Skip to main content

FATCA and CRS health check

The legislative context


Tax authorities across Europe are increasingly requiring enhanced FATCA and CRS compliance from financial institutions and are stepping up their FATCA and CRS audits.

In October 2019, many financial institutions received a formal request from the Luxembourg Tax Authorities (LTA) to provide FATCA and CRS information and documentation, including a description of the measures in place to ensure due diligence and reporting obligations.

On 18 June 2020, the Luxembourg legislator took a step further by voting in a FATCA and CRS law (the “Law”) amending both the CRS law of 18 December 2015 and the FATCA law of 24 July 2015. The Law explicitly requires Luxembourg reporting financial institutions to keep records of any action taken and supporting evidence used to fulfill their due diligence and reporting obligations for 10 years.

The Law also extends the LTA’s investigation powers. Upon request, it enables them to access records of any action taken, supporting evidence, policies, controls, procedures, and IT systems for up to 10 years after the end of the calendar year in which the Luxembourg reporting financial institution is required to communicate this information.


How to be compliant


Considering these developments and the potential penalties for non-compliance, Luxembourg reporting financial institutions are advised to review and potentially update their processes and procedures to meet the new requirements of the OECD, local regulators and local tax authorities.

In this respect, an efficient operating framework is essential to demonstrate compliance with FATCA and CRS in a reliable and provable way:

  • An organizational structure with defined roles and responsibilities
  • A tailored training program to ensure relevant staff members have the adequate skills and knowledge to perform their duties
  • Well-defined and documented processes and procedures
  • A strong control framework
  • Robust record-keeping and IT systems


How Deloitte can help


To help Luxembourg reporting financial institutions comply with these regulations, Deloitte offers a FATCA and CRS health check to assess compliance and identify potential gaps by:

  1. Reviewing the FATCA and CRS policies and procedures covering, inter alia, client on-boarding, classification, due diligence, change in circumstances, and reporting
  2. Reviewing the governance and controls in place
  3. Assessing data quality
  4. Reviewing a sample of accounts under a risk-based approach (testing of documentation and information on IT systems)
  5. Reviewing reporting quality

Deloitte then summarizes the findings and suggests remediation measures in a written report, which can be part of an audit defense documentation.

This healthcheck may also allow you to potentially identify non-reportable clients that are incorrectly documented for CRS and for which DAC 6 reporting may be requested under hallmark D.

Our methodology is flexible and can be tailored to your needs. We can use a risk-based approach or base it on your internal audit program, or we can perform a fully-fledged review or focus only on the areas you consider at risk.

Deloitte can also support Luxembourg reporting financial institutions by:

  • Drafting FATCA and CRS policy/procedures.
  • Providing tailor-made FATCA and CRS training and access to our FATCA and CRS eLearning curriculum. Find out more >>
  • Answering FATCA and CRS technical questions, analyzing specific cases, and providing latest updates through a regulatory hotline.
  • Offering FATCA and CRS reporting solutions through Deloitte Solutions, our regulated entity with a PSF status. Find out more >>