TAINA Talks - 10 Years of FATCA Enforcement

10 Years of FATCA Enforcement

The IRS has collaborated with over 110 jurisdictions that have signed IGAs to ensure effective implementation and enforcement of FATCA. Since 2010 enforcement of FATCA has been robust, with the IRS actively monitoring compliance through a combination of audits, penalties, and international cooperation.

Many financial institutions have faced significant challenges in complying with FATCA due to the complexity of the reporting requirements, the need to identify U.S. account holders, and the costs associated with compliance.

For our next edition of TAINA Talks, we called on industry thought leaders and FATCA experts to share their insights on the FATCA compliance and evolving  enforcement.

Questions discussed:

• What were some of the challenges Financial Institutions faced when FATCA was first introduced?

• How has FATCA enforcement evolved since 2014 ? And has international cooperation played a role?

• Given the risks of non-compliance, why are some financial institutions still not compliant with FATCA?

Watch the below podcast to see TAINA's SME Sean Sutton talk with leading industry FATCA experts, Cyrus Daftary (Principal at KPMG) and Ali Kazimi (Managing Partner at WTS Hansuke), exploring how FATCA enforcement has evolved and the persisting challenges financial institutions face with FATCA compliance.

Panel Guests

Ali Kazimi 

Ali has over 25 years of experience in the financial services industry, having held successive leadership roles as Head of Tax at BlackRock and as International Partner of Deloitte UK and Middle East. Ali frequently speaks at conferences and writes on a variety of topics such as QI, AEoI (FATCA, CRS and DAC6), custodial structures, pension & asset pooling, and stamp & transfer taxes.

Cyrus Daftary

Cyrus is a Tax principal at KPMG where he serves as the national operations leader for the Information Reporting and Withholding practice.  He was formerly the co-founder and CEO of Markit CTI Tax Solutions and a partner at law firm and another Big Four accounting firm.  Cyrus is also a Strategic Board Advisor at TAINA Technology.

Transcript

September 27, 2024

Sean Sutton 

Hello, welcome to another edition of TAINA talks. 
My name is Sean Sutton and I'm the tax me here at TAINA . Today we wanted to commemorate 10 years of the foreign account Tax Compliant Act, or FATCA, TAINA talks is our new series of articles and podcasts where we speak with industry thought leaders and professionals. Together, we'll explore how industry cooperation, engagement and feedback can lead to comprehensive insights, and we hope, also solves persisting industry challenges. 
FATCA was signed into law in 2010 as part of the hiring incentives to restore Employment Hire Act. It's goal to combat offshore tax evasion by US taxpayers under FATCA foreign financial institutions or commonly referred to as FFIs, are required to report to the IRS information on financial accounts held by US persons. 

This legislation represented a bold step towards greater transparency in the global financial system. And it predates the internationally adopted common reporting standards for the CRS. But while the law was passed in 2010, it wasn't fully in effect until July 1st, 2014. By then, FATCA had truly begun affecting the operations of financial institutions around the world. And as you can imagine, implementing such a broad reaching law didn't come without significant challenges. 

We're now joined by Cyrus Daftary, Principal from KPMG, and Ali Kazemi, one of the leaders at Hansuki. We asked these gentlemen to share with us their experiences with FATCA. Their consulting roles have allowed them to see firsthand many of the pain points firms experienced in the beginning. And what are still persisting challenges for many today? 

What are some of the key challenges financial institutions face when faced with first introduced? 

Cyrus Daftary

FATCA was something that I think the global community had to really digest because it was a very much complex regulations. 
You're talking about trying to comply with US rules and you know whole new set of processes and you know, I think the challenge one was obviously operationally things have to change, but that meant there was a change in the sense of a lot of training and communication had it go internally and externally. 

It required process changes and if you  technological changes to account for all the reporting that was required and then the question was how do you really come up with a budget? And then understanding, particularly for some of the larger global institutions where you've got different business units, the impact could change based off the various countries. And then of course, you know how you manage it, do you have regional ROs and how do you manage the risk? 

So really It was a big ask, from a people process and technology perspective and it was something I think that was clearly much harder than the QI regime, that that a lot of financial institutions went through. 

