Self-certifications are the spine of FATCA and CRS due diligence. They are also the area where institutions accumulate the most quiet risk, because forms get collected once and never revisited.
When to collect
- At account opening, before activation
- On a change in circumstances that affects status
- On a periodic refresh cycle, even where no change is flagged
What “valid” actually means
A self-certification must be signed, dated, and contain all required elements: residence, TIN (or reason for absence), classification and controlling persons where applicable. Forms missing any of these are not valid, regardless of how recently they were collected.
Reasonableness check
The reasonableness test is often skipped. The information provided on the form should be cross-checked against the KYC pack. If something is inconsistent (an address in one country, residence claimed in another) it has to be resolved before the form is accepted.
Storage and retrieval
Forms need to be retrievable on demand for at least the statutory retention period. Indexing by entity, account number and form version saves significant effort when an authority requests a sample.
