On September 30, 2022, FinCEN published the Ultimate Beneficial Ownership (UBO) Reporting Rulei (the Rule), which implements reporting requirements regarding Beneficial Ownership Information (BOI) under the Corporate Transparency Act (CTA). The Rule became effective on January 1, 2024, leaving covered entities only a few more months to ensure that they are prepared to comply with the new requirements.
As with any new requirements imposed by FinCEN, there are bound to be questions about who is covered, what companies need to do to comply, and why this level of granular detail on BOI is even necessary.
Why Is the Rule Necessary?
Before getting into the specific requirements of the Rule itself, it is important to understand the goals behind its inclusion in the Anti-Money Laundering Act of 2020 (AMLA), what it hopes to fix, and how it can be of use in regulatory enforcement in the future.
The AMLA was enacted into law as part of the National Defense Authorization Act for Fiscal Year 2021 as a means to disrupt corruption and the use of U.S. financial systems to facilitate illicit activities that could present opportunities for individuals and entities that threaten U.S. national security to participate in the U.S. economy. As it stood prior to the Rule, the lack of standard requirements resulted in the quality and depth of BOI collected being inconsistent at best, leaving potentially dangerous blind spots.
According to the U.S. Department of the Treasury’s National Strategy for Combating Terrorist and Other Illicit Financing ii (the Strategy), published in 2022, “A lack of uniform requirements to report BOI at the time of entity formation (and changes in ownership) hinders the ability of (1) law enforcement to swiftly investigate those entities created and used to hide ownership for illicit purposes and (2) regulated sectors to mitigate risks.” The first priority detailed in the Strategy is to increase transparency and close regulatory and legal gaps in the U.S. framework for anti-money laundering and counter-terrorism financing (AML/CTF), thus making it more difficult for illicit actors to anonymously utilize U.S. financial systems to move funds and purchase U.S. assets. Collection of BOI is the first supporting action detailed, and if the Rule works as intended, it will further restrict the ability of illicit actors to use front or shell companies to hide their identities, move illicit funds through U.S. financial systems, and launder money. The Rule’s requirements, which are explained in more detail below, will give unprecedented insight into the BOI of both existing and newly registered entities.
2024 Benchmarks for Progress are also detailed in the Strategy. Among these are the desire to create “an operational beneficial ownership registry” and to “engage and work with foreign jurisdictions that have weak or non-existent BOI collection requirements to revise corporate secrecy laws and take other necessary steps to facilitate timely access to BOI information by law enforcement and regulatory authorities; strengthen and adequately resource investigatory programs; and significantly improve international cooperation relating to BOI.”
Who Is Covered Under the Rule?
Covered entities, referred to in the Rule as Reporting Companies, are essentially any non-exempt company that registers to do business with a secretary of state, Indian Tribe, or other similar offices. They are delineated into two classifications: Domestic Reporting Companies and Foreign Reporting Companies, both of which have fairly broad definitions and coverage.
Domestic Reporting Companies include entities “created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe.” This means that a range of entity types are covered, e.g., corporations, limited liability companies (LLCs), limited partnerships (LPs), and business trusts.
Foreign Reporting Companies include entities “formed under the law of a foreign country and registered to do business in the United States by the filing of a document with a secretary of state or a similar office under the laws of a State or Indian Tribe.”
FinCEN carves out 23 specific exemptions that are not considered Reporting Companies under the CTA. By and large, these exempted entities are either already required to report BOI or are very closely regulated. Some examples of these exemptions are many entities under specific sections of the Exchange Act (12 USC 78), entities registered with the Securities Exchange Commission, banks, federal credit unions, money services businesses registered with FinCEN under either 31 U.S.C. § 5330 or 31 CFR § 1022.380, and others.
(For full details on who is or is not covered, refer to 31 CFR § 5336a(11), or review the BOI Small Compliance Guide iii.)
What Information Is Required?
All beneficial owners of a Reporting Company must provide:
- Full legal name;
- Date of birth;
- Current residential street address; and
- The unique identifier and issuing jurisdiction for, and an image of, an accepted government-issued ID (e.g., a non-expired passport, driver’s license, etc.).
A unique identifying number issued by FinCEN to an individual called a FinCEN Identifier, can be provided in lieu of the above requirements.
Can UBO Information Be Shared?
Generally, no.
Unless it is for a reason specifically carved out in the final rule, FinCEN and any officers/employees of the U.S. government, state, tribe, or local agencies, or even of any financial institution or regulatory agency who have access to this information cannot share it. In fact, as the next section will point out, there are fairly steep penalties for the unauthorized sharing of this information.
The reasons specifically included in the final rule to allow sharing of information are:
- An official request from a federal agency – specifically one “engaged in national security, intelligence, or law enforcement activity” – and the information must be used to further that activity.
