December 5, 2013: Treasury Inspector General for Tax Administration Releases FATCA Report
Foreign Account Tax Compliance Act (FATCA)
Treasury inspector general for tax administration concludes improvements necessary to strengthen systems development controls for the FATCA registration system
On December 5, 2013, the U.S. Treasury announced the release of the treasury inspector general for tax administration’s (TIGTA) report on the Foreign Account Tax Compliance Act (FATCA) Registration System's1 systems development controls. The FATCA provisions were enacted in 2010 as part of the Hiring Incentives to Restore Employment ("HIRE") Act and aim to incentivize FFIs to report certain information on U.S. residents and citizens holding financial accounts in such institutions. To that end, FATCA obligates withholding agents to withhold 30 percent on any withholdable payments made to an FFI that does not agree to report such information to the U.S. Internal Revenue Service ("IRS"). Additionally, withholding agents must withhold 30 percent on withholdable payments made to NFFEs that do not agree to provide certain information on their substantial U.S. owners when required.
The FATCA Registration System enables entities to register with the IRS to comply with FATCA and obtain a Global Intermediary Identification Number (GIIN) to evidence compliance. The stated purpose behind TIGTA’s review was to analyze the IRS’s "risk mitigation processes for program management, security control processes, testing documentation and requirements management." While the TIGTA determined that the IRS has taken steps to improve management controls following its termination of the original FATCA Registration system in November 2012 due to substantial regulatory changes and the FATCA Intergovernmental Agreements, the TIGTA noted that additional improvements are needed.
The TIGTA made the following six recommendations:
- The Chief Technology Officer (CTO) and Commissioner, Large Business and International (LB&I) Divisions should timely identify and communicate system changes for future FATCA releases.
- The CTO should ensure that adequate program management controls are in place and consistently followed to guide future FATCA system development activities.
- The CTO should ensure that the proper security test plan is prepared so that all security requirements, security controls and test cases are identified, traced and tested and all security testing is completed before system deployment.
- The CTO should ensure that all testing groups follow the Internal Revenue Manual (IRM) procedures for documenting test cases to ensure consistency.
- The Commissioner, LB&I division should establish IRM procedures for all testing group to ensure that test case documentation is consistent with and supports the IT Organization requirement testing process.
- The CTO should ensure that IRM guidelines are followed so that requirement documents are established in the beginning of the testing life cycle and updated and maintained throughout the requirement management and testing processes. The requirement document must also be regularly used to ensure that the FATCA Registration System and future FATCA system requirements are included in test cases and tested.
While the IRS responded to all six recommendations, the TIGTA did not feel that the IRS was fully responsive for recommendations 1 and 6. The TIGTA maintains its recommendations for 1 and 6 and recommends the IRS follow the guidelines outlined in the report.
1 Although the report calls the system the Foreign Financial Institution Registration System, the official name in the IRS Manual is the FATCA Registration System which is more appropriate given that entities other than FFIs can use the system to register.
As used in this document, "Deloitte" means Deloitte Tax LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.