Law360 - Expert Analysis
This article originally appeared in Law360 on January 5, 2024 and is reprinted with permission. All rights reserved.
As of Jan. 1, the Corporate Transparency Act requires millions of companies formed or registered to do business in the U.S. to report the identities of their beneficial owners and applicants to the U.S. Department of the Treasury's Financial Crimes Enforcement Network.[1]
The CTA adds compliance obligations and complexity to every industry. The banking industry will be no different. Lenders, borrowers and investors that finance corporate America need to understand the new law and remain alert to its requirements.
As part of a lender's "know your clients" process and compliance with existing customer due diligence requirements, financial institutions already generally require disclosure of beneficial ownership information, or BOI, from borrowers.[2] Although banks and bank holding companies do not have to file BOI with FinCEN, financial institutions will be granted access to these reports to facilitate compliance with know-your-clients and anti-money laundering requirements.
A vast majority of bank customers will be swept into CTA compliance. Educating customers throughout the course of 2024 and taking steps to influence future compliance with the CTA will be consistent with FinCEN's vision. A prudent business and investing community needs to be thoughtful about the requirements of the new law, as it will not be business as usual for most.
Reporting Companies
All BOI will be maintained in a secure, nonpublic database that may be accessed by law enforcement and certain financial institutions for customer due diligence. The new law is intended to provide the government with information for the purpose of detecting, preventing, and punishing terrorism, money laundering and other misconduct perpetrated through anonymous shell entities.
Compliance with the CTA will require a fact-specific inquiry into the law's requirements as well as a detailed review of company structure, ownership information, and other matters. Covered entities, designated by the law as "reporting companies," will be required to file reports with FinCEN. In general, a reporting company is any entity created or authorized to do business by filing a document with a state's secretary of state office.
Reporting companies formed or registered after the new year will be obligated to file reports within 90 days of receiving notice that its creation or registration is effective, and promptly update previously filed reports.
Disclosure requirements for businesses formed or registered before Jan. 1, 2024, must be satisfied by Jan. 1, 2025.[3] Failures to comply with the CTA can result in the imposition of possible civil and criminal penalties, including a requirement to pay $500 per day until compliant.
Exemptions
The reporting rules under the CTA exempt specific categories of entities — 23 in all — from the CTA's reporting obligations. These exemptions, for the most part, apply to "large operating companies," which have more than 20 full-time employees in U.S. with more than $5 million in revenue that maintain an operating presence and a physical office in the U.S., as well as regulated entities, such as banks and insurance companies.[4]
The list of statutory exemptions have been "carefully circumscribed" to further the CTA's "overall objective of enhancing financial transparency and making it more difficult for bad actors to conceal their illicit activities."[5]
Common law trusts and tax-exempt organizations that have not lost their tax-exempt status are excluded from the definition of a reporting company under the CTA. Most 501(c) nonprofits in good standing will therefore not be required to report.
The CTA creates a "subsidiary exemption" that allows most controlled or wholly owned subsidiaries of exempt entities to also qualify for an exemption from BOI reporting. However, each entity in the corporate structure still needs to be analyzed under the CTA to determine whether it is a reporting company or exempt. It will also be necessary for entities initially exempt from the CTA to monitor whether an exemption to the reporting obligations remains available.
It is important to note that certain private equity funds may have to report BOI even if the fund wholly owns an entity that is itself exempt. Also, subsidiaries wholly owned or controlled by a pooled investment vehicle that is exempt, such as portfolio and blocker companies, special purpose entities, and other fund structuring vehicles, may be required to report.
Compliance with any applicable requirements of state law should also be considered, as some states have similarly taken steps to allow governments to uncover misconduct through mandated disclosures of BOI.[6]
Proactive Compliance
The focus of the CTA is greater transparency of state-registered entities.[7] Additional controls, procedures and protocols should be developed by companies, private lenders, investors and applicants to account for obligations now imposed by the CTA. Reporting companies need to be attentive to the new legal requirements and should consider proactive measures.
First, the CTA does provide an exemption for certain "inactive entities."[8] However, inactive entities in a corporate family that are not exempt from BOI reporting should be merged or dissolved so that companies will not have to make filings for these entities under the CTA.
Second, a process for collecting, tracking, updating and disclosing additional information beyond what has been normally collected from beneficial owners and tracked should be developed by reporting companies. This information includes birthdates, home addresses and driver's license numbers.
Third, it would be prudent to examine and, if necessary, change entity formation documents such as limited liability company agreements, subscription agreements, shareholders' agreements, and other business documents that create or address beneficial ownership to include provisions that permit companies to obtain and report CTA-related information. Representations with respect to CTA compliance and covenants requiring continued compliance should be included to require the submission by beneficial owners of accurate — and updated — information.
Fourth, the CTA imposes liability for failures to comply with the new law. Beneficial owners can be liable in addition to the reporting company for failures, including refusals, to submit complete, accurate or updated information.
FinCEN has suggested that reporting companies "engage with their beneficial owners" and advise them of their liability for failing to cooperate.[9] Periodic written notices by reporting companies to their equity holders might be advisable and avoid issues. Consideration should also be given to requiring agreements with beneficial owners that impose undertakings and indemnification for failing to provide timely and accurate information.
The CTA will certainly compound the administrative burden on companies who are already subject to annual tax filings, registrations and renewals with secretaries of state, financial reporting to lenders and investors, and other ordinary course obligations. However, companies that are readily able to demonstrate compliance with the CTA and institute protocols will add external credibility to the business.
CTA's Impact on Financial Institutions
On Dec. 21, 2023, FinCEN issued its final rule regarding access to beneficial ownership information.[10] The recent regulations implement strict protocols designed to protect sensitive personally identifiable information reported to FinCEN and specify those recipients that have access to collected BOI.
FinCEN has also given banks and other financial institutions guidance on the interplay between the CTA and existing customer due diligence requirements.[11] While the goal of the CTA is to enhance beneficial ownership transparency, regulators also wanted to minimize the burden on the regulated community.
FinCEN has in fact made it clear that the CTA does "not create a new regulatory requirement for banks [or non-bank financial institutions] to access BOI ... or a supervisory expectation that they do so."[12]
The recently adopted access rule does, however, broaden the definition of "customer due diligence requirements under applicable law." It now includes "any legal requirement or prohibition designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States, to comply with which it is reasonably necessary for a financial institution to obtain or verify beneficial ownership information of a legal entity customer."[13]
The final access rule therefore expands the universe of permissible uses of BOI by financial institutions to not only conduct enhanced due diligence, but also for suspicious activity monitoring and reporting.
It will, in any event, be necessary in some circumstances for financial institutions to educate their customers about the need to comply with the CTA.[14] Personnel, particularly those in compliance, legal and similar functions, will need to understand the nuts and bolts of the new law. Customer-facing personnel should be prepared to field questions about what is required and stay alert to new technical developments.
New Lending Best Practices
The CTA's new regulations anticipate that lenders will obtain permission to receive a borrower's BOI and related reports from FinCEN.[15]
Financial institutions will be able to obtain the required consent in a manner they determine to be appropriate based on their customer base and needs. Consideration should be given as to whether the necessary permission should be built into the lender's commitment letter. This would eliminate any need for a separate request between the commitment letter and closing. It should include any upstream entities, as well as the borrower.[16]
All parties with access to BOI, including financial institutions that have obtained consent from reporting companies, are subject to the CTA's security and confidentiality obligations. Financial institutions should already have internal protocols in place for securing BOI and other customer information. Customer privacy will give rise to heightened concerns for borrowers and should be addressed in commitment letters and other loan documents.
Increased due diligence by lenders should include cross-checking operating agreements and resolutions delivered by borrowers against FinCEN reports. Any inconsistency or questions with respect to proper authorization should be reconciled before loan closing. A review of borrower protocols and other agreements addressing the CTA should be undertaken as part of standard due diligence.
Lenders should also examine their template loan documents and other customer-interfacing agreements to determine whether additional representations, warranties and covenants should be included to address the CTA specifically or money laundering generally.
Almost all credit agreements currently require borrowers to represent that they comply with all applicable laws governing their businesses and, on an ongoing basis, require them to remain in compliance. These provisions are often broad enough to generally cover the CTA. Nevertheless, penalties for failures to comply with the CTA are significant enough to consider including additional, specific provisions covering the CTA in loan documents.
A failure by a reporting company to timely file CTA reports and include accurate information should be events defaults. Borrowers need to be responsible to ensure adequate controls are in place, whether through operating agreements or otherwise, to address failures and refusals by beneficial owners to supply accurate information in accordance with the law's requirements.
All reports delivered by a reporting company to FinCEN should be obtained by lenders as a standard component of due diligence. Covenants should be included in loan documents requiring reporting companies to contemporaneously deliver all original and amended FinCEN reports to the lender as well. Consents granting the lender a broad right to obtain future reports directly from FinCEN should be a standard expectation for reporting company borrowers.
Conclusion
The CTA is now effective. It is a groundbreaking change in the way the federal government tracks beneficial ownership of U.S. reporting companies. FinCEN estimates that approximately 32.6 million companies will need to comply with the CTA and report information related to ownership, officers and those who control the company.[17]
All companies should be aware of the potential application of the new law to every entity that is owned, controlled or operated within an organization's structure. Reporting companies should prepare for the applicable CTA compliance date by understanding the CTA's requirements and developing internal processes for identifying beneficial owners as well as for collecting, monitoring and updating reportable information.
Service providers to reporting companies should use a heightened degree of care with respect to CTA compliance matters and understand the potential incremental risk. If a reporting company is found to have intentionally filed false reports, the service provider may be accused of aiding and abetting the client.
It will be therefore important to consider the CTA as a regular part of client intake. Engagement agreements should address the subject and narrowly define the scope of services and define responsibilities clearly to help mitigate risk. Waivers and disclaimers should be included if appropriate. Management representation letters covering CTA compliance may be advisable in certain circumstances.
Lenders should strive to ensure that know-your-client and due diligence protocols are aligned with the CTA's requirements to ensure that a borrower's reporting is compliant.
A thoughtful review of internal policies and procedures accompanied by potential amendments to commitment letters, loan documents and other materials should be undertaken. Lenders should also ensure that they educate compliance and customer interfacing staff as part of an internal CTA protocol.
The requirements of the CTA and its implementing regulations, such as the reporting rule and the access rule, are new territory. FinCEN is expected to issue additional guidance in the future, and problems will inevitably arise.
As the CTA continues to evolve, it will be important to be alert to ongoing developments. Risk and uncertainty can be minimized by implementing thoughtful measures aimed at compliance with the CTA.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of their employer, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] The CTA was enacted into law on January 1, 2021, as part of the Anti-Money Laundering Act of 2020 as a tool designed to combat the use of shell companies by those seeking to evade anti-money laundering laws and economic sanctions. See 31 U.S.C. § 5336. Personally identifiable information must be reported for those persons or entities that own, directly or indirectly, 25% or more of a non-exempt business or who have "substantial control" of it. In defining the contours of whom has substantial control, the rule sets forth a range of activities that captures anyone having the ability to make important decisions for the company. https://www.fincen.gov/beneficial-ownership-information-reporting-rule-fact-sheet.
[2] See 31 C.F.R. § 1010.230 (Customer Due Diligence Rule). Future rulemaking will reconcile the CDD Rule for financial institutions to achieve conformity and reduce unnecessary and duplicative burdens on financial institutions and businesses.
[3] See Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59,498, 59,540 (Sept. 30, 2022) (codified at 31 C.F.R. § 1010.380) (Reporting Rule). See also www.fincen.gov/boi.
[4] As a general rule, if an entity is already subject to a federal reporting requirement through a different regulatory scheme (such as federal securities laws), it is likely going to be exempt and not required to submit BOI reports to FinCEN. Public companies, for example, are exempt.
[5] Supra note 2.
[6] It is common, particularly in real estate and acquisition transactions, to form special purpose entities (such as limited liability companies) to acquire, finance, own, and operate assets. It is in fact estimated that more than one-third of Manhattan properties are owned by LLCs whose ultimate owners are unknown. On December 23, 2023, New York's governor signed into law the New York LLC Transparency Act (NYLTA) which creates a state-level database of the beneficial owners of LLCs that are formed in New York as well as foreign LLCs that register to do business in New York. The data will not be publicly available but accessible to federal, state, and local government agencies and law enforcement. S.995B/A.3484. The NYLTA incorporates many of the same definitions and rules of the CTA and will take effect one year after its adoption. California legislators have introduced legislation modeled after the CTA and other states may follow suit.
[7] Sole proprietorships, common law trusts, and general partnerships are not reporting companies under the CTA. However, statutory or business trusts created by a filing will be subject to CTA's reporting requirements.
[8] "Inactive entities" are defined under the CTA as entities that (a) existed on or before January 1, 2020; (b) are not engaged in business; (c) are not wholly owned, directly or indirectly, by a foreign person; (d) have not had a change in ownership in the prior 12 months; (e) have not received or sent more than $1,000 in the prior 12 months either directly or indirectly through any account the entity or an affiliate had an interest; and (f) do not hold any assets, including an ownership interest in another company.
[9] FinCEN has suggested that reporting companies put "in place mechanisms to ensure that beneficial owners will keep reporting companies [advised] of changes in reported information."
[10] See FinCEN, Interagency Statements for Banks and Non-Bank Financial Institutions on the Issuance of Beneficial Ownership Information Access Rule (Dec. 21, 2023).
[11] Beneficial Ownership Information Access and Safeguards, 88 Fed. Reg. 88732 (to be codified at 31 C.F.R. § 1010) (Dec. 22, 2023). The Access Rule, which is over 247 pages long prior to final publication in the Federal Register, becomes effective February 20, 2024.
[12] See id. See also Interagency Statement for Banks on the Issuance of the Beneficial ownership Information Access Rule (Dec. 21, 2023). FinCEN anticipates proposing additional regulations aligning the CTA with the existing Customer Due Diligence Rule applicable to banks and other financial institutions.
[13] FinCEN, Fact Sheet: Beneficial Ownership Information Access and Safeguards Final Rule, https://www.fincen.gov/news/news-releases/fact-sheet-beneficial-ownership-information-access-and-safeguards-final-rule (Dec. 21, 2023).
[14] A number of businesses, particularly small businesses, are still not aware yet of new law.
[15] https://www.govinfo.gov/content/pkg/FR-2023-12-22/pdf/2023-27973.pdf
[16] Obtaining BOI information should have the same value to a lender as a receipt of an affidavit or sworn organizational chart from its customer. Confirmation of company authority can be obtained from a review of information contained in the reports filed with FinCEN. It is important to note, however, that financial institutions will likely not have access to FinCEN's database until the contemplated Customer Due Diligence rulemaking is completed in 2024 or 2025. See Access Rule, supra note 10 (indicating that FinCEN will "take a phased approach to providing access" to its database).
[17] See Reporting Rule (Sept. 30, 2002), supra note 3.