Covered Companies Must Report Beneficial Ownership to National Database Upon Incorporation

First Blog Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

Change is upon us.  The U.S. House and Senate have passed – over a Presidential veto – the National Defense Authorization Act (“NDAA”), a massive annual defense spending bill.  As we have blogged, this bill, now law, contains historic changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors. This sweeping legislation will affect financial institutions, their clients, and law enforcement and regulators for many years.  This will be the first post of many on these important legislative changes, which should produce related regulatory pronouncements throughout 2021.

Today, we will focus on the enactment that has received the most attention:  the NDAA’s adoption of the Corporate Transparency Act (“CTA”) and its requirements for covered legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own AML compliance obligations.  The issue of beneficial ownership and the misuse of shell corporations has been at the heart of global AML regulation and enforcement for many years.  This legislation will be held out as a partial but important response to the continuing critiques by the international community of the United States as a haven for money laundering and tax evasion, often due to the perception that U.S. and state laws on beneficial ownership reporting are lax.

Beyond “just” the CTA, the breadth of the BSA/AML legislation is substantial. We have discussed BSA/AML reform for years, and many of the reforms (acknowledging that the word “reform” often involves a value judgment, and whether a particular change represents “reform” is typically in the eye of the beholder) that have been repeatedly bandied about by Congress, industry, think tanks and law enforcement are incorporated into this legislation, or at least referenced as topics for further study and follow-up.  We therefore will be blogging repeatedly on the many and various components of this legislation, which implicates a broad array of key issues: BSA/AML examination priorities; attempting to modernize the BSA regulatory regime, including by improving feedback by the government on the usefulness of SAR reporting; potential “no action” letters by FinCEN; requiring process-related studies tied to the effectiveness and costs of certain BSA requirements, including current SAR and CTR reporting; increased penalties under the BSA for repeat offenders; greater information sharing among industry and the government; enhancing the ability of the government to investigate the use of correspondent bank accounts; cyber security issues; focusing on trade-based money laundering; adding a whistleblower provision to the BSA; and including dealers in antiquities to the definition of “financial institutions” covered by the BSA.

The Stated Need for Greater Transparency Regarding Beneficial Ownership

Section 6402 of the NDAA, entitled “Sense of Congress,” lays out the motivation behind imposing the requirement for beneficial ownership reporting under the CTA.  This section – which repeats in part various critiques of the U.S. by the international community – states that “more than 2,000,000 corporations and limited liability companies are being formed under the laws of the States each year[,]” and that “most or all States do not require information about the beneficial owners of the corporations, limited liability companies, or other similar entities formed under the laws of the State[.]”  Further, “malign actors seek to conceal their ownership of corporations, limited liability companies, or other similar entities in the United States to facilitate illicit activity[,]” and – in a rhetorical turn of phrase – “money launderers and others involved in commercial activity intentionally conduct transactions through corporate structures in order to evade detection, and may layer such structures, much like Russian nesting Matryoskka dolls, across various secretive jurisdictions such that each time an investigator obtains ownership records for a domestic or foreign entity, the newly identified entity is yet another corporate entity, necessitating a repeat of the same process[.]”  Accordingly, the beneficial ownership reporting requirements were deemed necessary to set clear Federal standards; protect the national security interests of the United States; protect commerce; and “bring the United States into compliance with international anti-money laundering and countering the financing of terrorism standards[.]”

The Reporting Requirements

Section 6403 of the NDAA, entitled “Beneficial ownership information reporting requirements,” sets forth the following requirements:

• Certain corporations and limited liability companies, as defined (see below), must disclose their beneficial owners (“BOs”) to FinCEN at the time the company is formed.
• Minimum BO disclosure requirements, including the BO’s full name, date of birth, current address, and unique identifying number from an acceptable identification document, or an acceptable FinCEN identifier – which is a new identifier issued by FinCEN and exclusive to a particular individual or entity.  The concept of a FinCEN identifier, created in order to alleviate privacy and cybersecurity concerns, is new to BSA/AML regulation.
• Covered companies must file annually with FinCEN a list of their current BOs, and a list of any changes in BOs that occurred during the previous year.
• Entities in existence before the effective date of the regulations must disclose their BOs to FinCEN no later than two years after the effective date of the regulations.
• Civil and criminal penalties to be imposed on those who willfully submit false or fraudulent BO information, or who knowingly fail to provide complete or updated BO information.

The key provision here is the definition of a “beneficial owner.” With certain exceptions, noted below, the CTA broadly defines a “beneficial owner” as “an individual who, directly or indirectly through any contract, arrangement, understanding, relationship or otherwise– ”

(i)   exercises substantial control over the entity; or

(ii)  owns or controls not less than 25 percent of the ownership interests of the entity.

