As we recently blogged (here and here), the Financial Crimes Enforcement Network (“FinCEN”) recently issued a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”). The NPRM is the first in a series of three rulemakings that FinCEN will issue to implement the CTA. It sets forth FinCEN’s proposed reporting requirements, i.e., who must file a report on beneficial ownership information (“BOI”), what information must be reported, and when reports will be due.
In response, FinCEN received over 230 comments (see FinCEN’s press release here). We focus here on comments from two key players: the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”), which highlight the industry perspective of banking institutions (These groups also commented previously on FinCEN’s Advance NPRM regarding the CTA’s implementation, which we blogged about here and here).
The CTA, passed as part of the Anti-Money Laundering Act of 2020 (“AML Act”), requires certain legal entities to report their beneficial owners (“BOs”) to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) compliance obligations, particularly FinCEN’s existing Customer Due Diligence Rule (“CDD Rule”) for legal entity customers implemented in 2018.
Under the existing CDD Rule, covered financial institutions must collect and verify BOI from certain entity customers and maintain records of such information. But until now, entities did not have to report directly such information to the government. The CTA makes companies (like LLCs and corporations) subject to BOI reporting requirements. The CTA also requires FinCEN to revise the existing CDD Rule to try to make it consistent with the CTA and remove any unnecessary or duplicative burdens.
The ABA (which represents large banks) and the BPI (which represents universal, regional, and major foreign banks) each submitted lengthy comment letters, showcasing their strong interest in how these reporting requirements shake out. As the ABA observes, it will be difficult to determine how these reporting requirements will fit in with bank responsibilities until FinCEN issues its other rulemakings. Still, both groups recommend making several modifications to the proposed reporting requirements now—mainly aligning the NPRM with the existing CDD Rule—to minimize future burdens on banks and their customers. Both groups propose similar modifications, but there are some differences. We summarize the most salient points in this post.
Overall, these comments make clear that the ABA and the BPI continue to support creation of the FinCEN registry as a way to drive down the cost of regulatory compliance for banks. Both groups suggest, however, that such a benefit could be outweighed if the final reporting requirements stray too far from the existing CDD Rule. As both groups observe, any significant change from the current CDD Rule will require banks to divert significant resources to comply with the new requirements, at the expense of other AML efforts.
Covered Businesses and Exempt Entities
Both the ABA and the BPI weigh in on who should be required to report BO information to FinCEN. In general, neither group takes issue with the NPRM’s proposed definition of “reporting company” or its 23 exemptions (though the ABA does recommend eliminating the distinction between “domestic” and “foreign” entities as unnecessary).
However, both groups recommend exempting the same entities under the NPRM and the CDD Rule to reduce burdens and confusion on banks and customers seeking to comply with both rules. For instance, both groups recommend that FinCEN add exemptions currently included in the CDD Rule, including exemptions for state-chartered banks and trust companies (which are subject to substantial federal or state regulation) and pension plans established under the Employee Retirement Income Security Act of 1974 (“ERISA”) (which otherwise present low money laundering risks). Both groups also recommend adding the NPRM’s exemption for “large operating companies” to the revised CDD Rule and generally support the proposed “subsidiary exemption,” which would exempt reporting companies owned by one or more exempt entities (with some minor modifications or clarifications).
The ABA nonetheless encourages FinCEN to reassess these exemptions after the rule has been in effect for a period of time. The ABA and the BPI also diverge as to whether exempt entities should be required to report their exemption status to FinCEN. The ABA “opposes” such a requirement because it would burden both filers and registry managers. The BPI, however, “[s]trongly support[s]” such a requirement (at least a voluntary one) because it would enhance the usefulness of the database.
What Information Must be Provided
Both the ABA and the BPI also weigh in on the types of information reporting companies must provide to FinCEN. Under the CTA, reporting companies must identify each qualifying BO of the reporting company and each company applicant by: (1) “full legal name,” (2) “date of birth,” (3) “current, as of the date on which the report is delivered, residential or business street address,” and (4) “unique identifying number from an acceptable identification document;” or, if this information has already been provided to FinCEN, by a FinCEN identifier. Both groups generally support these requirements with some modifications and clarifications. Each group’s recommendations primarily relate to the NPRM’s proposed definition of “beneficial owner,” and address and identifier requirements.
Definition of Beneficial Owner
Subject to exceptions, the CTA defines the term “beneficial owner” to mean “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise (i) exercises substantial control over the entity; or (ii) owns or controls now less than 25 percent of the ownership interests of the entity.”
As noted in our blog post on the NPRM, the NPRM’s definitions of “substantial control” and “ownership interest” do not track the definitions of the same terms in the current CDD Rule—the NPRM’s terms are broader and less clear. Not surprisingly, both the ABA and the BPI urge FinCEN to harmonize these terms to minimize future burdens and costs on banks and their entity customers.
