Since January 1, 2024, the U.S. government now requires many firms to report information about who ultimately owns and controls them as an effort to ‘make it harder for bad actors to hide or benefit from their ill-gotten gains through shell companies or
other opaque ownership structures’.
The new requirement is enforced through the Beneficial Ownership Information (BOI) Reporting Rule, the first of three rules in this area required by the Corporate Transparency Act (CTA). It requires firms to submit details of their beneficial owners, i.e.,
those people who benefit from ownership or control of the company, to the Financial Crimes Enforcement Network (FinCEN). While the theory behind the new rule is clear, in practice, things become a little more complicated.
Unanswered Questions and Strategic Considerations
Details of the rule have been set out online and many useful resources have been created including an educational outreach program to walk companies through the new reporting rules and offer guidance on how they can stay compliant. However, several important
questions remain. For instance, how will the provisions of the BOI reporting and access to information reported to FinCEN rules be incorporated into the current customer due diligence (CDD) rule? And how will the current CDD rule change?
Furthermore, how should a regulated financial institution (FI) incorporate BOI reporting and access to information reported to FinCEN rules into their anti-Money laundering (AML) and CDD efforts? What impact should the reporting of BOI for a reporting company
by a company applicant have on the risk rating for that company? Perhaps more importantly, when access to the data reported to FinCEN is requested by an FI, how should the lack of consent by a reporting company be incorporated into the risk rating for that
Certainly, the period between the effective date of the reporting rule and the reconciliation of the CDD rule to the CTA will cause confusion. Firms can’t wait for this clarification to be made before any action is taken so what specifically can be done
Navigating the Grey Areas
FIs now need to be thinking about how they will upgrade their policies, procedures and, importantly, their overall and customer risk assessment methodologies to address BOI availability, access, and reconciliation.
It is also not a far-fetched idea that regulators might use their ability set forth in 31 CFR 1010.955(b)(4) of the proposed access to information reported to FinCEN regulation to compare information reported to FinCEN to that acquired by the FI during its
risk-based CDD process, requiring them to justify each difference. This will call into question processes that may not have been challenged previously, such as the risk-based approach used to collect and assess the BOI available to them.
It’s for this reason that FIs should request access to the BOI from the reporting company. If access is not granted, the risk rating for that customer should minimally increase. Policies should also be set forth outlining when a customer or potential customer
should no longer be considered, given the fact that access was not granted.
Keeping a close eye on the evolving global landscape
Finally, while the CTA’s and FinCEN’s final and proposed rules impose strict confidentiality and access requirements regarding BOI, unlike the European Union’s (EU) Fifth AML Directive (5AMLD), the decision by the European Court of Justice to limit unfettered
public access to BOI will undoubtedly have a dampening effect on CDD and the inclusion of BOI in that process. Global FIs, including those based in the EU, will need to closely monitor events in this area.