It has been a common practice for many years for certain wealthy individuals to transfer assets to offshore entities and deposit funds with offshore financial institutions that provided protection under their jurisdictions’ bank secrecy laws. In 2012, it was estimated that more than $21 trillion in worldwide assets were held in offshore bank secrecy jurisdictions.1 While there are many legitimate reasons for individuals to have foreign accounts, some individuals have used their accounts to hide their assets and avoid paying taxes.2 Others did it to conceal funds derived from criminal activity. As a result, the United States has been losing billions of dollars in tax revenue a year, as well as limiting the effectiveness of its anti–money laundering (AML) efforts.3 Starting in 2008, the U.S. government learned, through whistleblowers, the extensive and deceptive methods offshore financial institutions were employing to assist U.S. taxpayers in avoiding their tax obligations. These factors led to a new regime in the battle against tax evasion, as the U.S. government became more aggressive in recovering its lost revenues and punishing the financial institutions that were supporting abusive tax schemes.
The U.S. Internal Revenue Service (IRS) and Tax Division of the U.S. Department of Justice (DOJ) have joined forces with U.S. Attorneys’ offices to focus on foreign financial accounts used to evade U.S. taxes and reporting requirements. This initiative paved the way for the Foreign Account Tax Compliance Act (FATCA) that imposes a new regime for reporting and withholding tax. To highlight the importance of FATCA, the IRS-Criminal Investigation’s acting special agent-in-charge, Shantelle P. Kitchen, stated in September 2014, “The investigation of offshore tax evasion and money laundering are top priorities for IRS-Criminal Investigation, and we are committed to using all of our enforcement tools to stop this abuse. The enactment of FATCA is yet another example of how it is becoming more and more risky for U.S. taxpayers to hide their money globally.”4
The impact of FATCA is broad. Globally, bank secrecy laws are changing as jurisdictions agree to implement common reporting standards to facilitate the Automatic Exchange of Information (AEOI) promulgated by the Organization for Economic Co-operation and Development (OECD). Further, the focus on tax evasion has also drawn attention to the relationship between tax evasion and money laundering, possibly affecting the AML regime in the future.
The U.S. government’s fight against tax evasion has been difficult. As long ago as 1983, the Tax Division of the DOJ reported that the complexity of offshore tax schemes was making it difficult to investigate money laundering and tax evasion.5 The IRS faces similar challenges today.6 This is because certain offshore jurisdictions have strict privacy laws that protect foreigners’ assets.7 Some countries make it a crime for financial institutions to disclose customer information, unless the information is released through stringent protocols.8 As a result, the U.S. government has to go through a lengthy process to obtain account information of U.S. taxpayers subject to investigations.9
Some U.S. taxpayers take advantage of these opportunities and move their funds to non-U.S., multilayered, multijurisdictional organizations, such as trusts, foundations, and limited liability partnerships, to conceal their assets from the U.S. government.10 It can be inexpensive to establish such organizations in these offshore jurisdictions.11 Further, some foreign governments do not even require proof of an organization’s ownership, enabling customers to have complete anonymity.12 Despite the fact that the funds are held in offshore entities, U.S. taxpayers are able to withdraw funds from their offshore accounts using credit and debit cards.13
To detect offshore tax evasion, the IRS would often have to conduct in-depth investigations focusing on promoters14 who organize such multi-layered schemes.15 Sometimes these investigations would require a John Doe summons16 from the DOJ, resulting in lengthy procedures,17 making it hard to develop an offshore case that could be escalated to the examination stage.18
Once in the examination phase, an investigation could be lengthy. The U.S. Government Accountability Office (GAO) calculated that from 2002 to 2005, the median offshore field examination took 70 days more than nonoffshore field examinations.19 This made it challenging for the IRS to complete examinations before the three-year civil statute expired.20
The U.S. government entered into tax treaties to facilitate the exchange of information and established self-reporting programs for financial institutions and U.S. taxpayers to identify their offshore assets. But foreign banks were not properly enforcing the U.S. government’s tax policies. Financial institutions were accepting inaccurate or incomplete tax forms to certify that entities were foreign to the United States. Firms were also not properly applying existing withholding requirements established by the Internal Revenue Code (IRC).21
In 2008, the U.S. government obtained inside information from former employees of foreign banks who revealed the inner workings of banks’ cross-border banking businesses. One of the most notable whistleblowers was Bradley Birkenfeld, who worked for UBS of Switzerland in the private bank from 2001 to 2005.22 He offered testimony to the U.S. government about the ways in which UBS helped U.S. taxpayers to evade their tax obligations.23 Soon, the U.S. government learned about similar practices at other Swiss banks and opened a number of investigations. By 2014, U.S. enforcement actions against three Swiss financial institutions resulted in fines totaling more than $3.4 billion.24 These actions led to a number of investigations into bank executives’ practices and criminal penalties and fines were imposed on U.S. taxpayers. Most important, the U.S. government learned that it could no longer rely on self-reporting to combat tax evasion.
