With the ink barely dry on the existing regime for verifying beneficial ownership—effective only in May 20183—the new approach set forth in the CTA will kick off yet another round of rulemaking that will ultimately need to be incorporated into compliance programs. Forthcoming implementing regulations will determine whether the CTA provides significant relief from the burden of verifying beneficial ownership of business entities or establish—at significant risk and expense—a duplicative regime that continues to place the majority of the responsibility on financial institutions.4
The CTA takes further steps in implementing FATF Recommendation 24 by adding an additional registry-based mechanism for obtaining beneficial ownership information of legal entities. It will create a vast federal database of legal entity ownership information, made up of personal information, which will then be available to be queried for national security, intelligence, and law enforcement purposes.5 It seems to us worthy of much more public debate whether establishing another government haystack of data concerning U.S. citizens (and other individuals) is justified given the potential for breach or abuse—and whether the controls envisaged for access are sufficient.6
Overview and Interplay With Existing Customer Due Diligence RuleThe CTA establishes a framework for "reporting companies" to supply "beneficial ownership information" to the U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN). These concepts are familiar from the existing customer due diligence rule (CDD Rule), although the CTA departs markedly from the CDD Rule in some respects (see below).7
Upon request, FinCEN then will issue a "FinCEN identifier" to entities and individuals who have reported such ownership information to FinCEN. "Any person required" to report beneficial ownership information to FinCEN may then use the FinCEN identifier in lieu of supplying the actual information.8
Subsequent disclosure by FinCEN is tightly circumscribed, but among other permitted uses the CTA provides that FinCEN will provide the information in response to "a request made by a financial institution subject to customer due diligence requirements, with the consent of the reporting company, to facilitate the compliance of the financial institution with customer due diligence requirements under applicable law."9
Financial institutions will thus be able to obtain beneficial ownership information from FinCEN, but the CTA is not clear how the institutions are to otherwise comply with their obligations to "know their customers" in this respect. Section (d) of the CTA provides additional insight by requiring the Treasury Secretary to rescind significant portions of the existing CDD Rule and replace them with regulations conforming to the regulations to be issued under the CTA.
In particular, the new regulations are to "account for the access of financial institutions to beneficial ownership information filed by reporting companies under [the CTA] … in order to confirm the beneficial ownership information provided directly to the financial institutions to facilitate the compliance of those financial institutions" with anti-money laundering and related "requirements under applicable law."10 After providing for duplicative collection and disclosure of beneficial ownership information (now to both FinCEN and the financial institutions), the CTA then also requires the Treasury Secretary to ensure the new rules "reduce any burdens on financial institutions and legal entity customers that are, in light of the enactment of this division and the amendments made by this division, unnecessary or duplicative."11
In other words, it appears the CTA intends to provide financial institutions with a means to "confirm" information it collects from its legal entity customers, not simply rely on the information provided to FinCEN by the reporting company. The CTA does not indicate, for example, if to "confirm" means the same as "verify" under the existing CDD Rule. The CTA also does not indicate that the financial institutions might use the new "FinCEN identifier" for this purpose – but much will likely be clarified in the regulations.
The CTA further stipulates that it "may [not] be construed to authorize" the Treasury Secretary to repeal the portion of the CDD Rule setting forth the general requirement for financial institutions to "identify and verify beneficial owners of legal entity customers" currently set forth in 31 CFR 1010.230(a).12 Again, the implementing regulations will presumably detail just how financial institutions are to perform such identity and verification functions under the new regime.
Finally (and encouragingly), the CTA obliges the Treasury Secretary to "consider…the use of risk-based principles for requiring reports of beneficial ownership information."13 A risk-based approach in the regulations that enables some companies to avoid reporting would need to be mirrored in the supervisory and enforcement approach applied to financial institutions in implementing their "know your customer" obligations, or it will represent the worst of both worlds: a lack of certainty that leaves financial institutions subject to the uneven expectations of their regulators without the ability to rely on the FinCEN database.
Reporting Companies and Beneficial OwnershipAs with the existing CDD Rule, the core concepts of the CTA concern what entities (reporting companies) are covered and what the criteria are for determining "beneficial ownership."
"Reporting company" is broadly defined by the CTA to include "a corporation, limited liability company, or other similar entity" either formed under the law of a state or Indian Tribe or under foreign law but registered to do business in the United States.14 This definition is consistent with the existing CDD Rule.
