FATCA and CRS governance and controls mechanisms: obligation to have a compliance programme

28/02/20

In brief

The Luxembourg government released, on 20 February 2020, a draft law requesting all Luxembourg Financial Institutions ("FIs") to notably establish a compliance framework and file CRS reports even in the absence of any reportable clients or investors (nil report concept).

In detail

The draft law should modify the law of 24 July 2015 on FATCA (“FATCA Law”) and Article 6 of the law of 18 December 2015 on CRS (“CRS Law”) imposing to FIs to establish a compliance program. The commentaries of the draft law indicate that such obligation is inspired from the effective internal organisation requirement of the AML law. 

The FIs should thus be required to have written policies and procedures detailing how due diligence and reporting obligations are in practice dealt with by the FIs (or its groups). In addition, the FIs would need to put in place an IT infrastructure to comply with those obligations.

For FIs, notably in the Alternative Investment industry, reporting only a limited number of investors, those procedures and systems should be proportionate even though it is not clear in practice if the use of an excel file and IT archiving systems would be deemed sufficient. However, it will be still possible for an FI to rely on the procedures and IT systems of the service provider in charge of the investor on-boarding or of the reporting as long as the FI would be in capacity to demonstrate that it exercises an oversight and control on those delegated functions.   

Moreover, a second important pillar of this compliance program requires FIs to implement proportionate effective controls on the respect of the FATCA and CRS due diligence and reporting obligations. This will require operationally speaking:

  • a first line of defence being able to evidence controls made on the self-certifications received from clients or investors (e.g. by establishing check-lists supporting the control on both the completeness of the form and its reasonability according to the knowledge the FI has of its clients/investors). Such evidences should also be accessible by the Luxembourg tax authorities for a 10-year period upon request. 

  • a second line of defence (e.g. a compliance department eventually assisted by an external advisor) in charge of verifying that the first line of defence or the service provider effectively duly applied the agreed procedures. As best practice, a control matrix should be put in place to determine notably scope, frequency, size of sampling and methodology of the controls.

Even though this is not per se an obligation under the draft law, due to the technicality of the subject and considering the level of penalties at stake1, it would be strongly recommended that concerned employees be regularly trained on those internal policies and procedures.

The draft law also requires Reporting FIs without any reportable clients or investors to file a CRS nil report as it is already the case for FATCA purposes. Failure to comply with this FATCA and CRS (nil) reporting obligations would result in a lump sum penalty of EUR 10,000. 

This draft law should be effective as from 1 January 2021 provided that it is still voted this year.

 

1. In case of audit, the Luxembourg tax authorities could issue a penalty of up to EUR 250,000 for failure to comply with FATCA regulations and 0.5% of the amounts that should have been correctly reported. The same level of penalties also applies for CRS purposes.

What’s next?

It remains to be seen if during the parliamentary debate some clarifications would be made regarding which level of IT development the tax authorities have in mind for entities with only a handful of reportable investors (e.g. would an excel tracking file be sufficient?). In addition, would Management Companies or General Partners of investment funds that are deemed legally to not maintain any reportable accounts could obtain an exemption of CRS nil report as it is the case in some other jurisdictions (they could still be treated as Non-Reporting FIs under FATCA).

Nevertheless, FIs should start this year to implement a FATCA/CRS compliance program and reflect on how they want to evidence oversight and control on delegated functions (e.g. use of due diligence questionnaire, request a third party to carry out an health check etc.)

Our FATCA and CRS dedicated expert team can provide you with a full range of services around those topics including:

  • drafting of procedures and control matrix;

  • reporting through our online dedicated and collaborative platform;

  • review of self-certifications;

  • due diligence on service providers (e.g. on Transfer Agents for the Fund industry); and

  • organisation of dedicated trainings. 

We will be pleased to organise a meeting with you to further discuss the impact of this draft law and how we could assist you going forward.