The U.S. investigation of UBS ended in February 2009. The bank entered into a deferred prosecution agreement (DPA) with the DOJ and was fined $780 million.25 In May 2014, Credit Suisse pleaded guilty to conspiracy to aiding and assisting thousands of U.S. taxpayers in falsifying tax returns submitted to the IRS.26 Credit Suisse paid fines and restitutions totaling $2.6 billion, which was the highest monetary penalty in a criminal tax case.27 Even financial institutions without a U.S. presence could not avoid enforcement action. In January 2013, Wegelin & Co., Switzerland’s oldest bank, pleaded guilty to conspiring with U.S. taxpayers to hide more than $1.2 billion of assets.28 Wegelin paid $74 million to the U.S. government and closed its operations after 272 years of existence.29
Through these investigations, the United States discovered that foreign banks and their cross-border banking businesses employed similar deceptive practices. Despite not being registered as investment advisors or brokers with the SEC, Swiss private bankers traveled to the United States to meet and advise their clients.30 The banks opened, serviced, and sometimes helped U.S. taxpayers to establish offshore organizations and knowingly accepted falsified W-8 Forms31 that masked U.S. ownership of offshore entities.32 Bankers took steps to avoid being detected by the U.S. government, such as opening coded accounts, communicating with clients via personal e-mails, and structuring transactions to avoid reporting requirements.33 The U.S. government also learned that these actions were done despite the fact that some financial institutions entered into a Qualified Intermediary (QI) agreement with the United States to report income and information from any U.S. client who held an interest in U.S.-based securities.34 Swiss bankers at financial institutions, participating in the QI Program, assisted in transferring assets to sham offshore accounts or referred outside lawyers and consultants to assist U.S. clients to set up offshore accounts so that they could continue to hold undeclared U.S.-based assets.35
The U.S. government’s investigations did not stop with Switzerland, however. The Tax Division of the DOJ opened investigations into banks located in India, Israel, and the Caribbean, discovering that these institutions were also supporting U.S. taxpayers’ abusive tax schemes.36
The U.S. government has armed itself heavily in its battle against tax evasion. The United States has agreements with foreign jurisdictions to obtain information regarding U.S. taxpayers’ offshore accounts. These agreements are in the form of tax treaties, Tax Information Exchange Agreements (TIEA), and Mutual Legal Assistance Treaties (MLAT).37 In 2011, the U.S. Senate Permanent Subcommittee on Investigations reported that the United States had “more than 140 tax treaties protocols, TIEAs, MLATs, or similar tax information exchange agreements with 90 foreign jurisdictions.”38 These agreements have their limitations, however. Depending on the agreement, there can be a number of procedural steps involved before a request can be officially submitted to an offshore government.39 Even once a request is submitted, the laws of the jurisdiction may cause more delays in the investigative process.40
For many years, the U.S. government primarily relied on self-reporting by U.S. taxpayers and financial institutions to report their offshore holdings. Pursuant to the Bank Secrecy Act of 1970, U.S. individuals and entities are required to report assets if they have “a financial interest in or signatory authority or foreign financial account” greater than $10,000.41 In 2009, the IRS initiated the Offshore Voluntary Disclosure Programs to encourage U.S. taxpayers to self-report their offshore holdings.42 Although the program has changed its requirements over the years, it has allowed U.S. taxpayers to identify their offshore holdings for a penalty while avoiding criminal prosecution.43 The U.S. government estimated that “43,000 U.S. taxpayers . . . have paid taxes, interest, and penalties totaling about $6 billion” from 2009 to 2013.44
In 2000, the U.S. government created the voluntary QI Program whereby a financial institution would sign an agreement with the IRS to report U.S. taxpayers’ “U.S.-source income.”45 Under the QI Program, foreign financial institutions (FFIs) agreed to collect the required tax documents (e.g., Form W-9 and Form W-8) and adopt Know-Your-Customer (KYC) procedures to identify U.S. beneficial owners.46 If the financial institutions could not obtain the necessary information, they agreed to deduct 30 percent from their customers’ U.S.-earned income.47 These programs were a success, but they were not fully effective, as the U.S. government learned from whistleblowers, because they were based on trust.
