RELATED UPDATE: Deputy Attorney General Monaco Announces New DOJ Whistleblower Program (March 8, 2024)

As of January 1, 2024, the Corporate Transparency Act (“CTA”) has gone into effect. Companies that may be Reporting Companies of Beneficial Ownership Information (“BOI”) should be aware of three key aspects of the CTA.

  • One, entities formed on or after January 1, 2024 must file, within 90 days after formation or registration, their required BOI with the Financial Crimes Enforcement Network (“FinCEN”). McGuireWoods has published prior alerts on the CTA generally, the use of FinCEN identifiers to report BOI, and FinCEN’s extension of the time to file from 30 to 90 days. As a reminder, Reporting Companies in existence prior to January 1, 2024 have until January 1, 2025 to make their required reports. FinCEN has published guidance materials to facilitate understanding the BOI reporting requirements, which include a Small Business Compliance Guide, FAQs, and other resource materials. These are available on FinCEN’s website. FinCEN plans to continue developing guidance and other materials to ensure timely, accurate, and complete reporting. FinCEN also established a dedicated BOI contact center to respond to questions regarding reporting requirements, as well as to provide technical assistance to users encountering issues with its Beneficial Ownership Secure System (“BOSS”).
  • Two, FinCEN met its January 1, 2024 deadline to have the BOSS up and running to receive, store, and maintain BOI.
  • Three, FinCEN adopted a new regulation that addresses how FinCEN will regulate access to the BOI reported to FinCEN. While the new access rule takes effect on February 20, 2024, access will be phased in over time to ensure that the proper controls are in place to, among other things, ensure the security of the reported information.

Rule Regarding Access to Beneficial Ownership Information to Take Effect

FinCEN issued the final rule regarding access, by authorized recipients, to BOI reported to FinCEN under the CTA on December 22, 2023. Effective February 20, 2024, this new rule establishes the specific circumstances in which recipients have access to BOI, along with data protection procedures and supervision protocol.

Access to Reported Information – Who May Access and For What Purposes

As of January 1, 2024, the same day in which the Reporting Rule took effect, FinCEN officially began to accept BOI reports in BOSS. 

The Access Rule, when fully implemented, will permit disclosure of the reported BOI in limited circumstances by the following entities and for the designated uses:

  • U.S. federal agencies engaged in national security, intelligence, or law enforcement activities, for use in furtherance of those activities.
  • A state, local or tribal law enforcement agency, if a court has authorized the agency to seek the information in connection with a civil or criminal investigation.
  • A federal agency on behalf of a non-U.S. law enforcement agency or foreign prosecutor or judge.
  • A financial institution subject to customer due diligence requirements, with the consent of the Reporting Company, to facilitate the financial institution’s compliance with customer due diligence requirements under applicable law.

Agencies will be required to enter into memoranda of understanding (“MOUs”) in order to access the reported BOI. These MOUs will, among other things, memorialize and implement requirements regarding reports and certifications, periodic training of individual recipients of BOI, personnel access restrictions, re-disclosure limitations, and access to audit and oversight mechanisms.

Requirements for Access

The rule imposes certain requirements for agencies with access to the reported BOI to ensure that access is handled appropriately, including training, policies and procedures, and other controls, such as an annual audit assessing compliance with the standards and procedures set forth in the rule. The rule also imposes additional requirements on financial institutions, including geographic restrictions on where they can share and store the reported information and safeguards designed to protect the security, confidentiality, and integrity of the reported information, such as policies and procedures consistent with Regulation S-P requirements. Additionally, financial institutions will be assessed by Federal functional regulators during examinations for compliance with these requirements, or by financial self-regulatory organizations (“SROs”) during their routine Bank Secrecy Act (“BSA”) examinations.

Phased Approach to Access

FinCEN plans to provide access to the BOSS in phases to ensure any technical issues are addressed prior to fully opening access:

  • Phase 1: Beginning in 2024, a pilot program will be implemented for a handful of key federal agency users, as MOUs and policies and procedures are put into place. 
  • Phase 2: Access will be extended to Treasury Department offices and certain federal agencies engaged in law enforcement and national security activities that already have BSA” MOUs in place.
  • Additional Phases: Access will be extended as follows:
    • Additional federal agencies engaged in law enforcement, national security, and intelligence activities, as well as key State, local, and Tribal law enforcement partners;
    • Additional State, local, and Tribal law enforcement partners;
    • In connection with foreign government requests; and
    • Financial institutions and their supervisors.

The last phase – for financial institutions – will result in administrative efficiencies for financial institutions in particular, as the timing of their access roughly coincides with the upcoming revisions to FinCEN’s 2016 Customer Due Diligence (“CDD Rule”), which requires that certain types of U.S. financial institutions identify and verify the beneficial owners of legal entity customers at the time of account opening. FinCEN plans to provide more information on the timing and details regarding this phased implementation in early 2024.

For questions about these new rules, the CTA, or anti-money laundering (“AML”) compliance, including customer due diligence and beneficial ownership rules, more generally, contact the authors of this article or another member of the McGuireWoods Financial Services & Securities Enforcement team, Government Investigations and White Collar teamTax & Employment Benefits team, or Corporate & Private Equity team.