Ali Kazimi  

I think the key thing that initially that firms had was first of all that was the what I would say is the legal and regulatory uncertainty, because FATCA was clearly the first of its kind. No other major like this had ever been introduced. It was quite extra jurisdictional. So that was the first hurdle that many Financial institutions had across the globe. How will the report? Are they allowed to report, given their own Central banks and their own data protection rules and regulations?

Once we had got over that hurdle, then the next challenge was really what I would classify as the human resistance, and this was twofold. So there were people within the financial institutions who did not want to comply they thought that it was too much and there was also reluctance on part of customers of the financial institutions who just did not want their information to be 
shared on a cross-border basis, so these were some environmental challenges besides that, the actual rules themselves, there were quite complex. 

Nobody had seen anything like that. There were intricacies to do with pre-existing accounts, new accounts and some of those challenges till Doc the industry and they're not easy to implement. 
There were process changes that needed to be implemented. To the whole onboarding of customers by financial institutions needed to be recalibrated to a new regime

And finally, dare I say, there were the additional costs of compliance. And I think that was when you haven't budgeted for things and suddenly you have a big program you need to put in place. 
So these were some of the key challenges right at the outset, whatever, a decade ago. 

Sean Sutton 

Sure, that makes sense. 

How about a couple years later? The Common Reporting Standards came live. 
Have you seen like an overlap of similar issues or was FATCA to kind of be unique situation compared to the Common Reporting Standard? 

Cyrus Daftary
Well, I think that FATCA made CRS much more tenable for people to manage because at least they understood some of the functions.  We had weird, if you have vernaculars where you know, let's talk about a self cert. You had a self cert FATCA purposes to for people to manage as they were not the same Self Cert FATCA purposes. 
You had a self cert for CRS purposes, but they weren't the same self cert, so you know some people create a combined self cert and things like that. 

But I do think FATCA may trying to implement CRS a little easier. Of course, you didn't have any withholding implication with CRS. 
Really much more a reporting regime. I mean, although fact, it was always labeled as a reporting regime. That's what the IRS always touted that we want to have better reporting. You know, CRS clearly had that. But I I do think CRS. Created some challenges as well for firms. 

One of the things we did see though is we saw some people leverage the serious opportunity to kind of revisit what they did with FATCA and iron out some kinks that they may have known existed or realized as you go to operationalize something that that existed and so I do think CRS again it was very complicated and I'm not minimizing what the effort was, but I think it was something much more manageable just given the FATCA framework and what people had been through and you know they were able to manage, if you will the dual diligence versus reporting much easier in a much easier manner. 

Sean Sutton    
Yeah. Agree. 
OK, so FATCA could start at 10 years ago. 
The enforcement maybe was slow to start, but...

Since its introduction, how have you seen fact enforcement evolve and kind of little caveats of that how much has international cooperation played a role in that enforcement? 

Cyrus Daftary   

From an enforcement perspective. You're right. I think the first few years everyone was really recognizing that it takes time to, you know, put in the appropriate systems and, you know, change management to make things work. We know that typically it's at least 18 months to two years just to get the systems right. 
And then of course you've got to operationalize it and you've got a condition, whether it's a front office or the back office on how to manage all the changes. 

So I I do think that you know. The IRS and other governments, when it came to CRS, were really giving financial institutions time to get it implemented. 
But Enforcement, you know, has started. We've seen more enforcement over the past few years, right? 

The enforcements have started with inquiries and or when you look at Cayman you know they they wanted more information, for example around their report. 
We know, for example, Bermuda, you have to submit your policies and procedures as a part of your filings and and those that of course led to, you know, inquiries and further audits. 
So we know around the the globe that that there have been inquiries from the various jurisdictions just to make sure enforcement's there and you know in a way that's good because then people realize they spent a lot of money and you know find institutions that quantify what they spend and they've always asked, you know, what is the return on that spend?  

But I I do think governments are obviously starting to look at the enforcement and we're clearly seeing the IRS do the same thing. On their end, making sure that they're looking at people's compliance around FATCA and so you know, the enforcement has come. 

But to your point, I do think that the governments were sympathetic because they had to obviously allow each of the financial institutions to operationalize the regulations and get it properly implemented frankly, on the government side, they're receiving a lot of information too, right? They had to really learn how to ingest this information and really make sure that they could come up with meaningful inquiries because they obviously didn't want to knock on doors and Making inquiries when you know the data was in front of them. 

