FinCEN Cites Low Risk of Money Laundering and High Regulatory Burden of Rule

On September 7, 2018, the Financial Crimes Enforcement Network (“FinCEN”) issued permanent exceptive relief (“Relief”) to the Beneficial Ownership rule (“BO Rule”) that further underscores the agency’s continued flexibility and risk-based approach to the BO Rule.

Very generally, the BO Rule — effective as of May 11, 2018, and about which we repeatedly have blogged (see here, here and here) — requires covered financial institutions to identify and verify the identities of the beneficial owners of legal entity customers at account opening. FinCEN previously stated in April 3, 2018 FAQs regarding the BO Rule that a “new account” is established – thereby triggering the BO Rule – “each time a loan is renewed or a certificate of deposit is rolled over.” As a result, even if covered financial institutions already have identified and verified beneficial ownership information for a customer at the initial account opening, the institutions still must identify and verify that beneficial ownership information again – and for the same customer – if the customer’s account has been renewed, modified, or extended.

However, the Relief now excepts application of the BO Rule when legal entity customers open “new accounts” through: (1) a rollover of a certificate of deposit (CD); (2) a renewal, modification, or extension of a loan, commercial line of credit, or credit card account that does not require underwriting review and approval; or (3) a renewal of a safe deposit box rental. The Relief does not apply to the initial opening of any of these accounts.

The Relief echoes the exceptive relief from the BO Rule granted by FinCEN on May 11, 2018 to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund. Once again, although the Relief is narrow, FinCEN’s explanation for why the excepted accounts present a low risk for money laundering is potentially instructive in other contexts. Continue Reading FinCEN Issues Exceptive Relief from Beneficial Ownership Rule to Certain Account Renewals

Incorporation Solidifies Customer Due Diligence as “Fifth Pillar” to BSA/AML Compliance Program

May 11, 2018 was the much anticipated effective date for the Customer Due Diligence (“CDD”) Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule”) issued by the Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”). On the same day, the Federal Financial Institutions Examination Council (“FFIEC”) released two updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) examination manual that incorporate and clarify the CDD Requirements and Beneficial Ownership Rule.  The FFIEC is an interagency body that is “empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions.”  The FFIEC examination manual drives the principles and obligations of covered financial instructions in creating BSA/AML compliance programs.  The new updates further clarify the FinCEN rules and solidify CDD as the fifth pillar of the BSA/AML compliance regime.

As we previously blogged here, when FinCEN announced its final rule on CDD requirements it established two important requirements for covered financial institutions.  First, the covered financial institutions were required to establish procedures to identify and verify the beneficial owners of all legal entity customers. Second, the rule required covered financial institutions to adopt ongoing risk-based CDD procedures as part of their AML compliance programs – including developing and updating customer risk profiles and conducting ongoing AML monitoring.  We previously provided practical guidance to aid covered financial institutions in preparing for implementation of these two requirements.  Now we will highlight the key considerations of FFIEC examination manual addressing these topics.  Of particular interest, the new FFIEC examination manual provisions state in part that regulatory examiners are not supposed to engage in second-guessing specific decisions; rather, during an examination “the bank should not be criticized for individual customer decisions unless it impacts the effectiveness of the overall CDD program, or is accompanied to evidence of bad faith or other aggravating factors.” Continue Reading FFIEC Manual Incorporates Beneficial Ownership Rule and CDD Requirements

Relief is Narrow, but FinCEN’s Explanation of Low Money Laundering Risk Posed by Lending Products is Instructive

On May 11, the Financial Crimes Enforcement Network (“FinCEN”) issued a ruling to provide exceptive relief from the application of the new Beneficial Ownership rule (the “BO Rule,” about which we repeatedly have blogged: see here, here and here) to premium finance lending products that allow for cash refunds.

Very generally, the BO Rule — effective as of May 11, 2018 — requires covered financial institutions to identify and verify the identity of the beneficial owner of legal entity customers at account opening. One exemption provided by the BO Rule from its requirements is when a legal entity customer opens a new account for the purpose of financing insurance premiums and the payments are remitted directly by the financial institution to the insurance provider or broker.  However, this exemption does not apply when there is a possibility of cash refunds.

