Search results for: beneficial ownership rule

 

FinCEN Cites Low Risk of Money Laundering and High Regulatory Burden of Rule

On September 7, 2018, the Financial Crimes Enforcement Network (“FinCEN”) issued permanent exceptive relief (“Relief”) to the Beneficial Ownership rule (“BO Rule”) that further underscores the agency’s continued flexibility and risk-based approach to the BO Rule.

Very generally, the BO Rule — effective as of May 11, 2018, and about which we repeatedly have blogged (see here, here and here) — requires covered financial institutions to identify and verify the identities of the beneficial owners of legal entity customers at account opening. FinCEN previously stated in April 3, 2018 FAQs regarding the BO Rule that a “new account” is established – thereby triggering the BO Rule – “each time a loan is renewed or a certificate of deposit is rolled over.” As a result, even if covered financial institutions already have identified and verified beneficial ownership information for a customer at the initial account opening, the institutions still must identify and verify that beneficial ownership information again – and for the same customer – if the customer’s account has been renewed, modified, or extended.

However, the Relief now excepts application of the BO Rule when legal entity customers open “new accounts” through: (1) a rollover of a certificate of deposit (CD); (2) a renewal, modification, or extension of a loan, commercial line of credit, or credit card account that does not require underwriting review and approval; or (3) a renewal of a safe deposit box rental. The Relief does not apply to the initial opening of any of these accounts.

The Relief echoes the exceptive relief from the BO Rule granted by FinCEN on May 11, 2018 to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund. Once again, although the Relief is narrow, FinCEN’s explanation for why the excepted accounts present a low risk for money laundering is potentially instructive in other contexts. Continue Reading FinCEN Issues Exceptive Relief from Beneficial Ownership Rule to Certain Account Renewals

Incorporation Solidifies Customer Due Diligence as “Fifth Pillar” to BSA/AML Compliance Program

May 11, 2018 was the much anticipated effective date for the Customer Due Diligence (“CDD”) Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule”) issued by the Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”). On the same day, the Federal Financial Institutions Examination Council (“FFIEC”) released two updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual that incorporate and clarify the CDD Requirements and Beneficial Ownership Rule.  The FFIEC is an interagency body that is “empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.”  The FFIEC examination manual drives the principles and obligations of covered financial instructions in creating BSA/AML compliance programs.  The new updates further clarify the FinCEN rules and solidify CDD as the fifth pillar of the BSA/AML compliance regime.

As we previously blogged here, when FinCEN announced its final rule on CDD requirements it established two important requirements for covered financial institutions.  First, the covered financial institutions were required to establish procedures to identify and verify the beneficial owners of all legal entity customers. Second, the rule required covered financial institutions to adopt ongoing risk-based CDD procedures as part of their AML compliance programs – including developing and updating customer risk profiles and conducting ongoing AML monitoring.  We previously provided practical guidance to aid covered financial institutions in preparing for implementation of these two requirements.  Now we will highlight the key considerations of FFIEC examination manual addressing these topics.  Of particular interest, the new FFIEC examination manual provisions state in part that regulatory examiners are not supposed to engage in second-guessing specific decisions; rather, during an examination “the bank should not be criticized for individual customer decisions unless it impacts the effectiveness of the overall CDD program, or is accompanied to evidence of bad faith or other aggravating factors.” Continue Reading FFIEC Manual Incorporates Beneficial Ownership Rule and CDD Requirements

Relief is Narrow, but FinCEN’s Explanation of Low Money Laundering Risk Posed by Lending Products is Instructive

On May 11, the Financial Crimes Enforcement Network (“FinCEN”) issued a ruling to provide exceptive relief from the application of the new Beneficial Ownership rule (the “BO Rule,” about which we repeatedly have blogged: see here, here and here) to premium finance lending products that allow for cash refunds.

