1. Impact of CRS on internal policies, procedures, processes
There is no doubt that CRS will have a significant operational impact for most financial institutions. It will certainly affect how entities and products are classified, as well as the identification and collection of a wider range of information and reporting. This can negatively impinge operational efficiencies and the ability to achieve compliance quickly. Financial institutions will need to factor in reviews of self-certifications for reasonableness based on account holder information collected. There is a big educational effort required to help account holders make their self-certification determination. Financial institutions must consider the impact of CRS on overall customer experience and aim to automate as much of the identification, classification, and data collection process as possible.
2. Data Readiness
A core part of achieving CRS compliance involves identifying a reportable population, classifying entities and products and remediating pre-existing accounts. All of this involves data and documentation management. Financial institutions need to assess their organization’s readiness with regards to the ability to gather, analyze, process and validate the data and documentation required to support tax compliance.
3. Jurisdictional Requirements
One of the more pressing issues involves managing the regulations across various jurisdictions with different interpretation and implementation styles. There are a number of challenges related to this. Firstly, as part of CRS, an entity’s account details may be deemed to be reportable to multiple jurisdictions (as opposed to a singular government entity as is the case with FATCA). Another major pain point that has been identified is logic surrounding the existence of Agreements to Exchange Information between various governments.
While analysis of jurisdictional rules is still an ongoing issue, it will require a different approach to management – particularly in light of implementing a global approach to regulatory and tax compliance.
To achieve the “holy grail” of global tax compliance, financial institutions will be required to track and monitor every jurisdiction to ensure it is complying efficiently and effectively with each legislative framework. However, this is a very tall ask for compliance and tax teams that are already under severe pressure with other mounting regulations (not to mention the stress added to data and documentation teams who have to serve all regulatory frameworks).
4. CRS Remediation - Complexity, Cost and Impact on Client Relationships
The biggest operational burden stemming from CRS is expected to be in the remediation and classification of existing clients. Relatedly, immediate reporting and remediation requirements have focused attention on the quality and availability of client data. While similarities do exist between FATCA and CRS that would enable compliance teams to leverage FATCA processes, inherent differences still persist and insist on CRS being implemented in a way that makes more sense in a multi-lateral context. This adds a significant amount of complexity and cost to the CRS implementation process, which adversely impact client relationships.
5. Self-Certifications / Collection of Data and Documentation
In good news, self-certifications are permitted for both FATCA and CRS, with CRS necessitating self-certification for all new accounts (not only for those accounts possessing indicia). However, in some cases, financial institutions can treat a new account for a pre-existing client as a pre-existing account.
Self-certification should lower the burden of CRS from an operational point of view. Essentially, the self-certification will be documentary evidence obtained as part of the account opening process, which allows the financial institution to determine the account holder’s residence(s) for tax purposes.
The self-certification process for individuals must include date of birth (and in some cases place of birth) and tax residence of each reportable account holder (not just US / non-US status). It is worth noting that data protection rules may limit the ability to collect the tax residency details for accounts that are not (as yet) reportable. Therefore, there will be a need for continuous remediation of accounts.
6. Data Privacy
By reporting only to local tax authorities, this negates the need to implement jurisdictional role-based profiles or the need for financial institutions to include data privacy disclaimers or update their data privacy policies as part of their CRS solutions. However, there is an onus on financial institutions to provide customer information notices that fully explain the data collection requirements under CRS. As a result, institutions must update their privacy/data protection notices to incorporate CRS.
In my next blog, I will outline a 5-point plan to successfully and efficiently implement CRS compliance processes.
Download our whitepaper on CRS - Implementing Best Practice for Compliance:
Download our whitepaper on CRS - Implementing Best Practice for Compliance, where Laura examines how financial institutions can manage local jurisdictional KYC obligations and deal with complex security and data privacy requirements across jurisdictions. She considers the global and cross- jurisdictional data protection laws (check out the Jurisdictional Use Cases at the end of this document) and how these can be categorized into common themes.