The Corporate Transparency Act: An Overview for Financial Institutions

This article surveys the implications of a new federal statute, the Corporate Transparency Act (“CTA”), for financial institutions and their business customers. The CTA will soon require most private companies in the United States to report the names of their beneficial owners to the Financial Crimes Enforcement Network (“FinCEN”), a division of the U.S. Treasury Department. This new structure will supplement the reporting that banks and other financial institutions currently do under FinCEN’s Customer Due Diligence Rule (“CDD Rule”).

Financial institutions will have the option to use that reported information in their own diligence. The CTA will present unique new regulatory issues for institutions to understand across multiple departments.

Background to the Corporate Transparency Act

Congress passed the CTA as part of a broader anti-money laundering (“AML”) law, the Anti-Money-Laundering Act of 2020. The CTA is codified at 31 U.S.C.A. section 5336. To aid AML law enforcement, the CTA requires most privately held U.S. companies (“Reporting Companies”) to begin disclosing their beneficial owners to FinCEN. While the CTA became law in 2020, most of its provisions will not take effect until the Treasury Department finalizes the implementing rules that are currently in draft form.[1] We expect the rules to be finalized in several stages, beginning as soon as summer 2022.

The New CTA Reporting Requirements

A company that is subject to the CTA (further detailed below) must report information that includes (i) the name of the Reporting Company; (ii) the names of the “applicants” who registered the Reporting Company in its state of organization; and (iii) information about the Reporting Company’s “beneficial owners.”

The CTA’s definition of “beneficial owner” is similar to the same term’s definition in the CDD Rule (31 C.F.R. section 1010). Financial institutions should assess beneficial owner definitions separately for CTA and CDD purposes, however. The two differ, and the final CTA Treasury rules may make them more different still. In the CTA, a beneficial owner is generally an individual who either holds or controls 25% or more of a company’s ownership interest (the “ownership test”) or “exercises substantial control over” the Reporting Company (the “control test”). The control test is fact-specific and can require close analysis. It likely will apply to company management (directors of a corporation, managers of a limited liability company) as well as a company’s senior officers.

Both CTA tests consider any way in which a person can own or control a company, through “any contract, arrangement, understanding, relationship or otherwise” and directly or indirectly. Intermediary companies in the structure do not “block” the reporting duty. In other words, a person who has the requisite control or ownership cannot avoid disclosing their name to FinCEN by simply transferring their shares or other equity into a holding company.

The report for each beneficial owner must include the person’s legal name, birth date and address. The report must include a unique identifying number for each owner, which could be a driver’s license number or a new number to be issued by FinCEN. This applies to beneficial owners both within and outside the United States.

A person who willfully provides false information in a required report or willfully fails to make a required report may be subject to civil fines or imprisonment or both.

When Companies Must Report

A Reporting Company formed after the CTA’s final effective date will have a short period of time (14 days, in the draft rule’s current form) to make its first report to FinCEN. A Reporting Company already in existence on the CTA’s effective date will have a longer grace period to make its first report (one year, in the draft rule). All Reporting Companies must update their reports whenever their reportable information changes. For example, when companies add and remove equity owners or are acquired, updated reports may be required.

Which Types of Companies Must Report

Reporting Companies include most private companies, from restaurants and software developers to limited liability companies used in real estate. They include any “corporation, limited liability company, or other similar entity” that is formed either (a) by filing documents with a U.S. state or Indian Tribe or (b) in a foreign country and registered to do business in the U.S.

This definition has many exemptions, however. Most exemptions involve companies that present some other reason to believe they are not engaging in money laundering – for example, they are well-established, or in regulated industries. The many exemptions include:

• Various financial services companies, including banks, credit unions, money transmitting businesses, brokers and dealers, insurance companies, accounting firms, certain investment advisors and certain pooled investment vehicles.
• Large domestic companies – those that have an operating presence at a physical office in the U.S., have more than 20 employees in the U.S. and reported more than $5 million in annual gross receipts or sales.
• Dormant domestic companies. To qualify for this exemption, a company (a) must have existed for more than one year and not be engaged in “active business,” (b) must not be owned directly or indirectly owned by foreign persons or companies, (c) must not in the past twelve months have had a change in ownership or sent or received funds in an amount more than $1,000, and (d) must hold no assets of any type (including ownership interests in any company).
• Certain tax-exempt entities and related entities.
• Quasi-governmental companies organized under federal, state, city or Indian Tribal law and exercising governmental authority on behalf of those entities.

