A culture of compliance…for technology

Regulators and FATCA teams alike are currently focused on ensuring that institutions can start doing their jobs when deadlines like 1 January 2014 for new account identification hit. Oops, I mean 1 July 2014, with Treasury just announcing a delay for several deadlines. Add data fields to the core or CDD system, get those branches trained to use or obtain the right documents while determining a new entity’s Chapter 4 classification. “Are you an American taxpayer!?” That is a logical priority. However, in years to come, we should expect some form of examination to follow. If a private bank reported seven  U.S. accounts, how can the IRS, or its local government proxy if the bank’s jurisdiction has signed a Model 1 IGA, gain some level of confidence that the number should not have been much higher? Can the bank show that its program and controls were adequate to really comply with the regulations? Ensuring the ability to answer these kinds of questions  is why having a second and third line of control is a general best practice in compliance land – the second line of control is typically the corporate FATCA compliance team that checks what operations or local business unit teams are doing, and the third line of control is typically the internal Audit function that checks… everything.

When choosing technology solutions to facilitate compliance, it is important to ensure that they come with features for recordkeeping, audit trails, security and reporting – easily overlooked while scrambling to get the basic process in place by building or extending a homegrown tool. It is important to leverage a system that not only facilitates compliance, but also demonstrates it to auditors and examiners. The system should be able to track that checks were completed and produce details on how decisions were made, including who made the decisions and why they did so. It is important that the systems support reporting based on specific parameters. Such systems should also be able to govern processes and enforce consistent procedures. The solution should support multiple authorization levels to approve FATCA classifications for key clients and help track the timetables for completion of cases. Mature AML vendors have learned these things as their clients have over the years, and have geared their systems accordingly.

For example: branches, agents or relationship managers may have the authority to designate a Chapter 4 classification for a new Entity Account. But it’s up to the back-office FATCA team to verify those results, spot gaps or inconsistencies, and deal with exceptions. A solution based on an AML monitoring system (combining anomaly detection and case management) is well placed to act as such a second line of control, checking for example an “Active Non-Financial Foreign Entity” designation against available regular business data like legal form or industry code.

Next week, the final part 4 of this series discusses how to ensure your FATCA technology can keep up with changes that will surely come – for your accountholders, for FATCA and for the similar global initiatives against tax evasion that are already starting to follow in its wake.