Multitude of FATCA data tasks give corporate IT staffs headaches, as technology providers drool

With its IRS regulations finalized and its first provisions in effect, the US Foreign Account Tax Compliance Act (FATCA) is ready to trawl for US tax evaders around the world. The law has already sent financial institutions in the US and abroad off on their own hunt – not for financial criminals, but for data.

In simple terms, FATCA requires non-US financial institutions to report to IRS the accounts they hold belonging to US persons that, in general, exceed $50,000 for individuals. To identify these accounts, non-US institutions must collect, review and verify a wide range of information for new and existing customers.

This process demands a streamlining of data management systems, revisions to customer onboarding procedures, and continuous monitoring of client profiles. If it sounds like a massive ongoing data management project and a huge marshaling of IT resources and legal and compliance expertise, it is this and more.

For non-US institutions, termed “foreign institutions” in FATCA parlance, the IRS regulations will trigger a huge data influx that is sure to test global records management infrastructures and practices. Now, when a new client opens an account, institutions must capture and absorb information that identifies if the account is a FATCA liability. It must also be able to request, process and report to the IRS the supporting documentation when the account’s status is in question.

Foreign institutions must also detect and flag changes to accounts. This will affect how the accounts are reported under FATCA. For example, if a person’s tax documentation expires, the status of his or her account could change upon renewal.

US entities also confront array of data management issues

While foreign institutions shoulder much of the data processing and reporting burden under FATCA, US institutions are not exempt from similar challenges. FATCA imposes a 30% withholding tax on certain payments from the US to foreign institutions that do not comply with the law. US institutions are required to enforce this withholding tax.

Consequently, US institutions must be prepared to sort and classify their accounts to know which are held by foreign institutions that are FATCA compliant, non-compliant or exempt. US institutions must also undertake ongoing monitoring of the accounts they house for foreign institutions in case their FATCA compliance status changes. To ease this process for US institutions, the IRS plans to open an online FATCA registration “portal” in July 2013, which will eventually create a database of FATCA-compliant foreign institutions.

Adding yet another wrinkle to the data issues that US institutions face are the “intergovernmental agreements” (IGAs) the US IRS has created to enlist other nations in FATCA enforcement and implementation. A handful of countries, including the United Kingdom, Mexico, Denmark and Spain, have entered into these agreements, but about 50 more are considering them. Many of the agreements call for reciprocal reporting, which would require US institutions to identify accountholders of a nation with an IGA and report these accountholder to the appropriate nation’s tax agency.

This would force US institutions into a similar situation as counterpart institutions abroad, requiring them to classify their accounts by citizenship, collect supporting documents, and monitor accounts for changes in status. Adding to that analytic and compliance headache are the differences in IGAs, which could potentially require US institutions to collect different account information or identifying documentation based on the terms of the IGA with a particular FATCA partner-nation.

FATCA reporting duty poses steep cross-border challenge

The proliferation of data privacy and e-discovery laws in various nations poses thorny challenges to FATCA’s efforts to collect tax information internationally.

In some cases, national laws prohibiting disclosure of personal data outside the country conflict directly with FATCA reporting requirements. In countries that have “blocking statutes” the problems for foreign institutions are particularly acute.

In some countries, foreign institutions could even face risks of noncompliance for mismanaging the data reporting required under FATCA. For example, in the UK the Data Protection Act allows customers to sue financial institutions that incorrectly report their information to the IRS. 

To counter cross-border conflicts, nations have entered into IGAs, which facilitate the cross-border exchange of data. The IRS has issued two templates of agreements that other nations may sign. So-called Model 1 agreements provide that foreign institutions report US account holders directly to their local tax authorities, which relay that information to the IRS. Model 2 IGAs, which were announced last November, provide for direct reporting to the IRS without risking the violation of local privacy or data protection laws.

IRS rules require substantial data from foreign institutions

The IRS final FATCA rules, issued on January 17, eliminate some compliance uncertainty the international financial services industry had been facing. They finalize a step-by-step process for US account identification, information reporting and withholding requirements for foreign financial institutions, other foreign entities and US withholding agents. They also delay reporting for most institutions until January 1, 2014, which will allow more time to review accounts and implement compliance measures.

The rules, however, will not make life easier for financial crime compliance officers across the full spectrum of financial institutions or for the IT staffs that must refine data protocols.

By January 2014, the IRS rules require many foreign institutions to submit this information concerning their US accountholders:

  • Name, address and taxpayer identifying number (TIN) of US persons,
  • Account number,
  • Account balance or value,
  • Gross receipts and gross withdrawals or payments from the account.

For many institutions, corralling this data will require an upgrade in know-your-customer procedures and the collection and recording of certain US tax documents that were not previously captured.

The consequences of foreign institution non-compliance are steep. If a non-US institution is unable or unwilling to comply with FATCA, it faces a 30% withholding tax. Another option, says IRS, is to close the account of the US person. This advice is primarily intended for cases where local law prohibits reporting tax information to the IRS.

To prevent foreign institutions from simply closing the accounts of all US customers, the IRS regulations include anti-abuse provisions. A foreign institution that shuts out US customers or refuses to open new accounts for US persons could potentially be deemed non-FATCA compliant.

Analysts predict big price tag to comply with FATCA

While compliance officers worldwide deal with FATCA headaches, one sector is undoubtedly thrilled by the many data management, software and hardware demands. The law and the rules are a boon for software and technology companies, certified public accountants, compliance consultants and law firms. Service providers are already capitalizing on the lucrative opportunities and markets the law has created. FATCA reporting and compliance tools leveraging computer-assisted review and other advanced data analytics are beginning to flood the market.

Industry associations and consultants say dealing with FATCA’s data challenges will not come cheaply. Last year, a senior manager at JPMorgan Chase estimated that FATCA compliance would cost at least $100 million for a large multinational financial institution.

The European Banking Federation issued a similar estimate, pegging compliance costs at $150 million for a global bank. Given the price of non-compliance, including reputational damage, institutions may decide they have little choice but to pay the bill and continue hunting for data.