What is the International Compliance Management Model (ICMM) system?
System that allows IRS to send/receive, process, store, and manage FATCA data received from various sources to support needed compliance activities.
What is the difference between an IDES Alert and an ICMM Notification?
IDES issues email alerts via unsecured, plain-text email and they contain information about the transmission processing within the IDES system. An ICMM Notification is a “transmission” file archive that contains encrypted documents that are sent from the United States Internal Revenue Service (IRS) to a Foreign Financial Institution (FFI), direct reporting non-financial foreign entity (NFFE), or Host Country Tax Authority (HCTA) in response to the transmission of a FATCA Report submitted on the Intergovernmental FATCA XML Schema or the paper Form 8966.
What is the frequency of IRS request for information on recalcitrant accounts?
The transmission can occur on the ad-hoc basis as HCTA receives the information from FFIs, or the HCTA can provide a single submission at or before the submission date and time as specified in the IGA. This applies to all jurisdictions.
What is IRS expectation for HCTA response to request for information on recalcitrant accounts?
Standards for request and/or response to information requests are defined in the IGAs and the Competent Authority Arrangement (CAA).
What are IRS standards for HCTA data validation on recalcitrant accounts through the FATCA XML schema?
All data provided should fully comply with FATCA XML schemas posted on IRS.gov. The schema user guides describe fields that are mandatory for FATCA reporting.
How can HCTA and FFI obtain information as to system development progress and status?
The IRS publishes this information on the FATCA site on IRS.gov making it universally available at the same time. Additionally, users can subscribe to the FATCA newsletter for updates on the latest IRS news, guidance, regulations and other public information related to FATCA.
What types of technical support will be present during integration testing? How will the HCTAs, direct reporting NFFEs, and FFIs report issues with integration testing back to the IRS?
The IDES vendor will provide help desk support under their contract with the IRS during testing to address technical issues related to the use of IDES. The IRS is currently looking into methods to provide additional technical support for issues related to data preparation. For testing related issues, the IDES Help Desk can be reached at firstname.lastname@example.org.
What is the protocol for HCTAs to contact the IRS with technical issues or questions regarding IDES?
The IDES vendor will be responsible for resolving technical issues or questions regarding IDES. The IDES Help Desk can be reached at 1-800-613-IDES (4337), 605-271-0311, or via email at questions @ides-support.com.
What is the protocol for HCTAs to contact the IRS with issues or questions regarding reporting requirements?
The HCTA should direct questions regarding reporting requirements to the United States Competent Authority.
When can I enroll to use IDES?
The IDES enrollment site is now open and can be accessed at IDES Enrollment. For HCTAs, once you receive your enrollment letter from the IRS, it will include HCTA-specific instructions to enroll.
Does an HCTA need to get a GIIN?
No, GIINs are specific to Financial Institutions, Direct Reporting NFFEs, and sponsoring entities. However, when an HCTA enrolls, they will receive a FATCA Entity ID Number, which resembles a GIIN. For example, the FATCA Entity ID Number of the IRS is 000000.00000.TA.840.
Will an API or standalone application be available to assist with data preparation?
IDES will not be providing an API or application for data encryption and transmission. The file format has been described and the file preparation guide has been published on IRS.gov to assist users. The IRS is currently looking into methods to provide additional technical support for issues related to data preparation. There are currently samples of Data Preparation code available on GitHub in the IRSgov repository.
I am a Sponsoring Entity located in a Model 1 IGA jurisdiction. I am responsible for reporting on behalf of entities in Model 2 and non-IGA jurisdictions. When I attempt to enroll in IDES the system rejects my enrollment as coming from a Model 1 IGA jurisdiction. How can I use IDES as required to submit FATCA Reports?
The IRS developed a process that allows you to use IDES. You will obtain a second GIIN that reflects that you are located in a Model 2 or non-IGA jurisdiction.
1. Enter the IRS Registration Portal and create a new account.
2. Select the Financial Institution Type, Sponsoring Entity and click Next to continue.
3. Complete other questions and proceed to Part 1, Questions 3A-4.
a. Question 3: Select Financial Institutions Country of Residence, Other.
b. Question 3B: Enter your Financial Institution’s country/jurisdiction tax ID, if available.
c. Question 4: Select the Financial Institution’s classification in its jurisdiction of tax residence, None of the Above.