In its May 11th ruling, FinCEN granted exceptive relief from the BO Rule to premium finance lenders whose payments are remitted directly to the insurance provider or broker, even if the lending involves the potential for a cash refund.  Although this exception is narrow when compared to the many other financial institutions covered by the broad BO Rule, FinCEN’s explanation for why the excepted entities present a low risk for money laundering is potentially instructive in other contexts, such as risk assessments undertaken by financial institutions for the purposes of their anti-money laundering (“AML”) compliance programs. Continue Reading FinCEN Provides Exceptive Relief from New Beneficial Ownership Rule

May 11, 2018 Implementation Deadline Looms

Last year, we posted FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation regarding the Customer Due Diligence Requirements for Financial Institutions Rule (the “Beneficial Ownership Rule” or “Rule”) issued by the Financial Crime Enforcement Center (“FinCEN”). With the Rule’s May 11 implementation date only a few weeks away, and with FinCEN recently having published its new and long-awaited FAQs regarding the Rule (FAQs), we thought that the time was right for more practical tips and answers to questions surrounding the Rule. Continue Reading FinCEN’s Beneficial Ownership Rule: More Practical Tips and Answers to Frequently Asked Questions

In May 2016, Treasury’s Financial Crimes Enforcement Network (FinCEN) issued its final rule on Customer Due Diligence (CDD) Requirements for Financial Institutions. The Final Rule can be found here; our prior discussion of the Final Rule can be found here.

The new rule requires covered financial institutions to identify and verify the identity of the beneficial owners of all legal entity customers. It also adds CDD as a fifth pillar to the traditional four pillars of an effective anti-money laundering (AML) program.  The implementation date of May 11, 2018 is less than a year away.  How can you ensure that you’ll be ready? Continue Reading FinCEN’s Beneficial Ownership Rule: A Practical Guide to Being Prepared for Implementation

Second Post in a Two-Post Series on the CTA Implementing Regulations

As we just blogged, the Financial Crimes Enforcement Network (“FinCEN”) has issued a final rule (“Final Rule”) regarding the beneficial ownership information (“BOI”) reporting requirements pursuant to the Corporate Transparency Act (“CTA”).  The Final Rule will require tens of millions of corporations and limited liability companies registered to do business in the United States to report their BOI to FinCEN.  FinCEN views this development as a “historic step in support of U.S. government efforts to crack down on illicit finance and enhance transparency.”

The Final Rule defines a “beneficial owner” whose information must be reported as “any individual who, directly or indirectly, either exercises substantial control over such reporting company or owns or controls at least 25 percent of the ownership interests of such reporting company.”  In this post, we focus on the “substantial control” prong of the beneficial ownership definition: “any individual who, directly or indirectly, . . . exercises substantial control over such reporting company.” (emphasis added). The Final Rule generally adopts the language of the proposed rule issued by FinCEN in December 2021, with some minor adjustments.

FinCEN expects reporting companies to always identify at least one beneficial owner under the “substantial control” prong, even if all other individuals are subject to an exclusion or fail to satisfy the “ownership interests” prong.  As we will discuss, the Final Rule contemplates that a covered reporting company may need to report multiple individuals under the “substantial control” prong.  Further, and although FinCEN still needs to issue proposed regulations regarding the following, the Final Rule’s broad definition of the “substantial control” prong under the CTA presumably will lead to FinCEN expanding the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading <em>FinCEN Issues Final Rule for Beneficial Ownership Reporting: The “Substantial Control” Prong</em>

First Post in a Two-Post Series on the CTA Implementing Regulations

On September 30, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued its final rule, Beneficial Ownership Information Reporting Requirements (“Final Rule”), implementing the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”). 

FinCEN’s September 29, 2022 press release is here; the Final Rule is here; and a summary “fact sheet” regarding the rule is here.  The Final Rule largely tracks the December 8, 2021 Notice of Proposed Rulemaking (the “Proposed Rule”), on which we blogged here and here

The Final Rule requires many corporations, limited liability companies, and other entities created in or registered to do business in the United States to report information (“BOI”) about their beneficial owners the persons who ultimately own and control the company — to FinCEN.  This information will be housed within the forthcoming Beneficial Ownership Secure System (“BOSS”), a non-public database under development by FinCEN. 

The Final Rule takes effect on January 1, 2024.  In a nutshell, (1) companies subject to the BOI reporting rules (“reporting companies”) created or registered before the effective date will have one year, until January 1, 2025, to file their initial reports of BOI and (2) reporting companies created or registered after the effective date will have 30 days after creation or registration to file their initial reports.  In addition to the initial filing obligation, reporting companies will have to file updates within 30 days of a relevant change in their BOI.  And, as we discuss, covered companies also will have to report their “company applicants,” which could include lawyers, accountants or other third-party professionals.