Very generally, the BO Rule — effective as of May 11, 2018 — requires covered financial institutions to identify and verify the identity of the beneficial owner of legal entity customers at account opening. One exemption provided by the BO Rule from its requirements is when a legal entity customer opens a new account for the purpose of financing insurance premiums and the payments are remitted directly by the financial institution to the insurance provider or broker.  However, this exemption does not apply when there is a possibility of cash refunds.

In its May 11th ruling, FinCEN granted exceptive relief from the BO Rule to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund.  Although this exception is narrow when compared to the many other financial institutions covered by the broad BO Rule, FinCEN’s explanation for why the excepted entities present a low risk for money laundering is potentially instructive in other contexts, such as risk assessments undertaken by financial institutions for the purposes of their anti-money laundering (“AML”) compliance programs. Continue Reading FinCEN Provides Exceptive Relief from New Beneficial Ownership Rule

May 11, 2018 Implementation Deadline Looms

Last year, we posted FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation regarding the Customer Due Diligence Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule” or “Rule”) issued by the Financial Crime Enforcement Center (“FinCEN”). With the Rule’s May 11 implementation date only a few weeks away, and with FinCEN recently having published its new and long-awaited FAQs regarding the Rule (FAQs), we thought that the time was right for more practical tips and answers to questions surrounding the Rule. Continue Reading FinCEN’s Beneficial Ownership Rule: More Practical Tips and Answers to Frequently Asked Questions

In May 2016, Treasury’s Financial Crimes Enforcement Network (FinCEN) issued its final rule on Customer Due Diligence (CDD) Requirements for Financial Institutions. The Final Rule can be found here; our prior discussion of the Final Rule can be found here.

The new rule requires covered financial institutions to identify and verify the identity of the beneficial owners of all legal entity customers. It also adds CDD as a fifth pillar to the traditional four pillars of an effective anti-money laundering (AML) program.  The implementation date of May 11, 2018 is less than a year away.  How can you ensure that you’ll be ready? Continue Reading FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation

On February 14, 2023, both the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”) submitted comments to the Financial Crimes Enforcement Network (“FinCEN”) on FinCEN’s notice of proposed rulemaking (“NPRM”) relating to access to beneficial ownership information (“BOI”) reported to FinCEN under the Corporate Transparency Act (“CTA”). While both organizations had similar comments, mainly being that the proposed limits on FIs’ ability to use BOI retrieved from the database contradicts the CTA’s objective, the ABA recommended that FinCEN entirely withdraw the NPRM. Below, we break down each organization’s comments and strong critiques regarding the NPRM.

Continue Reading Bank Industry Groups Heavily Criticize FinCEN’s Proposed Rule on Access to Beneficial Ownership Information

Second Post in a Two-Post Series on the CTA Implementing Regulations

As we just blogged, the Financial Crimes Enforcement Network (“FinCEN”) has issued a final rule (“Final Rule”) regarding the beneficial ownership information (“BOI”) reporting requirements pursuant to the Corporate Transparency Act (“CTA”).  The Final Rule will require tens of millions of corporations and limited liability companies registered to do business in the United States to report their BOI to FinCEN.  FinCEN views this development as a “historic step in support of U.S. government efforts to crack down on illicit finance and enhance transparency.”

The Final Rule defines a “beneficial owner” whose information must be reported as “any individual who, directly or indirectly, either exercises substantial control over such reporting company or owns or controls at least 25 percent of the ownership interests of such reporting company.”  In this post, we focus on the “substantial control” prong of the beneficial ownership definition: “any individual who, directly or indirectly, . . . exercises substantial control over such reporting company.” (emphasis added). The Final Rule generally adopts the language of the proposed rule issued by FinCEN in December 2021, with some minor adjustments.