The list of exemptions from the "reporting company" definition is also generally consistent with the CDD Rule and includes companies with registered securities or subject to periodic filings with the SEC, government- or quasi-government entities, depository institutions, bank holding companies, money transmitters, broker dealers, exchanges, other entities registered with the SEC, registered investment companies or investment advisers, insurance companies, entities registered under the Commodity Exchange Act, futures or swap dealers, retail foreign exchange dealers, public accounting firms, public utilities, financial market utilities, pooled investment vehicles, certain tax-exempt organizations, and trusts.15 The current CDD Rule also exempts foreign financial institutions subject to local beneficial ownership rules by their home regulator, while the CTA does not.16
In contrast, the CDD Rule does not exempt trusts and subjects both tax-exempt organizations and pooled investment vehicles to the "control person" requirements (see below).17 With respect to the language relating to many of the individual "reporting company" exemptions, the CTA deviates from the usage in the existing CDD Rule. For purposes of conforming compliance programs, we hope the new rules illuminate the purpose behind any such differences and that the language has no major consequences in terms of the burden to revise existing policies and procedures.
The CTA adds additional exemptions that do not overlap with the existing CDD Rule for certain U.S. holding companies owned or controlled exclusively by U.S. persons that "operate exclusively to provide financial assistance to, or hold governance rights over" a tax-exempt entity, any entity with more than 20 full-time U.S. employees that has filed a tax return in the previous year showing consolidated gross receipts or sales of more than $5 million and has an operating presence at a physical office in the United States, any entity owned or controlled by an exempt entity (with some exceptions), and inactive companies in existence for over a year (subject to other conditions).18
The CTA also gives the "Secretary of the Treasury, with the written concurrence of the Attorney General and the Secretary of Homeland Security," the authority to exempt other entities if requiring beneficial ownership information "would not serve the public interest" and "would not be highly useful" in national security, intelligence, and law enforcement efforts.19
Beneficial Owner and Applicant
The CTA preserves the same structure as the existing CDD Rule in requiring information regarding persons controlling or owning 25 percent or more of the entity. But while the CDD rule stipulates that the so-called "control prong" of the rule applies only to a "single individual with significant responsibility to control, manage or direct" the legal entity, the CTA definition requires reporting concerning any "individual who…exercises substantial control over the entity."20
The CTA thus appears to contemplate more than one individual could be covered by the "control" element, even though it goes on to exclude "an individual acting solely as an employee … and whose control over or economic benefits from such entity is derived solely from [such] employment."21 In other words, while the CDD Rule requires the identification and verification of up to five individuals per entity, the CTA has no limit to the number of potential "beneficial owners" while also creating an interpretive challenge for reporting companies to determine who may have "substantial control."22 It is possible that Treasury may seek to add persons who exert control through personal connections, contractual associations or strategic or supervisory power to the definition of beneficial owners.
The CTA expands the number of individuals even further in that it also requires the report to include information regarding each "applicant" as well as each "beneficial owner." The CDD Rule requires a certification by the individual opening an account, but does not require such person to supply personal information. An "applicant" under the CTA is an individual who files an application to form a reporting company or registers a foreign entity to do business in the United States.
Each reporting company must submit the following information regarding each of its
beneficial owners and each applicant:
- Full legal name;
- Date of birth;
- Residential or business street address; and
- Unique identifying number from an "acceptable identification document" or FinCEN identifier.
"Acceptable identification documents" include a U.S. passport, government identification document, state driver's license, or—if the individual has none of these documents—a foreign passport.23 In this respect, the CTA deviates from the CDD Rule in that the CDD Rule relies on the underlying requirements for customer identification programs elsewhere in Title 31 and requires a "taxpayer identification number" for each U.S. individual (or evidence such number was applied for).24 The CTA also does not contemplate that foreign beneficial owners would be able to provide any other form of identification than a passport, which may make compliance difficult for individuals who currently rely on some other form of government-issued identification.
Effectiveness and Other Timing Aspects
The CTA reporting requirements are to "take effect on the effective date of the regulations prescribed by the Secretary of the Treasury … which shall be promulgated not later than 1 year after the date of enactment of this section."25 The Treasury Secretary is obligated to rescind the prescriptive requirements of the existing CDD Rule and issue replacement rules "[n]ot later than 1 year after the effective date" of such regulations.
These requirements will be highly complex to incorporate in new rules, and, doubtless, there will be a need for significant industry outreach and coordination—it is not clear to us how the new rules could be made effective before the CDD Rule is revised, but perhaps this could be accommodated through phasing in effective dates. We can hope lessons learned through the CDD Rule rulemaking will be leveraged for these new rules.
