On Dec. 21, 2023, the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule describing who will have access to FinCEN’s database containing the names and information of the “beneficial owners” of small and midsize companies (RIN 1545-AB59) (Rule). This is an extension of the Corporate Transparency Act (CTA), which was enacted into law as part of the Anti-Money Laundering Act of 2020 (see How the new entity registration requirements under the Corporate Transparency Act will affect your business in 2024.) Under the CTA, most mid-size and small corporations and companies must disclose certain beneficial ownership information (BOI) to FinCEN. The BOI collected by FinCEN is intended to help officials crack down on global criminal activity and corruption by preventing money laundering by anonymous shell companies that help fund terrorism, drug trafficking and other crimes. To obtain this outcome, FinCEN is going to maintain BOI in a secure database and will allow BOI to be disclosed to certain third parties who can help prevent money laundering, including financial institutions.
How does FinCEN plan to maintain BOI?
The CTA directs the FinCEN to maintain BOI “in a secure, nonpublic database, using information security methods and techniques that are appropriate to protect non-classified information security systems at the highest security level . . . .” FinCEN is implementing this requirement by developing a secure beneficial ownership IT system to receive, store and maintain BOI. Consistent with the CTA’s requirement and FinCEN’s recognition that BOI is sensitive information warranting stringent security, the system will be cloud-based and will meet the highest Federal Information Security Management Act (FISMA) level (FISMA High).
Who will have access to a company’s BOI?
- Federal agencies engaged in national security, intelligence or law enforcement activity if the requested BOI is for use in the furtherance of such activity.
- State, local and Tribal law enforcement agencies if “a court of competent jurisdiction” authorizes the law enforcement agency to see the information in a criminal or civil investigation.
- Federal functional regulators and other appropriate regulatory agencies that (1) are authorized to assess, supervise, enforce or otherwise determine financial institution compliance with customer due diligence requirements under applicable law; (2) use BOI solely to conduct an assessment, supervision or authorized investigation or activity under 31 U.S.C. 5336(c)(2)(C)(i); and (3) enter into an agreement with FinCEN describing appropriate protocols for obtaining BOI.
- Foreign law enforcement agencies, judges, prosecutors, central authorities and competent authorities, provided that their requests must come through an intermediary Federal agency, meet additional criteria, and they need to be made either (1) under an international treaty, agreement, or convention; or (2) via a request made by law enforcement, judicial, or prosecutorial authorities in a trusted foreign country (if no international treaty, agreement, or convention is available).
- Financial institutions that use BOI “to facilitate compliance with customer due diligence requirements under applicable law.” This includes financial institutions that identify and verify beneficial owners of customers who are legal entities – including in connection with things like opening bank accounts or lending money.
What are some of the requirements for financial institutions to obtain BOI?
The CTA requires that a reporting company’s consent is necessary in order for a financial institution to obtain BOI from FinCEN. FinCEN proposed to make financial institutions responsible for obtaining this consent. That proposal reflected FinCEN’s assessment that financial institutions are best positioned to obtain and manage consent through their existing processes, and, because they have direct relationships with reporting companies as customers. Although certain certifications would be required, financial institutions do not need to submit any proof that they obtained a reporting company’s consent. FinCEN recognized that it would not have the capacity to review, verify, and store consent forms, and any additional FinCEN involvement would create undue delays for the ability of financial institutions to onboard customers. FinCEN also explained that a financial institution’s compliance with these requirements would be otherwise assessed by Federal functional regulators in the ordinary course during their examinations.
Additionally, financial institutions will have a more circumscribed beneficial ownership IT system interface than what will be available to most Federal agencies and State, local and Tribal law enforcement agencies. This interface would be based on the defined purposes for which financial institutions can use BOI under the CTA, and it is a proposed requirement that the financial institutions obtain a reporting company’s consent before requesting the information from FinCEN. The interface would require financial institutions to submit identifying information that is specific to a particular reporting company (for example, the company’s name and tax identification number). In return, the financial institution would receive an electronic transcript with that reporting company’s BOI at the time of the request. The transcript would not include any previously submitted BOI for the reporting company.
The CTA is a complex regulation that carries penalties for noncompliance. Parsons Behle & Latimer attorneys are well-acquainted with the CTA and are able to assist with registration and ongoing compliance required under the CTA through our customized interface. We have developed an integrated registration process and a dedicated team to assist clients in compliance and maintenance with the CTA. To discuss obtaining guidance for your organization send an email to cta@parsonsbehle.com.
