1. Identify CRS Reportable Population
The first step to determining CRS Reporting obligations is to identify the reportable population of clients. To do this, financial institutions must identify entity classification for CRS purposes to determine if there is an obligation to report. Where no obligation to report exists, accounts with other reporting financial institutions may still be reportable by the local tax authority to other tax jurisdictions. This means that CRS classification needs to be known for this purpose and must extend to all accounts and entities. Furthermore, some additional products and services which were not reportable for FATCA may now be reportable under CRS and so will need to be remediated.
2. Enhancement of New Customer Onboarding Procedures
CRS may dictate first-time capture of information. To reduce the operational burden that this may pose, a ‘big bang approach’ has been mooted with regards to the capture of clients’ information, regardless of the jurisdiction in which they reside for tax purposes. This, however, has major implications from a data secrecy point of view especially for many Asian countries with more stringent obligations, which may deem the exchange of information to be in violation of state secrecy laws. Discussion, at this stage, is ongoing.
In addition to ensuring compliance with KYC and AML regulations and performing the necessary risk assessments, the compliance management process should also undertake tax classification for CRS, essentially re-using the functionality or process capabilities of FATCA classifications, which should remain unchanged.
To validate new individual account self-certification, the following data is required: Signed or positively affirmed; Date; Name; Residence address; Jurisdiction(s) of residence for tax purposes; TIN with respect to each reportable jurisdiction; Date of birth.
In jurisdictions that have adopted the wider-approach, there is an additional obligation incumbent upon financial institutions to collect and return data regarding all non-resident customers under CRS. This means that all reportable persons need to be informed that their data will be exchanged with the local and resident tax authorities. However, residency and TIN data collected solely for CRS purposes cannot be used for any other purpose.
In determining tax residency of the counterparty, the financial institution must obtain and validate documentary evidence to support the certification. Clarification in terms of what documentation is deemed reasonably sufficient in order to validate a clients’ residency(s) is still an open issue. At a minimum, for new customers, a new document requirement of ‘Self-Certification’ will be automatically driven when a counterparty tax classification task is triggered. Additionally, high-value accounts that are subject to more rigorous review procedures will drive additional document requirements
3. Identification and Remediation of Pre-Existing Entity Accounts
The pre-existing account due diligence process is likely to leverage existing AML / KYC information that already exists on file for account holders. However, a remediation process will need to be carried out by institutions in order to identify customers who are above the de minimis threshold for reporting ($250,000). As the de minimis thresholds for CRS and FATCA reporting currently differ, further remediation must be carried out by financial institutions in order to identify those accounts that fall into the gap between the two.
There are two distinct elements to this process:
I. Identification of the customers who are in-scope for CRS
II. Processing remediation for in-scope customers.
Most remediation processes deployed by financial institutions are manual, cumbersome and inefficient. The standard response to conducting regulatory reviews and remediation is to throw people at the problem to wade through the reviews and keep the institution on a compliance track. As the CRS Review & Remediation process very much mirrors those for KYC, AML, and FATCA, it is essential that as much of the process is automated as possible. The remediation process should take the following shape:
- Reconfirm the client’s existence and active relationship with the Relationship Manager;
- Validate KYC information of clients to ensure continued compliance with Bank Client Identification Programs in line with AML, KYC, FATCA, CRS and other local regulations;
- Confirm the correct entity type and risk classification for the client;
- Perform basic and additional due diligence depending on entity type/risk classification;
- Ensure the compliance process is evidenced with appropriate and up-to-date client data and documentation;
- Collect and capture additional data and documentation, as required.
- Conduct scheduled and ad-hoc reviews and handle event-driven data remediation.
Where there are gaps in existing AML / KYC data, then account holders may need to be contacted for further information and possibly required to complete a self-certification statement. Sample self-certification forms are available on the AEOI portal.
4. Conduct Due Diligence
In the absence of de minimis thresholds, it is expected that due diligence for CRS will be more onerous than it is for FATCA.
FATCA introduced a number of account due diligence requirements, which can be categorized as (i) new account due diligence and (ii) pre-existing account due diligence. These categories will be also required under CRS, however, there will be some key differences. Under CRS, the pre-existing account due diligence process comprises two components:
- High-value individual accounts (aggregate over $1m), and
- All other pre-existing accounts.
For lower value accounts, a permanent residence address test based on documentary evidence or residence determination based on an indicia search is required (conflicting indicia would need to be resolved by self-certification and/or documentary evidence).
For high-value accounts, a more rigorous search and enhanced due diligence procedures will apply, including a paper record search and a ‘reason to know’ test by the relationship manager for the account.
For pre-existing entity accounts, the financial institution must determine whether the entity itself is a reportable person. The good news is that financial institutions may use previously captured AML and KYC data and documentation to determine if the entity is reportable under CRS.
The crux of the due diligence requirements is to determine if the account is reportable. A reportable account is defined as an account held by one or more reportable persons or by a passive non-financial entity (PNFE) with one or more controlling persons that is a reportable person (subject to two tests):
- To understand different obligations based on customer segments;
- To determine ultimate beneficial ownership: There is a requirement to look through passive (shell) entities to report on the ultimate beneficial owners.
The information required to be reported includes identity and residence information; TIN; account details; reporting entity; and account balance/value etc. By and large, this information is already captured through existing due diligence, AML and FATCA procedures. One differentiator is that “date of birth” is required for CRS reporting but is not a necessary data element for FATCA reporting.
5. CRS Reporting & Operational Control
While reporting is still under consideration, it is expected that the first reporting obligations will be undertaken in May 2017 by financial institutions reporting to tax authorities, followed by an exchange of information between authorities in September 2017. With a broader range of information required for reportable accounts than its FATCA predecessor, spanning 90+ jurisdictions, CRS reporting volumes are expected to be high. Collecting this information while minimizing the effect on overall client experience may be a challenge.
All of the above-mentioned processes (identification of reportable accounts, onboarding of new accounts in compliance with CRS and remediation of pre-existing accounts and customer due diligence process) add to up to enable the financial institution to meet their reporting obligations. The tying together of the onboarding and remediation solutions to the reporting approach is an essential factor in making CRS compliance as efficient and effective as possible. At a minimum, CRS reporting should include:
- Client tracking per reportable jurisdiction
- Client tracking per bank entity
- Case status summary reports
- Average completion time per case/per stage.
The CRS Schema is virtually identical to the FATCA schema in terms of structure and content (both XML) but also contains elements of the OECD standard transmission format. For tax authorities and financial institutions that will be reporting and exchanging information under FATCA, the use of the CRS schema will likely not require significant additional investment.
Download our whitepaper on CRS - Implementing Best Practice for Compliance:
Download our whitepaper on CRS - Implementing Best Practice for Compliance, where Laura examines how financial institutions can manage local jurisdictional KYC obligations and deal with complex security and data privacy requirements across jurisdictions. She considers the global and cross- jurisdictional data protection laws (check out the Jurisdictional Use Cases at the end of this document) and how these can be categorized into common themes.