Three Things You Need To Know About An Interim Periodic Review (Part 2)
So, in my last IPR blog I established why you might want to consider an interim periodic review (IPR) as part of your FATCA compliance program. The issue was and is about joining the dots between the certifications of adequate controls with the preceding formal periodic review and the requirement to monitor compliance continually. Most of the ROs we’ve been speaking to are very uneasy about waiting three years before going into that periodic review and certification cycle. The risks and liabilities are just too high to be able to afford to leave it ‘unattended’ for so long. Add to that the requirement on the RO to file a Notice of Material Failure ‘at any time’ if such a failure is brought to his or her attention. The net result is that most firms we talk to are only to pleased to have an informal ‘Interim Periodic Review’ or IPR to make sure they are already on the right track.
In this blog, I’m going to take this all as read and walk you through what you would need to do to prepare for an IPR (and by definition a formal PR too). Our IPRs are based on Revenue Procedure 2014-39 which in section 10 describes both what the RO needs to do and also what the auditor is required to do.
1. (VR) Verbal Responses in Interviews
Interviews are explicitly required by the IRS and in Rev Proc 2014-39, they cover both Chapter 3 and Chapter 4 (FATCA). The issue is that its not enough to just tick boxes to ‘say’ that something is being done. Nor is it enough to review sample documents. So, in an IPR, just like it would be in a formal periodic review, we will interview the RO and heads of departments such as operations, tax, sales, relationship management etc. We’ll also be interviewing front line personnel such as relationship management. The objective will be to assess whether the compliance program is both understood by those subject to it and that its being implemented.
Here’s an example. The regulations have the concepts of ‘reason to know’ and ‘actual knowledge’ built into them so that, in addition to documentary evidence of Chapter 3 or 4 status, the firm can assess ‘other forms’ of information it may have. This is very important, particularly in private banking where there are relationship managers and high, very high and ultra high net worth individuals as clients. The RM needs to understand, have access to known and documented procedures about what to do if he or she comes into possession of information that could be deemed ‘reason to know’ that the way the client is documented by the firm may not be reliable. The firm (and the RM) must also show that they have been trained in such matters. So, in the IPR while we may find evidence of a policy and a procedure in the compliance program manual, the IRS is explicit that whoever is doing the periodic review must interview people in the chain to make sure that the theory is being actively translated into practice. Now remember, this was just an example. So, for each area of both Chapter 3 and 4, our job in an IPR will be to establish that the policies and procedures exist AND make sure that the firm is not just paying lip service to its obligations.
In our IPR we categorise all these kinds of tests in one of four ways (i) Pass, (ii) Qualified Pass, (iii) Fail and (iv) Material Deficiency. These categorisations give the RO and the rest of the firm both quantitative and qualitative ways to assess their compliance program. The difference between our IPR and the actual periodic review is that the formal review report does not require the auditor to offer recommendations for improvement. Obviously in an IPR that is actually one of the fundamental objectives.
2. PER – Physical Evidence Reviews
Once we’ve interviewed staff, the second element of the IPR is a review of physical evidence. That’s not just asking to see the compliance manual. Its also reviewing samples of various documents to make sure that the three primary duties of due diligence, withholding and reporting (i) connect properly with the procedures manual and (ii) do what they are supposed to do. The best and most typical example of weak controls here is the validation of forms like the W-8 series. These have become far more complex than just a year ago and most firms do not have strong enough processes to correctly validate them. One firm I came across did no validation but granted treaty benefits just because the client ticked a box. Another took undated forms, photocopied the undated original, dated the photocopy and used that for three years. At the end of the three years, they just photocopied the original again, dated it and kept going. Both of these are not just weak processes, they’re also bad practice. In Chapter 4, many of the ‘deemed compliant’ statuses are variable, not static – so someone has to validate not just that the form appears correct, but also that there has been no change in circumstance that would invalidate the form. Think about a client that gives you a W-8IMY on which it claims deemed compliant status in Chapter 4 as a Local Bank. If it buys another company or changes its marketing strategy, it could easily cease to be eligible for the deemed compliant status – who is going to be looking for this, understanding this and sending a new W-8 within the required 30 day period?
When we’re doing a PER, we’ll be taking a sample of transactions to look at to make sure that what it says in the policies and procedures, is whats happening on the ground. Now, chapter 3 and 4 have very different categories of account holder and different compliance objectives. In chapter 3, your clients will be individuals, entities and intermediaries and the purpose is taxation of US sourced FDAP income. In Chapter 4 they will be individuals, US Persons, FFIs and NFFEs with various subdivisions and the objective is to find US Persons and report their account information. In both chapters there are different parts of these account populations that will constitute ‘risk’ for the firm. For example, in Chapter 4, if you have/allow non-participating FFIs to be account holders, these would be high risk since a US person may well be hiding their assets within an account at that firm and therefore evading US tax. So, we have designed a sampling methodology that reflects not just the proportion of accounts of any given type but also a risk weighting for compliance. That means we’ll be sampling a higher proportion of any transactions that may be more liable to risk.
So, these three elements are vital to prepare for an IPR. I come across firms, all the time, who think that getting a GIIN is all they need to do. Its absolutely not. The top layer of control is the three year cycle of periodic reviews. The lower level cycle is that there’s an explicit requirement for an RO to know and file a Notice of Material Failure AT ANY TIME should they become aware of one – and material failure is very broadly defined. So, our argument here at TConsult, is that the three year cycle is important but is a bit of a red herring. Given that there are 180,000 firms out there with GIINs already in chapter 4 for over a year, and 6,500 QIs, the ROs at these firms should already be looking at an interim periodic review to test themselves in a friendly environment before the real test happens – at which point it may be too late.
Coming up next in this series on IPRs, I’ll show you how the Sarbanes Oxley principles have found their way into FATCA and in the one after that, I’ll talk about the major issue of ’son of FATCA’ – the Common Reporting Standard. I’m also getting lots of suggestions for additional blog posts on this kind of thing, so, if you want me to cover or explain some of this in blogs, which are easy to digest and understand, please let me know.
Image Credit: GotCredit
Ross McGill is the CEO and subject matter expert for TConsult. Ross is a specialist in QI and FATCA operational compliance, cross border tax reclaims, relief at source and information reporting. He over 23 years of experience in financial services, including 19 years at C level; and 30 years’ senior management experience in blue chip FMCG, including sales, marketing and operations.