While financial institutions (FIs) have final responsibility for compliance with the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standards (CRS), many engage outside service providers. Advice on establishing agreements with the providers and on how to thoroughly vet the organizations are provided in a new report. 

Issues that should be considered are addressed in the “Guide on Promoting and Assessing Compliance by Financial Institutions” (the Guide) published by the Organization for Economic Co-operation and Development’s (OECD) Forum on Tax Administration. 

The Guide notes that FATCA and CRS it is crucial that FIs have a full understanding of FATCA and CRS Governance and Implementation when working with external service providers. 

Processes that should be in place before hiring an external service provider:

Before engaging an external service provider, FIs also must have a risk management framework with timely processes to:

• Handle FATCA and CRS compliance risks arising from changes in business activities or operating processes. 
•  Identify, evaluate, and manage FATCA and CRS risks to ensure that these are addressed 
• Ensure that FATCA and CRS developments are assessed regularly to determine if there are direct or indirect impacts to the FI’s operations or specific markets
• Communicated any changes to the appropriate local and global stakeholders

The OECD Guide suggests 11 “hallmark” questions FIs should consider:

1. Will your external service provider provide assurance that legislative updates impacting their functions will be considered? 
2. For risk or time sensitive matters, does the FI have a process to inform or escalate the matter to the external service provider? 
3. Is there an agreed upon timeframe for responses or resolutions?
4. Are the external service providers roles, duties and responsibilities clearly laid out? 
5. What is the recourse for lack of performance on the obligations? 
6. What are the FIs’ due diligence procedures to ensure the external service provider is performing in the capacity agreed upon? 
7. Does the external service provider handle potential inquiries from tax authorities? 
8. Were there any gaps in services for functions performed by the external service providers? If so, which person and or department assumed the responsibilities in the interim?
9. Is the Responsible Officer (RO) aware of functions performed by the external service provider for which the RO is ultimately responsible? 
10. If the external service provider maintains the FATCA registration (GIIN registration and maintenance), how does the RO obtain assurance? 
11. What reviews of external service providers functions are performed to ensure the RO can make an accurate FATCA certification?

In addition, the understanding and working relationship should be documented in a contract and should include a governance structure that details:

• all applicable functions
• a description of such functions
• names of parties responsible for the functions 
• where the responsible personnel reside. With a view to ensuring that FIs effectively carry out their FATCA and CRS obligations, it is key that they implement and maintain an appropriate overall governance structure in tandem with external service providers if the FI is working with them.