FinCEN expects reporting companies to always identify at least one beneficial owner under the “substantial control” prong, even if all other individuals are subject to an exclusion or fail to satisfy the “ownership interests” prong.  As we will discuss, the Final Rule contemplates that a covered reporting company may need to report multiple individuals under the “substantial control” prong.  Further, and although FinCEN still needs to issue proposed regulations regarding the following, the Final Rule’s broad definition of the “substantial control” prong under the CTA presumably will lead to FinCEN expanding the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading FinCEN Final Rule for Beneficial Ownership Reporting: The “Substantial Control” Prong

First Post in a Two-Post Series on the CTA Implementing Regulations

On September 30, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued its final rule, Beneficial Ownership Information Reporting Requirements (“Final Rule”), implementing the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”). 

FinCEN’s September 29, 2022 press release is here; the Final Rule is here; and a summary “fact sheet” regarding the rule is here.  The Final Rule largely tracks the December 8, 2021 Notice of Proposed Rulemaking (the “Proposed Rule”), on which we blogged here and here

The Final Rule requires many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information (“BOI”) about their beneficial owners the persons who ultimately own and control the company — to FinCEN.  This information will be housed within the forthcoming Beneficial Ownership Secure System (“BOSS”), a non-public database under development by FinCEN. 

The Final Rule takes effect on January 1, 2024.  In a nutshell, (1) companies subject to the BOI reporting rules (“reporting companies”) created or registered before the effective date will have one year, until January 1, 2025, to file their initial reports of BOI and (2) reporting companies created or registered after the effective date will have 30 days after creation or registration to file their initial reports.  In addition to the initial filing obligation, reporting companies will have to file updates within 30 days of a relevant change in their BOI.  And, as we discuss, covered companies also will have to report their “company applicants,” which could include lawyers, accountants or other third-party professionals.

The Final Rule will have broad effect.  FinCEN estimates that over 32 million initial BOI reports will be filed in the first year of the Final Rule taking effect, and that approximately 5 million initial BOI reports and over 14 million updated reports will be filed in each subsequent year.  We summarize here the key provisions of the Final Rule.  In our next blog post, we will discuss the Final Rule’s broad definition of the “control” prong regarding who represents a “beneficial owner,” which will result in an expansion of the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading FinCEN Issues Final Rule on Beneficial Ownership Reporting Requirements

On April 8, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) issued a joint Notice of Proposed Rulemaking (NPRM) to implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act). The proposal would create a comprehensive anti‑money‑laundering/countering‑the‑financing‑of‑terrorism (AML/CFT) and sanctions compliance framework for “permitted payment stablecoin issuers” (PPSIs), treating them as financial institutions under the Bank Secrecy Act (BSA). Treasury frames the rule as an effort to support responsible innovation in payment stablecoins while mitigating illicit‑finance risks (see also Treasury’s press release and Fact Sheet).

For our coverage of Treasury’s related Notice of Proposed Rulemaking on state oversight of stablecoin issuers, see our post here.

Statutory Background and Policy Context

The GENIUS Act directs that PPSIs be treated as financial institutions for BSA purposes and comply with federal laws relating to sanctions, money‑laundering prevention, customer identification, and due diligence. It also requires PPSIs to maintain an effective sanctions compliance program.

Treasury’s March 2026 Congressional Report highlights the rapid growth of digital assets, the increasing use of stablecoins in payments, and the ways illicit actors exploit them for fraud, ransomware, sanctions evasion, and money laundering. These findings inform the risk‑based approach reflected in the NPRM.

Primary and Secondary Market Activity

A central concept in the NPRM is the distinction between primary and secondary market activity. Primary market activity refers to direct interactions between a PPSI and a user, such as issuing, redeeming, converting, repurchasing, burning, reissuing, or providing custodial services. Secondary market activity involves transactions between third parties that rely on the PPSI’s smart contract but do not involve the PPSI as a counterparty. This distinction matters because several obligations—including suspicious activity reporting—apply only to primary‑market transactions. This distinction will shape how PPSIs design monitoring, SAR processes, and technical controls, because only primary‑market activity triggers most BSA obligations.

