The tone is shifting around AEOI compliance and beyond. It pays to invest in your customer tax reporting.

By Danielle Clark

Inquiries into customer tax reporting returns (otherwise known as operational tax) are on the rise. Data errors and omissions that might have been acceptable previously are increasingly being called to account and penalties are no longer theoretical. We look at five ways to manage compliance in this changing environment.

What is happening?

Around the world, a growing number of tax regimes require businesses to report information on payments made to customers and other stakeholders, and in some cases to also withhold a tax from those payments. From the Foreign Account Tax Compliance Act (FATCA) and the Common Reporting Standard (CRS), through to DAC7 in the EU, new 1099-K rules in the US, the Central Electronic System of Payments (CESOP) in the EU and the Crypto Asset Reporting Framework (CARF) by the Organization for Economic Co-operation and Development (OECD), tax authorities have increasing powers to collect data, in what is termed the automatic exchange of information (AEOI), and they are doing just that.

This increase in reporting obligations presents tax departments and operations functions, who are already under pressure to do more with less, with new risks. My Customer Tax Operations and Reporting Service (CTORS) colleagues at 安永 confirm that controversy is up in many jurisdictions as the competent authorities use their new wealth of data and data analytics capabilities to increase scrutiny.

Eighteen months ago my now-retired colleague, Ian Bradley , wrote an article on the impact that the OECD’s peer reviews of CRS enforcement was having on enforcement across a wide range of jurisdictions. That trend continues, as jurisdictions identified as non- or partially compliant seek to demonstrate increased rigor before the next round of reviews.

Penalties for non-compliance vary by jurisdiction and by regime. In some cases, a flat fee is levied; in other cases, a penalty is incurred for each infraction, sometimes adding up into the equivalent of millions of dollars.

The mood music is changing.

My London-based colleague James Guthrie observes that in the early days, from 2014 when FATCA was introduced and 2016 when CRS came online, the environment was widely supportive. “So long as financial institutions were seen to be making their best efforts, the competent authorities were largely understanding. We are seeing the same in Europe right now with the newly-introduced CESOP rules for payment service providers – the quarterly reporting requirement and large data volumes can be a challenge, so we have seen some leniency on missed deadlines and data quality. However, as these regimes mature, there is a desire to apply rules more consistently across jurisdictions, and hence some authorities are wielding penalties where they hadn’t before.”

In Asia-Pacific, my colleague Paul Ho, FCPA (Aust.) observes that both the Singapore and the Hong Kong tax authorities are under pressure from the OECD on CRS enforcement and have responded with relatively robust on-site audits of some financial institutions. As a consequence, he expects to see penalties issued in both jurisdictions. “Although the statutory penalty is not significant, generally around SGD5,000-SGD10,000 and HKD10,000 respectively, the reputational risk will be a concern to impacted institutions, particularly those where the infringement will need to be communicated up the line to their parent company, in some instances.”

Here in the USA, the Internal Revenue Service (IRS) has been a little more tolerant to date. But other countries in the area, including most notably Mexico, are following the approach as elsewhere in the world and hardening their stance.

In this context, there is no scope for complacency.

Any financial institution in a jurisdiction that is under the spotlight for enforcement is best served by proactively assessing their own compliance. My advice to all businesses with a reporting obligation is to stand back and take a hard look at your data quality, processes and governance. In particular, multinational enterprises will be wise to look at their activities in jurisdictions where compliance has not yet come under scrutiny but might not pass muster when examined more closely. Often operating models that were designed some years ago have failed to keep pace with the changing rules and business needs, and can benefit from a refresh or, in some cases, a full update.

Below are five steps to consider:

1. Invest in your team and processes, whether in-house or outsourced, and document your actions.

2. Ensure you have a robust IT system, investing in technology to capture and validate the required data. Missing or incomplete Tax Identification Numbers (TINs) are at the root of many issues, yet relatively simple analytics can identify problem areas.

3. Ensure you are keeping up to date with regulatory changes in all relevant jurisdictions and adapting processes as required.

4. Take a retrospective look at your recent returns. Use data analytics to identify embedded risk and highlight improvement areas.

5. If you receive a notice, seek advice and engage openly with the tax authority and your tax advisors.

安永 teams are here to help. From a proactive “health check” through to a comprehensive filing under review, our focused specialists and robust technology can support you to meet your obligations with confidence.

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.