The IOR is subject to the legislation and regulatory framework of the Holy See and the Vatican City State.
In particular, the Vatican legal framework recognises Canon Law as the primary source of legislation and the primary criterion for its interpretation. Alongside this, there are six organic laws and other ordinary laws specific to the Vatican City State. As regards matters not covered by Vatican laws, laws and other regulations issued by the Italian Republic are observed as supplementary, if transposed by the competent Vatican authority. They are adopted on condition that they do not contravene the precepts of divine law, the general principles of Canon Law or the provisions of the Lateran Pact and subsequent Agreements, and provided that they are applicable in relation to the state of affairs existing in the Vatican City. (See law n. LXXI on the source of law, promulgated by Pope Benedetto XVI on 1 October 2008).
According to article 1.4 of n. LXXI on the sources of law, the legal framework also conforms to the general norms of international law, and to those derived from treaties and other accords of which the Holy See is part.
As noted, the Istituto per le Opere di Religione is supervised by the Financial Intelligence Authority (AIF), the financial regulatory body for the Vatican City State. In this regard, law n. XVIII of 2013 clarifies and consolidates AIFs functions, powers, and responsibilities in the exercise of its supervisory and regulatory tasks, with the purpose of preventing and countering money laundering and the financing of terrorism, the exercise of financial information functions, as well as financial supervisory functions, as established by Pope Francesco in the Motu Proprio of 8 August 2013.
With regard to the context of supervision, following the implementation of Vatican City State Law n. XVIII, which covers norms of transparency, financial supervision, and information, AIF issued Regulation 1 / 2015 (the “Regulation”) (“Prudential Supervision of the Entities Carrying out financial activities on a professional basis”).
The Regulation stipulates the criteria for the organisation and management of entities carrying out authorised financial activities on a professional basis, stipulating among other things the structure of the entity, the organisation of administrative and treasury functions, the policies, procedures, and mechanisms of internal control, and the policies and procedures of management.
In order for the Institute to be compliant with the provisions of the Regulation, specific work streams have been put in place to allow for full compliance with the provisions of the Regulation by no later than 13 January 2016, the final date for complete compliance as required by article 121.3 of the regulation ( Titled “Transition Period”).
Ahead of the issue of new regulations on the preparation and publication of the financial statements, which will be applied to the upcoming 2015 financial statements, it is noted that the Financial statements here presented have been prepared in conformity with those in the past, applying generally accepted accounting standards, as required by the current Statutes.
In this regard, International Accounting Standards (IAS-IFRS) were adopted. Furthermore, Financial Risk Management disclosures were consistent with those used in the previous financial statements, being within the transitory period ahead of the full compliance with the Vatican framework regarding prudential supervision.
In consequence, beginning with the Annual Report 2015, the information provided to clients and the public will be compiled and integrated in a manner that complies with the new Regulation to be issued.
Over the past year, the IOR has engaged in revising its tax requirements related to its activities and customers. Starting in 2015, the IOR will be subject to the Foreign Account Tax Compliance Act (FATCA), a United States federal law that requires U.S. persons, including individuals who live outside the United States, to report their financial accounts held outside of the United States to the U.S. Internal Revenue Service (“IRS”).
FATCA also requires foreign financial institutions to report to the IRS about the accounts of their U.S. clients. In this context, the Holy See has reached an agreement in substance with the United States on the terms of an IGA (Intergovernmental Agreement).Therefore at the present time the Holy See is a jurisdiction treated by the US Authorities as if it had an IGA in effect as of 30 November 2014. As a consequence, the IOR has been assigned an identification code (GIIN) from the Internal Revenue Service (IRS). The IOR does not see any matter that might prevent it from fully complying with the obligations arising from the IGA.
The IOR has also been working to review and confirm its tax position and that of its customers towards countries with which they have investment relationships. This work has identified probable contingencies which relate to prior years as a result of different interpretations regarding the legal nature of the Institute and the consequent related tax treatments. At this stage no reliable estimate can be made. As a consequence, under the provision of IAS 37 par. 26, no specific provision has been accounted for in the 2014 Financial Statements. However, the IOR remains fully committed to addressing any incorrect treatment with the relevant tax authorities having the capacity to meet any payments that may arise from the above review.
IOR AML/CFT policy review 2013
In the first quarter of 2013, the Board of Superintendence and Directorate of the Institute decided to thoroughly review and re-organise anti-money laundering (AML) procedures and to improve transparency. In order to help accelerate the execution of that process the IOR enlisted external support by mandating Promontory Financial Group, an independent advisory firm for the execution of several individual work streams:
Following a comprehensive assessment of existing practice, the IOR revised and significantly expanded the handbook on anti-money laundering procedures. The handbook defines a new, risk-based internal customer rating, and substantially strengthens customer data compilation and collection requirements. Specifically, the IOR has expanded its data templates in areas such as verification of identification, source of funds, transaction activity, and overall customer risk profile.
Based upon the assessment of the software and transaction monitoring systems in place and the new legal requirements, the IOR approved a 3-year IT investment and development plan. With regard to money laundering prevention, the Institute has implemented a “know your customer”-application for individuals and legal entities and an automated internal customer rating system that are currently being fine-tuned.
Based on a preliminary review process of its customer database concluded by December 2012 and the requirements of the newly introduced customer data templates, the IOR has been engaged in a systematic screening of all existing customer records in order to identify missing or incomplete information. Per 1 half 2014, all records have been reviewed and assessed for completeness. Incomplete templates are being remediated on a step by step basis.
In parallel to the Customer Data Remediation process, the IOR has conducted an externally assisted forensic transaction review to verify the accuracy of the IOR customer list and to review unusual transactions. This included a reconciliation of the IOR’s booking records comparing general ledger entries with incoming and outgoing transaction payment records.
Over the course of 2013, the IOR has designed and has delivered to all employees a mandatory general and specialized anti-money laundering training curriculum with the aim to achieve and maintain an adequate level of trained and knowledgeable employees and ensure their full compliance with all obligations stipulated in the IOR Handbook.
As part of a governance overhaul, the Board of Superintendence has nominated a Chief Risk Officer at Directorate level with a specific brief to focus on compliance and reporting. In addition, the IOR standardized reporting procedures in order to strengthen the overall reporting system.
As a result of the first regular on-site inspection carried out by the Autorità di Informazione Finanziaria (AIF) in the first half of 2014, AIF is currently developing a schedule for the implementation of further improvements and adjustments.