In order to identify true BOs, the definition of “beneficial owner” excludes nominees, intermediaries, custodians or agents, as well as any individual acting solely as an employee of the entity and whose control is derived solely from their employment status. Language in prior iterations of the CTA including as BOs anyone who “receives substantial economic benefits from the assets of a corporation or limited liability company” was dropped.  This is a positive development, given the vagueness of such language.  Importantly, this current definition, with its “control” and “ownership” prongs, aligns with the definitions within FinCEN’s existing BO regulation which is part of the Customer Due Diligence Rule (“CDD Rule”) implemented in 2018.  This alignment will be critical for financial institutions checking the beneficial ownership information they collected from their customers under the CDD Rule against the new database.  However, as we discuss near the end of this post, the definition of a “reporting company” covered by the CTA does not align with the definition of “legal entity customer” under the CDD Rule.

The CTA defines “reporting company” as a corporation, limited liability company, or other similar entity that is created by the filing of a document with a secretary of state or a similar office of the law of a State or Indian Tribe, or is formed under the law of a foreign country and registered to do business in the United States through the filing of a document with a State or Indian Tribe.  The CTA therefore clearly extends to foreign entities.  The definition of “reporting company” does not encompass entities that are created without the filing of a document with a State or Indian Tribe government, such as certain trusts – a potential loophole.

The CTA contains key explicit exemptions from its definition of a covered “reporting company.” Companies are exempt if they have a physical presence in the United States, over 20 full-time employees in the United States, and file U.S. federal income tax returns reporting more than $5 million in gross receipts or sales – under the logic that companies that employ this many people in the United States and that have substantial reported income are unlikely to be shell companies serving as vehicles for money laundering. Federally regulated banks, credit unions, investment advisers, broker-dealers, state-regulated insurance companies, churches, and charitable organizations are also exempt from coverage, given their already highly-regulated status.

The BO Database: Its Use

Section 6403(c) of the NDAA, titled “Retention and Disclosure of Beneficial Ownership Information by FinCEN” sets forth who may have access to the BO information reported to FinCEN.  BO information reported to FinCEN under the CTA is available, upon request, to:

• Federal agencies engaged in national security, intelligence, or law enforcement activity, for use in furtherance of such activity;
• State, local, or Tribal, law enforcement agencies, if a court of competent jurisdiction, including any officer of such a court, has authorized the law enforcement agency to seek the information in a criminal or civil investigation;
• Federal agencies on behalf of a law enforcement agency, prosecutor, or judge of another country pursuant to an international treaty, agreement, convention, or as otherwise provided by the CTA;
• Financial institutions subject to customer due diligence requirements, with the consent of the reporting company, to facilitate compliance with the institutions’ due diligence requirements under applicable law; and
• Federal functional regulators or other appropriate regulatory agencies.

§§ 6403(c)(2)(B)(i)-(iv). The potential availability of BO information to foreign agencies reflects the increasingly international aspect of criminal and regulatory investigations and enforcement actions, and presumably will enhance the ability of the United States to obtain reciprocal information from other countries.

The CTA restricts access to the BO database to users at the requesting agency: (1) who are directly engaged in the applicable authorized investigation or activity; (2) whose duties or responsibilities require such access; (3) who have undergone appropriate training or use staff to access the database who have undergone such training; (4) who use appropriate identity verification mechanisms to obtain access to the information; and (5) who are authorized by agreement with the Secretary of the Treasury (“Secretary”) to access the information.  § 6403(c)(3)(G).  In order to address privacy concerns, the CTA also requires the requesting agency to establish and maintain a secure system in which BO information provided by the Secretary shall be stored and requires the requesting agency to provide a report to the Secretary that describes the procedures established and utilized by the agency to ensure the confidentiality of the BO information.  §§ 6403(c)(3)(C)-(D).

Penalties for False Reporting, Incomplete Reporting or Improper Disclosure, and a Safe Harbor

Section 6403(h)(3) of the NDAA outlines both criminal and civil penalties for reporting violations and unauthorized disclosure or use violations.

Reporting violations include willfully providing, or attempting to provide, false or fraudulent beneficial ownership information, and willfully failing to report complete or updated beneficial ownership information. Such violations will result in (1) civil penalties of not more than $500 for each day that the violation continues or has not been remedied; and (2) criminal penalties of a fine not to exceed $10,000 or imprisonment for not more than 2 years, or both.

A disclosure violation occurs when a person knowingly discloses or uses beneficial ownership information submitted to, or disclosed by, FinCEN.  The penalties for unauthorized disclosure or use violations are: (1) a civil penalty of not more than $500 for each day that the violation continues or has not been remedied; (2) a criminal penalty of a fine not to exceed $250,000 and imprisonment for not more than 5 years, or both; or (3) while violating another law of the United States or as part of a pattern of any illegal activity involving more than $100,000 in a 12-month period, a fine of not more than $500,000 or imprisonment for not more than 10 years, or both.

A safe harbor provision exempts from penalties for reporting violations a person who has reason to believe that any report previously submitted by that person contains inaccurate information and who, in accordance with regulations issued by the Secretary, voluntarily and promptly, and within 90 days of submitting the report, submits a report containing corrected information.  § 6403(h)(3)(C).  However, this safe harbor provision does not apply if, at the time the person submits the report, the person acts for the purpose of evading the reporting requirements and has actual knowledge that information contained in the report is inaccurate.  § 6403(h)(3)(C)(i)(II).

