Corporate Transparency Act Reporting Rules Finalized, But Will Access Issues Cause Delay?

• Author: Warner, Jonathan H. "Jason"

As of this writing (June 15, 2023), the Corporate Transparency Act (CTA) (1) is scheduled to take effect on January 1, 2024. An earlier article (2) raised several questions in anticipation of rules to be issued by Treasury's Financial Crimes Enforcement Network (FinCEN) implementing the CTA's beneficial owner information (BOI) reporting requirements. Final reporting rules (3) issued on September 30, 2022, answered most of those questions, as discussed below.

On December 16, 2022, FinCEN released proposed rules for access to the beneficial ownership database (BOI Database) and security issues. (4) On February 14, 2023, the last day for comments, the American Bankers Association and 51 state bankers' associations jointly filed a highly critical comment asserting that the proposed rules were fatally flawed and should be withdrawn. (5) The overall tone of the comment suggests a serious communication failure between FinCEN and the banking lobby, which previously had been thought to be working closely with FinCEN in developing the CTA rules. The issues raised by the comment include:

1) Banks would not be allowed to seek open-ended or multiple reporting company search results from the BOI Database and would have to make separate requests for each reporting company, with the reporting company's consent.

2) Banks would be allowed to use BOI from the BOI Database only to facilitate compliance with customer due diligence requirements (CDD Rules) (6) under the Bank Secrecy Act (BSA), (7) and not for other purposes such as compliance with Office of Foreign Assets Control sanctions. A bank would have to identify and wall off BOI obtained from the BOI Database from that otherwise collected by the bank to avoid inadvertent violation of the CTA's data security requirements.

3) Banks would not be allowed to share BOI obtained from the BOI Database with their personnel located outside the U.S., with independent auditors, nor with third-party service providers supporting compliance.

4) Since BOI obtained from the BOI Database may differ from BOI obtained directly from customers, a bank should have a safe harbor from liability for any discrepancies when bank regulators examine the bank's use of BOI from the BOI Database.

5) The access rules should state explicitly that banks are not required to access the BOI Database.

On March 16, 2022, Senators Whitehouse, D-RI, Grassley, R-IA, Wyden, D-OR, Rubio, R-FL, and Warren, D-MA, sent a letter (8) to Fin-CEN supporting most of the banking industry's positions other than sharing BOI with foreign personnel and the safe harbor from liability. The letter suggested an automated process for receiving and responding to BOI requests from banks, asserting that manual review of individual requests would overwhelm FinCEN's resources.

The letter also criticized proposed Rule [section]1010.955(b)(2), (9) requiring a state, local, or tribal law enforcement agency to obtain a specific court order authorizing the agency to seek BOI in a criminal or civil investigation. The senators argued that the CTA requires only that "a court of competent jurisdiction, including any officer of such a court [emphasis added], has authorized the law enforcement agency to seek the information in a criminal or civil investigation" (10) and cited legislative history to contend that even a court clerk could authorize the request. (11)

The letter did not refer to the disclosure requirements for foreign law enforcement. (12) The proposed rules for disclosure to foreign law enforcement track the statute, (13) but do not clarify the phrase "trusted foreign country." (14) The statutory limitations requiring compliance with a treaty or limiting the use of the information (15) are not included in the proposed rules. Interestingly, the use of BOI received by a foreign party is less restricted than BOI disclosed to domestic parties. (16)

The proposed rules do not impose any meaningful restriction on disclosure to federal agencies engaged in national security, intelligence, and civil or criminal law enforcement, or to the Department of the Treasury in connection with its duties, including tax administration. (17) Disclosure to bank regulatory agencies is limited and requires a prior security agreement with FinCEN. (18)

The senators' letter also commented at length on an issue that drew other critical comments, that of verification of the information in the submitted BOI Reports. As discussed further below, the final reporting rule requires the reporting company to certify that the information in the report is true, accurate, and complete. FinCEN notes that its definition of verification consists of "confirming that the reported BOI submitted to FinCENis actually associated with a particular individual" and notes that it continues to review verification options within the legal constraints in the CTA. (19)

The CTA does not require independent verification of BOI, only that the secretary of the Treasury, in promulgating the rules, must "to the extent practicable [emphasis added] ... ensure the beneficial ownership information reported to FinCENis accurate, complete, andhighly useful." (20) Sections 6502(b)(1)(C) and (D) of the Anti-Money Laundering Act of 2020 (AML) (21) require the secretary, in consultation with the attorney general, to conduct a study no later than two years after the effective date of the CTA's final reporting rule to evaluate the costs associated with imposing any new verification requirements on FinCEN, as well as the resources necessary to implement any changes. The current CDD rules do not impose a greater verification requirement on banks, only that they verify that beneficial owners are actual persons. (22)

The senators' letter (23) suggested that FinCEN should verify the accuracy of BOI received through an automated process that checks the identity and status of a beneficial owner using "reliable, independently sourced/obtained documents, data or information," citing Financial Action Task Force (FATF) International Standards. (24) A comment filed by Transparency International U.S. (25) suggested that FinCEN should electronically check reported names and passport numbers through the U.S. Department of State, check state drivers' licenses and identification numbers through the National Law Enforcement Telecommunications System, and check addresses through the U.S. Postal Service to achieve a "minimal level of assurance that the reported information is accurate and reliable." (26) The comment also notes that the United Kingdom, after "high-profile reports of clearly bogus entries" in its initial persons with significant control (public) database, (27) is now verifying the beneficial owner information it receives, to some extent, (28) relying in part on "authorized corporate service providers" such as accountants, attorneys and company formation agents, who (in the U.K.) "have an existing obligation to carry out customer due diligence checks on all of their clients." (29)

But it seems that the ultimate objective of the transparency advocates is some degree of actual auditing of reporting companies to verify that the reported BOI reflects actual ownership and control. On March 29, 2023, the U.S. committed at the Summit for Democracy Commitment on Beneficial Ownership and Misuse of Legal Persons that it would "effectively implement the revised Financial Action Task Force (FATF) standard on transparency and beneficial ownership of legal persons." (30) Those standards contemplate some degree of governmental-level auditing of entities to verify BOI. (31)

But criticism from other sources favored FinCEN's strict approach. On March 8, 2023, Treasury Acting Inspector General Richard K. Delmar testified to the House Financial Services Committee, Subcommittee on Oversight and Investigations, about ongoing audits by Treasury's Office of...