AML/CFT Program Requirements

The NPRM would require PPSIs to establish and maintain a written AML/CFT program that mirrors the core elements required of other financial institutions, with tailoring for stablecoin‑specific risks. PPSIs must implement internal policies, procedures, and controls to identify, assess, and mitigate illicit‑finance risks. Risk assessments must evaluate the PPSI’s business activities, incorporate the national AML/CFT priorities, and be updated promptly when risks change.

PPSIs would also be required to conduct ongoing customer due diligence, including understanding the nature and purpose of customer relationships, developing customer risk profiles, and monitoring for suspicious activity. On a risk basis, PPSIs must maintain and update customer information, including beneficial ownership information for legal‑entity customers.

Independent testing is required to assess whether the PPSI has implemented an effective AML/CFT program. PPSIs must designate a U.S.‑based AML/CFT compliance officer responsible for day‑to‑day compliance. The program must also include ongoing employee training tailored to employee roles and responsibilities and must be approved by the PPSI’s board or equivalent governing body.

The NPRM outlines a supervisory framework under which FinCEN would generally not take enforcement action if a PPSI has established an AML/CFT program and does not exhibit significant or systemic failures. It also describes a notice and consultation process between FinCEN and primary federal payment‑stablecoin regulators for significant supervisory actions. For many issuers, this will require adopting governance, documentation, and testing practices that resemble those of traditional financial institutions—a significant shift for engineering‑driven companies.

Suspicious Activity and Currency Transaction Reporting

PPSIs would be required to file suspicious activity reports (SARs) for any suspicious primary‑market transaction. The NPRM explicitly states that secondary‑market transfers are not, by themselves, considered transactions “by, at, or through” a PPSI for SAR purposes. PPSIs must retain SARs and supporting documentation for five years.

Currency‑transaction reporting (CTR) requirements would apply to transactions in currency exceeding $10,000, though Treasury notes that stablecoin issuers rarely engage in physical‑currency transactions.

Recordkeeping, Travel Rule, and Information Sharing

The NPRM would require PPSIs to comply with the BSA’s Recordkeeping Rule and Travel Rule for transfers of $3,000 or more and would amend the definition of “transmittal order” to expressly include payment stablecoins. PPSIs would also be integrated into the BSA’s information‑sharing framework, including Section 314(a) requests and voluntary Section 314(b) sharing.

Enhanced Due Diligence and Special Measures

The NPRM would apply the BSA’s enhanced due‑diligence requirements for correspondent accounts for foreign financial institutions and private‑banking accounts for non‑U.S. persons. PPSIs would also be subject to special measures under Section 311 of the USA PATRIOT Act, Section 9714(a) of the Combating Russian Money Laundering Act, and 21 U.S.C. 2313a.

Sanctions Compliance Program Requirements

The NPRM reflects a significant change in Treasury’s expectations for PPSIs. PPSIs would be required to maintain a formal sanctions compliance program—something other BSA‑regulated financial institutions are not explicitly required to do. OFAC sanctions remain a strict‑liability regime, but Treasury is elevating sanctions compliance to the same programmatic level as AML/CFT. Examiners would look not only at whether a PPSI violated sanctions, but at whether its program is designed, resourced, and operating in line with OFAC’s risk‑based expectations. A strong program would meaningfully mitigate enforcement exposure, while gaps or weak controls could carry greater consequences given the statutory mandate.

OFAC proposes requiring PPSIs to maintain an effective sanctions compliance program incorporating five core elements: senior‑management commitment; holistic risk assessments; risk‑based internal controls, including technical capabilities; independent testing and auditing; and risk‑based training. These elements align with OFAC’s existing guidance and reflect the GENIUS Act’s mandate that PPSIs comply with all federal sanctions laws applicable to financial institutions.

Technical Capabilities and Lawful Orders

The GENIUS Act requires PPSIs to maintain the technological capability to block, freeze, and reject impermissible transactions and to comply with lawful orders, including orders to seize, freeze, burn, or prevent the transfer of payment stablecoins. These expectations apply whenever a PPSI’s smart contract is involved, even in secondary‑market activity, and will require issuers to document how these controls function in practice. Because these controls must function whenever a PPSI’s smart contract is implicated, issuers will need to document how block, freeze, reject, and burn capabilities operate in practice and ensure they can withstand regulatory scrutiny.

