Ross McGill

February 27, 2024|12 Minutes

Periodic Reviews – Essential Oversight for QIs


I just know that a lot of you groaned and put your heads in your hands when you read that headline. I deal with QIs every day who tell me how much of a headache their periodic reviews are, and how challenging they can be to get right. I think quite a few would like to stop dealing with it altogether!

But like it or not, if you work in a financial institution that has exposure to the US capital markets, it’s entirely possible your firm signed an agreement to be a QI, or Qualified Intermediary, with the IRS. And that means you have to do periodic reviews.

QIs and Your Obligations

If you are a QI, you will have signed a QI agreement. This 205-page document outlines all of your obligations as a QI, in addition to the regulatory obligations under the US Revenue Code, chapters 3 and 4. In case you didn’t actually read all of that document, most of those obligations are about tax operations, documenting clients, withholding and paying tax to the US Treasury, and reporting to the IRS.

However, there is also a governance component in the contract. This is the part that many firms either dismiss as not that important, or don’t pay enough attention to, and this can prove to be their undoing. So, to catch you up, the components of governance in the QI agreement are:

  1. Control
  2. Oversight
  3. Enforcement

That’s a lot to cover, so today we’re just going to talk about the second one – oversight.

If you signed a 205-page contract, you would expect there to be some clauses in there about how you can be sure that the other party involved are meeting their obligations – and how they know you’re meeting yours. The IRS does this using a system of certifications that have to be made by a QI every three years. Since the QI contract is 6 years in length, there are two certifications each QI needs to make during the contract period. These certifications are each preceded by periodic reviews.

Who Does A Periodic Review?

Arranging the conduct of Periodic reviews is a job done by a Responsible Officer. This is someone within your institution who is charged with overseeing the QI process, and is a control obligation you have to have to be a QI. Because the QI obligations are so extensive and complicated, the Responsible Officer has to do two things before they can make any certifications:

  1. Contract and oversee a periodic review
  2. Ensure you (the QI) have effective internal controls

This means they have to assign a professional to conduct the periodic review. The IRS has two rules about who can conduct periodic reviews.

Reviewers must be Independent: The QI agreement mandates that the reviewer must have sufficient independence to conduct the review, and cannot review their own work or of anyone else in the same ‘firm’. So if you’ve had a consultant do work to help with your QI application, or with your compliance, they are not considered independent by the IRS and cannot act as your reviewer. We regularly conduct periodic reviews using our Tax Compliance Toolkit platform.

Reviewers must be competent: A reviewer will need to test the QI’s accounts to make sure they documented customers correctly, and that the documentation was valid, withheld tax correctly and reported correctly in FATCA and QI. Most financial institutions struggle to do this with their internal auditing team, who often don’t have enough knowledge or experience of US withholding tax compliance. So, most QIs will need to use an external auditor or third-party consultant (like us).

When are Periodic Reviews Done?

A periodic review is a mechanical set of tests conducted on all of the accounts that have received US-sourced FDAP income during one of three years. These three-year blocks are called certification periods.

The deadline for submitting a certification is calculated based on the number of whole years the institution acted as a QI, starting on the Effective Date of their QI agreement. So if your QI effective date was 1/1/2021, then you will have two certification periods in your contract – 2021-2023, and 2024-2026. But this is the IRS, so it isn’t quite as simple as that. Let’s say your QI agreement doesn’t have an effective date of January 1st (which many don’t). If it’s any date in 2021 other than January 1st, you will also have a certification period of 2022-2024.

The certifications themselves are made in the year following the certification period. So in the examples I’ve given above, there are two groups of QIs that will have to make a certification to the IRS in 2024, and to do that, they will need to have a periodic review conducted, because they are QIs with an effective date of 1/1/21 and QIs with an effective date in 2020 other than 1/1/20.

What Exactly Happens in a Periodic Review?

Periodic reviews are often called audits, but it’s important to note that technically, that’s not what they are. Audits require the auditor to give a legally binding opinion to the institution they report to, whereas QI periodic reviews don’t have this requirement.

The review itself looks at all accounts within the institution that received US-sourced FDAP income in a specific year, designated by the Responsible Officer. The process involves three stages:

  • Documentation
  • Withholding
  • Reporting

At each stage, there must be at least 60 accounts reviewed that failed the previous stage. If there aren’t 60 accounts that failed (well done), then the reviewer had to ‘top up’ the accounts so that there are 60 being reviewed at each stage.

Documentation is most important, and the reviewer will be checking to see if the QI had the correct documentation on the pay date, validated the forms correctly and that the forms were sufficient to determine the correct tax rate. If you get this part wrong, you’re in for a very rough time.

Relief From the IRS

Believe it or not, the IRS can actually provide some relief. I know – shocker! But if the Responsible Officer and the Reviewer agree that the number of accounts to review is too large to be reasonable, then the Reviewer can use a sample of the accounts instead of looking at ALL of the accounts. This is good for meeting the deadline, but it does create more work for the reviewer, who has to document, in detail, what their sampling methodology is and prove it to the IRS with a mechanism to recreate the sample if they’re asked. The IRS does provide a ‘safe harbor’ sampling method in the QI agreement that many reviewers use when needed.

There’s also some relief available for smaller firms. This comes in the form of a waiver of the periodic review requirement, and can be applied for if the QI received less than $5 million in US FDAP income in each of the three years in its certification period. This waiver doesn’t mean a waiver of the certification obligation though, so be careful!

Finally, the deadline for certifications is based on the year selected for review. From that three-year certification period, the responsible officer needs to choose a year. If they choose year 1 or year 2, then the certification deadline is July 1st of the fourth year. If the responsible officer chooses year 3, then the deadline is December 31st of the fourth year.

Is That it for Periodic Reviews?

Not quite. We mentioned earlier that the responsible officer has two roles in this process. We’ve talked a lot about the first, but let’s not forget the second. This is to make sure that the QI has ‘effective internal controls’ that are sufficient to enable the QI to meet its obligations. This means the reviewer will be looking for evidence of this, which usually looks like material failures and Events of Default, both of which are defined in the QI agreement, and must be reported, if they exist and have not been fixed, as part of the QI’s certification.

I know that’s a lot to take in. But the short version is simple – if you’re a QI, check your effective date and see if you need to have a periodic review done this year and make a certification. If you do and you have a lot of accounts (brokers with retail clients, I’m talking to you), don’t expect your periodic review to be cheap, or short. But that’s the way it has to be. The periodic review is the most important compliance obligation of a QI, and the responsible officer is the one ‘on the hook’. If it’s you, or you’re not sure, contact TConsult, and we will be happy to help.

Ross McGill

Ross is the founder and chairman of TConsult. He has spent over 26 years working in the withholding tax landscape with companies developing tax reclaim software and operating outsource tax reclamation services.

Ross not only sees the big picture but is also incredibly detail oriented. He can make even the most complex issues simple to understand. He has authored 10 books (including two second editions) on various aspects of tax, technology, and regulation in financial services, making him one of the leading authorities in the world of tax.