The Australian Taxation Office (ATO) has issued a new self-review guide and toolkit (Guide) on the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS) (together, AEOI) for reporting financial institutions (RFIs).

Stronger approach to AEOI compliance

The Guide reflects the ATO’s stronger approach to enforcing AEOI compliance, which has been evident in the past 24 months. This approach appears to reflect concerns by the Organisation for Economic Co-operation and Development (OECD) and the US Internal Revenue Service about compliance levels in Australia and other participating jurisdictions.

The Guide goes further than previous guidance in setting out potential penalties for non-compliance, with the ATO indicating that it will apply the penalty regime on a per-breach basis, which could give rise to significant overall penalties where an RFI has many account holders.

Regrettably, the AEOI rules are extremely complex and difficult to apply. Even though the Guide offers helpful information, RFIs continue to face substantial risks of non-compliance, including in areas where existing compliance is based on administrative practice.

What does it mean for you?

All RFIs are encouraged to self-review their processes before the ATO initiates a review, and to ensure that appropriate resources are directed to AEOI compliance. RFIs that do not have the internal capability to conduct their own self-review should consider engaging third party consultants.

It is especially important that RFIs that are part of global groups prioritise their compliance procedures by reference to the Guide.

What does the Guide deal with?

The Guide provides information in two main areas:

  • the internal processes and systems that RFIs should maintain to comply with AEOI; and
  • the ATO’s approach to conducting regular FATCA/CRS reviews, including what processes will and will not meet the ATO’s expectations.

What should my AEOI framework include?

The ATO has indicated that an AEOI framework should be based around three fundamental areas of compliance:

  • AEOI governance;
  • due diligence obligations; and
  • reporting systems.

A well-designed AEOI framework:

  • has a clear ‘line of sight’ for maintenance, reporting and compliance;
  • sets out the operating model and controls (including the due diligence compliance program);
  • identifies gaps and deficiencies, so that reporting errors can be corrected in advance;
  • assists senior management with clarifying accountabilities for managing AEOI obligations, and key risks; and
  • provides accurate reporting of customer information.

The Guide breaks down each of the core elements of the AEOI framework into a detailed checklist that both RFIs and the ATO can use to assess compliance. These elements have never been set out in such a clear way before. As such, the Guide provides certainty on a range of issues, such as the extent to which systems need to identify change of circumstances and detect circumvention of FATCA/CRS.

Despite the specificity of the Guide, challenges remain for RFIs in implementing and maintaining workable AEOI compliance processes.

How does the ATO review RFIs?

The ATO conducts reviews of AEOI frameworks to enforce compliance. The ATO uses data analytics and risk modelling to identify various RFIs in need of a review. Risk factors include:

  • inconsistent volumes of reporting;
  • reporting of tax identification numbers that are noticeably wrong;
  • reporting of non-reportable entities; and
  • reporting of account holders in non-tax jurisdictions.

While the ATO’s primary focus is on larger RFIs (who may receive an annual questionnaire), the ATO will review RFIs of different sizes and from a range of sectors.

The ATO will conduct its review by reference to the checklist in the Guide and apply a rating system, as follows:

  • Operating as required: The framework has been properly designed and appropriately executed. There is evidence of periodic reviews and regular testing, and any areas for improvement have been satisfactorily resolved.
  • Operating in part (requires improvement): The AEOI framework has been properly designed, but one or more of its core elements require work. Where gaps or deficiencies are identified, the ATO will ask the RFI to resolve them.
  • Not operating as required or not in place: There is insufficient evidence of a proper AEOI framework, and/or there are significant concerns that information is not accurately recorded and reported. Alternatively, a significant number of core elements require work, both in terms of design and execution.

Once the ATO has identified an RFI for review, it expects to conduct a review once every 4 years. In the intervening period, the RFI is expected to continue monitoring its AEOI framework — including self-reviewing according to the Guide — and acting on reporting errors.