Let’s Revisit the Corporate Transparency Act ast spring, we briefly discussed the Corporate Transparency Act (CTA). During that discussion, we discussed what the CTA is, who must comply, what is needed for beneficial ownership information (BOI) reports, exemptions, effective dates and the three rulemakings planned to implement the CTA. As a financial institution (FI), you are exempt from the CTA; however, many of your business customers are not. It is important for you, as their FI, to initiate a conversation regarding what the CTA is, how it will affect your customers and any future penalties for noncompliance. When Does BOI Reporting Become Effective? Effective Jan. 1, 2024, it became mandatory for many companies in the U.S. to file BOI reports regarding their beneficial owners to the Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury. Filing these reports is simple, secure and free of charge. Reporting companies created or registered prior to Jan. 1, 2024, will have until Jan. 1, 2025, to report BOI. Reporting companies created or registered in 2024 must report BOI within 90 calendar days after receiving actual or public notice that its creation or registration is effective. Lastly, reporting companies created or registered on or after Jan. 1, 2025, must file BOI within 30 calendar days after receiving actual or public notice that its creation or registration is effective. Once the initial report is filed, both existing and new reporting companies will have to file updates within 30 days of a change in their BOI. The BOI reporting rule is one of three rulemakings planned to implement the CTA. Rule Two/Access Rule. On Dec. 21, 2023, FinCEN issued a final rule implementing the Access Rule. The Access Rule prescribes the circumstances under which BOI reported to FinCEN may be disclosed to authorized BOI recipients and how it must be protected. The Access Rule reflects FinCEN’s careful consideration of detailed public comments received in response to its Dec. 16, 2022, “Notice of Proposed Rulemaking” on the topic, along with extensive interagency consultations. The rule states FinCEN is authorized to disclose BOI under specific circumstances to six categories of recipients: (1) U.S. federal agencies engaged in national security, intelligence or law enforcement activity; (2) U.S. state, local and tribal law enforcement agencies; (3) foreign law enforcement agencies, judges, prosecutors, central authorities and competent authorities (foreign requesters); (4) financial institutions using BOI to facilitate compliance with customer due diligence (CDD) requirements under applicable law; (5) federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions for compliance with CDD requirements under applicable law; and (6) treasury officers and employees. Each category of authorized recipients will be subject to specific security and confidentiality requirements, in line with the CTA, to protect the security and confidentiality of BOI. To access BOI, domestic agencies must satisfy several security and confidentiality requirements set out in the CTA and the Access Rule. The requirements include establishing standards and procedures to protect the security and confidentiality of BOI, entering into an agreement with FinCEN specifying those standards and procedures, establishing and maintaining a secure system for storing BOI, establishing and maintaining auditable BOI request records, restricting access to BOI, conducting audits and providing FinCEN with reports and certifications. Financial institutions that obtain BOI from FinCEN must develop and implement administrative, technical and physical safeguards reasonably designed to protect the information. Financial institutions will be able to satisfy this requirement by applying to BOI the same security and information handling procedures they use to protect customers’ nonpublic personal information in compliance with Section 501 of the Gramm‑Leach-Bliley Act and its implementing regulations. For each BOI request that it makes, a financial institution will have to certify that the request satisfies applicable criteria. Certain geographic restrictions will also apply. L By Murphy Ray Jr., FORVIS 16
RkJQdWJsaXNoZXIy MTg3NDExNQ==