On December 15, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued a Notice of Proposed Rulemaking (the “NPRM”) that would implement provisions of the Corporate Transparency Act (the “CTA”) regarding access to and protection of beneficial ownership information (“BOI”). As previously reported, the CTA drastically expands current BOI reporting obligations in order to combat the illicit use of shell companies and to shift the burden of reporting beneficial owners of such companies from financial institutions and title insurance agents to the involved companies and the government itself.
The NPRM proposes regulations that (1) limit disclosure of BOI to certain authorized recipients, (2) limit use of such information to purposes permitted by the CTA, and (3) protect the security and confidentiality of BOI. Of particular note, financial institutions are among the list of authorized recipients when accessing BOI to fulfill customer due diligence requirements.
FinCEN is accepting comments on the NPRM until February 14, 2023.
Authorized Recipients
The proposed regulations would allow FinCEN to disclose BOI to five categories of authorized recipients:
- Federal, State, Local and Tribal Government Agencies;
- Law Enforcement Agencies, Judges and Prosecutors;
- Financial institutions using BOI to facilitate compliance with customer due diligence requirements under applicable law;
- Federal regulators and other appropriate regulatory agencies that supervise financial institutions; and
- S. Department of Treasury.
The degree of access to BOI would vary depending on the circumstances and recipient. The first category of authorized recipients, for example, could directly access BOI when engaging in national security, intelligence, or law enforcement activities. Financial institutions, on the other hand, could access such information only to the extent necessary to ensure their compliance with customer due diligence requirements under applicable law.
Security and Confidentiality Requirements
Under the NPRM, FinCEN would further subject each category of authorized recipients to certain security and confidentiality protocols when accessing and handling BOI. These safeguards, according to FinCEN, are meant to protect sensitive personal information while also achieving CTA’s objective of making BOI available to a range of users.
Financial institutions in particular must comply with certain requirements before FinCEN would disclose a reporting company’s BOI. Under the NPRM, a financial institution must obtain and document the reporting company’s consent before submitting a request to FinCEN for BOI and maintain a record of such consent for five years after it was last relied on. Further, financial institutions are required to develop and implement administrative, technical and physical safeguards that protect the confidentiality of BOI. Finally, the proposed rule would require that financial institutions certify in writing for each BOI request that it: (1) is requesting the information to facilitate its compliance with its customer due diligence requirements, (2) obtained written consent from the reporting company to request the BOI, and (3) has fulfilled all other requirements for requesting BOI.
After obtaining the BOI, the proposed rule requires that financial institutions limit access to such information to the financial institution’s directors, officers, employees, contractors, and agents located in the United States.
Penalties
The NPRM provides for civil and criminal penalties for knowingly disclosing or using BOI without authorization from FinCEN. Civil penalties include up to $500 for each day a violation continues or has not been remedied and a criminal penalty of up to $250,000 and/or up to 5 years imprisonment. A person who knowingly discloses or uses BOI while violating another law could be subject to an enhanced criminal penalty of up to $500,000 and/or up to 10 years imprisonment.
Conclusion
The NPRM proposes regulations that would require entities accessing and handling BOI to develop security and confidentiality protocols to protect such information. Financial institutions in particular would have to comply with a number of requirements before they make a request for BOI and after they receive it. As such, banks and other financial institutions should make appropriate internal preparations to ensure compliance with this rule. Furthermore, reporting companies should be aware of the authorized entities that will have access to their BOI.
- Partner
As a partner in the firm’s Business Representation & Transactions Group, Allie Westfall’s insight and proven analytical skills help translate the complexities of the often-challenging securities laws. Allie’s counsel ...
- Partner
Ken's practice touches all areas of real estate development including financing, real estate taxation, building and preservation code matters, rail/utility rights of way, renewable energy leases, sustainable building ...
- Associate
Madeline Darling is a member of the firm’s Business Representation & Transaction Group.
Madeline earned her law degree from the University of Cincinnati College of Law in 2022, cum laude, where she served as Notes and Comments ...
Topics/Tags
Select- Securities Law
- SEC
- Securities Regulation
- Corporate Transparency Act
- IRS
- Corporate Law
- Tax Planning
- Coronavirus
- Nasdaq
- Clawback Rules
- SEC Enforcement
- Taxation
- Cybersecurity and Privacy Law
- Dodd-Frank
- Mergers & Acquisitions
- Paycheck Protection Program
- JOBS Act
- Corporate Tax
- Economic Sanctions
- Ohio LLC Act
- FAST Act
- Corporate Governance
- Consumer Protection Act
- Proxy Access Rules
- Securities Litigation
- Crowdfunding
- Conflict Minerals
- Cryptocurrency
- Cybersecurity Regulation
- Hedging
- Real Estate Law
- Emerging Growth Companies
- Investors
- Pay Ratio Disclosure
- Whistleblower
- Private Offerings
- Intellectual Property
- Technology
- Opportunity Zone
- LIBOR
- Executive Compensation
- Health Care Act
- Accredited Investors
- Sales Tax
- United States Supreme Court
- Online Trading Platforms
- Wall Street Reform
- IPO
- Registration Statement
- Annual Reports
- Family-Controlled Entities
- Gift and Estate Transfers
- Ohio Foreclosure Reform
- Director Compensation
- Board of Directors
- Director Independence
- Cyber Insurance
- Data Breach
- Lenders
- Receivership Statute
- Regulation A
- Regulation D
- Total Shareholder Return
- Compensation Committee Certification
- CDEs
- CDFI Fund
- Community Development Entities
- Community Development Financial Institutions Fund
- Government Shutdown
- New Markets Tax Credit
- NMTC
- NMTC Financing
- Regulation Fair Disclosure
- Social Media
- Marketing
- Benefits
- Healthcare Reform
- Litigation
- Public Company Transition Rules
- Employment Incentives
- HIRE Act
- Social Security Tax
- Tax Credit
Recent Posts
- FinCEN Issues Additional Guidance for Reporting Companies on Dissolved Entities
- Division of Corporation Finance Director Statement: The State of Disclosure Review
- FinCEN Issues Additional Guidance for HOAs and Trusts under the Corporate Transparency Act
- SEC Wins ‘Shadow Insider Trading’ Trial
- SEC Voluntarily Stays Climate Rules
- New SEC Climate Disclosure Rules – Temporarily Stayed
- Corporate Transparency Act Ruled Unconstitutional
- SEC Climate Rule Vote Scheduled for March 6, 2024
- Limited Partners’ Tax Savings from Self-Employment Taxes are under Scrutiny
- FinCEN Extends the Corporate Transparency Act Reporting Deadline for Newly Created Entities