The Final Rule will have broad effect.  FinCEN estimates that over 32 million initial BOI reports will be filed in the first year of the Final Rule taking effect, and that approximately 5 million initial BOI reports and over 14 million updated reports will be filed in each subsequent year.  We summarize here the key provisions of the Final Rule.  In our next blog post, we will discuss the Final Rule’s broad definition of the “control” prong regarding who represents a “beneficial owner,” which will result in an expansion of the definition of “beneficial owner” under the existing Customer Due Diligence (“CDD”) rule applicable to banks and other financial institutions (“FIs”).

Continue Reading FinCEN Issues Final Rule on Beneficial Ownership Reporting Requirements

Ruling Could Influence FinCEN in Forthcoming Regulations Under the CTA

On November 22nd, an appeals court in Luxembourg issued a decision that highlights the tensions between anti-money laundering (“AML”) goals and privacy concerns, and could impact impending beneficial ownership regulations to be issued under the U.S. Corporate Transparency Act (“CTA”).  Specifically, the appeals court decided that the general public’s access to beneficial ownership information (“BOI”) interfered with the fundamental right of privacy granted under the Charter of Fundamental Rights of the European Union (“EU”).

Luxembourg Court Strikes Down Public Access to BO Database

In 2019, pursuant to an AML Directive to Member States of the EU, Luxembourg established a Register of Beneficial Ownership (“Register”) for information on beneficial owners of corporate entities. BOI provided by a corporate entity is generally available to regulators, law enforcement and financial institutions conducting due diligence on the corporate entity.  Further, some BOI from the Register is available publicly, including through the internet – but upon request from a beneficial owner, the administrator of the Register could place restrictions on the broad access of certain information of that beneficial owner.  To restrict public access, the beneficial owner must show that “access to [BOI] would expose the beneficial owner to disproportionate risk, risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, or where the beneficial owner is a minor or otherwise legally incapable.”

A case was brought by two companies and their beneficial owners after the beneficial owners unsuccessfully requested that the administrator of the Register prevent public access to information concerning them. The Luxembourg district court found that the beneficial owners’ claims of privacy violations raised issues of fundamental rights under European law and sent questions to the appeals court for a preliminary ruling. As noted, the appeals court ruled that the general public’s access to BOI through the Register constituted a “serious interference” with the fundamental right of privacy granted under the Charter of Fundamental Rights of the European Union:

[I]n so far as the information made available to the general public relates to the identity of the beneficial owner as well as to the nature and extent of the beneficial interest held in corporate or other legal entities, that information is capable of enabling a profile to be drawn up concerning certain personal identifying data more or less extensive in nature depending on the configuration of national law, the state of the person’s wealth and the economic sectors, countries and specific undertakings in which he or she has invested.

In addition, it is inherent in making that information available to the general public in such a manner that it is then accessible to a potentially unlimited number of persons, with the result that such processing of personal data is liable to enable that information to be freely accessed also by persons who, for reasons unrelated to the [AML] objective pursued by that measure, seek to find out about, inter alia, the material and financial situation of a beneficial owner . . . . That possibility is all the easier when, as is the case in Luxembourg, the data in question can be consulted on the internet.

Furthermore, the potential consequences for the data subjects resulting from possible abuse of their personal data are exacerbated by the fact that, once those data have been made available to the general public, they can not only be freely consulted, but also retained and disseminated and that, in the event of such successive processing, it becomes increasingly difficult, or even illusory, for those data subjects to defend themselves effectively against abuse.

Importantly, when the appeals court balanced the right of privacy against the AML objectives of the Directive, it found that the AML objectives were critical enough to justify “even serious interferences with the fundamental rights enshrined in Articles 7 and 8 of the Charter.” Nonetheless, the appeals court found the public nature of the Register to reach beyond the AML objectives and tip the scale in favor of privacy rights. Luxembourg’s method of storing BOI, which required a person or entity to be able to demonstrate a legitimate interest in the information before it was disclosed, did not run afoul of European privacy rights. However, the appeals court found that there was insufficient AML benefit derived from allowing public access to the Register to justify such access.  Specifically, the appeals court noted that although “the general public’s access to information on beneficial ownership ‘can contribute’ to combating the misuse of corporate and other legal entities and [public access] ‘would also help’ criminal investigations, it must be found that such considerations are also not such as to demonstrate that [public access] is strictly necessary to prevent money laundering and terrorist financing.”