To improve matters, the U.S. government has taken steps to facilitate the exchange of information between jurisdictions. After the series of enforcement actions against Swiss banks, in August 2013, the governments of the United States and Switzerland implemented a Swiss Bank Program, which allowed other Swiss banks to sign a non-prosecution agreement with the DOJ.48 Under the Swiss Bank Program, the financial institutions agreed to disclose detailed information regarding their cross-border operations and account information about their U.S. clients. They also agreed to close accounts that do not comply with U.S. policies, implement a plan to comply with the Swiss Bank Program, and assign an independent examiner.49
By agreeing to these terms, the institutions would avoid criminal prosecution but would have to pay a monetary penalty.50 This program was available only to Swiss banks that were not under criminal investigation by the United States. The deadline to submit a letter of intent to participate in the Swiss Bank Program was December 31, 2013. In March 2015, BSI SA was the first Swiss bank to reach a resolution under the Swiss Bank Program, agreeing to pay a fine of $211 million and cooperate with related criminal and civil proceedings.51 From March to December 2015, 75 more Swiss banks finalized their agreements with the DOJ and agreed to pay fines totaling $908 million.52 After the deadline passed, the Tax Division of the DOJ stated that it may initiate a criminal investigation at any time against Swiss banks that did not express their intent to participate in the program or if participating banks had not complied with the program’s policies.53
There are countries other than Switzerland that provide a home for these abusive tax schemes. To combat the wider problem, the U.S. government introduced FATCA in 2010 as part of the Hiring Incentives to Restore Employment Act.54
FATCA falls under Chapter 4 of the IRC and does not replace prior reporting and withholding requirements as stipulated under IRC’s Chapters 3 and 61 and Section 3406.55 Instead, FATCA builds upon these requirements by closing the gaps with these rules, and the IRS has released guidance on how to coordinate these regulations.56 FATCA requires financial institutions, including banks, brokerage firms, mutual funds, hedge funds, and certain insurance companies outside the United States to report information on financial accounts57 held by their U.S. account holders to the IRS. FATCA also places new withholding and reporting requirements on financial institutions, including U.S. withholding agents (USWA), with respect to payments they make to foreign entities. As part of this process, financial institutions have to collect W-9 and W-8 forms from customers. New W-9s went into effect starting March 14, 2014. New W-8s were made available on September 14, 2014, with the requirements for these forms to be used by entities and individuals starting on January 1, 2015.
If financial institutions do not comply with FATCA, they will be penalized with a 30 percent withholding tax imposed on withholdable payments58 received from U.S. sources. This differs from the QI Program, which placed the penalty on the customer, not the financial institution. Additionally, in 2017, the FATCA penalty will be even stricter when the withholdable payment for noncompliant accounts will also apply to gross proceeds from the sale or disposition of any property that can produce U.S.-source interest or dividends.
The United States recognized that in some jurisdictions there were legal barriers to implementing FATCA. Due to some jurisdictions’ bank secrecy laws, financial institutions were faced with the dilemma that being compliant with FATCA would mean violating the laws of their jurisdictions. As a result, extensive negotiations took place between the United States and foreign governments resulting in two types of model intergovernmental agreements—Model 1 IGA and Model 2 IGA—that were developed to overcome the legal issues and reduce some of the burden on the financial institutions.59 Under the Model 1 IGA, financial institutions report the required information to their jurisdiction, and the jurisdiction automatically reports it to the IRS.60 Under the Model 2 IGA, financial institutions are authorized to report the information directly to the IRS.61 Under both types of IGA, financial institutions have the responsibility to identify accounts of U.S. nationals that in the aggregate are valued $50,000 or more.62 Under FATCA, in addition to reporting requirements for payments, financial institutions must report to the IRS the U.S. clients’ names, accounts, taxpayer identification numbers, and account values.63
Financial institutions face significant challenges to comply with FATCA due to the operational impact of FATCA’s implementation both domestically and internationally, the ongoing negotiation of the IGAs, and the fact that it took a few years for the U.S. government to issue implementing regulations.
