The CRS Review & Remediation process very much mirrors those for KYC, AML and FATCA, taking the following shape and format
- Reconfirm the client’s existence and active relationship with Sales Manager;
- Validate KYC information of clients to ensure continued compliance with Bank Client Identification Programs in line with AML, KYC, FATCA, CRS and other local regulations;
- Confirm the correct entity type and risk classification for the client;
- Perform basic and additional due diligence depending on entity type / risk classification;
- Ensure the compliance process is evidenced with appropriate and up-to-date client data and documentation;
- Collect and capture additional data and documentation, as required.
- Conduct scheduled and ad-hoc reviews and handle event-driven data remediation.
Where there is an identified set of clients to be remediated, a CRS Remediation workflow process should be triggered for each of those clients. This process should include a small set of automated workflow tasks such as:
- Complete tax classification;
- Review and approval;
- Case management for individual clients.
In this blog, Laura Glynn, Fenergo’s Global Regulatory Affairs Manager, explores the complexity and cost of CRS remediation and its potential impact on client relationships.
With a 2017 CRS implementation date firmly in sight, the biggest operational burden facing financial institutions is expected to be in the areas of remediation and classification of existing clients. Relatedly, immediate reporting and remediation requirements have focused attention on the quality and availability of client data. While similarities do exist between FATCA and CRS that would enable compliance teams to leverage FATCA processes, inherent differences still persist and insist on CRS being implemented in a way that makes more sense in a multi-lateral context.
CRS presents a far more complex tax regulation involving 90+ jurisdictions than its FATCA predecessor focused on one jurisdiction (the United States). Just like the FATCA Model 1 IGAs, implementation of CRS into local law may make standardization quite difficult, nay impossible, to achieve. A core part of CRS will involve tracking and implementing local implementation rules for the 90+ jurisdictions, which requires a continual need to monitor local law and analysis of how it impacts CRS implementation by the financial institution.
However, the real question behind CRS complexity comes down to the volume of clients/accounts. How will financial institutions manage the CRS compliance needs for potentially thousands of clients spanning the local laws and residency tests of 90+ countries? Certainly, given the range of countries in scope for CRS (compared to just one for FATCA), financial institutions may be looking at hundreds of thousands or potentially millions of accounts in scope for CRS, with numbers to be reported expected to be a lot higher than FATCA. Furthermore, additional entities will require look through for Controlling Persons while the same account may need to be reported to different jurisdictions.
And for all of the above, financial institutions need to manage the due diligence review process, identify data and documentation required to support a CRS identification and compliance decision and set about to collate or freshly collect this data and documentation from clients and/or other data providers/utilities.
Cost of CRS
Even with the commonalities that exist between FATCA and CRS, the cost of implementing CRS will be unavoidable. Certainly, one of the ways in which financial institutions sought to reduce the cost impact of FATCA by closing accounts belonging to US citizens is not a viable option for CRS.
The cost of CRS compliance will come in many direct and indirect forms such as the cost to:
- Monitor the global implementation of CRS and keep up-to-date with local laws for 90+ jurisdictions
- Keep policy and requirements up-to-date
- Conduct remediation and reviews for all in-scope accounts on a regular basis
- Conduct remediation and reviews for all accounts that come into scope for new countries entering into CA agreements
- Collate, collect, validate and store data and documentation to evidence compliance.
CRS Impact on Client Relationships
The CRS remediation effort potentially will have a massive impact on client experience. A big part of CRS will involve identifying reportable persons and in-scope accounts and evidencing the CRS compliance decision through the collection of client/counterparty data and documentation. Financial institutions can save a lot of time, effort, and client annoyance if they are able to locate and re-use client data and documentation already collected and stored for other regulatory purposes e.g. KYC, FATCA etc. However, many financial institutions have yet to take the step of consolidating and connecting data repositories and integrating external data providers into this landscape. As a result, they may need to perform an outreach program to clients asking to submit – and in a lot of cases, resubmit – data and documentation. This will most certainly prove a sticking point in terms of customer experience. In a study conducted last year by Forrester Research, we found that clients are contacted, on average, 10 times during the client onboarding/compliance process to collect between 5 and 100 documents. Financial institutions also found that they have lost business due to inefficient onboarding and repeated requests for information.
An important point to note is that the ability to re-use data and documentation already collected will become more important as new countries commit to CRS compliance obligations, which may result in the review and remediation of existing client accounts on an ongoing basis.
Download our whitepaper on CRS – Implementing Best Practice for Compliance:
Download our whitepaper on CRS – Implementing Best Practice for Compliance, where Laura examines how financial institutions can manage local jurisdictional KYC obligations and deal with complex security and data privacy requirements across jurisdictions. She considers the global and cross- jurisdictional data protection laws (check out the Jurisdictional Use Cases at the end of this document) and how these can be categorized into common themes.