www.pwc.

com

FATCA and KYC

Similar yet different

November 12, 2012

FATCA extends customer due diligence and reporting requirements well beyond what is typically performed for KYC purposes.

Background
While strict global Anti-Money Laundering (AML)/Know Your Customer (KYC) requirements have been with us for a long time, strict rules aimed at ending global tax evasion are a more recent phenomenon. The provisions of the Foreign Account Tax Compliance Act (FATCA) were enacted in 2010 with a primary goal of providing the United States' Internal Revenue Service (IRS) with an increased ability to detect US tax evaders concealing their assets in foreign accounts and investments. It aims to accomplish this goal by encouraging non-US entities to comply with a new set of tax information reporting and withholding rules or suffer the consequences of non-compliance, primarily being subject to withholding tax on income from US sources. Ultimately the consequence of non-compliance will include withholding on gross proceeds from the sale of US securities and income from non-US sources. The foundation of FATCA lies in the ability to properly classify customers (including counterparties, account holders, etc.) according to the proposed FATCA classification guidelines and report on US persons whether they own an account directly or indirectly through a foreign entity. This requires Foreign Financial Institutions (FFIs) and withholding agents to collect the appropriate withholding certificates, statements and documentary evidence from their customers, and validate and store the information and documentation received. They will also be required to determine whether they have a reason to know that claims made on customer documentation are unreliable or incorrect, monitor their customers to determine whether a change in circumstance has occurred that could impact a customers FATCA status, and monitor the expiration of documentation received.

PwC

This document highlights four key challenges that AML/KYC professionals should understand as their financial institutions begin to implement FATCA alongside existing account opening and AML/KYC capabilities. For a detailed analysis of the proposed FATCA regulations released by the IRS and the US Department of Treasury (US Treasury) on February 8, 2012 please visit our website at www.pwc.com/us/fatca. PwC observation: There are fundamental differences in purpose between KYC and FATCA. KYC is intended to reduce the risk of money laundering and/or terrorist financing. In contrast, FATCAs intent is to identify US tax evaders. The indicators and methods for due diligence are different which has lead to confusion in the market. In light of the increased regulatory scrutiny on AML/KYC matters, financial institutions currently reviewing their KYC programs should take time to determine the overlaps with FATCA and the degree to which processes can be aligned.

PwC

Challenge #1 Customer due diligence

FATCA rules expand customer due diligence beyond what is currently performed to meet existing AML/KYC requirements and regulatory expectations, requiring that more information be collected, reviewed and validated. More specifically: It further increases compliance burdens by requiring all accounts (subject to certain de minimis thresholds) be reviewed for US indicia. It is not a risk based approach as is AML/KYC. FATCA generally requires a financial institution to know whether a 10% owner of certain entities is a US person or not based on a self certification provided by the entity. For most AML/KYC reviews, the threshold is normally 25% (for low risk customers). All information collected as part of the account opening and AML/KYC process must be made available to the function that performs tax form validation to determine whether the institution should have knowledge that certain FATCA sensitive information, such as ownership information, residence or telephone numbers, is incorrect or unreliable.

FATCA imposes customer identification and validation rules that go well beyond what is currently generally required for AML/KYC purposes.

As in AML, under FATCA, customer due diligence does not end once the account is opened. Processes must be implemented to identify any "change in circumstance" in a customers FATCA status. For example, if a previously documented non-US person has changes in account information that introduce US indicia (e.g., US address), the financial institution must perform additional due diligence to determine if the customers status as a non-US person has in fact changed. Unlike AML, this monitoring for change in circumstance as required by FATCA is not risk-based, must be monitored as it occurs and applies to all customers. This is a stark difference with respect to periodic reviews of customers classifications for AML/KYC purposes which are most often driven by a customer risk rating model. Adding to activities required under change in circumstances, tax documentation expires and must be renewed and reviewed. PwC observation: Many FFIs do not currently have the tax operations functions that (ideally) review customer data collected as part of the AML/KYC process and will need to create these functions. Where this function does exist it will have to be enhanced.

PwC

Challenge #2 Intergovernmental agreements (IGAs)

IGAs were designed to eliminate country-specific legal barriers encountered by financial institutions as they try to comply with FATCA (examples include data privacy and the requirement to potentially close accounts). Versions of a Model IGA have been released and, with respect to customer due diligence, they attempt to provide relief for Partner Country Financial Institutions by: Allowing more types of documents (e.g., government issued identification) that can be used to classify an individual account holder as a US person or not. Customers that are entities (i.e., not individuals) may be treated as exempt from FATCA by using information available to the financial institution, including either information collected as part of the account opening process or publically available information. Entity customers may also self certify their FATCA status. PwC observation: The Model IGA provides relief as noted above. However, if a financial institution obtains a US tax withholding certificate (i.e. Form W-8 or W9), such documents may provide a higher level of certainty and uniformity with respect to FATCA compliance than documentary evidence (e.g., articles of incorporation). The IGA provides relief to the documentation of ownership thresholds for NonFinancial Foreign Entities (NFFEs). FFIs located in a jurisdiction where an IGA is in effect will be allowed to identify Controlling Persons following AML/KYC guidelines specific to their local jurisdiction. In general, AML/KYC requirements for many jurisdictions are a 25% ownership threshold (for low risk clients), as compared to the FATCA proposed regulations which have minimum ownership thresholds of either 0% or 10%. Such FFIs will still have to determine if any of the Controlling Persons are US persons. PwC observation: Using a 25% ownership threshold provides tangible benefits (within a particular country) with respect to reduced volume of owners requiring FATCA due diligence and better alignment to local AML/KYC due diligence rules. However, for financial institutions that operate in multiple countries (some IGA partner countries and others that are non-IGA) this increases the complexity for managing multiple due diligence standards for FATCA. From an AML/KYC compliance perspective, identifying Ultimate Beneficial Owners (UBOs) and performing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) have been longstanding challenges. This subject has recently evolved into a high interest topic, considering the European Commission is planning to roll out its 4th AML directive, the US Treasury's Financial Crimes Enforcement Network (FinCEN) has issued its Advanced Notice of Public Rule Making around CDD, the Financial Action Task Force issued its latest recommendations in February 2012, and the Wolfsberg Group provided an update on UBOs. PwC observation: The confluence of FATCA and global changes to AML/KYC regimes requires that organizations spend considerable time coordinating FATCA efforts with compliance programs. Financial institutions should think beyond just addressing regulatory compliance and should consider impacts to the entire customer onboarding process and customer experience.