4. Complete the application and other entries as you did originally.
After the approved GIIN appears on the FFI List, use the GIIN to enroll in IDES. Detailed information on IDES enrollment process can be found at https://www.ides-support.com/. Note: In order to be able to use IDES ahead of the June extended deadline for submission of FATCA reports for Model 2 and non-IGA jurisdictions you will have to obtain your new GIIN by May 21, 2015.
What information will be contained in the ICMM Notifications?
Information on ICMM Notifications can be found on IRS.gov at IRS FATCA Report Notifications. The IRS has recently published a user guide containing information on ICMM Notifications.
How does an entity enroll for a testing window?
First, they need to be an enrolled user of IDES. When a testing window has been identified, all enrolled users will receive an email notifying them of the window as well as instructions for signing up for that specific window. Additional information regarding testing can be found on the IRS.gov website.
When will the IDES system be accessible for User Acceptance Testing?
The IRS conducts periodic testing of IDES. Dates for testing windows will be made available on the IRS.gov website.
I have not received an expected email about IDES enrollment. Are there any known issues related to this?
Please make sure that you're email spam filter will accept emails from the IDES enrollment site (@ides-support.com). This is not only important for the enrollment email, but IDES Alerts.
What format should data be provided for the FATCA Report?
Data should be provided in the XML format, which complies with the Inter-governmental FATCA XML schema as agreed by the International Community and published on the IRS FATCA web site. See IRS Publication 5124 FATCA XML v1.1 User Guide.
Is there a naming convention for files pertaining to IRS request for information on recalcitrant accounts?
No, there is currently no naming convention required at this time. If there is a change to this requirement, it will be published on the IRS FATCA web site.
When will sample XML files related to FATCA submissions be available?
Sample XML documents for the FATCA NIL reports, sender metadata, and notifications have been uploaded to the IRS.gov website and can be found at FATCA XML Schemas and Business Rules for Form 8966. Additional sample XML packets are being developed and will be posted on IRS.gov as soon as available.
When will sample XML files related to FATCA submissions be available?
What is the format for sending metadata for file transfers to IDES (e.g., indicate a specific sender / receiver)?
Information regarding the metadata schema is documented in the IDES Metadata Schema User Guide, which can be found at IDES User Guide.
Is the XML data based on UTF-8 character encoding? Are there any restrictions on the range of characters that can be used?
Yes, the FATCA XML schema v1.1 was developed using UTF-8. Additional specifications regarding acceptable characters can be found in the Competent Authority Arrangements.
Is there a "not to exceed limit" on the size of the transmitted data file? Is there a method to associate and/or merge files if transmission split due to size restrictions?
At the current time, the maximum recommended file size is 200MB compressed. There is currently no method to merge files; this will be addressed at a later date if this becomes a recurring need. There is no need to associate the files, all the information can be sent in as many transmissions as needed.
Within the XML schema, is the SendingCompanyIN data element used to determine the origin of the file?
The IRS will not rely on the SendingCompanyIN data element to determine the origin of a file. The Sender will be identified in the metadata that accompanies each IDES transmission.
How will the DocTypeIndics reserved for testing purposes will be used in production and test environments?
There is a 'test' Doc Type Indicator in the schema that corresponds to each production indicator. It is expected all partners will make use of the 'test' doc type indicators during testing periods. The sender should not send data with ‘test” doc type indicators to IDES in production. Test data should only be transmitted to the test environment during test window.
How will the IRS handle updates to the XML schema? Will the system still be able to accept older versions of the schema or will prior years' files need to be updated to the current schema version?
The IRS will publish information regarding updates to the schema on IRS.gov. The methods for handling multiple schema versions will be published as soon as possible.
If an individual has only received certain payment types, should the other payment types be listed with a zero amount or should they be omitted from the report for that individual?
If an individual has not received a particular payment type, zero amount is acceptable. If a particular payment type is not relevant to the individual, it is preferred that the information be omitted.
What is the procedure for FFIs, direct reporting NFFEs, and HCTAs to verify test data prior to the launch of IDES?
The IRS will send Notifications regarding the submission of test files in the same way as in the production environment. If additional questions are generated after receiving a Notification, feel free to contact the IRS at the number indicated on the Notification.