Economic Impact

Treasury estimates that approximately 50 PPSIs may be subject to the rule, with first‑year compliance costs of about $1.8 million and ongoing annual costs of roughly $1 million. Government costs are estimated at $5.9 million in the first year, and customer costs at approximately $1.2 million annually. Treasury expects many PPSIs to be money‑services businesses or insured‑depository‑institution subsidiaries already subject to similar requirements, reducing incremental burden.

Key Takeaway

The proposal makes clear that Treasury now expects permitted stablecoin issuers to operate with the same level of AML, sanctions, governance, and technical rigor long required of mature financial institutions. The NPRM signals that PPSIs will need to build compliance into the core of their operating models—risk assessments, beneficial‑ownership collection, primary‑market SAR obligations, enhanced due diligence, and the ability to block, freeze, or burn tokens cannot be bolted on later. These expectations create a high regulatory bar, and not every current or aspiring issuer will be able to meet it. Firms with the capital, staffing, and engineering capacity to stand up a full BSA/OFAC program will be positioned to move forward, while smaller or less‑resourced issuers may struggle to qualify as PPSIs. The practical effect is a market that shifts toward a smaller number of issuers capable of operating under a full federal compliance regime. The framework ultimately favors well‑capitalized issuers and is likely to accelerate consolidation in the stablecoin market.

Next Steps

FinCEN and OFAC are accepting public comments for 60 days following publication in the Federal Register. Treasury seeks input on the clarity of definitions, the feasibility of technical requirements, the tailoring of obligations for PPSIs of different sizes and business models, and the interaction between federal and state regulatory frameworks.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. And please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

We blogged last year about the Final Rule issued by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) extending Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) requirements to certain investment advisers.  The Final Rule, which was set to become effective as of January 1 of next year, was the result of years of effort to bring investment advisers within the scope of the Bank Secrecy Act.  The Final Rule required certain investment advisers to: (1) develop and maintain an AML/CFT compliance program; (2) file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs); (3) comply with the Recordkeeping and Travel Rules; (4) respond to Section 314(a) requests; and (5) implement special due diligence measures for correspondent and private banking accounts.

But this week, in yet another significant regulatory scale-back in the anti-money laundering space, the Treasury Department announced that FinCEN will postpone the effective date of the Final Rule two years, to January 1, 2028 – and, more portentously, that it intends to “revisit the scope” of the Rule “at a future date.”  The stated basis for this institutional about-face is “recogni[tion]…that the rule must be effectively tailored to the diverse business models and risk profiles of the investment adviser sector.”  The Department’s press release further stated that postponing the effective date “may help ease potential compliance costs for industry and reduce regulatory uncertainty while FinCEN undertakes a broader review” of the Rule.  (While the cost point is undoubtedly accurate, as firms will now be able to put off outlays for implementation of AML/CFT compliance programs, it is unclear how going back to the drawing board on the Rule will reduce regulatory uncertainty.)

This is the latest move by the Treasury Department to pause or delay enforcement of financial regulations.  We blogged in March about the Department’s announcement that it would not enforce penalties or fines associated with the Corporate Transparency Act’s beneficial ownership information reporting requirements, and that it would issue a proposed rulemaking to narrow the scope of the rule to only apply to foreign reporting companies.  At that time, the Department similarly spoke of “ensuring that the rule is appropriately tailored to advance the public interest.”  We’ve also blogged on Administration efforts to broadly limit regulation of digital assets. 

It remains to be seen whether FinCEN’s “broader review” of the Rule will indeed lead to “effective[] tailor[ing]” to the unique aspects of the investment adviser sector, or whether the AML/CFT requirements for the sector will simply die on the vine over the next few years.  We will continue to monitor developments on this front.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.