Financial institutions are required to develop and implement a FATCA compliance program composed of detailed policies and procedures as well as a governance structure to ensure their procedures are implemented and enforced appropriately. Yet financial institutions find it difficult to understand the requirements, the processes, and the controls needed to be FATCA compliant.
FATCA requirements are highly complex; there are lengthy and technical tax forms that are difficult to interpret for financial institutions lacking FATCA or tax subject matter professionals. For instance, foreign entities have to complete an eight-page Form W-8BEN–E64 and identify themselves as one out of the 31 FATCA classifications to determine their reporting and withholding requirements. Additionally, organizations will have difficulty performing a proper FATCA validation when collecting their clients’ W-8 forms if the organizations do not understand the rules and do not have access to tools and professionals that do.
Smaller financial institutions are especially challenged by FATCA. Certain institutions, such as hedge funds and mutual funds, have outsourced their onboarding, reporting, and withholding requirements to third parties, such as administrators and transfer agents. Although FATCA allows these functions to be outsourced, firms retain the responsibility for the functions being performed. Proper due diligence and monitoring have to be performed on the third parties being leveraged for FATCA compliance. These institutions may not have a background and experience with these processes and are trying to understand the intricacies of FATCA to oversee these third parties’ performance associated with FATCA.
It is a common misconception to think of FATCA solely as a tax issue, when in fact it coexists with other nontax legal and regulatory requirements such as AML and antifraud. This is evidenced in an indictment issued by the United States Eastern District of New York in September 2014. Six individuals and six corporations, operating in Belize, conspired to commit securities fraud, tax fraud, and money laundering as part of a $500 million asset protection scheme (see U.S. v. Bandfield, et al).65 Legal commentators have stated that this was “the first time a FATCA violation has been charged as an ‘overt act’ in furtherance of a tax conspiracy and securities fraud.”66 This case demonstrates the way in which money laundering violations, such as manipulation of microcap stocks, can coexist with FATCA violations and how the failure to comply with FATCA legal and regulatory requirements can have adverse consequences.67 FATCA affects many different areas (e.g., tax, operations, AML, compliance, legal, risk, IT). Existing processes related to AML/KYC and customer onboarding can be leveraged. However, if there are existing deficiencies in these functions, then a firm may have difficulty complying with FATCA.
Firms also require significant resources to remediate their existing payees to identify if there are U.S. indicia to their foreign entity clients. FATCA requires financial institutions (e.g., FFIs, USWAs) to perform FATCA validation of tax forms and enhanced due diligence (EDD) to ensure that clients are not U.S. persons.68 However, this EDD does not apply only to new clients. Firms must also remediate existing clients. This identification process presents many challenges and costs for financial institutions in collecting, documenting, and reporting this information. U.S. financial institutions are equally affected by this detailed identification process, as they must ensure that their foreign account holders are exempt from FATCA. As a result, firms are spending significant amounts to enhance their processes and upgrade their systems to retain the necessary client information and track funds that may be subject to withholding. For instance, the Wall Street Journal reported in 2014 that the estimated cost of complying with FATCA for Canada’s five biggest banks was almost $700 million.69
Another challenge for larger financial institutions is that functions (e.g., onboarding and tax departments) are decentralized, making it difficult to develop an enterprise-wide program to comply with FATCA. Many institutions find themselves trying to remediate inconsistent processes between departments while implementing FATCA. This exercise becomes more difficult if departments do not have an established infrastructure to identify, report, and withhold payments based on prior FATCA regulations (e.g., Chapter 3 and Chapter 61). Additionally, creating an enterprise-wide FATCA program presents an even greater challenge for multijurisdictional institutions since they may be faced with many different reporting processes when subject to Model 1 or Model 2 IGA regimes.70 In the absence of enterprise-wide oversight, there is a risk that firms’ FATCA processes will be inconsistent.
Given these challenges, what steps should financial institutions take to protect themselves from potential future enforcement actions? Firms can mitigate their regulatory risk by developing a robust compliance program and implementing controls that help prevent, detect, and respond to identified risks and potential violations. Since red flags associated with tax evasion could be identified by various departments in the organization such as tax, operations, customer onboarding, compliance, and front office functions, it is imperative that these controls are designed to define clearly each department’s roles and responsibilities vis-à-vis the identification of tax evasion. Otherwise, weaknesses in one department may lead to weaknesses in other departments. As a result, financial institutions would be susceptible to increased regulatory penalties.
