FATCA: The role of board of directors and audit committees

Wednesday, 24 June 2015 00:00 -     - {{hitsCtrl.values.hits}}

At a recently held seminar on FATCA reporting under the FFI Agreement organised by KPMG on 12 June, Suresh R I Perera, Principal – Tax & Regulatory explained that it is important for the officials in strategic roles such as Board of Directors and Audit Committees to be aware of the banks’ or the financial institutions’ obligations stemming from the Foreign Financial Institutions Agreement (FFI Agreement). 

The lack of understanding of the FFI’s obligations could lead to a breach of contract with the US Internal Revenue Service (IRS), and being isolated from the FATCA club. In an interview with the Daily FT, Perera revealed few practical considerations that a financial institution should consider to become FATCA compliant.



1) FATCA reporting deadlines are close at hand. How ready are the Sri Lankan institutions for this task? 

Few points should be mentioned here. There are five categories of financial institutions that should have registered and obtained Global Intermediary Identification Numbers (GIINs) from the web site of the US IRS. There are 69 Sri Lankan institutions that have entered into FFI Agreements with the US IRS. As per my estimates there are over 125 Sri Lankan institutions that should register for FATCA. 

Though there are nearly 50 finance companies, only seven have registered. Though investment vehicles that invest/reinvest should register, only a few entities that engage in this task have registered. However, most of the banks in Sri Lanka have registered for FATCA, though in some cases rectification of their registrations are required due to incorrect entity classification. 

It could be observed that holding companies that own majority stake in financial institutions though required to register, have failed to do so. So as a starting point, one has to say that many financial institutions are still very much in the dark with regard to the impact of FATCA. 

It’s not correct to assume that an organisation would not get affected if the entity has no US customers. If an organisation falls within the definition of five categories of a Foreign Financial Institution it has to obtain registration irrespective of the fact whether it serves US customers or not. 

The second point to observe is the degree of compliance by the institutions that have entered into FFI Agreements with US IRS. The Agreement with US IRS imposes many duties and obligations on the financial institutions. The primary obligation is to report on US accounts and the recalcitrant account holders in addition to deducting 30% on withholdable payments when they are making payments to financial institutions that have failed to register for FATCA and do not have a GIIN, and the recalcitrant account holders. 

In order to carry out this task successfully FATCA registered financial institutions should have carried out many tasks internally including implementing an effective compliance program, amending KYC systems, carrying out due diligence in accordance with the specified methodology, etc. It is only if these internal tasks have been carried out that an institution would have accurate information to fill into reporting documentation and forms. But it seems that most of the institutions that have carried out registrations to obtain GIIN, have not carried out other steps required to generate accurate information for reporting. 

If I may draw an analogue this is similar to registering with the Department of Inland Revenue to obtain a VAT registration number but being unable to file the VAT return due to lack of accurate information because the organisation had failed to maintain records including VAT control account plus the failure to issue VAT invoices to the customers. 

The other point to be noted is the failure of the most of the Board of Directors and the other top officers in charge of the management failing to absorb the impact of FATCA and the consequence of registering and obtaining GIIN. Noncompliance with FATCA means isolation from the international business arena and registering for FATCA means entering into a legally binding contract with US IRS that imposes duties on the institution and the noncompliance thereof amounts to breach of the contract. 


2) When is the immediate reporting deadline for FATCA? 

The first annual reporting of Form 8966 that was due on 31 March 2015 was earlier automatically extended by 90 days to 29 June. Recently a further relief was granted to financial institutions for this first filing deadline on 29 June. Wherein the institutions could request a further extension of 90 days until 28 September 2015 for the filing of the FATCA annual report for 2014. 


3) The FATCA reporting process also entails use of special software. Please elaborate on this aspect.

In order to file the Form 8966, an FFI should register itself in the International Data Exchange System (IDES) which is a secure pathway to transmit the confidential information included in Form 8966. Using IDES, the sender encrypts the data and IDES encrypts the transmission pathway to protect data transfers. Encryption at both the file and transmission level safeguards sensitive tax information

An FFI would require a registered GIIN, Valid certificate issued by an IRS approved certification authority, public and private key and an email address of additional users to register for IDES. 


3) FATCA has been around for some time, however it seems in addition to registration, there is much room for improvement for compliance. What is the reason for this state? 

There are few points to note here. The basics of FATCA are known to the compliance officers in the banking industry but there seems to be a big knowledge and information gap at the top management level including Board of Directors and Audit Committees. Hence the responsibility of enforcing FATCA has been forced upon middle level compliance officers and other officers to implement throughout the organisation. 

A successful FATCA compliance effort requires corporation from many departments across the organisation/institution. This is why a FATCA Steering Committee should be established and it has a role to play in relation to coordinating the activities of the entire organisation. The necessity of creation of such a group has not been comprehended at the Board Level or Top Management Level in almost all the organisations in Sri Lanka.

The requirement for a FATCA Steering Committee is not stemming from the FFI Agreement. But from a practical perspective, establishment of FATCA Steering Committee is a highly prudent measure. The Steering Committee should consist representation from CEO, compliance officer, responsible officer, IT personnel, legal, sales and markets, operations, etc.

Though the middle layer officers do seem to understand the basics, the top management lacks the knowledge of the gravity of FATCA and the ripple effect of FATCA. Perhaps, this is the reason that many of the organisations in Sri Lanka are not ready for FATCA compliance and reporting.

The FFI agreement requires to appoint a Responsible Officer (RO) for FATCA purposes. In my view, the compliance officer of an organisation should not be appointed as the RO. The role of the compliance officer in an organisation is to oversee and ensure whether other operational personnel carry out their task and report failures. Appointing the compliance officer as RO will result in a situation of conflict of interest. The failure pertaining to FATCA compliance will not get highlighted if this practice is followed.

It is important that Audit Committee members of big Financial Institutions should familiarise themselves with FATCA, after all it is a legal agreement that the institution has entered into with the US IRS. There are duties and responsibilities imposed upon the institution to fulfil under the FFI agreement. If members of Audit Committees are unaware of the obligation stemming from FFI Agreement with the US IRS, they would not be in a position to monitor the compliance of the organisation. 


4) What is the impact of FATCA noncompliance?

A tag of noncompliance could impair the ability to do business and also would affect the image of the company. There is also a 30% penal withholding on non-participating FFI and recalcitrant accounts. If a group of companies do not register properly post an entity classification, the whole group maybe tainted due to incorrect registration.


5) What will be the impact if the Sri Lankan Government would enter into an IGA with US IRS? 

I think the Sri Lankan Government should execute a model 1 Inter Governmental Agreement (IGA) with US IRS, so that each institution in Sri Lanka does not have to directly enter into FFI Agreements with the US IRS. However this would not eliminate the requirement pertaining to compliance and reporting of that financial institution. It would still have to report to the Government of Sri Lanka, who in turn would report to the US IRS. But an IGA would provide the opportunity to negotiate exemptions for some institutions where there would not be a risk of tax evasion.