RiskTech Forum

Fiserv: FATCA and IGA compliance – smartly use AML smarts

Posted: 3 May 2013  |  Author: Jeroen Dekker  |  Source: Fiserv

It did not take long for the financial industry and its regulators to see that there are a lot of connections between the Foreign Account Tax Compliance Act (FATCA) and AML. After all, tax evasion is a financial crime just like money laundering, that often involves similar offshore mechanisms. For organisations, the use of AML solutions may be extended to manage FATCA compliance.

FATCA’s requirements for additional “compliance checks” when opening accounts are involve data queries to identify the customers that the regulation is looking for, reach a decision, and ultimately report the real hits to a regulator in a prescribed format. With the requirements for new account identification coming into force on 1 January 2014, organisations need to consider why and how the use of existing AML data and technology is indeed a good way to facilitate cost-effective compliance with FATCA, particularly in countries operating under an Intergovernmental Agreement (IGA) with the United States.

Why bother the whole haystack if you can pinpoint the needles?
FATCA and the Model IGAs define certain thresholds that determine the relevance of new accounts or the level (and timing) of scrutiny required for pre-existing accounts. For example, under IGA, those with aggregated account balances of over US$50,000 will be subject to FATCA on the last day of a given calendar year beginning with31 December 2014. Only then do you need to ask a customer for self-certification, and confirm that self-certification against information collected at account opening for purposes, much like AML.

If you are able to aggregate end-of-year balances across new accounts held by a customer, you can simply end up with a list of customers every January 1st from which you need to obtain self-certification in the next 90 days. How you then execute that process depends on the size of the list and how you are organised. But generating alerts for customers who meet certain criteria, including financial thresholds across their accounts, is something that comes naturally to an AML transaction monitoring system, which should then also give you tools and processes for working through that list, manually or through operations. For example, to automatically check a “Non-U.S.” self-certification claim against its existing AML data set for that customer.

Applying the regulations’ thresholds can also reduce the number of pre-existing accounts for which the institution needs to search electronic and paper records for U.S. indicia. However, these thresholds are just the starting point. Organisations must also ask: which products are relevant? Which payments? How can I prevent contacting customers who already went through remediation or self-certification last year? AML monitoring systems are able to effectively break down this body of information and examine it from different angles to ensure minimum disruption to customer relationships.

A culture of compliance… for technology
Regulators and FATCA teams alike are currently focusing on ensuring that institutions can start doing their jobs when the deadlines hit. That is a logical priority. However, in years to come, we should expect some form of examination to follow. If a private bank reported 25 U.S. accounts, how can the IRS gain some level of confidence that the number should not have been much higher? Can the bank show that its program and controls were adequate to really comply with the regulations?

AML systems have evolved to not just enable compliance, but to also demonstrate it to auditors and examiners. Organisations need to be able to show that certain checks were done. Can you explain and demonstrate who made a decision, and what information it was based on? When choosing technology solutions, it is important to ensure that they come with features for recordkeeping, audit trails, security and reporting. Organisations may also need to think of the ability to enforce consistent procedures and (where needed) multiple authorisation levels to approve FATCA classifications, or to help track timely completion of cases.

Overall, if for example an organisation let branches, agents or relationship managers make an initial attempt at determining the right Chapter 4 classification for a new Entity Account, its back-office team may need to arm the FATCA team with the tooling to verify those results, spot gaps or inconsistencies, and deal with exceptions. A solution based on an AML monitoring system (combining anomaly detection and case management) is well placed to act as a second line of control.

People, companies, regulations… things change
A major issue is that people’s lives are constantly evolving and changing. An AML-based detection capability can search for U.S. indicia - place of birth, address, standing instructions - and not find any. An AML-based case management system can store a classification that an entity account is, for example, an Active NFFE, but this may not always be the case. Similarly, entities change structure or ownership (and owners can move as well). FATCA is not a one-time exercise, so a solution needs to be able to monitor for changes in circumstances on an ongoing basis. The parallel here with AML monitoring systems is customer due diligence at account opening or to remedy old accounts is not the end of the story, and that’s why monitoring systems exist.

Those monitoring systems have also had to deal with regulations (and crime risks) that keep evolving. And, if they were deployed in different countries at different types of institutions, have had to deal with different perspectives on who is foreign, what constitutes a lot of money, and how regulations translate into processes for the institution and its compliance team.

The key word here is flexibility. FATCA is likely to evolve over time, and a global move to crack down on tax evasion is likely to lead to more regulations to find taxpayers from other countries as well. Organisations should avoid systems that cannot expand beyond what the IRS asks for today instead opting for a proven versatile platform that they can feed with data, and leverage now and in the future for the ever-evolving fight against tax evasion and other financial crimes.