Financial Institution and Law Enforcement Access to Reported Information

Information reported to FinCEN will not be published. (And the CTA contains strict confidentiality provisions meant to ensure ownership information is not leaked). FinCEN will share reported information with federal law enforcement on request, however, and will share it with state, local and Tribal law enforcement upon court order. FinCEN will also share the information with U.S. federal agencies who request it to share with foreign countries’ law enforcement in many cases. In addition, FinCEN may share the reported information with the Internal Revenue Service or other federal agencies.

The CTA also allows financial institutions to use the data it yields. Financial institutions may request the data from FinCEN for the institutions’ own compliance efforts under the CDD Rule. To do so, financial institutions must secure the consent of the Reporting Company in question. Financial institutions may be able to capture this consent through a standard customer agreement; alternatively, a more specific agreement may be required at the time an institution wishes to make the request to FinCEN.

Congress intends that the CTA will be helpful to financial institutions. The Act requires FinCEN to collect the data from Reporting Companies “in a form and manner that ensures the information is highly useful” to financial institutions for their AML, anti-terrorism and CDD efforts.

What Financial Institutions Can Do Now to Prepare for the CTA

While the FinCEN regulations to implement the CTA have not yet taken effect, the language in the statute itself gives institutions enough detail to begin planning now. Once the Act takes full effect, banks and other institutions may wish to implement new business processes quickly. Steps that financial institutions can begin now include the following:

1. Establish internal subject matter expertise. Personnel in Legal, Compliance or similar functions should review the CTA and follow the rulemaking.
2. Understand the interplay between the CTA and local state laws. The state-by-state variations in laws regulating financial institutions may affect the ways in which an institution proceeds.
3. Consider updating customer-facing agreements to secure new customers’ authorization for institutions’ information requests to FinCEN. For existing customers, consider whether previously-agreed customer agreements sufficiently capture that consent. Depending on the ways in which an earlier customer agreement is drafted, and on the applicable state law that governs that agreement, a customer may need to sign an updated version.
4. Consider updating Privacy Policies or Privacy Disclosures. Privacy Policies and Privacy Disclosures, whether online or in hard copy, establish institutions’ compliance with multiple obligations. They help banks comply with the federal Gramm-Leach-Bliley privacy rules and state privacy laws and with the Terms of Use of software applications that banks often use to power their websites or make or accept payments. If institutions wish to begin sharing customer ownership information with FinCEN, they may need to update these privacy documents to disclose that as well.
5. Prepare to update internal AML policies. AML policies should consider what changes in internal investigations and work flows, if any, may result from the CTA.
6. Prepare to train customer-facing personnel. As noted above, financial institutions in some cases may ask customers for their consent to communicate about companies and their beneficial owners with FinCEN. Customer-facing personnel should be given training in fielding customer questions about this process and discussing them with supervisors.
7. Plan for cannabis-sector issues. For those financial institutions that support customers in legal cannabis-related and CBD-related businesses, the CTA presents additional considerations. Customers who are asked for consent to share their information with a new FinCEN database that is shared with law enforcement, for example, may have concerns to consider.

Perkins Thompson’s Banking and Financial Services practice group counsels national and state banks, credit unions and other financial institutions.

Adam Nyhan is an attorney in the Banking & Financial Services, Business & Corporate and Intellectual Property & Technology practices at Perkins Thompson, P.A. He has represented more than a dozen financial institutions, including local and multinational banks, credit and debit card networks, payment processors and money transmitters. Adam also counsels businesses in cryptocurrency and non-fungible token (NFT) matters.

Related Content:

• Non-Fungible Tokens Make First Appearances in U.S. Courts
• New California Privacy Law Bars “Dark Patterns” That Hinder Opt-Outs

[1] The first rule, as proposed by Treasury in December 2021 and not final as of this article’s publication, may be found at https://www.govinfo.gov/content/pkg/FR-2021-12-08/pdf/2021-26548.pdf.