The Corporate Transparency Act (CTA), passed into law by Congress on January 1 as a component of the National Defense Authorization Act (NDDA) for Fiscal Year 2021, marks the first significant update to U.S. anti-money laundering laws in 20 years.
The purpose of the CTA is to crack down on the anonymous shell companies used by a variety of “bad actors” to hide and move funds associated with corrupt and illicit activity. The CTA will create a beneficial ownership registry within the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). This registry will eventually contain information submitted by potentially millions of “reporting companies” that will be required to provide details of their beneficial owners to FinCEN.
Because the CTA targets shell companies and other entities that don’t actually have an operating structure, its definition of “reporting companies” excludes a wide range of publicly traded and regulated companies, nonprofit organizations, and government entities, plus subsidiaries of any or all of these. Also excluded are companies that 1) have more than 20 full-time employees in the United States; 2) report more than $5 million in gross receipts or sales to the Internal Revenue Service annually; and 3) have a physical operating presence (i.e., an office) located in the United States.
Collecting and Accessing Ultimate Beneficial Ownership Registry Data
There are lots of reasons to welcome the CTA, which was originally introduced in May 2019 by legislators in both houses of Congress. It represents real progress by the United States in efforts to combat money laundering and terrorist financing. And it brings this country into line with other developed nations, which have enacted similar mandates. (Required compliance with the CTA does not start until January 2022, the deadline for Congress to enact the regulations.)
But who actually gets to use the CTA’s beneficial ownership information? FinCEN’s data will be protected and stored in a private database, not accessible to the public. Under the CTA’s provisions, this information may only be released to:
- A federal, state, local, or tribal law enforcement agency conducting an active investigation;
- A federal agency requesting information on behalf of a foreign law enforcement agency under mutual legal assistance protocols; and
- A financial institution conducting due diligence under the Banking Secrecy Act or USA PATRIOT Act — with customer consent
In other words, the beneficial ownership data collected by FinCEN may only be used for law enforcement, national security, or intelligence purposes — and, in some circumstances, by financial institutions to assist them in complying with customer due diligence requirements.
The Corporate Transparency Act and the Customer Due Diligence Rule
The CTA is not the first product of U.S. government efforts to incorporate beneficial ownership information into the AML regime. In 2016, FinCEN issued the Customer Due Diligence Rule (CDD), which mandated that certain types of financial institutions obtain beneficial ownership information for some segments of their customers as part those financial institutions’ AML programs.
The definition of a “beneficial owner” is similar for the CTA and the CDD. The CTA, however, promises to change the playing field in ways that financial institutions should welcome. One provision of the CTA is that FinCEN should revise the CDD to “bring [the CDD] into conformance with” the CTA, and “reduce any burdens on financial institutions and legal entity customers that are… unnecessary or duplicative.”
The CTA will in fact help to relieve burdens on financial institutions by shifting the obligation to collect beneficial ownership information from companies that meet the CTA’s definition of “reporting company” away from the financial institutions and onto the reporting companies themselves. But financial institutions should be mindful that, even after the CDD is revised, they will still be subject to AML program obligations that include customer due diligence requirements.
As one of the few categories of organizations actually granted access to CTA beneficial ownership data, financial institutions will be obligated to utilize that data to confirm the beneficial ownership information provided directly to them to facilitate compliance with customer due diligence requirements. As it was written, the CTA does not empower FinCEN to repeal the CDD’s larger requirement that financial institutions identify and verify beneficial owners of legal entity customers.
So, although the CDD is likely to be revised to take into consideration the beneficial ownership information that will be supplied to FinCEN by reporting companies, financial institutions will need to continue fulfilling customer due diligence requirements that include gathering and verifying beneficial ownership information.
Our Current Recommendations for Financial Institutions
While we wait to see how FinCEN complies with the directives of the CTA and how it develops the timeline for creation of the beneficial ownership registry, there are a number of things for financial institution leaders to keep in mind:
- UBO registry data quality. As we have seen from recent efforts by the EU and U.K. to comply with a series of AML Directives, there can be many issues with self-declared beneficial ownership information. We don’t know whether FinCEN will implement a system to verify the accuracy and authenticity of this information or to regularly monitor and update it if the reporting companies fail to make needed changes themselves. Data quality may become a real problem if the UBO data in the registry is incomplete, inconsistent, or out of date.
- Customer entity search capabilities. Another pertinent issue for financial institutions is that they should be able to search the UBO registry by entity name as well as UBO name to better identify shell companies and illegitimate business networks. Some of the EU’s registries only permit searches by entity name alone, which hampers the ability to connect UBO information with different companies.
- Integration with risk management processes. A well-rounded customer due diligence function incorporates proactive risk mitigation utilizing risk scoring and rating of corporate customers. Financial institutions need to consider how they will handle the responsibility for integrating FinCEN’s UBO registry data into their customer due diligence risk engine.
The passage of the CTA indicates that the United States is finally coming into better alignment with international standards for combatting shell companies and money laundering. Financial institutions’ AML procedures unquestionably stand to benefit, but it’s early days; the shape and details of FinCEN’s UBO registry may not be known for months. In the meantime, financial institutions should maintain their focus on obtaining accurate, comprehensive customer beneficial ownership information so that they can maintain robust compliance programs and avoid involvement in enforcement actions.