Preventative controls are designed to reduce the number of violations that occur. In terms of tax evasion, these violations are twofold. First, financial institutions’ noncompliance with FATCA regulatory requirements may result in penalties. Second, firms want to ensure controls are in place so they are not unwitting participants in tax evasion schemes executed by clients.
Governance. FATCA involves a sizeable coordination effort requiring proper governance of the compliance program. The first preventative step is to build a strong governance program that addresses tax evasion and identifies the person responsible for overseeing this program. However, institutions are not required, under the legislation, to designate a specific department with the ultimate responsibility to oversee the implementation of FATCA. Some institutions have opted to designate, and sometimes create, a single department responsible for overseeing their FATCA compliance programs; others require each of the individual business groups to assume these responsibilities.
This governance program should involve developing policies, procedures, and processes to comply with FATCA requirements. As part of these policies, financial institutions could implement useful tools, such as checklists, to provide guidance to departments so they can support the tax subject matter professionals in their organization with the identification of entity classifications or the determination of whether payments fall under withholding requirements.
These policies and procedures should also guide various departments to identify customers who may present a high risk for tax evasion violations. Some firms may want to assess their customers’ potential for tax-related risks. This profile would highlight potential red flags, such as high-risk jurisdictions or complex ownership structures. It would help determine whether a customer requires EDD to ensure its correct tax status under FATCA or if the customer’s accounts should be monitored regularly for potential tax evasion or even money laundering violations. Companies that have a process to assess customer risk in their AML or Office of Foreign Assets Control (OFAC) programs may consider incorporating these tax-related risks into their programs since such risks may also warn of other potential money laundering violations.
Since the financial industry is always evolving, governance programs must be sufficiently flexible to address changes. When financial institutions develop and offer new financial products to clients, the institutions need to implement preventative controls to determine if new products fall under FATCA. Financial institutions should design a “change management process” to review the impact of any potential new products and determine what changes must be implemented to capture any payments that may be subject to reporting and withholding. The client’s circumstances might alter, triggering the need for a reevaluation of a client’s tax-related risk. Additionally, an effective governance program should establish processes to assess any regulatory changes, determine the impact those changes have on the firm, and update the firm’s preventative, detective, and responsive controls accordingly.
All governance programs must also include a comprehensive training program to educate employees on the due diligence, reporting, and withholding requirements of FATCA as well as the importance and intricacies of proper documentation. The more educated the employees, the better they can service clients who may be confused by the new requirements. In addition, financial institutions should obtain a signed FATCA compliance certification from key personnel who should certify that they have attended FATCA training and familiarized themselves with FATCA principles. They should further certify their agreement to adhere to the firm’s FATCA compliance program and that they will not, directly or indirectly, have any formal or informal policies, procedures, and processes to assist customers in avoiding FATCA. This can be incorporated in a firm’s annual employee compliance certification.
Organizational Changes. Governance is not the only step in establishing effective preventative controls. Firms may make changes in their organizational structure to avoid redundancies and streamline operations. One implementation that larger firms are considering is centralizing specific functions. For instance, due to FATCA’s complexity, it may help to have one centralized tax operations department to service the enterprise. Having a centralized onboarding department also offers the added benefit of creating a one-stop data warehouse that is more effective not only for FATCA compliance but also for other regulatory compliance requirements.
Technology. Depending on the size and complexity of the organization, compliance with FATCA may not be effective without the proper technology. Many organizations have selected tools and systems that will assist them in collecting, maintaining, and validating client information and tax documents. For instance, upgrading or creating a centralized onboarding system may ensure that a firm is addressing all the necessary requirements and consistently applying them across the firm.
Firms also need to identify payments affected by FATCA. Specific products generate payments from which the firm will need to withhold monies for tax purposes to meet the FATCA requirements. The logic is complex, involving multiple variables to determine an affected payment. Existing tools and systems may need to be upgraded to identify the treatment of the products that are reported under FATCA and calculate all the required withholding amounts under the IRC.
It is imperative that firms have adequate systems to archive documents. With the lines of bank secrecy fading, firms will be faced with multiple requests for customer information from the United States as well as from other jurisdictions. To save time and money, firms may want to ensure all their customers’ information is electronically archived rather than stored in boxes and maintained at a warehouse.