The CTA contemplates that new entities will report the required information to FinCEN "at the time of formation or registration."26 Entities already in existence at the time the CTA implementing regulations become effective must report the required information "in a timely manner, and not later than 2 years after the effective date of the regulations."27 Reporting companies must provide updated beneficial ownership information to FinCEN "in a timely manner, and not later than 1 year after the date on which there is a change."28
The CTA specifically requires Treasury to review the updating requirement to determine if a shorter period would be preferable and incorporate corresponding changes to the regulations within two years after the date of enactment of the CTA.29 Letting beneficial ownership information become stale by up to a year does not seem optimal, but the alternative of requiring more frequent updates is also not attractive.
The CTA also provides that FinCEN is to maintain the information for five years after the reporting company "terminates."30 State corporate codes generally refer to "dissolution" or "winding up," and so the concept of "termination" may require some elaboration in the regulations, but the intent is clearly for FinCEN to maintain the information well beyond the active life of the legal entity.31
The impact of the CTA will be significant and marks an important step in efforts to combat financial crimes and harmonize the U.S. legal regime with requirements in many other countries. Much will depend on the implementing regulations, and we can hope for a public discussion of the competing values at stake and a fuller airing of the many implications of the new requirements.
One important question not addressed above or in the CTA itself is whether the Treasury Secretary will take the opportunity to expand the beneficial ownership requirements to include money services businesses (such as money transmitters or providers of prepaid access), which were left out of the original CDD Rule. We will continue to monitor and report on these developments.
1 The William M. (Mac) Thornberry National Defense Authorization Act ("NDAA") for Fiscal Year 2021, H.R.6395 (Enrolled Bill), 116th Congress (2020) Sec. 6401-6403. In creating a national database of company ownership information, we fully expect the CTA to have other significant consequences in the areas of tax compliance and enforcement, litigation, government investigations and supervision, and privacy, just to name a few.
2 31 USC 5311 – 5330; see also, the BSA implementing regulations at 31 CFR Part 1010 et seq.
3 "FinCen Reminds Financial Institutions that the CDD Rule Becomes Effective Today," U.S. Department of the Treasury Financial Crimes Enforcement Network, 05.11.18.
4 The new rules are to be codified at 31 CFR Part 1010.
5 The CTA provides for disclosure following receipt of "a request, through appropriate protocols … from a Federal agency engaged in national security, intelligence, or law enforcement activity, for use in furtherance of such activity." NDAA, Section 6403 §5336(c)(2)(B), p. 1227.
6 Notably, the CTA also incorporates civil and criminal sanctions if a person willfully provides "false or fraudulent beneficial ownership information," or knowingly discloses or uses the information without authorization. Id. at, Section 6403, p. 1234.
7 81 F.R. 29398 (May 11, 2016), codified at 31 C.F.R. Part 1010.230 (for banks). The CDD Rule also included other AML requirements not relevant to beneficial ownership, but for simplicity we discuss here only the beneficial ownership provisions in contrasting the terms of the CTA.
8 NDAA, Section 6403 §5336(b)(3), p. 1226.
9 Id. at Section 6403, p. 1228.
10 Id. at Section 6403 §5336(d)(1)(B), p. 1237.
11 Id. at Section 6403 §5336(d)(1)(C).
12 Id. at Section 6403 §5336(d)(2)(B).
13 Id. at Section 6403 §5336(d)(3)(A).
14 Id. at Section 6403, p. 1220.
15 Id. at Section 6403, pp. 1220-1223. The terms of the CTA are highly technical, and we have paraphrased the exemptions here for editorial purposes.
16 Id. at Section 6403, p. 1220.
17 Id. at Section 6403, p. 1222.
18 Id. at Section 6403, pp. 1222-1223.
19 Id. at Section 6403, p. 1223.
20 Compare 31 CFR 1010.230(d) with NDAA, Section 6403 §5336(a)(3)(A)(i), p 1219.
21 NDAA at Section 6403 §5336(a)(3)(A)(iii), p. 1219.
22 Presumably to avoid circumvention of the beneficial ownership requirements, the CTA also bans the issuance of "bearer" certificates "evidencing either a whole or fractional interest in the entity." NDAA, Section 6403 §5336(f), p. 1234.
23 NDAA, Section 6403, p. 1218.
24 See, e.g., 31 CFR 1020.220(a) (prescribing customer identification program requirements for banks).
25 NDAA, Section 6403 §5336(c)(5), p. 1227.
26 Id. at Section 6403, p. 1224.
27 Id. at Section 6403 §5336(b)(1)(B), p. 1224.
28 Id. at Section 6403 §5336(b)(1)(D).
29 Id. at Section 6403 §5336(b)(1)(E)(iii).
30 Id. at Section 6403, p. 1227.
31 See, e.g., 8 Del. C. 1953, §271.