuring and financing arrangements. Some important examples include: the EU’s Council Directive 2018/822 (commonly known as DAC6); country-by-country reporting (CbCR) requirements; and the EU’s economic substance requirements.

The message is clear: tax authorities everywhere are implementing new requirements and updating existing ones to give them greater insight into how individuals and corporates are organising their assets. All entities must keep abreast of and comply with these changes, including accurately supplying any required information. They must also be able to demonstrate that they have appropriate policies, processes and controls in place to ensure ongoing compliance.