- State, tribal, or local enforcement agencies that have been granted authorization by “a court of competent jurisdiction” to seek the information in furtherance of a criminal or civil investigation.
- Requests from foreign federal agencies on behalf of an appropriate party (such as enforcement agencies, judges, or prosecutors) in line with international treaties or agreements that will be used to assist in a prosecution or investigation. These requests must comply with the specific disclosure and use provisions of the applicable treaty or limit the use of any information received to only the authorized investigation or agency.
- Requests from financial institutions who have the consent of the Reporting Company to facilitate compliance with customer due diligence requirements set forth under applicable law.
- Requests from federal function regulators or another appropriate regulatory agency, as described in the Final Rule.
FinCEN will maintain this information securely for at least five years after the date of termination of the Reporting Company.
Is There a Timeline for Submission?
Yes, but the timeline is different depending on when the Reporting Company was created or registered to do business. That being said, the timelines are explicitly clear on when a Reporting Company is expected to comply.
- If a Reporting Company was created or registered to do business before the start of 2024, it will have until January 01, 2025, to ensure it is in compliance.
- If a Reporting Company is created or registers to do business in 2024, it will only have 90 days to ensure it is in compliance.
- If a Reporting Company is created or registers to do business after January 01, 2025, it will have 30 days to ensure it is in compliance.
What Are the Penalties for Noncompliance?
Reporting Violations:
- Reporting violations occur when any person (1) willfully provides or attempts to provide false or fraudulent UBO information or (2) fails to report to FinCEN complete or updated UBO information.
- Persons who commit reporting violations can face civil penalties of up to $500 per day if the violation continues or has not been remedied (up to $10,000 total) and/or up to two years imprisonment.
Unauthorized Use or Disclosure Violations:
- An Unauthorized Use or Disclosure Violation occurs when a person knowingly discloses or uses beneficial ownership information obtained through a report or disclosure submitted to FinCEN under the Rule except as specifically authorized thereunder.
- Persons who commit an unauthorized use or disclosure violation can face civil penalties of up to $500 per day if the violation continues or has not been remedied (up to $250,000 total) and/or up to five years imprisonment.
- If an unauthorized use or disclosure violation occurs while violating another U.S. law or is part of a pattern of illegal activity that involves over $100,000 over a 12-month period, the persons who committed the violation can face penalties up to $500,000 and/or up to 10 years imprisonment.
There is a safe harbor from both civil and criminal penalties if the person has no actual knowledge that the reported information is inaccurate, is not attempting to evade the requirement, or submits a correction within 90 days of the original report’s filing.
I Have Determined That My Company Is Covered Under the New Requirement, so How Do We Ensure We Are in Full Compliance?
The first step is to thoroughly review the requirements and implement a written policy for compliance. Your Compliance Officer may wish to do so by adding details on this requirement in an existing document or by creating a wholly new document. This will ensure that the expectations for compliance are clearly laid out on a company level for those involved in the reporting process.
From there, you will need to assess which individuals will need to be reported and whether they already have a FinCEN Identifier. If the UBOs do not have a FinCEN Identifier, or if their information is outdated, you will need to begin the process of ensuring all information is collected and up to date.
Reports are filed via the FinCEN BOI E-Filing System iv and may be completed via the fillable PDF document (The Beneficial Ownership Information Report, or (BOIR)) available for download v or by completing and filing the report online. Once this is fully and accurately completed, you will want to ensure you maintain a copy of the final version for your records and then submit it via the preferred method.
As with any new requirement, there will likely be some hiccups over the coming months following implementation on both the industry and regulatory sides. FinCEN has made many resources available to aid companies that are or may be covered under the new requirement but given the importance of ensuring everything is being reported within the applicable timeframe, even well-oiled compliance teams have needed some additional help up front. If your company needs assistance with these requirements, it is recommended that you reach out to an independent compliance professional who will be able to guide you through the process to ensure your company is meeting its requirements.
To stay up to date on the latest in financial regulatory compliance, financial crime prevention, and risk management, sign up for our newsletter: The Compass
i https://www.federalregister.gov/documents/2022/09/30/2022-21020/beneficial-ownership-information-reporting-requirements#citation-12-p59499; https://www.govinfo.gov/content/pkg/FR-2022-09-30/pdf/2022-21020.pdf
ii https://home.treasury.gov/system/files/136/2022-National-Strategy-for-Combating-Terrorist-and-Other-Illicit-Financing.pdf
iii https://www.fincen.gov/sites/default/files/shared/BOI_Small_Compliance_Guide.v1.1-FINAL.pdf
iv https://boiefiling.fincen.gov
v https://boiefiling.fincen.gov/b299dba56ae2428cdc4c.pdf
© Copyright 2024. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.