But so, I’m seeing we're seeing more and more inquiries around the globe around compliance. But you know, I think it's too to be expected, and I think the pace that it's come at has has been reasonable just to make sure , people got it right. 

Ali Kazimi  
Sure. I think the point to your point, the initial approach by tax authorities was to take a light touch approach, which was to educate and help and support financial institutions to become compliant. What we've seen or we were seeing just before the sort of like the COVID lockdowns, was that was turning towards more of a inspection regime now. 
So they were expecting financial institutions to have adopted the new measures and comply with them. 

Everything obviously was suspended for the next 2-3 years and what we've seen in the last couple of years is the audit programmes have really stepped up. 
So you're getting financial. Sorry, tax authorities across the globe in jurisdictions such as obviously the United Kingdom, where I'm sitting from today, Singapore, Hong Kong, Canada, Luxembourg, each of these jurisdictions. I have been supporting financial institutions to meet with the growing audit requirements and how to manage those audit programmes. 

The other enforcement action as you sort of like rightly pointed out, is there is now new set of legislation that has come into play. These are domestic pieces of legislation, perhaps driven by wider AML KYC financial crime considerations. But you've seen jurisdictions such as the Cayman Islands who have now regulations that specifically mention explicitly mention penalties for noncompliance. Including criminal liability, so they will impose penalties, and you know which include fines and even imprisonment of certain officers.

So, you can see there's a real shift in, what financial institutions need to comply under the jurisdictions where I'm doing quite a lot of work in the United Arab Emirates where you’ve got a fine say of 1000 dirhams. That’s about £200 or 250 USD for the financial institution.  The financial institution for each new account. That basically is opened without obtaining valid self cert. 
And or where there's been a failure by the FI to validate such self-certification.

Now you can imagine from a documentation perspective. I mean, I've seen many people send out the forms, but they don't have any validation process in place. 
They don't know how to validate. So for a bank which has got say for example 1,000,000 accounts and there's a 20% documentation failure rate, that would give rise to about a  
£40 million fine or $50 million fine. So these costs can really escalate very, very quickly. So I think that's kind of brought it home to many financial institutions that they need to take this seriously.

I think that the other challenge of the evolution side of things. Has been the new set of rules, so you've now got CRS 2.0 so it's already in the mind of the OECD to basically implement new datasets that weren't there before and to the incorporate them into the reporting. Additionally, you've had within say for example, the FATCA side of things. the US has introduced new rules around 10. So what you are seeing is the goal Posts are shifting.

Sean Sutton
You mentioned why it's important to maintain compliance just because of the penalties. 

So why do you think that there are still financial institutions that aren't fully compliant with FATCA.

Ali Kazimi 
I would say that well, first of all, many financial institutions never became compliant. So or they didn't interpret the requirements properly, so they've been continuously not compliant. 
But even those institutions that did become compliant, I mean these this legislation is now nearly over a decade old. So there's naturally a compliance drift whereby you know any systems of internal controls over time. Those controls weaken, and you've seen sort of like staff movements. So there's all these types of things and quite often these things weren't bedded down in the form of proper policy and procedures. 

So what happens is each person is doing it's like, you know, Chinese whispers whereby you just follow what the last person has done with that, really understanding why these things were done. So there's that overall general passage of time and compliance drift that comes with it. 

I would say the other thing, the other thing is we reached a point where shortly after FATCA with the CRS implementation, we had already reached a level of what I would say is, you know, fatigue in terms of compliance regimes and spending money because what you have to look at is it wasn't just FATCA and CRS then came things like. 
MDR and DAC 6 and BPS and ATEX. So you've had a whole raft of legislation affecting financial institutions and therefore the budgets just weren't there. So that resource constraint I think has played to the noncompliance. 

And dare I say, I'm sort of like even now there are systems which are out of date. So many people, and I see this, and this is ongoing discussion. When you have audits, and you realize there's been a compliance failure. Many institutions will just patch up. What they won't do is look forward into the future and say what are the AI tools? What are the technologies of the future that we need to incorporate now? So it's fit for next 10 years rather than correcting and putting a plaster for the problems that have happened in the past. So I think that whole legacy system issue is a big problem. 

