Sean Bryan Authors Article on the Access Rules under the Corporate Transparency Act

Sean Bryan’s article, “Final Rule on Access to Beneficial Ownership Information under the Corporate Transparency Act”—addresses the circumstances under which beneficial ownership information (BOI) may be disclosed to authorized BOI recipients.

The Financial Crimes Enforcement Network of the U.S. Department of the Treasury (“FinCEN”) in December 2023 finalized its initial rules regarding access (“Access Rules”) to beneficial ownership information (“BOI”) required to be reported under the Corporate Transparency Act (“CTA”) beginning January 1, 2024.  The proposed Access Rules received only one-third of the number of comments as the rules regarding actual reporting of BOI. 

The Access Rules govern how federal, state, local, tribal and foreign government agencies, together with financial institutions (Access Rules summary) may access BOI, including restrictions on the purposes for which access is granted and requirements how the confidentiality of BOI is to be retained.  Each requesting agency is required to first enter into a memorandum of understanding with FinCEN regarding these matters.  Generally, FinCEN adopted the Access Rules as proposed with minor changes, with the effect of broadening the purposes for which financial institutions may use BOI and streamlining the requirements for non-Federal agencies to access BOI. 

Several of the more significant changes adopted are: 

·         The final Access Rules clarify the purposes for disclosure of BOI by changing the non-exclusive “includes” to a finite “means” in a number of provisions, thus removing the open-endedness of the specified purposes and discouraging agencies from expanding such purposes beyond those expressly stated in the final Access Rules. 

·         The final Access Rules add language expressly prohibiting recipients from further disclosing BOI received by them from FinCEN except as permitted by the Access Rules.  A new permissive disclosure is to another agency for purposes of making a referral for possible prosecution by that agency or for use in litigation related to the purpose for which the BOI was first requested.

·         The proposed Access Rules required that a copy of a court order be included with a request for BOI, but the final Access Rules only require a certification that a court has authorized the agency to obtain the BOI. 

·         The final Access Rules require that requests for BOI by foreign agencies will require concurrence with the Secretary of State and consultation with the U.S. Attorney General, or other agencies as FinCEN deems necessary.  This change acknowledges that considerations outside FinCEN’s niche may impact the decision whether to send BOI outside the United States. 

·         Other limitations on circulating BOI to permitted recipients with a presence outside the United States were removed, based on the international presence of some agencies and financial institutions, but BOI is prohibited from being physically located in China, Russia, or a jurisdiction that sponsors terrorism (as determined by the U.S. Department of State) or that is subject to U.S. economic sanctions. 

In the preamble to the final Access Rules, FinCEN stated that because of the newness of the process it will phase-in access to BOI over an unspecified period of time, starting with “key Federal agency users”, followed by the U.S. Treasury Department and Federal law enforcement agencies, then other Federal agencies engaged in intelligence activities, non-Federal government agencies, non-U.S. requests, and finally financial institutions.  The preamble to the final Access Rules discusses the requirement that all agencies enter into a Memorandum of Understanding with FinCEN prior to receiving access to BOI, but the discussion provides no insight whether any such MOUs have been entered into or whether the form of such MOUs have been prepared, thus further muddying the timeline in which BOI may be accessed.

Commenters discussed the sensitivity and confidentiality of BOI, but FinCEN declined to consider BOI as subject to the same limitations as Federal tax returns, as being required by different statutes.

FinCEN received a number of comments to the proposed Access Rules regarding use of BOI by financial institutions.  

·         It noted that financial institutions are not obligated to obtain BOI from FinCEN and are not required to compare BOI information received directly from customers, nor disclose any discrepancies to FinCEN. 

·         BOI is not to be used by financial institutions for client development, in assessing whether to extend credit or in making other credit decisions that are unrelated to AML or national security purposes. 

·         FINCEN reiterates that a financial institution must obtain the prior consent of a client before requesting BOI of that client, but that there is no particular method for obtaining consent (and thus no safe harbor for the institution) and that one consent before the initial request for BOI is sufficient for subsequent requests for BOI by that financial institution.  FinCEN continues to consider comments regarding an obligation to update disclosures if and when BOI is modified by any applicable reporting company.

FinCEN stated that it does not intend to review each individual request for BOI, but will rely on the certifications and the process it puts in place for such disclosure.  Nonetheless, FinCEN reiterated that it has final authority to determine whether or not to disclose BOI.

FinCEN remains obligated by the CTA to modify its 2016 Customer Due Diligence Rule by the end of 2025 and has reserved several issues raised by commenters for consideration during that process. The final Access Rule can be accessed here: