Published Article
FinCEN Issues Access Rule to Beneficial Ownership Information
Read Time: 3 minsOn December 21, 2023, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced and issued a final rule (Access Rule) under 31 C.F.R. Part 1010 that establishes the framework for access to and protection of beneficial ownership information (BOI) that will be reported to FinCEN pursuant to the Corporate Transparency Act (CTA). The Access Rule prescribes the circumstances under which BOI, which is reported in compliance with FinCEN’s final BOI Reporting Rule, may be disclosed to federal agencies; state, local, tribal, and foreign governments; and financial institutions, and how BOI must be protected.
The Access Rule aims to ensure that: (1) only authorized recipients have access to BOI; (2) authorized recipients use that BOI only for purposes permitted by the CTA; and (3) authorized recipients re-disclose BOI only in ways that balance protection of the security and confidentiality of the BOI with furtherance of the CTA’s objective of making BOI available to a range of users for purposes specified in the CTA.
The CTA establishes that BOI is confidential and may not be disclosed except as authorized under the CTA and the Access Rule. However, FinCEN is authorized to disclose BOI under specific circumstances to six categories of authorized recipients: (1) U.S. federal agencies engaged in national security, intelligence, or law enforcement activity; (2) U.S. state, local, and tribal law enforcement agencies; (3) foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities (foreign requesters); (4) financial institutions using BOI to facilitate compliance with customer due diligence requirements under applicable law, provided the financial institution requesting the BOI has the relevant reporting company’s consent for such disclosure; (5) federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions for compliance with customer due diligence requirements under applicable law; and (6) Treasury officers and employees.
Each category of authorized recipient will be subject to specific security and confidentiality requirements, and authorized recipients of BOI are generally prohibited from re-disclosing BOI except in eight specific circumstances. With respect to security and confidentiality requirements, financial institutions will be able to satisfy this requirement by applying the same security and information handling procedures to BOI as required to protect customers’ nonpublic personal information pursuant to section 501 of the Gramm-Leach-Bliley Act and its implementing regulations. For each BOI request that it makes, a financial institution will have to certify that the request satisfies applicable criteria, and geographic restrictions will apply. For financial institutions, re-disclosure is authorized among financial institutions and their regulators, including qualifying self-regulatory organizations.
The Access Rule broadens the definition of “customer due diligence requirements under applicable law” to include “any legal requirement or prohibition designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States, to comply with which it is reasonably necessary for a financial institution to obtain or verify BOI of a legal entity customer.” General business or commercial use of BOI is not authorized, and financial institutions, for example, are not permitted to access BOI from FinCEN in determining whether to extend credit to a legal entity or pricing decisions when such credit decisions are unrelated to anti-money laundering, countering the financing of terrorism, or national security purposes.
Violations of the CTA carry both civil and criminal penalties for any person who knowingly discloses or knowingly uses BOI obtained by that person from a report submitted to, or an authorized disclosure made by, FinCEN, unless such disclosure is authorized under the CTA. The Access Rule clarifies that an “unauthorized use” includes any unauthorized access to BOI submitted to FinCEN, including any activity in which an employee, officer, director, contractor, or agent of an authorized recipient knowingly violates applicable security and confidentiality requirements in connection with accessing such information.
In conjunction with the Access Rule, FinCEN issued two interagency statements to give banks and non-bank financial institutions guidance on the interplay between the final rule and FinCEN’s existing Customer Due Diligence Rule. FinCEN also published a Beneficial Ownership Information Access and Safeguards Final Rule Fact Sheet.
The Access Rule will be effective on February 20, 2024. Starting in 2024, FinCEN will begin to provide access to BOI in phases to authorized government agencies and financial institutions that meet the requirements of the final rule.
Reprinted with permission from the American Bar Association’s Business Law Today December Month-In-Brief: Business Regulation & Regulated Industries.