Tax information exchange initiatives like FATCA and more recently the Common Reporting Standard (CRS) are in full motion in most international financial centers and certainly well under way in the Cayman Islands.
With the new automatic exchange of information protocol, local financial institutions have numerous obligations under the CRS regulations. One of the most important of these is essential to any chance of complying with the new regulations: namely the need to have written policies and procedures in place.
Section 7 of the CRS regulations requires financial institutions in the Cayman Islands to have policies and procedures in place to ensure (in summary) that:
- The FI is able to identify each jurisdiction in which an account holder is resident for tax purposes.
- The FI is able to apply the due diligence procedures required by CRS (which are extensive).
- Ensures that information obtained in accordance with the CRS regulations is kept for a minimum of six years.
The above is simplification of the actual wording in the regulation and at first glance seems fairly straightforward. That is until you read the details of what information is required, the circumstances under which an account becomes reportable, and the nature of documentation required in the due diligence stage etc. In short in all likelihood the firm will need a robust set of polices and procedures in order to ensure compliance with the regulations.
Onboarding forms are not procedures.
Many firms will likely have some form of practice internally whereby they are fulfilling or attempting to fulfill these requirements. And many others will have the necessary forms to be completed with client data in accordance with the various indicia and other data required by CRS.
But it is also very likely that some firms will not have in place a tax information compliance framework (TICF) that fulfills the following criteria to affect successful compliance:
- A set of policies relating to the firms’ approach to CRS that has been adopted formally at the board level and has been communicated to all staff.
- A corresponding set of procedures, which provides step-by-step guidance to staff, in particular onboarding/client facing staff, in the key areas as set out in the CRS Guidance Notes.
- Training sessions aimed at ensuring that the relevant staff members are all fully prepared to implement the new set of procedures.
- An internal system to test compliance and an annual external tax information compliance audit to ensure that its internal compliance staff and systems are working as intended.
- An assessment of the firm’s tax information compliance vulnerabilities (risk profile of client portfolio specifically in respect of tax matters such as residency, type of business, client group structures etc.)
If that sounds too much, it is actually just one basic requirement outlined in the CRS regulations. But it is a key requirement. Most firms see ‘polices and procedures’ as an add-on requirement which ‘may not be all that necessary’ if you are doing largely what is required on a day to basis anyway.
But experience shows that roughly 60 percent of all recommendations from a typical inspection report from the regulator relates directly to the absence or inadequacy, of a policy or procedure to mitigate the risk be it anti-money laundering fraud, tax or cyber security. That is why it is so important for the entire risk management framework to begin with a set of policies and procedures approved at the board level.
Unwritten practices within the firm can change often even daily. They will also be somewhat subjectively applied depending on the circumstances and the staff members involved at the time.
But written policies remove this ambiguity, substantially decreasing a firm’s risk exposure.
And neither are policies and procedures necessarily long unwieldy documents with complex action steps and decision-making. In fact the easier to read and the more simplicity applied the better chance of successful implementation.
Tax information compliance is firmly here to stay and will only likely become more intensified over the next few years. This is because the next natural stage of CRS is for the authorities both in Cayman and overseas to require independent tax information compliance reviews whereby firms are tested to determine if they have the necessary systems in place to provide accurate CRS reporting.
But firms should not wait for authorities to impose reviews. If a firm is exposed materially to tax compliance risk due to the actions of one of its clients, the reputational damage stemming from a single news story linking that firm to a tax evasion scheme is sufficient to cause irreparable damage to the business.