Skip Repeated Content

FinCEN’S Broad Proposed Beneficial Ownership Reporting Requirements

Targeting “terrorists, criminals and kleptocrats”1
December 9, 2021

Today’s proposed rule will greatly expand the application of reporting requirements identifying the true owners of business entities formed under U.S. law or formed under foreign laws and registered to do business in the United States. FinCEN estimates that the proposed regulation could require over 30 million existing companies to file reports in the first year after adoption and reports by nearly 4 million new entities each year.2

The U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) announced proposed regulations to implement the beneficial owner reporting requirements that form part of the Corporate Transparency Act (“CTA”).3 The CTA, enacted as part of the Anti-Money Laundering Act of 2020 within the National Defense Authorization Act for Fiscal Year 2021, requires certain types of domestic and foreign entities to submit beneficial ownership information (“BOI”) to FinCEN.4 Covered “reporting companies” will need to submit the required BOI to FinCEN at the time of formation; preexisting reporting companies will have to one year from the effective date of the regulation to submit the required BOI. FinCEN’s proposed rule will implement these statutory requirements.  The CTA provides FinCEN with some discretion on when these requirements take effect.  FinCEN does not propose a specific effective date in its proposal and instead solicits feedback on how much time is necessary for impacted stakeholders to comply.  Interested parties have until February 7, 2022 to submit comments. The proposed reporting requirements closely resemble the requirements that currently apply to entities seeking to open accounts with certain types of financial institutions. At a later date, FinCEN will propose rules to coordinate these obligations with those proposed here.

I. Which Entities Must Report. The CTA generally targets smaller, lightly regulated companies that otherwise may not be required to disclose BOI to regulators or to the public, while exempting larger, more heavily regulated entities from reporting. Specifically, a “reporting company” would be broadly defined as a corporation, LLC or similar entity that is either:

  • “created by the filing of a document with the secretary of or similar office under the law of a state or Indian Tribe” (“Domestic Reporting Company”); or
  • “formed under the law of a foreign country and registered to do business in the United States by the filing of a document with a secretary of state or a similar office under the laws of a State or Indian Tribe.”5

The CTA specifically excludes 23 types of entities within those broad categories from the reporting requirements, which are included verbatim in the proposed regulation:6

  1. securities issuers;
  2. domestic governmental authorities;
  3. banks;
  4. domestic credit unions;
  5. depository institution holding companies;
  6. money transmitting businesses;
  7. brokers or dealers in securities;
  8. securities exchange or clearing agencies;
  9. other Securities Exchange Act of 1934 entities;
  10. registered investment companies and advisers;
  11. venture capital fund advisers;
  12. insurance companies;
  13. state licensed insurance producers;
  14. Commodity Exchange Act registered entities;
  15. accounting firms;
  16. public utilities;
  17. financial market utilities;
  18. pooled investment vehicles;
  19. tax exempt entities;
  20. entities assisting tax exempt entities;
  21. large operating companies;
  22. subsidiaries of certain exempt entities;7 and
  23. inactive businesses.8

Of note, FinCEN proposes to define the term “large operating company” for purposes of the reporting exemption, consistently with the statutory concept under the CTA, as an entity that “(1) employs more than 20 employees on a full-time basis in the United States; (2) filed in the previous year Federal income tax returns in the United States demonstrating more than $5,000,000 in gross receipts or sales in the aggregate, including the receipts or sales of other entities owned by the entity and through which the entity operates; and (3) has an operating presence at a physical office within the United States.” 9  The CTA also empowers the Secretary of Treasury, acting together with the Attorney General and Secretary of Homeland Security, to provide for additional categories of exemptions.

II. Who is a “Beneficial Owner.” FinCEN explains that these definitions are meant to require a company to identify the individuals who stand behind the reporting company and direct its actions. A beneficial owner is defined by the CTA as “any individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise—(i) exercises substantial control over the entity; or (ii) owns or controls not less than 25% of the ownership interests of the entity.”10 The statute identifies three indicators of “substantial control”:  (1) service as a senior officer of a reporting company; (2) authority over the appointment or removal of any senior officer or dominant majority of the board of directors (or similar body) of a reporting company; and (3) direction, determination, or decision of, or substantial influence over, important matters of a reporting company.”11 The regulation also contains a “catch-all” provision that makes clear that “substantial control” might arise from other factors as well. FinCEN notes that it expects that its definition of beneficial owner is broad enough that every reporting company would have at least one beneficial owner to report, but it questions whether it should go further to ensure this result, which is a characteristic of existing Customer Due Diligence (CDD) rules applicable to certain U.S. financial institutions.