Can an HCTA create it's own standard numbering format for the MessageRefID in the FATCA XML Schema for its financial institutions to use?
Yes. The only requirement is that the field be be unique for each sender for the lifetime of the system and that it not exceed the maximum length of 200 characters.
What is the difference between corrected, amended and void files?
'- Corrected Data (FATCA2) is used for records being re-transmitted after the IRS has notified the sender of a problem with the file or underlying data. Corrected Data should ONLY be used when responding to an IRS request to correct the data.
-Amended Data (FATCA4) is used to amend a record(s) previously transmitted to, received and processed by the IRS, but is later found to contain erroneous information.
-Void Data instructs IRS to disregard previously-filed records when data needs to be re-transmitted. Please see IRS Pub 5124 for specific scenarios where this would be required. The original records should be re-transmitted with code FATCA3 which instructs IRS to void the original transmission. After voiding records, the revised records should then be transmitted to IRS with code FATCA1 as New Data.
When submitting a file with amended or corrected entries, what should be included in the MessageRefId field?
The MessageRefId should be a unique identifying number for the new file that includes the updated entries. The CorrMessageRefId should be the MessageRefId of the original file submission.
Are there any characters that are not allowed due to XML syntax rules and should be avoided in submitted XML documents?
Use of the ampersand (&) and less than (<) symbols as element values are prohibited since they are not allowed by XML syntax rules and will cause the transmission to be rejected with a failed schema error notification. These symbols must replaced with entity references.
Substituting any ampersand symbols with "&" and less than symbols with "<" in XML files will prevent the generation of the error notification.
Are there any characters that pose a security threat and should be avoided in submitted XML documents?
Use of the apostrophe (‘), double dash (--) and hash (#) symbols are prohibited as they pose a security threat and will cause the transmission to be rejected with a failed threat detection error notification.
An apostrophe needs to be replaced with the entity reference "'" in order to prevent the generation of the error notification. There is currently no substitution for the double dash and hash symbols.
Are there any other characters where the IRS recommends replacement with XML entity references?
In order to conform to XML schema best practices, the IRS recommends that quotation marks (") and greater than (>) symbols are replaced with XML entiry references. Quotation marks can replaced with """ and greater than symbols (>) can be replaced with ">".
Can the restricted characters be included in escaped portions of the file (i.e. comments)?
Yes. Inclusion of any restricted characters will only cause a rejection if they are within the XML data elements. Restricted characters in escaped portions of the file, i.e. comments, will not cause a rejection.
Which users are permitted to submit pooled reports? What is the procedure for submission of these reports?
Pooled reports may not be submitted by HCTAs with respect to FIs in Model 1 jurisdictions. Pool reports may be submitted by FIs in Model 2 and Non IGA jurisdictions. Pooled reports are submitted using the same method as account reports. Pooled reports can be submitted using the FATCA Schema and by selecting pooled report in the reporting group.
Which users are required to submit a Nil report? What is the procedure for submission of these reports?
Only Direct Reporting Non-Financial Foreign Entities (NFFEs) are required to submit nil reports. For all other entities, submission of nil reports is not mandatory and submission of these reports is optional. While nil reporting might not be required by the IRS, it might be required by the local jurisdiction. Please check with your local tax administration. Nil reports that are submitted must provide Reporting FI information. The report contains Reporting Group, but it does not contain any account reports or pooled reports. Reporting group can be empty or can contain Sponsor or Intermediary information.
We're receiving a Notification that there are restricted characters in our file but when we check the FATCA XML Schema (Form 8966) we don't find any. What is wrong?
The IRS has noted that some signature tools may insert illegal characters in the KeyInfo element when generating a signature. If so, the KeyInfo element should be removed before submitting the package. The package will validate without it.
Will requests from the IRS for information on nonconsenting U.S. accounts and nonconsenting nonparticipating FFIs be transmitted via email?
No, all IRS requests for information will be transmitted via IDES. Format of the message exchange between IRS and HCTA will be via PDF
Will IDES be used for transmitting the ICMM notifications?
Yes, IDES will be used as the transmission path for ICMM Notifications. A message type in the metadata will be used to distinguish Notifications from FATCA Reports.
How will reciprocal data from the IRS be sent to an HCTA and in what format?
