AML Compliance Update: Congress Passes Corporate Transparency Act
OVERVIEW: On January 1, 2021, as part of its annual defense spending bill, U.S. Congress passed the Corporate Transparency Act (CTA), which requires certain domestic and foreign companies to file beneficial ownership information with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).[1] The CTA is intended to combat the formation of anonymous shell companies by creating a national database identifying the real, natural owners (that is, the “beneficial owners”) of certain domestic and foreign companies.[2]
WHO? The CTA’s beneficial ownership reporting requirements apply only to reporting companies. Under the CTA, a reporting company is broadly defined as a “corporation, limited liability company, or other similar entity” that is either (1) “created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe” or (2) “formed under the law of a foreign country and registered to do business in the United States by the filing of a document with a secretary of state or a similar office under the laws of a State or Indian Tribe[.]”[3] Notably, according to the latter, the CTA does not apply to a foreign entity if the entity does not register to do business with a specific state. The CTA further excludes numerous broad classes of publicly traded and regulated entities, such as commercial banks, money-transmitting businesses, and insurance companies, as well as companies owned or controlled by those entities.[4] Moreover, the definition of a “reporting company” is further narrowed to exclude companies that (1) “employ[] more than 20 employees on a full-time basis in the United States”; (2) annually report in the previous year more than $5 million in gross receipts or sales to the Internal Revenue Service (IRS); and (3) “ha[ve] an operating presence at a physical office within the United States[.]”[5] Therefore, the CTA clearly targets unregulated “shell” companies with limited or no operations.
WHAT? Under the CTA, reporting companies are required to submit to FinCEN specified information on “beneficial owners” – that is, individuals who either (1) “own or control not less than 25 percent of the ownership interests” of the reporting company; or (2) exercise “substantial control” over the reporting company.[6] The CTA does not define “substantial control,” and therefore, reporting companies should monitor future implementing regulations and guidance regarding this definition.
Importantly, certain individuals are expressly excluded from the definition of “beneficial owner[.]”[7] Such excluded persons include but are not limited to (1) individuals acting solely as employees of a reporting company “whose control over or economic benefits from such entity is derived solely from [his or her] employment status”; (2) minor children, so long as the parent’s or guardian’s information is reported in accordance with the CTA; and (3) individuals acting as nominees, intermediaries, custodians, or agents on behalf of another individual.[8]
As to each beneficial owner, a reporting company must collect and report the (1) full legal name; (2) date of birth; (3) current residential or business street address; and (4) unique identifying number from an acceptable identification document, such as a state driver’s license, a U.S. passport, or other U.S. state-issued identification document.[9] If the beneficial owner does not hold any U.S.-issued identification documents, a non-U.S. passport number is required.[10] The reporting company need not report any financial information or other details about the reporting company’s operations.
WHEN? Reporting companies are not yet required to file beneficial ownership information with FinCEN. No later than a year after the CTA’s enactment, FinCEN must promulgate implementing regulations.[11] Once FinCEN promulgates these regulations, reporting companies will be required to report beneficial ownership information upon corporate formation, or within one year of any change in the initial beneficial ownership information.[12] Companies that already exist when FinCEN’s regulations are promulgated will have two years to file beneficial ownership information.[13]
THE CTA HAS SIGNIFICANT IMPLICATIONS FOR REPORTING COMPANIES
A. Shift of AML Compliance Burden onto Non-Financial Corporations
While questions remain as to the full implications of the CTA, one thing is certain: the CTA has shifted the AML compliance burden, and more specifically, beneficial ownership reporting, onto non-financial corporate entities.
