Are you fit for a CRS audit?
Rumour has it that the Swiss Federal Tax Administration (FTA) is now starting with the live CRS audits of Swiss fiduciary firms. In December 2019, KENDRIS was as the first Swiss fiduciary firm given the valuable possibility to be subject to a pilot CRS audit carried out by the FTA. The overall aim with the audit was to control the compliance with reporting and due diligence obligations under the CRS rules. The FTA found no deviations, errors or omissions as a result of the CRS audit and had no comments on any insufficiencies – which shows that our extensive work to implement and maintain a top-quality AEoI/CRS infrastructure and set the benchmark for Swiss fiduciary firms is paying off. Are you fit for an audit? In this blog post, we intend to share some of our experiences of our pilot audit of last year.
AEoI audit scope and procedures
Prior to the audit, internal guidelines, policies and procedures and checklists, documentation and information regarding AEoI/CRS implementation project, due diligence and reporting infrastructure, client identification etc. was made available to the FTA. The FTA picked out a number of random sample cases based on KENDRIS’ full client population.
During the audit, the FTA on-site team of five had unrestricted and unattended access to various IT applications (e.g. customer relationship management tool, reporting review and approval process tool) including access to client self-certifications, AML/KYC documentation, financial statements and submitted reports. All such documentation relating to the sample cases were subject to review.
Other more general topics were subject to review and discussion, such as
- written due diligence and reporting policies and procedures,
- how changes in circumstances are identified and documented,
- how internal controls and trainings are organised,
- whether sufficient resources have been allocated to the CRS implementation project, and
- to which extent the relevant stakeholders within the firm are involved or kept informed.
What is the takeaway?
We can probably all agree that AEoI/CRS due diligence, reporting and other related obligations needs to be carried out in a correct and timely manner. However, it is also essential that one can demonstrate how this materialises. It is therefore advisable to implement or review compliance measures such as for example:
- The validity of a classification must be backed up with supporting documentation.
- Account holders and controlling persons must be properly documented.
- The financial information subject to reporting, such as account balance and relevant payments, needs to be comprehensible.
- Changes in circumstances must be effectively tracked and evaluated.
- Written policies, procedures and processes needs to be in place, up to date and complied with.
- Adequate and qualified resources must be made available.
- Trainings for the staff should be carried out and internal control mechanisms need to be in place to ensure compliance with the relevant rules as well as with internal policies.
- Inefficient or insufficient procedures should be enhanced and any errors or deviation that are being detected must be cured.
In essence, the work must not only be carried out, but also documented in a suitable manner.
Are you fit for an audit? Please do not hesitate to reach out to our CRS experts if you have any questions, need assistance with setting up policies and procedures or reviewing your current ones.