On December 15, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued a Notice of Proposed Rulemaking (the “NPRM”) that would implement provisions of the Corporate Transparency Act (the “CTA”) regarding access to and protection of beneficial ownership information (“BOI”). As previously reported, the CTA drastically expands current BOI reporting obligations in order to combat the illicit use of shell companies and to shift the burden of reporting beneficial owners of such companies from financial institutions and title insurance agents to the involved companies and the government itself.
The NPRM proposes regulations that (1) limit disclosure of BOI to certain authorized recipients, (2) limit use of such information to purposes permitted by the CTA, and (3) protect the security and confidentiality of BOI. Of particular note, financial institutions are among the list of authorized recipients when accessing BOI to fulfill customer due diligence requirements.
FinCEN is accepting comments on the NPRM until February 14, 2023.
The proposed regulations would allow FinCEN to disclose BOI to five categories of authorized recipients:
- Federal, State, Local and Tribal Government Agencies;
- Law Enforcement Agencies, Judges and Prosecutors;
- Financial institutions using BOI to facilitate compliance with customer due diligence requirements under applicable law;
- Federal regulators and other appropriate regulatory agencies that supervise financial institutions; and
- S. Department of Treasury.
The degree of access to BOI would vary depending on the circumstances and recipient. The first category of authorized recipients, for example, could directly access BOI when engaging in national security, intelligence, or law enforcement activities. Financial institutions, on the other hand, could access such information only to the extent necessary to ensure their compliance with customer due diligence requirements under applicable law.
Security and Confidentiality Requirements
Under the NPRM, FinCEN would further subject each category of authorized recipients to certain security and confidentiality protocols when accessing and handling BOI. These safeguards, according to FinCEN, are meant to protect sensitive personal information while also achieving CTA’s objective of making BOI available to a range of users.
Financial institutions in particular must comply with certain requirements before FinCEN would disclose a reporting company’s BOI. Under the NPRM, a financial institution must obtain and document the reporting company’s consent before submitting a request to FinCEN for BOI and maintain a record of such consent for five years after it was last relied on. Further, financial institutions are required to develop and implement administrative, technical and physical safeguards that protect the confidentiality of BOI. Finally, the proposed rule would require that financial institutions certify in writing for each BOI request that it: (1) is requesting the information to facilitate its compliance with its customer due diligence requirements, (2) obtained written consent from the reporting company to request the BOI, and (3) has fulfilled all other requirements for requesting BOI.
After obtaining the BOI, the proposed rule requires that financial institutions limit access to such information to the financial institution’s directors, officers, employees, contractors, and agents located in the United States.
The NPRM provides for civil and criminal penalties for knowingly disclosing or using BOI without authorization from FinCEN. Civil penalties include up to $500 for each day a violation continues or has not been remedied and a criminal penalty of up to $250,000 and/or up to 5 years imprisonment. A person who knowingly discloses or uses BOI while violating another law could be subject to an enhanced criminal penalty of up to $500,000 and/or up to 10 years imprisonment.
The NPRM proposes regulations that would require entities accessing and handling BOI to develop security and confidentiality protocols to protect such information. Financial institutions in particular would have to comply with a number of requirements before they make a request for BOI and after they receive it. As such, banks and other financial institutions should make appropriate internal preparations to ensure compliance with this rule. Furthermore, reporting companies should be aware of the authorized entities that will have access to their BOI.
As a partner in the firm’s Business Representation & Transactions Group, Allie Westfall’s insight and proven analytical skills help translate the complexities of the often-challenging securities laws. Allie’s counsel ...
Ken's practice touches all areas of real estate development including financing, real estate taxation, building and preservation code matters, rail/utility rights of way, renewable energy leases, sustainable building ...
Madeline Darling is a member of the firm’s Business Representation & Transaction Group.
Madeline earned her law degree from the University of Cincinnati College of Law in 2022, cum laude, where she served as Notes and Comments ...
- Securities Law
- Clawback Rules
- Securities Regulation
- SEC Enforcement
- Corporate Law
- Cybersecurity and Privacy Law
- Mergers & Acquisitions
- Tax Planning
- Economic Sanctions
- Ohio LLC Act
- Paycheck Protection Program
- Corporate Tax
- JOBS Act
- FAST Act
- Proxy Access Rules
- Securities Litigation
- Cybersecurity Regulation
- Corporate Governance
- Consumer Protection Act
- Conflict Minerals
- Real Estate Law
- Emerging Growth Companies
- Private Offerings
- Pay Ratio Disclosure
- Intellectual Property
- Opportunity Zone
- Accredited Investors
- Sales Tax
- United States Supreme Court
- Online Trading Platforms
- Executive Compensation
- Health Care Act
- Registration Statement
- Wall Street Reform
- Annual Reports
- Ohio Foreclosure Reform
- Director Compensation
- Family-Controlled Entities
- Gift and Estate Transfers
- Board of Directors
- Director Independence
- Cyber Insurance
- Data Breach
- Total Shareholder Return
- Receivership Statute
- Regulation A
- Regulation D
- Compensation Committee Certification
- CDFI Fund
- Community Development Entities
- Community Development Financial Institutions Fund
- Government Shutdown
- New Markets Tax Credit
- NMTC Financing
- Regulation Fair Disclosure
- Social Media
- Healthcare Reform
- Public Company Transition Rules
- Employment Incentives
- HIRE Act
- Social Security Tax
- Tax Credit
- Effective Date of SEC Clawback Rule Finally In Sight
- SEC Sued Over Newly Adopted Share Repurchase Rules
- SEC Extends Period to Act on Exchange Clawback Rules
- SEC Charges Public Company for Misleading Non-GAAP Disclosures
- NYSE and Nasdaq Propose Clawback Listing Standards: What You Need to Know
- Corporate Transparency Act Update – FinCEN Issues Notice of Proposed Rulemaking
- SEC Amends Insider Trading Rules: New Conditions, Requirements, and Related Disclosures
- SEC Reopens Comment Period for 11 Proposed Rules Due to Technological Error
- Corporate Transparency Act Update—FinCEN Issues Final Rule
- SEC Provides Sample Guidance on Disclosure of Russia-Ukraine Invasion