The CTA also requires reporting of identity information regarding the “company applicant.” The company applicant is the individual who files the document that creates a domestic reporting company or who first register a foreign reporting company.12

The CTA identifies five exceptions to the definition of beneficial owners; (1) Minor children, although identifying information of the child’s parent or guardian must be reported; (2) Nominees (e.g., intermediaries, custodians, or agents), instead requiring that the real party in interest be identified; (3) employees (acting solely as an employee); (4) inheritors via a future right of inheritance; and (5) creditors that do not exercise substantial control over the reporting entity.13

III. What Information about Beneficial Owners Must be Reported.

Reporting companies must file initial reports, corrected reports and updated reports. In its initial report, a reporting company must report the following for each beneficial owner and individual company applicant.  These requirements are generally consistent with existing Customer Identification Program (“CIP”) elements that financial institutions are required to collect at account opening, except for the proposed regulation’s additional requirement in all cases for the submission of a documentary means of support.   

(A) The full legal name of the individual;

(B) The date of birth of the individual;

(C) The complete current address consisting of: (1) In the case of a company applicant who files a document described in paragraph (e) of this section in the course of such individual’s business, the business street address of such business; or (2) In any other case, the residential street address that the individual uses for tax residency purposes;

(D) A unique identifying number from one of the following documents:

(1) A non-expired passport issued to the individual by the United States Government;

(2) A non-expired identification document issued to the individual by a State, local government, or Indian tribe for the purpose of identifying the individual;

(3) A non-expired driver’s license issued to the individual by a State; or

(4) A non-expired passport issued by a foreign government to the individual, if the individual does not possess any of the documents described in paragraph (b)(1)(ii)(D)(1), (2), or (3) of this section;

and

(E) An image of the document from which the unique identifying number in paragraph (b)(1)(ii)(D) of this section was obtained, which includes both the unique identifying number and photograph in sufficient quality to be legible or recognizable.14

IV. What Information about Reporting Companies Must Be Reported.

A reporting company must also identify itself. To ensure that each reporting company can be identified, the proposed regulations would require each reporting company to report its name, any alternative names through which the company is engaging in business (“d/b/a names”), its business street address, its jurisdiction of formation or registration, as well as a unique identification number.

V. Privacy of Reported Data.

Although the compilation of this information creates obvious privacy threats, FinCEN notes, The privacy impact of reporting BOI to FinCEN is relatively light, because, unlike beneficial ownership registries in many other countries, FinCEN’s database will not be public and will be subject to stringent access protocols.”15 FinCEN describes its data security controls as follows:

“Given the sensitivity of the reportable information, the CTA imposes strict confidentiality, security, and access restrictions on the data. FinCEN is authorized to disclose reportable BOI to a statutorily defined group of governmental authorities and financial institutions, in limited circumstances. Federal agencies, for example, may only obtain access to BOI when acting in furtherance of national security, intelligence, or law enforcement activity.[80State, local, and Tribal law enforcement agencies require “a court of competent jurisdiction” to authorize them to seek BOI as part of a criminal or civil investigation.[81Foreign government access is limited to foreign law enforcement agencies, prosecutors, and judges in specified circumstances.[82FinCEN may also disclose reported BOI to financial institutions that need such BOI to facilitate compliance with customer due diligence requirements under applicable law, with the consent of the reporting company.[83Moreover, a financial institution's regulator can obtain BOI that has been provided to a regulated financial institution for the purpose of performing regulatory oversight that is specific to that financial institution.[84Taken together, these measures, along with other restrictions, requirements, and security protocols delineated in the CTA, will help to ensure that BOI collected under 31 U.S.C. 5336 is only used for statutorily described purposes. As noted above, FinCEN intends to address the regulatory requirements related to access to information reported pursuant to the CTA through a future rulemaking process.”16

VI. The Privacy “Token.”

Instead of providing specific information about an individual, the reporting company may provide a unique identifier issued by FinCEN called a FinCEN identifier. The proposed regulations describe how to obtain a FinCEN identifier and when it may be used.17 A FinCEN identifier is a unique identifying number that FinCEN will issue to individuals or entities upon request.18 The FinCEN identifier would work like a token for the individual’s required information. An individual may obtain a FinCEN identifier by providing FinCEN with the information that the individual would otherwise have to provide to a reporting company if the individual were a beneficial owner or applicant of the reporting company; an entity can obtain a FinCEN identifier from FinCEN when it submits a filing as a reporting company or any time thereafter.[106This means that an individual or legal entity must still disclose information to FinCEN, but once an individual or legal entity has a FinCEN identifier, the individual or legal entity can provide the identifier to a reporting company in lieu of the personal details required under paragraph (b)(1). For instance, an individual could provide their FinCEN identifier to the reporting company, and the reporting company could provide the FinCEN identifier to FinCEN in lieu of any information the reporting company would otherwise have to report about the individual.