Preventative controls are meant to stop potential tax-related violations from occurring. Detective controls, by contrast, continuously monitor and test procedures and processes to ensure that preventative measures are being implemented effectively. With FATCA’s recent implementation, firms should be testing their programs to ensure that the customer validation processes are properly applied and that the firms’ systems are reporting and applying withholding requirements to their products. This means conducting tests more frequently than would normally be the case for more established functions. Firms should also establish strong detective controls to train employees to monitor customer accounts and behaviors and escalate any red flags.
Monitoring. If a firm established a proper training program as part of its preventative controls, then its employees should have received adequate guidance to detect any red flags. For example, employees in the onboarding department must be able to identify discrepancies between a customer’s tax documents versus their basic account information. After onboarding, customers’ circumstances may change, and this may affect their tax-related status. As a result, employees who service accounts in the front office, operations, and compliance must monitor customers’ behaviors and activities to detect issues that may heighten their tax risk or may indicate a potential violation of FATCA. This could be accomplished during periodic reviews (e.g., KYC updates, audits) or on a day-to-day basis (e.g., change in a customer’s circumstances, daily transaction monitoring).
Effective monitoring will also include strong audit and testing processes continuously to assess that proper protocols are in place for all relevant departments, including onboarding, reporting, and withholding. For smaller financial institutions that outsource their onboarding, reporting, and withholding functions, this program should be designed to oversee and regularly test any third parties’ processes.
Communication. Detective controls will not be effective if departments are not transparent about their monitoring efforts. FATCA and tax evasion do not involve just the tax department, but also AML, KYC, onboarding, and the business lines. Information collected and observed by each of these departments can be leveraged to ensure that a firm is effectively monitoring for tax evasion red flags or potential FATCA violations. It also means deficiencies in one department could lead to deficiencies in other departments. In U.S. v. Bandfield, the U.S. government demonstrated that AML violations (e.g., microcap manipulation) could coincide with tax evasion and FATCA violations.71 Firms must be on the lookout for fraudulent schemes that may be conducted through their institution.72 Therefore, it is important that departments work together and maintain strong lines of communication regarding their detection efforts and findings to ensure that all departments are addressing and remediating potential tax evasion violations.
Data Analytics. Firms should consider applying data analytics to measure the performance of their compliance program and identify areas of improvement. Firms will need to perform a validation of the tax forms for completeness and accuracy and due diligence of the tax forms to the data collected by the firms. The data may exist in hard copy or electronic form, but either way, firms need to compare the information to the tax forms. The ability of the organization to perform this EDD may rely on the firm’s technology to identify the relevant data fields in the systems and extract the information for comparing the tax forms. The ability to use data analytics as part of the EDD will improve the firm’s ability to identify clients and accounts affected by FATCA. It is important to note that data analytics is also needed to identify anomalies and outliers useful in detecting potential FATCA violations quickly and effectively. Data analytics may be used to gather necessary information from various sources to assist a firm in identifying any inconsistent information about a customer (e.g., information may indicate that the customer is not a U.S. citizen/resident, but other activity, such as wire transfers and checks, directed to the United States may indicate otherwise).
Finally, firms must also establish effective responsive controls so that potential violations are properly and quickly escalated, investigated, appropriately disclosed, and remediated.
Investigation. Conducting an internal investigation should be a firm’s first response when its detective controls have identified an issue. In regards to FATCA, this investigation could be on the client level (e.g., when there are difficulties validating a customer file), or it could be firm-wide (e.g., if there are systemic issues reporting withholding payments). If the investigation is firm-wide, it is necessary to verify that areas of the organization that are affected by FATCA are made aware of the investigation and its findings in accordance with a communication plan. There may be instances where certain information cannot be shared, such as when the investigation is ongoing. Once this information can be shared, it is important that all requisite parties participate in addressing any weaknesses with the firm’s FATCA program.
Conducting an investigation to determine whether a customer is evading its U.S. tax obligations can be challenging and difficult. Firms should continue to be diligent as they investigate employee escalations reporting customers’ suspicious behaviors and transaction activities in accordance with the firms’ established AML programs. These investigations should be conducted with an understanding that customers associated with traditional AML concerns may be linked to potential tax evasion or FATCA violations.
As discussed, a U.S. government tax evasion investigation may take years because of the lengthy procedural processes to obtain all the necessary information to conduct an examination. However, this lengthy process does not mean that firms should delay their own internal investigations if they receive notice that the United States is investigating one of their customers. Firms should consider being proactive and conduct internal investigations on customers named in treaty requests and not delay until the government concludes its investigation. This way, firms may be able to identify any customers that pose a potential risk and remediate the issue prior to any U.S. government actions.