While IGAs address a number of industry concerns, they create complexity with respect to aligning FATCA and KYC processes.

PwC

Challenge #3 Process and technology coordination

FATCA does not explicitly mandate that AML/KYC processes be changed to comply with FATCA. FATCA does require, however, that all information collected during account opening/KYC processes be reviewed for indicators of US status and if any data collected conflicts with claims made on for FATCA purposes. Therefore, all information collected as part of account opening must be made accessible to the function that reviews accounts for US indicia and validates withholding certificates or other documentation provided for FATCA purposes. FATCA complicates the customer on-boarding process by adding incremental tax requirements. However, the ability to comply with FATCA is compounded by disjointed operational processes and technology silos that store customer data and documentation. Front office functions, middle and back office operations, and technology often do not rely on the same data sources. Harmonizing relevant onboarding and account maintenance processes and systems is critical to successfully implementing FATCA. Furthermore, implementation must occur in a manner that does not negatively impact customer experience. PwC observation: The AML/KYC function typically obtains data from the account opening function but typically does not provide data to other functions. Providing KYC data to a tax operations function or any other area for review and validation is a significant change from current practices and will require a review of operating models, data privacy rules and customer onboarding processes.

Processes, technology and data used for both AML/KYC and FATCA must be coordinated.

PwC

Challenge #4 Oversight and program governance

FATCA requires many FFIs to enter in to an FFI Agreement (Agreement) with the IRS. The Agreement requires that the FFI designate an RO who will make certain certifications to the IRS at periodic intervals regarding the FFIs compliance with its Agreement and who will act as the single point of contact for IRS inquiries. Failure to either enter into an Agreement when required or make periodic certifications could result in a 30% withholding tax on income from the US paid to an FFI. The following certifications are required: 1. Pre-existing high value accounts The RO must certify to the IRS within one year of the effective date of the Agreement that they have completed the review of all high value accounts (greater than $1,000,000 for individuals). Remaining pre-existing accounts The RO must certify to the IRS within two years of the effective date of its Agreement that it has completed the review for all remaining pre-existing accounts. Policies and Procedures The RO must certify that the FFI did not have any formal or informal practices or procedures in place from August 6, 2011, through the date of such certification to assist account holders to avoid FATCA. Compliance certification The Agreement requires that it adopts written policies and procedures governing its FATCA requirements relating to customer due diligence, withholding and reporting. Furthermore, the FFI must conduct periodic reviews of FATCA compliance, will periodically certify to the IRS they have complied and may be required to provide factual information and to disclose material failures.

The breadth of FATCAs impact requires a complex governance model headed by the Responsible Officer (RO).

2.

3.

4.

PwC observation: Considering the scope of certification requirements, certifying compliance across a financial institution with a global footprint and/or multiple lines of business will be a challenge. The responsibilities of the RO, which many FFIs have not even begun to consider, requires skills and knowledge spanning tax, compliance, operations, technology and controls. Given the disparate responsibilities of the RO, financial institutions should consider the concept of the "Responsible Office to provide necessary support functions.

PwC

Some actions to think about

FATCA and KYC are distinct sets of regulatory requirements that are now linked together. The functions that support compliance with each set of regulations will have to work together in an unprecedented way. As Compliance professionals begin interacting more with your FATCA peers the following lists several key items to consider: Reach out to your FATCA program lead(s) and Corporate Tax department to understand business requirements and implementation decisions being considered or already made. Review the impact of FATCA on AML/KYC processes and determine the degree to which processes can be coordinated or aligned. This will generally include KYC due diligence processes when an account is first opened, periodic risk reviews (which may lead to FATCA changes in circumstance) and how to make KYC information available to the teams/individuals validating tax documentation. Be aware that documentation collected for AML/KYC purposes (e.g., formation documents, government-issued identification) may be required and/or relevant for FATCA purposes, such as "curing" instances where US indicia is identified. Work with tax, business, operations, and information technology to understand impacts on the account opening process and how to minimize the impact on the customer experience. To the extent that your organization has not yet begun the process to identify the RO and define associated responsibilities, work with the FATCA program to understand your implementation plan and how to develop an appropriate governance model.

PwC

For more information about AML, please visit our website at www.pwc.com/aml. For more information about FATCA, please visit our website at www.pwc.com/us/fatca.

If you have any questions, please contact your usual PwC contact or any of the following persons: Dominick DellImperio (646) 471-2386 [email protected] Jeff Lavine (703) 918-1379 [email protected] Jon Lakritz (646) 471-2259 [email protected] Richard Inserro (646) 471-2693 [email protected] Monique Maranto (410) 404-1905 [email protected] Christophe Ludwig (646) 471-2658 [email protected]

PwC

www.pwc.com

IRS Circular 230 Disclosure This document was not intended or written to be used, and it cannot be used, for the purpose of avoiding US federal, state or local tax penalties that may be imposed on any taxpayer. This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.

2012 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. Solicitation