Potential Impact on the CDD Rule

Since 2018, as part of the requirements under the CDD Rule, financial institutions have been identifying and verifying the identity of the BOs of all legal entity customers.  The BO information financial institutions currently collect is nearly identical to the information the CTA requires reporting companies to provide directly to FinCEN.  To address this and other overlaps, the CTA requires FinCEN to revise the CDD Rule to, among other things, “bring the rule into conformance with” the CTA, and “reduce any burdens on financial institutions and legal entity customers that are, in light of the [CTA], unnecessary or duplicative.”  For this reason, generally speaking, financial institutions have welcomed the passage of the CTA.  But it remains to be seen just how much of an impact it will have on reducing existing compliance burdens.

Congress made clear that the CTA should not “be construed to authorize [FinCEN] to repeal the requirement that financial institutions identify and verify beneficial owners of legal entity customers under” the CDD Rule.  Thus, the CDD Rule will remain in place.  Nonetheless, the CTA will ease financial institutions’ compliance burdens by granting them access to the BO information filed by reporting companies with FinCEN.  This will allow financial institutions “to confirm the beneficial ownership information provided directly to [them] to facilitate [their] compliance . . . with anti-money laundering, countering the financing of terrorism, and customer due diligence requirements.” § 6403(d)(1)(B).

But access to the database, while helpful, would be much more helpful if FinCEN aligned the definition of “legal entity customer” under the CDD Rule with the definition of “reporting company” under the CTA.  As noted above, U.S. companies are exempt from the CTA’s reporting requirement if they have a physical presence in the United States, over 20 full-time employees and federal income tax returns reporting more than $5 million in gross receipts.  Under the CDD Rule, unless such companies are publicly held, financial institutions must identify and verify the identity of their BOs.  Thus, access to FinCEN’s database will not be of any aid here.

Similarly, while foreign corporations registered to do business in the United States are covered under the CTA, foreign companies not registered with any state are not.  This excludes unregistered foreign shell and other corporations from the requirement of providing BO information to FinCEN.  Yet, unregistered foreign corporations maintain U.S. bank accounts, and financial institutions are required by the CDD Rule to collect and verify their BO information without access to any information from FinCEN’s database.  Thus, one way in which FinCEN could reduce financial institutions’ burden would be to conform the CDD Rule’s definition of “legal entity customer” with the CTA’s narrower definition of “reporting company.”

Studies on the Effectiveness of Current and Future BO Reporting

In addition to requiring FinCEN to revise the CDD Rule to align better with the CTA, Section 6502 of the NDAA also requires the U.S. Government Accountability Office and the Secretary of the Treasury to conduct several studies on topics related to BO information reporting and submit their findings to Congress within two years.  The required studies include the following topics:

(1) the effectiveness of incorporation practices implemented under the CTA, with regard to (a) providing national security, intelligence and law enforcement agencies with prompt access to BO information, and (b) strengthening the capability of national security, intelligence, and law enforcement agencies to combat incorporation abuses and misconduct and detect, prevent, or prosecute money laundering, the financing of terrorism, proliferation finance, serious tax fraud, or other crimes;

(2) using technology to avoid duplicative layers of reporting obligations and increase the accuracy of BO information, to include a review of the effectiveness of FinCEN identifiers;

(3) whether the entities that have been explicitly excluded from the definition of a reporting company under the CTA nonetheless pose significant risks of money laundering, the financing of terrorism, or other crimes; and

(4) the procedures of the States for forming or registering partnerships, trusts or other legal entities and their procedures for providing BO information, and whether the lack of BO reporting for such entities raises concerns about the use of these entities in money laundering, tax evasion, securities fraud, and the impeding of investigations.

In the fourth study noted above – which is to be performed by the Office of the Comptroller of the Currency (“OCC) – the OCC also is charged with determining whether “the failure of the United States to require [BO] information for partnerships and trusts formed or registered in the United States has elicited international criticism.”  If so, the OCC should report on “what steps, if any, the United States has taken, is planning to take, or should take in response” to such criticism.  This study therefore acknowledges directly the international critiques of the United States noted at the beginning of this post, as well as potentially important loopholes in the CTA reporting regime.

The Future?

We blogged on a May 2019 hearing before the U.S. Senate Committee on Banking, Housing and Urban Affairs, during which representatives of FinCEN, the FBI and the Office of the Comptroller of the Currency (“OCC”) stressed the advantages to be reaped by law enforcement, regulators and the public if a national database of BOs was required.  This was one of the many hearings which ultimately led to the legislation just enacted.  We repeat here the views expressed by the OCC at that hearing regarding why a centralized database for the maintenance of beneficial ownership information was needed.  According to the OCC, the database would allow law enforcement to focus on substantive investigations, rather than spending time on obtaining and verifying beneficial ownership information. Second, it would reduce the regulatory burden on banks by providing them with an easier and more efficient method for verifying beneficial ownership information. Third, a central database would allow banks to spend less time on “training, reporting and processing paperwork.” Finally, legal entity customers would benefit by not having to supply their banks with the often burdensome and duplicative information currently required.  Now that the database is a reality, time will tell if these predictions actually materialize. Clearly, many practical details regarding BO reporting remain to be worked out through future regulation and the effectiveness studies required by Congress.