The data will be sent through IDES. The format of the XML specification is the same as the Form 8966 XML schema published on the IRS website and can be found in the IRS Publication Intergovernmental FATCA XML Schema v1.1.
How will the HCTA notify IDES of outages of their systems that will be receiving data?
The HCTA should direct information regarding system outages to the United States Competent Authority.
What is the procedure for sending corrected and/or amended data to receiving HCTA? Will the resubmission need to include only the corrected / amended entries or will the entire report need to be resubmitted?
Procedure for submitting corrected or amended data will be the same as the submission of a new report. Specific operational procedures for data preparation are documented in the IDES User Guide. The resubmission will only include the corrected / amended entries, with a reference to the original report. Please refer to the FATCA XML User Guide for preparing corrected or amended reports.
What required data validation should be done on the FATCA Report data prior to being submitted to IDES?
The FATCA Report data XML file must be validated against FATCA XML schema published on IRS site. IRS Publication 5124 FATCA XML v1.1 User Guide contains all information required to ensure data is valid within the report. The User Guide outlines which fields are mandatory as well as specific business rules for each data element.
I uploaded a FATCA Report to IDES 3 days ago. I received an Alert from IDES via e-mail that my file was successfully uploaded, but I have not received a Notification back from the IRS about the status of my FATCA Report. What could be wrong?
The IDES alert of a successful upload is information about the transmission of your file. IDES alerts cannot provide information about the receipt and processing of your files by IRS ICMM. The IRS should issue an ICMM Notification for every FATCA Report that is successfully transmitted through IDES letting you know the status of your FATCA Report. You should always receive a Notification within 24 hours, and in most cases within a few minutes, of the IRS ICMM system receiving your file. However, the IRS has identified specific instances during testing where ICMM Notifications are not issued to filers when certain errors are present. In addition, the IRS has identified circumstances in which filers did not download their notifications before the 7 day retention period expired, and these notifications were deleted and are no longer available for download. The IRS is working to address and resolve these issues.
In the meantime, there are a few things you can do to maximize your ability to receive notifications sent to you, and to determine whether a notification has been sent to in response to your file. These are as follow:
• First, make sure that e-mail alerts from IDES are not blocked as SPAM by your own e-mail system. Your e-mail system may have deleted it or may have sent it to you SPAM inbox. If you have been sent an alert that a notification is present, but the alert email is blocked you may never be aware of the notification’s availability for download.
• Second, make sure your IDES User Profile is configured to allow IDES to send you e-mail alerts, including those regarding notifications. There is a box that can be set to either send or not send you email alerts. If you would like to receive email alerts, including those about notifications, make sure it is set to send e-mail alerts.
• Third, check your IDES inbox over the next 24 hours following the upload of your file to IDES to determine whether there is a Notification waiting for download. Even if you have not received an e-mail Alert, the Notification could still be in your folder ready for download. After seven days the notification will automatically be deleted from the system.
If you have checked your folder in IDES and there is no Notification present after 48 hours or longer since your file was uploaded successfully, an error types which is suppressing a notification from being sent may have been detected on your file. A few things to check that may help include the following:
• Making sure the digital certificate you are using for signature and encryption for FATCA data has not expired or been revoked by your Certificate Authority.
• Also, you should double check the Metadata XML file that is part of your data packet, to ensure all of the mandatory data elements are correct. In particular, please make sure that FATCAEntCommunicationTypeCd is set to “RPT”, and that the TaxYear is set to “2014.”
• Make sure all of the entries are correct. Did you indicate you were submitting a FATCA Report? Did you select the correct tax reporting year (it should be 2014)? Etc.
After you’ve checked these items, you should resubmit your file.
I have performed all of the above checks and I still am not receiving a notification. Is there anything else that could be causing the issue?
It is possible that you submitted your production files to the test environment instead of to the production environment. If this happened then you may not receive an ICMM Notification. Any production files that are submitted to the test environment will not be processed and will need to be re-submitted to the production environment. Please do not submit production files to the test environment. In addition, please do not submit test files to the production environment.
We're receiving an alert that there are too many files in package (RC026). What is wrong?
The data packet to be transmitted is an archive in .ZIP file format. For Model 1 and 2 IGAs, this packet should include 3 files (FATCAEntitySenderId_Metadata.xml, FATCAEntityReceiverId_Key, and FATCAEntitySenderId_Payload). For Model 1 Option 2 IGAs, the packet should have 4 files, all of those mentioned previously plus the HCTAFATCAEntityId_Key. You are receiving RC026 because for your respective jurisdiction, there are more than the 3 or 4 files in the data packet.