Privacy Implications for FinCEN and the CTA

As we have blogged, the Financial Crimes Enforcement Network (“FinCEN”) has issued a final rule regarding the BOI reporting requirements pursuant to the CTA. The Final Rule will require millions of corporate entities registered to do business in the United States to report their BOI to FinCEN. While FinCEN and AML watchdog groups view this development as a “historic step in support of U.S. government efforts to crack down on illicit finance and enhance transparency,” there are also those who are concerned with the privacy risks involved in housing BOI in a government database.  FinCEN still needs to issue further regulations under the CTA, including as to how the BOI data base will be maintained and accessed.

The CTA itself addresses privacy concerns in several ways, and does so in a manner that is dramatically different than the AML Directive.  For example, BOI is only available to government agencies that send a written request, including a basis for the request, and is not generally available to the public. Within the Department of the Treasury specifically, access to beneficial ownership information is limited to officers and employees whose official duties require them to inspect the information and who have been appropriately trained and authorized. Overall, the CTA requires that FinCEN “maintain information security protections, including encryption, for information reported to FinCEN . . . . and ensure that the protections . . . prevent the loss of confidentiality, integrity, or availability of information that may have a severe or catastrophic adverse effect.”

One of the most telling aspects of the CTA’s intent to protect privacy are the penalties for unauthorized disclosure of information: up to $500 per day for each day the violation continues, and/or imprisonment for up to five years. These penalties actually outweigh the penalties under the CTA for not registering as a beneficial owner, or for providing false BOI: up to $500 per day for each day the violation continues, and/or imprisonment for up to two years.

As noted, FinCEN still must issue regulations on the creation and mechanics of the BOI database. Given the privacy protections baked into the CTA by Congress, FinCEN already will be required to craft regulations that strongly protect BOI and restrict access.  Even so, the recent decision in Luxembourg should put even more pressure on FinCEN to be careful.  Certainly, the decision will provide industry commentators to the forthcoming regulations with more ammunition.

New York Considers an Alternative Approach

In March 2022, New York proposed legislation that would require limited liability companies registered in the state to disclose the names and addresses of their beneficial owners to the New York Department of State. Contra the CTA, and more akin to the EU AML Directive, the proposed legislation contemplates a public database to house BOI – although the information available to the greater public would be limited to which LLCs share common ownership. The public database would not contain names or addresses of beneficial owners; rather, if someone wanted to request that information, they would need to submit a formal request to law enforcement, similar to the federal Freedom of Information Act (FOIA).

New York is the only state to propose this type of BOI database at the state level, and the legislative intent offers insight into why New York has a particular focus on BOI. One of the Democratic Senators who proposed the bill said that “[m]oney laundering, tax avoidance, evasion of sanctions, and systemic code violations have been protected for too long in New York by the veil of LLC anonymity. Sometimes tenants don’t even know who their landlord actually is.” Thus, while AML objectives are certainly relevant at the state level, the New York legislation also seeks to address non-AML concerns, such as providing information to tenants and watchdog groups on otherwise unknown landlords who may be contributing to the deterioration of neighborhoods.

Conclusion

In the three approaches reflected by the EU AML Directive, the CTA and the proposed New York legislation, there is a balancing act between collecting and allowing access to BOI in order to fight money laundering and terrorist financing, and protecting privacy rights enshrined in our foundational legal texts like the EU Charter or U.S. Constitution. Beyond those considerations, this spectrum of privacy approaches raises the question of how global AML programs and requirements can be implemented with maximum consistency.  Finally, looming over all of the government-maintained BOI databases is the specter of data breaches and cyber attacks, which threaten not only the individuals whose BOI is affected, but the government agencies themselves.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

As we recently blogged (here and here), the Financial Crimes Enforcement Network (“FinCEN”) recently issued a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership reporting requirements of the Corporate Transparency Act (“CTA”).  The NPRM is the first in a series of three rulemakings that FinCEN will issue to implement the CTA.  It sets forth FinCEN’s proposed reporting requirements, i.e., who must file a report on beneficial ownership information (“BOI”), what information must be reported, and when reports will be due.

