The Proposal to Access Beneficial Ownership Information (BOI) - Will it Really Work?

“Can’t You Hear Me Knocking?”[1]

After decades of filing comments on behalf of FI’s, trade groups and advisory firms, it is still clear that impacted entities need to take advantage of any opportunity to submit their views on a pending regulation.

Having taught classes on how to file effective comments, it remains essential to answer the questions posed by the relevant agency, offer specific recommendations, and alert the drafters to any operational hurdles to their proposal. The AML community has this opportunity yet again on Treasury’s bureau FinCEN’s proposal on access to beneficial ownership information.

FinCEN has a plethora of requirements from the AMLA law of 2020 that still need to be addressed (e.g., national priorities, BSA coverage of antiquities and derisking strategies among many others) but the primary focus is the three prongs of the Corporate Transparency Act (CTA). The Notice of Proposed Rulemaking (NPRM) published on December 16th is the second part, and the comment period closes on February 14, 2023.

So, what are the key themes? Access and safeguards.

A reminder that the CTA authorizes FinCEN is disclose beneficial ownership information (BOI) to five categories of recipients:

1. U.S. Federal, state, local, and Tribal government agencies requesting
2. Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities (foreign requesters)
3. Financial institutions (FIs) only using BOI to facilitate compliance with the customer due diligence (CDD) requirements
4. Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing FIs for compliance with CDD requirements, and
5. U.S. Department of the Treasury (Treasury) itself. 

We recommend reviewing the various limitations in the five categories, but we’ll focus on two.

One is for FinCEN to disclose BOI to Federal agencies “engaged in national security, intelligence, or law enforcement activity” but only if the requested BOI is for use in furtherance of such activity. Users would have to submit justifications to FinCEN for their searches, and these justifications would be subject to oversight and audit by FinCEN. Law enforcement activity includes “both criminal and civil investigations and actions, such as actions to impose civil penalties, civil forfeiture actions, and civil enforcement through administrative proceedings.” Our law enforcement partners will certainly comment on whether these limits hamper effective investigations.

The other category is designed to permit FIs to request BOI from FinCEN only for purposes of complying with CDD requirements under applicable law, and only with the consent of the reporting company related to the BOI.

The proposed rule defines “customer due diligence requirements under applicable law” to mean FinCEN's customer due diligence (CDD) regulations at 31 CFR §1010.230, which require covered FIs to identify and verify beneficial owners of legal entity customers.

FinCEN looked at, but decided not to propose, broadening the coverage beyond the CDD regulation. However, FinCEN does solicits comments on whether a broader reading of the phrase “customer due diligence requirements” is warranted. It seems that this potential limitation could hinder an FI’s ability to perform proper due diligence.

The fact sheet accompanying the proposal states that FinCEN “anticipates that an FI, instead of being able to run open-ended queries in the beneficial ownership IT system or to receive multiple search results, would submit identifying information specific to a reporting company and receive in return an electronic transcript with that entity’s BOI. This more limited information-retrieval process would reduce the overall risk of inappropriate use or unauthorized disclosures of BOI.” Would it?

In addition, the proposal would require the FI to certify in writing for each BOI request that it:

1. Is requesting the information to facilitate its compliance with CDD requirements under applicable law
2. Obtained the reporting company's written consent to request its BOI, and
3. Fulfilled the other requirements of the section.

FinCEN also expects FIs to provide training on the protocols of the system. Question—will this become another regulatory burden?

The proposed rule does point out that “FinCEN expects that FI compliance with these requirements would be assessed by Federal functional regulators in the ordinary course during safety and soundness examinations or by the SROs during their routine BSA examinations.”

For the safeguards, we’ll look at penalties for failures. Those that receive BOI must have standards and procedures for storing the information “in a secure system to which only authorized personnel have access and only for authorized purposes.” FinCEN will require authorized recipients to maintain for review key information about specific beneficial ownership information searches or requests. Memoranda of Understanding (MOUs) or other agreements with authorized recipients need to describe applicable requirements in detail.

As a reminder, the CTA makes it unlawful for any person to knowingly disclose or knowingly use BOI obtained by the person from a report submitted to, or an authorized disclosure made by, FinCEN, unless such disclosure is authorized under the CTA.

Under this proposed rule, unauthorized use includes any activity in which an employee, officer, director, contractor, or agent of an authorized recipient knowingly violates applicable security and confidentiality requirements in connection with accessing such information. There are both civil and criminal penalties, including enhanced criminal penalties of up to 10 years imprisonment.

According to FinCEN Acting Director Himamauli Das: “In this next step, the proposed rule would provide the highest standards of security and confidentiality while ensuring that the new beneficial ownership database is highly useful to law enforcement agencies in its efforts to combat financial crime.”

It’s up to the AML community to comment on whether this is true.

In terms of transparency, here is a very relevant quote:

“By requiring corporations and offshore entities to publicly disclose who truly owns them, public beneficial ownership laws are designed to prevent their owners from escaping the rule of law, which can mean preventing billionaires from evading tax as well as preventing sanctioned oligarchs, organized crime and human traffickers from laundering money and financing illegal activity.” The London-based Tax Justice Network advocacy group.

So, access is essential and is this enough? — Can’t you hear me knocking?

[1] “Can’t You Hear Me Knocking?” is a 1971 track from the Rolling Stones Sticky Fingers album. Rolling Stone magazine called it 25^th from the Top 100 best guitar songs of all time in 2004.