Firms, furthermore, should not have tunnel vision. They must be mindful that investigations of other departments (e.g., onboarding, KYC, tax, IT, and so on), which may seem to have no connection to tax, may affect a firm’s ability to detect FATCA violations or customers avoiding their U.S. tax obligations. Therefore, if faced with regulatory inquiries or internal audit findings identifying weaknesses in these key departments, a firm should be aware of how these affect its FATCA programs or its internal controls in order to remediate the issue.
Disclosure. It is important to ensure that there are escalation processes so that those responsible for the firm’s governance are quickly made aware of any deficiencies in a firm’s FATCA program or any control weaknesses. A firm’s governance program should also have policies and procedures to set forth the conditions, methods, and timing for the disclosure of violations to appropriate government authorities.
Many firms may prefer to remediate the problem internally without involving regulators. But self-disclosing serious violations and cooperating with authorities may reduce regulatory penalties and ultimately mitigate reputational risk. Additionally, firms that have entered into agreements with the U.S. government should consider whether self-disclosure is necessary to avoid violating the terms of those agreements.
Most important, after a firm investigates, remediates, and discloses a potential issue, responsive controls should include reviewing its preventative and detective controls and updating them to prevent future violations. Upon closing a matter, a firm should also review the lessons learned during an investigation and determine whether policies, procedures, and processes to respond to an inquiry were appropriate or whether enhancements are needed.
Remediation. Investigation and disclosure are only as effective as the remediation. If the firm does not quickly and effectively respond to investigation findings, then they may exacerbate the problem. In November 2014, HSBC’s Swiss private bank was fined $12.5 million by the SEC for engaging in a U.S. cross-border business from 2003 to 2011 without being registered with the SEC as an investment advisor.73 As early as 2005, the bank’s internal audit noted that the group was not complying with the bank’s cross-border policies to monitor its compliance with U.S. regulation.74 In the announcement of this settlement, the director of the SEC’s Division of Enforcement, Andrew J. Ceresney, stated, “HSBC Private Bank’s efforts to prevent registration violations ultimately failed because their compliance initiatives were not effectively implemented or monitored.”75 This case highlights how regulators will not tolerate companies that identify deficiencies with their controls but fail to remediate them.
Since FATCA did not go into effect until July 2014, it is too early to say how the U.S. government will respond to firms that delay remediating FATCA violations. However, based on previous enforcement actions involving tax evasion, it appears that the U.S. government will be aggressive in its enforcement of FATCA.76 The U.S. government may be even more aggressive with its penalties given the amount of time firms have had to implement the FATCA initiatives.
A firm’s remediation will vary depending on the issues identified. If the investigation is focused on a specific customer, it may mean terminating the relationship. However, if the investigation identifies deficiencies in controls, remediation would require firm-wide improvements such as enhancements to technological systems, improving controls, or conducting additional employee training. If a firm were to delay its response to an investigation, then it may be subject to increased regulatory risk and enforcement penalties.
Financial institutions should expect continued regulatory enforcement in the area of tax evasion. The U.S. government indicated that it would ease its enforcement actions in 2014, 2015, and possibly 2016 for those making a “good faith effort” to comply with FATCA and implement adequate controls for the prevention, detection, and response to tax evasion.77 Once this “grace period” ends, however, the U.S. government will have more tools to detect tax evasion than before. Therefore, firms should take this opportunity to strengthen their preventative, detective, and responsive controls with respect to tax compliance. Otherwise, they may find themselves the target of enforcement.
Although FATCA may have initially been met with resistance outside the United States, its purpose has gained support in the international regulatory community. Countries are seeing the financial benefit to enacting FATCA-style legislation and are developing their own regulations to identify their nationals who may be hiding assets in foreign jurisdictions. The European Union (EU) has developed a program for the automatic exchange of information between its member states starting in 2017 and 2018; and, in May 2015, Switzerland entered into agreement with the EU to participate in its program.78
Drawing influence from FATCA, the OECD, with the support of the G20 Finance Ministers, released the Standard for Automatic Exchange of Financial Account Information in Tax Matters (Standard) in July 2014.79 The Standard outlines the program for jurisdictions to participate in the AEOI on an annual basis. As of December 2015, 97 jurisdictions have committed to implement the Standard and 78 jurisdictions80 have signed the Multilateral Competent Authority Agreement.81 Some of the participating jurisdictions, such as British Virgin Islands, Switzerland, and the Cayman Islands, are well known for their bank secrecy laws. This exchange of information is also expected to be implemented in 2017 and 2018.