In response, FinCEN received over 230 comments (see FinCEN’s press release here).   We focus here on comments from two key players: the American Bankers Association (“ABA”) and the Bank Policy Institute (“BPI”), which highlight the industry perspective of banking institutions (These groups also commented previously  on FinCEN’s Advance NPRM regarding the CTA’s implementation, which we blogged about here and here).

The CTA, passed as part of the Anti-Money Laundering Act of 2020 (“AML Act”), requires certain legal entities to report their beneficial owners (“BOs”) to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) compliance obligations, particularly FinCEN’s existing Customer Due Diligence Rule (“CDD Rule”) for legal entity customers implemented in 2018.

Under the existing CDD Rule, covered financial institutions must collect and verify BOI from certain entity customers and maintain records of such information.  But until now, entities did not have to report directly such information to the government.  The CTA makes companies (like LLCs and corporations) subject to BOI reporting requirements.  The CTA also requires FinCEN to revise the existing CDD Rule to try to make it consistent with the CTA and remove any unnecessary or duplicative burdens.

The ABA (which represents large banks) and the BPI (which represents universal, regional, and major foreign banks) each submitted lengthy comment letters, showcasing their strong interest in how these reporting requirements shake out.  As the ABA observes, it will be difficult to determine how these reporting requirements will fit in with bank responsibilities until FinCEN issues its other rulemakings.  Still, both groups recommend making several modifications to the proposed reporting requirements now—mainly aligning the NPRM with the existing CDD Rule—to minimize future burdens on banks and their customers.  Both groups propose similar modifications, but there are some differences.  We summarize the most salient points in this post.

Overall, these comments make clear that the ABA and the BPI continue to support creation of the FinCEN registry as a way to drive down the cost of regulatory compliance for banks.  Both groups suggest, however, that such a benefit could be outweighed if the final reporting requirements stray too far from the existing CDD Rule.  As both groups observe, any significant change from the current CDD Rule will require banks to divert significant resources to comply with the new requirements, at the expense of other AML efforts. Continue Reading American Bankers Association and the Bank Policy Institute Weigh in on FinCEN’s Proposed Rules for Corporate Transparency Act

Proposed Reporting Rules Will Require Careful Parsing for Businesses and Revision of CDD Rule for Banks

As we initially blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on December 7 a Notice of Proposed Rulemaking (“NPRM”) regarding the beneficial ownership (“BO”) reporting requirements of the Corporate Transparency Act (“CTA”).  FinCEN’s press release is here; the NPRM is here; and a summary “fact sheet” regarding the NPRM is here.

The CTA requires defined entities – including most domestic corporations and foreign entities registered to do business in the U.S. – to report beneficial owner information (“BOI”) and company applicant information to a database created and run by FinCEN upon the entities’ creation or registration within the U.S.  This database will be accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

Congress passed the CTA because the ability to operate through legal entities without requiring the identification of BOI is a key AML risk for the U.S. financial system.  The CTA seeks to mitigate this risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, and other offenses.  We often have blogged on the CTA and these impending regulations (see herehereherehere and here).

The NPRM describes who must file a BOI report, what information must be reported, and when a report is due.  Although this blog post is lengthy, it still only summarizes the NPRM, which is 55 pages long in the Federal Register.  The NPRM envisions broad and often complicated reporting requirements under the CTA, including an ongoing duty to update any changes in information.

Further, this NPRM addresses “only” BOI reporting.  FinCEN will engage in two additional rulemakings under the CTA to (1) establish rules for who may access BOI, for what purposes, and what safeguards will be required to protect such information; and (2) revise and conform FinCEN’s existing CDD rule for financial institutions.  As we will discuss, the NPRM undermines hopes that the CTA regulations would simplify the compliance obligations of financial institutions already covered by the CDD rule, which requires covered financial institutions to obtain BOI from certain entity customers.  To the contrary, the NPRM indicates that FinCEN will complicate and expand the definitions of the two groups of individuals qualifying as BOs – those exercising “substantial control” and those with a 25% “ownership interest” – and amend the existing CDD rule accordingly, so that the CTA regulations and the CDD rule supposedly align.

The potential application of these regulations is sweeping.  FinCEN estimates at least 25 million existing U.S. companies will have to make a report under the CTA when the proposed regulations become effective.  And approximately three million new entities created each year in the U.S. potentially will be subject to the regulations going forward.  The NPRM does not address the additional amount of foreign entities registered to do business in the U.S. covered by the CTA. Continue Reading Proposed Beneficial Ownership Reporting Regulations Under the CTA:  Broad and Complex