What type of data encryption should be used prior to XML data transmission?
A digital signature shall be applied to XML and Notification files, referred to hereafter as data files. FATCA digital signatures use the SHA-256 hashing algorithm in conjunction with the private key for the HCTA/FFI. The private key corresponds to the public key (RSA 2048-bit) that is stored on IDES. Following the creation of a digital signature and compression, the data file is encrypted using the AES algorithm and a randomly generated 256-bit key. The AES key is stored in a separate file and encrypted using the IRS’ public key, which is obtained from IDES. Both the data file and the key file shall be combined into a single zip file for transmission to IDES.
What encryption standard will be implemented on the transmission path?
As recommended by the National Institute of Standards and Technology (NIST) Special Publication 800-52, Transport Layer Security (TLS 1.2) will provide the mechanism to protect sensitive data during electronic dissemination across the Internet”.
How will passwords and keys be controlled for data transmission?
The public keys for the users will be available through IDES. Each user will have a unique password
Who is responsible for data transmission security via encryption?
Each HCTA will initiate a secure transmission to IDES via encrypted session. Likewise, the IRS will initiate a secure transmission to IDES to retrieve data. More information can be found in the IDES User Guide.
What type of data encryption is used for reciprocal data sent to a HCTA?
The encryption tools and processes are the same regardless of the direction of the transmission.
What are the requirements for digital certificates?
IDES currently requires digital certificates from one of seven different certificate authorities. During the FFI, direct reporting NFFE, and HCTA enrollment process, the digital certificate must be uploaded to the IDES website. A list of acceptable certificate authorities and products can be found atDigital certificates.
Can the AES 256 key be re-used for subsequent data transmissions or does the key have to be different each time?
The AES key must always be considered a “one time use” key. Software used to perform AES256 encryption can generate a new AES key for each use.
Can the IRS provide additional detail regarding proper preparation of data for submission to IDES?
The IRS will continue to update the FAQ and the data preparation section of the IDES User Guide in response to inquiries regarding data preparation.
There are currently samples of Data Preparation code available on GitHub in the IRSgov repository.
Who needs to obtain a digital certificate?
Only the entity that prepares an encrypted file and uploads it to IDES needs to obtain a digital certificate. The private key used to sign the XML file must correspond to the public key in the digital certificate used to enroll in IDES.
Can a digital certificate be shared by multiple organizations?
A digital certificate is issued to a single organization. The digital certificate contains a public key. Sharing of the corresponding private key between organizations is a poor security practice and, as such, it is strongly discouraged.
If an FFI is submitting on behalf of other FFIs (i.e. a parent company submitting for its subsidiaries), does each entity need a certificate, or only the entity submitting the file?
Only the submitting entity needs to have a certificate.
Are you sure an SSL certificate can be used the way IRS plans? This appears to be different from its intended purpose.
SSL certificates are intended for use on a web server. IRS has successfully used SSL certificates to verify digital signatures and encrypt AES keys during testing. However, IRS acknowledges that it cannot verify test all the software that partners might use, and so incompatibilities are possible. IRS is exploring options to approve other types of plans to approve one or more digital certificates that are not designed for use on a web server.
How does an organization obtain an SSL certificate if it does not have a Fully Qualified Domain Name (FQDN)?
The short answer is that it cannot. An FQDN is needed in order for the Certificate Authority (CA) to issue an SSL certificate. IRS is exploring options to approve other types of certificates.
Is the use of ides-gateway.com or ides-support.com an acceptable FQDN for obtaining a digital certificate for IDES?
No, the FQDN in question is the entity's FQDN, not the IDES FQDN.
I read in a recent cybersecurity blog that there is a concern the encryption standards being used for FATCA data are no longer current. Is this correct?
No. The encryption process used to protect your FATCA data was assessed by the IRS prior to granting FATCA-related information technology systems the authority to operate. The IRS also assessed a number of security controls which are documented in NIST Special Publication 800-53. The IRS would not have approved IDES for use in transmitting tax information otherwise.