To date, beneficial ownership reporting has fallen almost exclusively on financial institutions. Indeed, under the Bank Secrecy Act (BSA), and its implementing regulations, financial institutions, including, for example, commercial banks and broker-dealers,[14] are required to verify the identity of customers through robust customer identification programs and “know your customer” requirements.[15] On May 11, 2016, FinCEN issued the Customer Due Diligence Rule (CDD Rule), which clarified and strengthened customer due diligence requirements for covered financial institutions.[16] The CDD Rule, which required industry compliance by May 11, 2018, imposed obligations on certain financial institutions to obtain beneficial ownership information for legal entities. Presently, all covered financial institutions must “identify the beneficial owner(s) of each legal entity customer” when a new account is opened and must also “[v]erify the identity of each beneficial owner identified to the covered financial institution[.]”[17]
Like the CDD Rule, the CTA creates its own beneficial ownership reporting scheme for non-financial corporations. Under the new scheme, U.S. companies—and foreign companies registered in the United States—must determine whether they fall within the CTA’s definition, or a noted exemption. Although financial institutions subject to FinCEN’s CDD Rule appear exempt from the CTA’s reporting requirements, they must, nonetheless, consider the CTA’s implications on their own CDD and KYC practices. Indeed, a provision of the CTA specifically requires FinCEN to revise the CDD Rule to, among other things, “bring the rule into conformance with” the CTA.[18] Therefore, even though the CDD Rule is currently unchanged, financial institutions should be cognizant that FinCEN will likely pass additional regulations to either amend or clarify beneficial ownership obligations under the CDD Rule.
B. Potential Civil and Criminal Penalties for Non-Compliance
Reporting companies should be aware of the penalties associated with non-compliance. The CTA imposes both civil and criminal penalties. A “willful” reporting violation or the submission of a report containing false or fraudulent beneficial ownership information, is subject to a $500 per day civil penalty, and/or a maximum $10,000 criminal penalty and up to 2 years of imprisonment.[19] The CTA contains a safe harbor provision for negligent or honest violations.[20] In other words, a person will avoid liability for the submission of inaccurate information if the person “voluntarily and promptly, and in no case later than 90 days” after the submission of the original inaccurate report submits a report containing revised information.[21]
C. Beneficial Ownership Information-Sharing
Like other FinCEN databases, the beneficial ownership registry will not be publicly available, and the CTA imposes penalties for the unlawful disclosure of collected information.[22] The unauthorized disclosure of information collected under the CTA carries the same civil penalty; however, it carries a higher criminal penalty of up to $250,000 and up to 5 years of imprisonment.[23] Unauthorized disclosure includes both a disclosure by a government employee and a disclosure by a third-party recipient of information under the CTA.[24]
That said, the CTA does permit FinCEN to disclose beneficial ownership information, upon request, to U.S. federal law enforcement agencies, and even, financial institutions, with the consent of the reporting company, and in order to meet customer due diligence requirements.[25] As to the latter, the CTA provides that FinCEN shall “prescribe the form and manner” in which beneficial ownership information is shared with a financial institution. As such, reporting companies should continue to monitor future FinCEN guidance, which could ultimately impact their privacy interests.
[1] National Defense Authorization Act of 2021 (NDAA) § 6403.
[2] See id. § 6402(7)(A) & (8)(C).
[3] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(11)(A)).
[4] See id. § 6403(a) (adding 31 U.S.C. § 5336(a)(11)(B)).
[5] Id.
[6] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(3)(A)).
[7] See id. § 6403(a) (adding 31 U.S.C. § 5336(a)(3)(B)).
[8] Id.
[9] Id. § 6403(a) (adding 31 U.S.C. § 5336(b)(2)(A)).
[10] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(1)(D)).
[11] See id. § 6403(a) (adding 31 U.S.C. § 5336(b)(5)).
[12] See id. § 6403(a) (adding 31 U.S.C. § 5336(b)(1)).
[13] See id.
[14] See 31 U.S.C. § 5312(a)(2).
[15] See, e.g., 31 CFR § 1020.220.
[16] See FinCEN Customer Due Diligence Requirements for Financial Institutions, CDD Rule, 81 Fed. Reg. 29397 (May 11, 2016) (CDD Rule Release), https://www.gpo.gov/fdsys/pkg/FR-2016-05-11/pdf/2016-10567.pdf.
[17] 31 CFR § 1010.230.
[18] NDAA § 6403(a) (adding 31 U.S.C. § 5336(d)(1)).
[19] Id. § 6403(a) (adding 31 U.S.C. § 5336(h)(3)(A)).
[20] See id. § 6403(a) (adding 31 U.S.C. § 5336 (h)(3)(C)).
[21] Id.
[22] See id. § 6403(a) (adding 31 U.S.C. § 5336(c)(4)).
[23] Id. § 6403(a) (adding 31 U.S.C. § 5336 (h)(3)(B)).
[24] Id. § 6403(a) (adding 31 U.S.C. § 5336 (h)(2)).
[25] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(2)(B)).
