Financial institutions that have spent time and money dealing with the US Foreign Accounts Tax Compliance Act 2010 in the hope that this will be a one-off cost are in for a rude shock and should make their IT systems more 'scalable,' according to a software vendor.

This week's one-year anniversary of FATCA taking effect has prompted some soul-searching among wealth managers, who are concerned whether the industry is fully prepared to cope.

FATCA 'went live' on 1 July 2014. The Act requires financial institutions, ranging from banks to hedge funds that deal with US persons, or which suspect that clients are US persons, to report details to the US authorities or face a 30% withholding tax. FATCA is blamed for causing some financial institutions to shut their doors to expatriate Americans, viewing them as unprofitable clients and a cause of 'compliance headaches.' It has also prompted a number of fintech firms to roll out services to help banks and other foreign financial institutions to deal with the burden.

Step forward Thierry Haensenberger, the senior vice president for Europe, the Middle East and Africa, at the fintech firm of AxiomSL. He recently spoke to this publication about what firms are doing, or have done, about FATCA so far, and what problems remain.

“There is a lot of struggling for banks to meet the requirements…All regulators and tax authorities are behind schedule with this. Because this is the first year and people need to get familiar with the requirements, 2015 is a struggle for everybody.

“What’s obvious is that nobody is really ready in terms of industrialized reporting processes. In IGA Model 1 countries, FFIs have to report to their local tax authorities at various dates (mostly 30 June, with many countries extending the deadline by at least a month as the legislation and regulator are not fully ready); in turn, those tax authorities have a deadline of reporting under FATCA of 30 September to the Internal Revenue Service; this is not done yet,” he added. Model 2 countries and direct regulation countries had until 31 March 2015, to submit information to the IRS; that deadline had been extended by 90 days.

“In Luxembourg, they have postponed the deadline by 30 days, to 31 July, because the legislative process to implement FATCA as a local law, and the reporting format to be used, was still not finalized at the end of June.”

Haensenberger thought that the problems may only be starting.

“Next year, pre-existing accounts (those opened before 1 July 2014) come into the scope of the rules and that will mean much, much larger volumes.

“Another point for foreign financial institutions to remember is that FATCA is just the beginning of a global tax evasion fight framework: a number of other forms of cross-border tax information exchange legislation and measures will be enabled, from UK-CDOT [sometimes called 'UK FATCA'] next year, to the Automatic Exchange of Information and its Common Reporting Standard (put together by the OECD from the work done for FATCA), which will be implemented by almost 100 countries in 2017 and 2018.

"Many banks initially took a tactical approach to FATCA implementation, given the limited reports volume and the unknowns around this first reporting exercise. But now that they realise that this US initiative is [changing the] global cross-border tax information exchange landscape, all financial institutions are starting a strategic review of their FATCA/AEoI reporting plans. It is a massive thing….people are setting up programmes to cover FATCA and AEoI compliance and reporting on a global scale,” he continued.

Ironically, when banks have been historically quite reluctant to send data out for security reasons, in the context of FATCA/AEoI reporting, a lot of them are seriously considering outsourcing the most sensitive data they have, which is information about clients, because of the operational effort that would be required to produce reports for all jurisdictions internally. In parallel, regulators are reacting to practitioners' concerns by opening the door to less strict data privacy rules, to allow financial institutions to use third-party providers to produce those reports for them (for example in Luxembourg, which is one of the strictest jurisdictions when it comes to data privacy protection).

Firms can either opt to do work in-house or through a managed service of some kind. Haensenberger said: “If you look at doing something in-house, the most critical piece to look at is really the change management process and functionalities.

“If you are a bank you should take a step back from what you have done for FATCA and look at implementing something flexible and scalable. This is going to be trouble for those who have prepared to [fulfil] FATCA requirements, but nothing else. For smaller firms with international customer bases, managed services will be the only way,” he said.

In Luxembourg, Haensenberger's base, a majority of the accounts are held by people who are tax residents of other countries. He added that there was therefore a significant reporting volume that small entities could not manage internally at a bearable cost.