On December 21, 2023, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a final rule (Access Rule) regarding access to the beneficial ownership information (BOI) reported to FinCEN pursuant to the Corporate Transparency Act (CTA) (see Goodwin’s alert here).
At the same time, FinCEN and the federal and state bank and credit union regulators (the Agencies), including the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the National Credit Union Administration, issued an Interagency Statement for Banks on the Issuance of the Access Rule (Statement). The Statement notes that the Access Rule does not create a new supervisory requirement or expectation for banks to access BOI from FinCEN’s BOI technology system. As such, the Agencies note that the Access Rule does not necessitate changes to BSA/AML compliance programs designed to comply with the Customer Due Diligence (CDD) rule and other BSA requirements such as customer identification program requirements and suspicious activity reporting.
The Access Rule is effective February 20, 2024.
Who Will Have Access to BOI Reported to FinCEN?
Under the Access Rule, FinCEN may disclose BOI as follows:
- To a federal agency engaged in national security, intelligence, or law enforcement, upon receipt of a request from such agency for BOI to be used in furtherance of such activity
- To a state, local, or tribal law enforcement agency for use in criminal or civil investigations, upon receipt of a request from such agency for BOI, if a court of competent jurisdiction has authorized the agency to seek the information in a criminal or civil investigation
- To a federal agency for transmission to a foreign law enforcement agency, prosecutor, judge, foreign central authority, or foreign competent authority, provided that the request is for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, that is authorized under the laws of the foreign country, and the request is made under an international treaty, agreement, or convention, or as an official request by a law enforcement, judicial, or prosecutorial authority of a foreign country determined by FinCEN to be a trusted foreign country
- To a federal functional regulator or other appropriate regulatory agency authorized by law to assess, supervise, enforce, or otherwise determine the compliance of a financial institution with CDD requirements (which we refer to for convenience as a bank regulator)
- The agencies above must limit, to the greatest extent practicable, the scope of BOI sought
- To a financial institution subject to CDD requirements, to facilitate the financial institution’s compliance with such requirements, provided that the reporting company consents to such disclosure
- The consent must be documented but does not need to be in writing, and financial institutions may rely on the consent given for the initial request for the reporting company’s BOI from FinCEN to retrieve the same reporting company’s BOI on subsequent occasions
- While the Access Rule requires that financial institutions certify that they have met the foregoing requirements, FinCEN anticipates that financial institutions will be able to make the certification via a checkbox when requesting BOI from FinCEN
- Financial institutions will be required to maintain documentation of the reporting company’s consent for five years after it is last relied upon in connection with a request for BOI
- To officers or employees of the Department of the Treasury whose official duties the Secretary of the Treasury determines require such inspection or disclosure
How May Disclosed BOI be Utilized?
All persons to whom BOI is disclosed shall use the BOI only for the particular purpose or activity for which the information was disclosed.
To Whom May Authorized Recipients Disclose BOI?
An officer, employee, contractor, or agent of a requesting agency (federal agency engaged in national security, intelligence, or law enforcement; state, local, or tribal law enforcement agency; bank regulator; or Department of the Treasury) may disclose BOI to another officer, employee, contractor, or agent of the same requesting agency for the particular purpose or activity for which the BOI was requested.
A director, officer, employee, contractor, or agent of a financial institution may disclose the BOI to another director, officer, employee, contractor, or agent of the same financial institution for the particular purpose or activity for which such information was requested, and to the financial institution’s federal functional regulator, a self-regulatory organization that is registered with or designated by a federal functional regulator pursuant to federal statute, or other appropriate regulatory agency.
- Financial institutions are not permitted to make BOI available to persons physically located in, or to store BOI in, the People’s Republic of China, the Russian Federation, or a jurisdiction that is a state sponsor of terrorism, as determined by the US Department of State; a jurisdiction that is the subject of comprehensive financial and economic sanctions imposed by the US government; or as determined by the Secretary of the Treasury.
An officer, employee, contractor, or agent of a federal functional regulator may disclose such information to a self-regulatory organization that is registered with or designated by the federal functional regulator.
An officer, employee, contractor, or agent of a federal agency may disclose such information to the foreign person on whose behalf the federal agency made the request.
An officer, employee, contractor, or agent of a federal agency engaged in a national security, intelligence, or law enforcement activity, or an officer, employee, contractor, or agent of a state, local, or tribal law enforcement agency, may disclose BOI to a court of competent jurisdiction or parties to a civil or criminal proceeding.
An officer, employee, contractor, or agent of a requesting agency (federal agency engaged in national security, intelligence, or law enforcement; bank regulator; or Department of the Treasury) may disclose such information to any officer, employee, contractor, or agent of the US Department of Justice for purposes of making a referral to the Department of Justice or for use in litigation related to the activity for which the requesting agency requested the information.
An officer, employee, contractor, or agent of a state, local, or tribal law enforcement agency may disclose such information to an officer, employee, contractor, or agent of another state, local, or tribal agency for purposes of making a referral for possible prosecution by that agency, or for use in litigation related to the activity for which the requesting agency requested the information.
A law enforcement agency, prosecutor, judge, foreign central authority, or foreign competent authority of another country that receives BOI from a federal agency may disclose and use such information consistent with the international treaty, agreement, or convention under which the request was made.
FinCEN reserves the right, by prior written authorization or by protocols or guidance that FinCEN may issue, to authorize other disclosure of BOI in furtherance of a purpose or activity described in the Access Rule.
What Discretion Does FinCEN Possess to Reject Requests and Suspend Access to BOI?
Under the Access Rule, FinCEN has broad authority to reject requests for BOI that are not made in the form and manner prescribed by FinCEN, if the information is being requested for an unlawful purpose, or if other good cause exists to deny the request. In addition, FinCEN may permanently debar or temporarily suspend any individual requester or requesting entity from receiving BOI.
What Are The Penalties for Unauthorized Disclosure and Use of BOI?
The CTA provides civil penalties in the amount of $500 for each day a violation continues or has not been remedied, and criminal penalties of a fine of up to $250,000 or imprisonment for up to five years, or both. The CTA also provides for enhanced criminal penalties, including a fine of up to $500,000, imprisonment of not more than 10 years, or both, if a person commits a violation while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000 in a 12-month period.
Goodwin has developed a complete suite of services to help our clients comply with the CTA. We have a team of specialists who are expert in the CTA and can provide tailored guidance to help you comply with the specific obligations applicable to your business and your corporate structure.
This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee a similar outcome.
Contacts
- /en/people/c/callen-alexander
Alexander J. Callen
Partner - /en/people/k/kirby-samantha
Samantha M. Kirby
PartnerChair, Financial Services - /en/people/s/stern-william
William E. Stern
Partner