For instance, the NPRM requires a reporting company to identify any and all individuals who satisfy the “substantial control” prong—a marked expansion of the CDD Rule, which currently requires entity customers to report only one BO under its substantial control prong. Both the ABA and the BPI recommend that FinCEN follow the existing CDD Rule on this point. As both groups explain, banks have borne significant costs to develop operational systems that comply with the CDD Rule’s less complex control prong—which (as the BPI notes) has itself generated “significant implementation challenges” and required substantial guidance from FinCEN. The ABA thus contends that “[a]ny result from FinCEN’s rulemakings that subsequently requires banks to add additional individuals to a bank’s operational systems will require fundamental changes to those systems, which increases cost and burden, while introducing unnecessary complexity and regulatory risk.”
The NPRM also greatly expands the “ownership” prong. Under the CTA, a BO is “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise . . . owns or controls not less than 25 percent of the ownership interests of the entity.” Unlike the CDD Rule for financial institutions, however, the NPRM does not limit a 25% ownership interest to only equity ownership, but instead seeks to account for other, less straightforward legal interests to capture other types of BOs. Both groups suggest that the potential costs and burdens associated with the expanded definition—including updating operational systems and educating employees to navigate the more complex regime—will outweigh any benefit from this change.
In addition, both the ABA and the BPI ask FinCEN to address or devise special rules for situations involving trusts as beneficial owners. For instance, both groups ask FinCEN to clarify who should be listed as a control person when a trust is identified as a beneficial owner, including but not limited to situations where banks serve as trustees or the reporting company is part of a directed trust. On this point, the BPI also queries whether reporting companies with corporate trustee banks should be exempt from reporting requirements under the “subsidiary exemption,” noting that bank trustees “may present a lower illicit finance risk.”
Identifying Information: Address
Both the ABA and the BPI also urge FinCEN to simplify and align the NPRM’s “address” reporting requirements with similar requirements in the current CDD Rule. The NPRM requires reporting companies to identify the BO’s and company applicant’s residential address “for tax residency purposes” or business street address. The current CDD Rule requires reporting companies to provide BO’s and company applicant’s “residential or business street address.”
Both groups suggest that FinCEN should eliminate the term “for tax residency purposes” from the residential address requirement, with the ABA noting that the phrase “is not readily or widely understood,” and the BPI contending that it would “create a dissymmetry with the beneficial ownership information that banks have collected for years.” Both groups also suggest that that FinCEN should clarify what is meant by “business street address,” which could be subject to multiple interpretations, particularly when entities have more than one business location. The ABA also asks FinCEN to provide examples of acceptable residential and business addresses.
Identifying Information: FinCEN Identifier
Both the ABA and the BPI also comment on FinCEN’s proposed use of a FinCEN identifier. Under the CTA, a BIO report must include a “unique identifying number from an acceptable identification documents.” As an alternative, a BO, a company applicant, or a reporting company may use a FinCEN identifier.
Both groups generally support the creation of FinCEN identifiers, though the ABA queries whether FinCEN intends for these identifiers to be temporary or permanent and whether banks will be able to use them. The BPI also recommends aligning the identification numbers that must be reported to FinCEN and the identification numbers that must be collected under the CDD Rule and suggests that FinCEN structure its identifier to include content that complements other beneficial ownership information.
When Must a Reporting Company File a Report
The ABA weighs in on the NPRM’s contemplated reporting deadlines. Under the NPRM, entities that were created before the effective date of the rule will have one year to report their information to FinCEN, while entities created after the effective date will have 14 days to submit their reports. Reporting companies will have 30 days to report any change, and 14 days to correct any inaccuracies in a report without penalty. The ABA recommends that FinCEN adopt a uniform 30-day deadline for new entities, changes, and corrections to simplify compliance. The ABA also recommends giving existing companies two years to register. Either way, the ABA urges FinCEN to provide enough time to notify reporting companies of their obligations and issue additional guidance as needed.
In addition, the ABA recommends adopting an effective date for the registry that matches the effective date for the revised CDD Rule so that banks and their entity companies can more easily comply with both rules.
Validation and Access
In addition to commenting on the substantive reporting requirements, both the ABA and the BPI encourage FinCEN to take steps to validate reported beneficial ownership information, so that the registry remains reliable, accurate, complete, and useful for law enforcement, regulators, and financial institutions.
The BPI also comments on database access and use, echoing many of its comments to the Advance NPRM and likely previewing its comments to FinCEN’s future rulemakings. In general, the BPI maintains that financial institutions should be permitted, but not required, to rely on the database to fulfill their own due diligence requirements under the CDD Rule. Either way though, the BPI generally opposes requiring banks to address discrepancies between the database and their own collection processes, noting instead that banks “should . . . be permitted, if they identify a discrepancy between the beneficial ownership information in the registry and the bank’s information, to determine appropriate actions on the basis of risk, including by leveraging their own risk-based customer due diligence review processes.”