VII. Coordination with Other Existing BOI Reporting Requirements.

FinCEN has temporarily deferred rulemaking to implement the CTA’s mandate to rescind certain aspects of FinCEN’s current Customer Due Diligence Rule.

The CTA also requires that FinCEN rescind and revise portions of the current CDD Rule within one year after the effective date of the BOI reporting rule.[85The CTA does not direct FinCEN to rescind the requirement for financial institutions to identify and verify the beneficial owners of legal entity customers under 31 CFR 1010.230(a), but does direct FinCEN to rescind the beneficial ownership identification and verification requirements of 31 CFR 1010.230(b)-(j).[86The CTA identifies three purposes for this revision: (1) To bring the rule into conformity with the AML Act as a whole, including the CTA; (2) to account for financial institutions' access to BOI reported to FinCEN “in order to confirm the beneficial ownership information provided directly to the financial institutions” for AML/CFT and customer due diligence purposes; and (3) to reduce unnecessary or duplicative burdens on financial institutions and legal entity customers.19

VIII. Penalties for Violations.

It is unlawful for any person “willfully provide, or attempt to provide, false or fraudulent beneficial ownership information . . . to FinCEN” or to “willfully fail to report complete or updated beneficial ownership information to FinCEN.”20 The CTA further provides for civil and criminal penalties for any person violating that obligation. The statute provides for civil penalties of up to $500 for each day a violation continues or has not been remedied, and criminal penalties of up to $10,000 and prison terms for up to two years, or both.21 While the reporting requirement applies directly only to companies, the proposed regulation makes it clear that individual beneficial owners who fail to provide information or provide false information to their companies for reporting purposes will be subject to the civil and criminal penalties.22

For further information about how these proposed rules might affect your company, please contact the Bryan Cave Leighton Paisner Fintech and Regulatory Compliance team members.


1. NPRM, 86 FR 69922 (December 8, 2021). A “kleptocracy” is a wealth influenced government whose corrupt leaders use political power to appropriate the wealth of their nation, typically by embezzling or misappropriating government funds at the expense of the wider population. -- Wikipedia

2. NPRM, 86 FR 69958 (December 8, 2021).

3. Notice of Proposed Rulemaking (“NPRM”) 86 FR 69920, December 8, 2021      https://www.federalregister.gov/documents/2021/12/08/2021-26548/beneficial-ownership-information-reporting-requirements                   

4. 31 U.S.C. 5336.

5. 31 U.S.C. 5336(a)(11)(A)(i)-(ii).       

6. 31 U.S.C. 5336(a)(11)(B)(i)-(xxiii).

7. This exemption is interpreted by FinCEN to mean an entity that is “owned entirely by one or more specified exempt entities.” 31 U.S.C. 5336(a)(11)(B)(xxii).

8. This exemption, called the “dormant entity” exemption, applies to any entity: (1) “in existence for over 1 year [at the date of enactment of the CTA];” (2) that is not engaged in active business; (3) that is not owned, directly or indirectly, by a foreign person; (4) that has not, in the preceding 12-month period, experienced a change in ownership or sent or received more than $1,000; and (5) that does not otherwise hold assets of any type.”

9. 31 U.S.C. 5336(a)(11)(B)(xxi).

10. 31 U.S.C. 5336(a)(3)(A).

11. See 31 CFR 1010.380(d)(1).

12. 31 CFR 1010.380(e).

13. NPRM, 86 FR 69937 (December 8, 2021).

14. 31 CFR 1010.380(b)(1)(i)

15. NPRM, 86 FR 69934 (December 8, 2021).

16. NPRM 86 FR 69929 (December 8, 2021)

17. 31 CFR 1010.380(b)(5).

18. 31 U.S.C. 5336(b)(3)(A)(i).

19. NPRM, 86 FR 699629 (December 8, 2021).

20. 31 U.S.C. 5336(h)(1).

21. 31 U.S.C. 5336(h)(3)(A).

22. NPRM, 86 FR 69954 (December 8, 2021) Proposed Rule 31 CFR 1010.380(g).

Related Practices

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.