a hand holding a guitar



Winter and FATCA/CRS audits are coming for financial institutions

The Canada Revenue Agency (CRA) will shortly begin on-site audits of financial institutions (FIs) for purposes of Part XVIII (FATCA) and Part XIX (CRS) of the Income Tax Act. Earlier this year, CRA officials responsible for FATCA/CRS provided useful information on the scope of such audits, as well as what FIs can expect with respect to the assessment of penalties for non-compliance. 

What you need to know

  • The CRA has already been conducting desk reviews of certain FIs. These reviews are off-site “audits” that generally involve the CRA examining the FI’s FATCA/CRS policies and procedures.
  • The CRA expects to begin on-site FATCA/CRS audits sometime in late 2022 or early 2023. The occurrence of a desk review is not a prerequisite to an on-site audit. 
  • The CRA does not intend to assess any FATCA/CRS non-compliance penalties until after an on-site audit. Accordingly, FIs still have time to prepare themselves for these upcoming audits. 

Selecting FIs for audit 

The CRA has been conducting desk reviews of certain FIs. During a desk review, FIs are often asked to provide the CRA with a copy of their FATCA/CRS policies and procedures. 

The CRA indicated that while the results of a desk review may lead to an on-site audit, the latter may also occur without any precursor activity. The CRA stated that in deciding which FIs to select for an on-site audit, some of the relevant factors include the following:

  • The number of accounts that are missing taxpayer identification numbers (TINs);
  • Whether the expected sources of income (such as dividends) are reflected in the FI’s returns;
  • Whether the account holder’s (or in the case of entity accounts, the controlling person’s) date of birth is missing or inaccurately recorded; 
  • Whether the FI’s filings are consistent with the CRA’s expectations for the particular FI (for instance, whether the volume of reportable accounts is appropriate for the size of the particular FI);
  • Atypical year-over-year changes (such as an unusually large number of reportable accounts for a particular year when compared to the FI’s returns from prior years); and
  • Whether any error notices have been received from the United States Internal Revenue Service (and the extent to which these errors are resolved).

Scope of an audit

An on-site FATCA/CRS audit may include various things, such as:

  • Examining the FI’s written policies and procedures;
  • Examining the FI’s books and records;
  • Reviewing the FI’s efforts in collecting missing self-certifications and other information from account holders (for example, examining the FI’s action log for any steps it has taken to obtain a missing TIN from an account holder); and
  • Conducting sample testing to determine the prevalence of accounts that are undocumented because they are missing the relevant self-certifications.

Assessment of penalties

The CRA does not intend to assess any penalties prior to an on-site audit. This is because the purpose of an on-site audit is to determine whether the assessment of penalties is appropriate given the particular facts and circumstances of the FI.

For example, for FIs that have pre-existing accounts with missing TINs, the CRA acknowledges that there is only so much FIs can do to obtain the missing information from the account holder. Accordingly, the particular actions taken by the FI to resolve the missing TIN issue for pre-existing accounts will be a major factor in the CRA’s determination of whether a penalty is appropriate in the circumstances. 

Furthermore, while the CRA intends to use sample testing to assess the FI’s due diligence efforts with respect to collecting self-certifications, the CRA does not intend to extrapolate the results of the sample testing to assess penalties.

For example, if a sample of 100 accounts revealed that 15% of the sampled accounts were missing self-certifications, the CRA does not intend to extrapolate the results and conclude that 15% of all accounts maintained by the FI are undocumented and subject to a penalty. Instead, the CRA intends to assess the missing self-certification penalty only with respect to the accounts it actually knows are undocumented. 

BLG can help

If your organization is selected for audit by the CRA, BLG can help. Having a lawyer on your side during an audit has many benefits, including:

  • Managing privilege – Communications between a taxpayer and lawyer are subject to solicitor-client privilege, thus the CRA generally cannot compel their disclosure. On the other hand, communications between a taxpayer and accountant are not subject to privilege, thus the CRA may compel their disclosure. In scenarios where the taxpayer would like to work with both a lawyer and an accountant, communications with the accountant may be covered under the lawyer’s privilege if a proper relationship is established between the taxpayer, lawyer and accountant. An example of such a relationship is where the taxpayer engages the accountant to act as the taxpayer’s agent for purposes of obtaining advice from the lawyer. 
  • Monitoring the CRA’s review power – During an audit, the CRA may request various documents or pieces of information from the taxpayer. In some instances, the CRA’s requests may be “improper” because it is asking questions that the taxpayer is not legally obligated to answer. For example, the taxpayer is generally not required to provide the CRA with any privileged documents or communications. Similarly, the auditor does not have the right to conduct a phishing expedition by requesting information related to unnamed persons not currently under audit. Working with a lawyer will ensure that the taxpayer under audit is not inadvertently giving the CRA auditor more information than it is legally required to provide.

Start preparing today

As mentioned earlier, CRA expects to begin on-site audits sometime in late 2022 or early 2023. Accordingly, there is no time like the present to prepare for these audits. In this regard, consider the following: 

  • Update your policies and procedures – It is important that your organization’s FATCA/CRS policies and procedures are up-to-date and consistent with the latest version of the CRA’s guidance on FATCA/CRS. You should also be able to produce previous versions of your FATCA/CRS policies and procedures based on prior iterations of the CRA’s guidance. For example:
    • If you are a member of the asset management industry, do your policies and procedures reflect the latest changes applicable to client name accounts effective for January 2023? For more information, read our previous bulletin; and
    • Since the time your policies and procedures were developed, have they been updated to reflect the series of changes to the CRA’s guidance on FATCA/CRS? For more information, read our previous bulletins on the CRA’s revised FATCA/CRS guidance published on March 10, 2022, July 10, 2020 and April 20, 2020
  • Ensure your policies and procedures are sufficient – FIs must also consider whether their FATCA/CRS policies and procedures are sufficient for meeting their FATCA/CRS due diligence and reporting obligations. For example:
    • Who is responsible for tracking developments and regulatory updates pertaining to FATCA/CRS compliance? How are these developments and updates implemented into the FI’s internal processes?
    • How are accounts monitored so that “changes in circumstance” are identified and the necessary follow-up actions are taken?
    • What are the procedures for dealing with accounts that are missing FATCA/CRS-related information? How does the FI log the steps it has taken to obtain the missing information (in order to show the CRA it took reasonable efforts to rectify the issue)?
    • How often are client-facing and back-office staff re-trained on their FATCA/CRS-related responsibilities? 
  • Examine your undocumented accounts – Accounts with missing self-certifications may attract a potential penalty of up to $5,000 for each account that is missing a FATCA and CRS self-certification. FIs may consider taking “effective measures” against undocumented accounts (such as by closing or freezing them) to avoid the penalties, but FIs are cautioned to consider whether they are permitted to take such actions under the relevant securities, banking and regulatory regimes. 
  • Run internal audits – In advance of a FATCA/CRS on-site audit, consider conducting an internal audit to identify FATCA/CRS compliance issues within your organization. Such audits should be undertaken with the assistance of legal counsel such that the results of the internal audit are protected by privilege from disclosure to the CRA. For example, perform a random sample of accounts to determine the extent of accounts with missing self-certifications. Similarly, conduct a detailed review of your organization’s FATCA/CRS policies and procedures to ensure that they are consistent with the CRA’s most recent guidance on FATCA/CRS. 

If you would like to discuss how you can prepare your organization for an audit, or if you would like BLG to assist you during an audit, please don’t hesitate to contact the authors of this bulletin or a member of BLG’s Tax Group.

Key Contacts