To coordinate this global effort and ensure consistency, the Standard incorporates the Common Reporting Standard (CRS), which specifies due diligence and reporting requirements that participating jurisdictions must comply with to implement the AEOI. Implementing this global standard has its challenges similar to FATCA, but there are also differences. For instance, preexisting accounts under $50,000 are excluded under FATCA, but not under the CRS.82 Further, the CRS has a broader scope than FATCA as it covers identifying, collecting, and reporting information on citizens from multiple jurisdictions. Therefore, institutions will have to collect and report information on a larger scale, making it difficult to rely on manual controls.83
In August 2015, the OECD released guidance to help jurisdictions and financial institutions implement the Standard, namely The Standard for Automatic Exchange of Financial Account Information in Tax Matters: Implementation Handbook (also known as the CRS Handbook). It offers key information on due diligence requirements as well as IT infrastructure recommendations. The handbook also provides a comparison between the Standard and FATCA (Model I IGA) requirements.84 The second reference guide released is the Update on Voluntary Disclosure Programmes: A Pathway to Tax Compliance. This document assesses 47 countries that have incorporated voluntary disclosure programs and provides guidance on establishing such programs based on these assessments.85
The increased international support for efforts to curb tax evasion may also be affecting the future of AML. The Financial Action Task Force (FATF), an intergovernmental organization that recommends policies to combat money laundering, released its latest recommendations in 2012. In its report, FATF added “tax crimes” to its list of designated categories of offenses that constitute a predicate offense to money laundering.86 This allows law enforcement officials to add money laundering charges against those who have engaged in tax evasion. Some jurisdictions, such as Singapore, have adopted this FATF recommendation.87 The Fourth EU AML Directive, effective in June 2015, also added tax crimes (relating to direct and indirect taxes) as a predicate offense for money laundering; however, Member States have until June 2017 to transpose the directive into local law.88 The United States, one of the member jurisdictions of FATF, has not added tax evasion to the list of predicate offenses for money laundering (Specified Unlawful Activities).89 However, U.S. v. Bandfield is an example of how the FATCA violations go hand in hand with AML violations, such as securities fraud, and may be a sign that tax evasion may become a predicate offense in the future.
One benefit of FATF’s recommendation, in the eyes of governments, is that tax crimes would fall under the authorities of those investigating money laundering and encourage cross-border cooperation.90 In addition, it would allow authorities to increase criminal penalties and fines. Yet this would increase the burden on financial institutions and their AML departments. AML departments would be faced with the difficulty of distinguishing between tax evasion and tax planning.91 Adding tax evasion as a predicate offense to money laundering would also create strains on AML departments, especially at smaller financial institutions that lack resources to handle the complexities of these investigations.92 It could also lead to additional fines and penalties for financial institutions and the accountability of BSA/AML officers if an institution failed to detect tax evasion.
For the past few years the spotlight has been on cross-border tax evasion, and it appears the shroud of bank secrecy is thinning as more jurisdictions agree to adopt the CRS. For instance, Panama and the United Arab Emirates, at first glance, were attractive to offshore account holders until they announced their agreement to adopt the CRS and to exchange information starting in 2018.93 But it is not disappearing entirely. Although account holders will continue to look for locations to hide assets, it is clear that finding a jurisdiction with a lax tax evasion regime will be increasingly difficult as it is expected that United States and international efforts will continue to combat tax evasion aggressively.
This new international environment might lead to fresh opportunities to establish a more rigorous compliance framework if it leads to the creation of centralized systems at financial institutions that address a range of regulatory requirements beyond FATCA, the Standard, and overall tax compliance.
________________
Kelly A. Dynes was a major contributor to the content of this chapter. Ms. Dynes is a manager in KPMG’s Forensic practice based in New York City. She specializes in providing anti-money laundering and other regulatory compliance services to financial institutions.
Additional contributions were made by Adam C. Susser. Mr. Susser is a director in KPMG’s Forensic practice based in Boston. He specializes in FATCA and other regulatory advisory compliance services to financial institutions.