Are there any recommended software packages that will be able to encrypt the .zip file containing the signed XML file, using AES 256 bit encryption with a randomly generated AES 256 bit key?
There are existing data preparation software packages on the commercial market; however, the IRS does not endorse any specific software package.
During testing, we have experienced issues with decrypting the notification file. Are there any lessons learned or best practices that you can share?
The IRS is currently developing information on variety of methods that can be utilized for decrypting the notification file. There are currently samples of OpenSSl commands for decrypting notifications on GitHub in the IRSgov repository.
IDES Use for Entities Not Required to Obtain a GIIN
How do I submit the FATCA XML Schema if I am a U.S. Withholding Agent (USWA), Territory Financial Institution (TFI), third party preparer, or other entity that is not required to have a GIIN?
Certain entities, such as USWAs, TFIs, or other third party preparers (not sponsoring entities) submitting information on behalf of another entity, are not required to register or to obtain a GIIN and, therefore, should not do so. USWAs, TFIs, and other entities that are not required to have a GIIN (“non-GIIN filers”) must follow the procedure, below, in order to obtain a FATCA ID number (FIN) that they will use in lieu of a GIIN to enroll in and use IDES (including submitting an Intergovernmental FATCA XML schema v1.1 (electronic Form 8966)).
The FIN, along with the associated identifying information that you provide, will be treated as return information by the IRS. This FIN and the associated information provided will be used by the IRS to validate the non-GIIN filer’s IDES enrollment and submission of files via IDES and for other FATCA purposes. The FIN, but not the associated information (such as your name), will be published on the Foreign Financial Institution (FFI) List to facilitate the IDES enrollment and your submission of files via IDES. For more information about the FFI List, see IRS FFI List FAQs.
Your published FIN will be accompanied by a generic name (e.g., “U.S. Withholding Agent 1”) on the FFI List, and publication of your FIN on the FFI List does not change your status for FATCA purposes. That is, having your FIN published on the FFI List does not make you an FFI, and the FIN does not serve any function related to withholding tax on payments under FATCA. Note: In order to request a FIN, you must consent to the IRS’s publication of the FIN on the FFI List because the FIN is return information. Visit the IDES Resources page for more information.
How do I complete the FATCA XML Schema if I am a U.S. Withholding Agent (USWA) or Territory Financial Institution (TFI)?
If you are a USWA or TFI, you complete the FATCA XML Schema in the same manner as if you were a “ReportingFI”. In the “TIN” data element, make sure to use your U.S. EIN (or, if you are a TFI that does not have a U.S. EIN, use the EIN used by the relevant U.S. territory tax administration to identify the TFI). Note: For reporting with respect to calendar year 2014, a USWA or TFI with a filing deadline of March 31, 2015, has until June 29, 2015, to submit the FATCA XML Schema. For additional information, please read FAQ Q2 under the “Reporting” section on the General FAQ page.
How do I complete the FATCA XML Schema if I am a third party preparer or other entity that is not required to have a GIIN?
If you are a third party preparer (not a sponsoring entity) or commercial software vendor and you are submitting the FATCA XML Schema on behalf of another entity (or on behalf of several other entities), enter your FIN, which you obtained to enroll and use IDES, in (1) “SendingCompanyIN” data element in the FATCA XML Schema Message Header and (2) "FATCAEntitySenderID" data element in the FATCA XML Metadata Schema.
Note: For reporting with respect to calendar year 2014, a third party preparer or commercial software vendor filing on behalf of an entity with a filing deadline of March 31, 2015, has until June 29, 2015, to submit the FATCA XML Schema. For additional information, please read FAQ Q2 under the “Reporting” section on the General FAQ page.
If you need system support for IDES, including help with login problems, error messages and other technical issues, please contact IDES Customer Support.
The IDES support team cannot respond to tax law questions regarding the FATCA regulations.
Pre and Post Transmission Related Questions
If you have additional questions about the International Data Exchange Service, please submit your question.
The IDES Webpage and IDES FAQs are updated on a regular basis with information related to IDES and with answers to IDES questions. However, you may submit a question here if you do not find the information you need elsewhere. Due to the volume of questions received, the IRS is unable to provide personalized responses, but answers to the most frequently asked questions will be posted periodically.
NOTE: Do not provide any personal identification information such as your name, taxpayer identification number, social security number, address, or telephone number.