I mentioned you the regulatory complexity hasn't got any less. It's actually now what we're seeing is the interdependence of different tax regimes. So, it was just FATCA on its own of CRS on its own, and the two work closely. But now you have to make sure that you tie into your QI program. You tie it into your DAC 6 and MDR program and there are specific domestic regimes, such as in the UK, the corporate criminal offence, which is a tax integrity measure. So you have to sort of like start factoring those in. So again, as I said, the goal post is moving. 

I would say that some of the human behavioural side of things, their reluctance to become compliant. Largely is given way, but it's still there. So that resistance sometimes gets in the way of effective compliance.  

Cyrus Daftary
No, I mean I I think at then they you can go around the globe and you're gonna find in every jurisdiction some firms that aren't compliant, and you know there are different reasons for it. I mean it it could be a systemic issue. As we both know, a lot of institutions, you know, there are certain subject matter experts, but when they leave that knowledge walks out the door, right? 
So when that knowledge walks out the door. 

You know that they lose a step, so I I can't comment on I I don't have any specifics or any knowledge on those that may not be compliant but I can tell you as we’ve , as we've helped wth some firms, institutions, some of it has been really, truly either a systemic glitch that happened, maybe they switch from 1 vendor to another and you know they thought something was complying, it was complying you know a key you know person has left the institution and because they've left, you know the knowledge that they had, you know, went off the door. 

But I I do think you know a lot of people at a lot of firms have really taken a step back just given, you know, evolution and you know, now it's kind of BAU business as usual. 
I think people have taken a step back and say, you know, we ought to do our own checks, right? It's it's like the internal audit function, right? You know, to the degree that the large institutions have that they can go in and say, are we being compliant, we've got a regulatory obligation. 

Obviously, that's not necessarily true for funds where they don't have that type of of an infrastructure. But again. You know, they're relying on somebody to help them, so you know, hopefully. 
if if there are some hiccups along the way that there hiccups, that that can be explained. 

I really think that given the evolution of FATCA CRS and now we're going to have CARF, you know, I do think that, you know, firms have to have these process in place. It's noy a nice to have.  It is really a must have and you know there always can be some kinks. It happens to the best of us. You know, mistakes can happen. 

But again, I think just the way we rely on technology, or we rely on people. You know, if we lose something or like I said that there's a glitch, then you know things happen. 
But I think the key is making sure that people are checking, and they've got controls to identify those hiccups, then and then they react to them appropriately and they remedy them. And if they need to make a disclosure, you know, they can do that or if a knock on the door. Then they're prepared to answer the the questions that are forthcoming and then? Give the assurances that they've got the compliance where it needs to be. 

Part of it could just be growth, right? We see this sometimes with acquisitions where you know it's not something that was core. It wasn't a big deal before, but now you've got a big acquisition, and you now have a huge compliance process that you you've got to manage. So I mean, I think part of it could be just growth. Part of it could be you know VIS a VIS acquisition, part of it as I say, could be systemic issues changing from one provider to the other or losing a subject matter expert. 

So I really don’t think . there's any FIs out there that are intentionally trying to be non-compliant. I do think that you know it is tt is driven either from a business, you know, reason you know or scope.

Or sometimes it's just these these rules aren't easy, right? And when you think about, FATCA or CRS , you know, all we call CRS, common reporting standard, we know that it's not necessarily you know. Exactly common, right? Different countries ask for different things and their different processes and they're different technologies at times that that you've got to send the data into, or you know Luxembourg you have to go through some some key institutions before things can get submitted. 

So I I think it's just some of it could be educational, some of it could just be operational acquisition. But I don't think anybody at this stage, or at least I hope you know the institutions at this stage to say they wanna they that they're contending on compliant.  I do think they're just business reasons and you know whether it's hyper growth, whether it's you know an acquisition or or just a a matter of changing providers and when you move from one provider to the other, sometimes people aren't looking at at this level of compliance when they're when they're looking at major system paradigm shifts. 
 

Sean Sutton 

Thank you, gentlemen. Thank you, Ali. Thank you, Cyrus, for joining me today to talk about FATCA. For those listening, stay tuned for future iterations of time of TAINA talks to hear more insights from industry leaders and experts.