Last week on December 5, 2013 the Treasury Inspector General for Tax Administration (TIGTA) publicly released its September 27 report titled: “Foreign Account Tax Compliance Act: Improvements Are Needed To Strengthen Systems Development Controls For The Foreign Financial Institution Registration System”. TIGTA’s objective was to assess the IRS’s systems development approach for the FATCA Registration Portal. Specifically, TIGTA evaluated the IRS’s established management controls and processes over information technology program management, security control processes, testing documentation, requirements management, and fraud prevention controls.
The IRS estimates that between 200,000 and 400,000 entities will register on its FATCA Online Portal. Industry groups have produced larger estimates based on by example various trust arrangements being categorized as Foreign Financial Institution (FFIs). April 25, 2014 is the deadline for registration to be included on the participating FFI (PFFI) list that will be issued in time to avoid FATCA withholding that will begin July 1, 2014.
Once an FFI is registered on the FATCA Portal, if it is not protected by an intergovernmental agreement (IGA) between the U.S. and its country or jurisdiction, the FFI will need to provide (and the IRS capture) identifying information for certain U.S. accounts maintained by the institution such as account number, balance, gross receipts, and withdrawals. TIGTA identified three key groups that FATCA directly impacts:
(1) taxpayers who meet the reporting requirements threshold for foreign financial assets;
(2) FFIs that report to the IRS foreign financial account information exceeding certain thresholds held by U.S. taxpayers; and
(3) withholding agents who withhold a 30 percent tax on taxpayers who fail to properly report their specified financial assets related to U.S. investments.
An October 2014 industry poll of 100 financial firms, half large firms, founds that more than 55 percent rated average to poor their understanding of FATCA. The four critical challenges identified in that survey include: (1) lack regulatory requirement clarity, (2) FATCA expertise scarcity, (3) operational impact, and (4) data issues. According to the tax department of a tier 1 European bank, the signature of IGAs could reduce cost estimates to roughly US$100 million per institution covered by the respective IGA. Given the U.S.-U.K. IGA, the national cost estimate of the U.K. Revenue for impacted U.K. financial institutions is a one-off cost of approximately £900 million – £1.600 billion with an ongoing cost of £50 million – £90 million a year.
In its report, TIGTA stated six recommendations for the IRS to improve system development, documentation, management, and testing.
(1) The Chief Technology Officer (CTO) and the Commissioner, LB&I Division, should ensure that the FATCA Organization PMO and FATCA information technology management timely identify and communicate system changes to minimize costs and reduce waste for future information technology development projects.
(2) The CTO should ensure that adequate program management controls are in place and are consistently followed to guide the future system development activities needed for the FATCA and to better position the IRS to accomplish its goals for improving the benefits of its FATCA goals and objectives.
(3) The CTO should ensure that the SCA Test Plan and Developer Security Test and Evaluation Plan are prepared so that all security requirements, security controls, and test cases are identified, traced, and tested, and all security testing is performed before deployment of Drop 1 to ensure that the FRS operates as intended.
(4) The CTO should ensure that all testing groups follow the recently established Internal Revenue Manual (IRM) procedures for documenting test cases for consistency in testing requirements and in detecting and correcting errors to ensure that the FRS meets all of its requirements as needed.
(5) The Commissioner, LB&I Division should establish IRM procedures for all testing groups to ensure that documentation of test cases is consistent with and supports the IT Organization requirements testing process.
(6) The CTO should ensure that IRM guidelines are followed so that the RTVM is established at the beginning of the testing life cycle and updated and maintained throughout the requirements management and testing processes, and that the RTVM is utilized on a regular basis to ensure that all FRS and future FATCA system requirements are included in test cases and tested.
Before the first version (Release 1.0) was shelved, the IRS expended $8.6 million of a $14.4 million forecast budget over 19 months on the FATCA Registration Portal (FFI Registration System or “FRS”). The current version (Release 1.1) is in development with a final forecast price tag to roll out a working version of the FRS of $16.6 million, i.e. $2.2 million over budget.
Examples of Key Capabilities and Features of FRS Release 1.0
|The FRS is a modern web-based application with 24/7 accessibility. Specifically, it:Ø Allows Financial Institution (FI) users to establish an online account, including the ability to choose a password and create challenge questions.Ø Displays a customized home page for FIs to manage their accounts.
Ø Ensures security for all data provided on behalf of FIs.
Ø Provides FIs with tools to oversee member and/or branch information.
Ø Establishes a streamlined environment for FIs to register in one place.
|The FRS provides flexibility for FIs to report on and manage information throughout their corporate structure (branch and members). Specifically, the system:Ø Generates automatic notifications when an FI status changes.Ø Implements a universal numbering system (Global Intermediary Identification Number) that can be used by local taxing authorities.
Ø Allows FIs to appoint delegates (points of contact) to perform registration tasks.
Source: FRS overview presented by the IRS to the Treasury Inspector General for Tax Administration on February 21, 2013.
For further analysis see the Lexis Guide to FATCA Compliance: http://www.lexisnexis.com/store/catalog/booktemplate/productdetail.jsp?pageName=relatedProducts&prodId=prod19190327
In comparison of the expenditure overruns and technical glitches of the state and federal affordable health care (ACA or Obama Care) exchanges, the FRS budget overrun and push back seem quite successful. Of course, it remains to be seen if the FRS does not go further over-budget and if its roll out is not further pushed back. Yet it must be noted that the 2012 GAO report stated that: “In addition to its internal control deficiencies, IRS faces significant ongoing financial management challenges arising from its continued need to safeguard the large volume of sensitive hard copy taxpayer receipts and related information and to address its exposure to significant improper refunds based on identity theft.”
The 2012 TIGTA report on the Information Technology Program recognized that the IRS will have responsibility for the tax system but also for the Patient Protection and Affordable Care Act (PPACA). As a result of PPACA, the IRS has been assigned the job of overseeing all U.S. persons’ healthcare records in the new healthcare system. TIGTA identified weaknesses “over system access controls, configuration management, audit trails, physical security, remediation of security weakness, and oversight and coordination on security-related issues.” TIGTA further stated: “Until the IRS addresses security weaknesses, it will continue to put the confidentiality, integrity, and availability of financial and taxpayer information and employee safety at risk.”
Finally, the IRS was supposed to, has it already been five year ago now(?), have web-based access for each taxpayer of his/her IRS tax account. Still waiting on this customer service feature… But it must also be noted that over the past five years Congress has the IRS tasked with substantial new responsibilities without additional substantial resources to accomplish them all (too bad Congress pulled the plug on the additional 1099 reporting by all taxpayers – that would have been interesting to watch the IRS cope on top of the ACA and FATCA). Billions in incorrectly paid earned income tax credit payments has certainly made the headlines, with the implication being that Congress should have the IRS fix current challenges before forcing it to initiate new ones.
Maybe private enterprise would better accomplish certain tasks, or to take over certain functions – which leads to a different discussion about government / private partnerships and/or outsourcing of tax administration and collection (the Romans did that, as did feudal lords, and if I recall correctly, Bush II’s administration with regard to collections). But as a colleague shared with me today – medicare only has a 3% administrative cost whereas private enterprise runs as high as 70% administrative cost. So private enterprise may not be a cost effective solution. I look forward to discussing this topic in class….
 NICE Actimize Financial Services Poll Finds That More Than 55 Percent of
Financial Institutions Rate Understanding of FATCA Legislation ‘Average’ to ‘Poor’, October 9, 2013.