FinCEN Gives Banks Access to Beneficial Owner Database to Assist in Customer Due Diligence

The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) in December authorized banks and other financial institutions to use its new database of corporate ownership information created in accordance with the Corporate Transparency Act (CTA) to assist in fulfilling their customer due diligence obligations.

How Does FinCEN Collect Corporate Ownership Information?

Congress passed the Corporate Transparency Act in 2021 to combat money laundering and other illicit activities by increasing transparency in entity structures and ownership. In September 2022, FinCEN issued a rule implementing the CTA’s beneficial ownership information (BOI) reporting provisions (the BOI Reporting Rule). The Act requires that collected BOI be stored in a new “secure, nonpublic database” known as the Beneficial Ownership Secure System, or BOSS, which receives the highest level of protection for non-classified information afforded by the Federal Information Security Management Act.

The final rule issued by FinCEN in December, the second of three key rulemakings, implements the access and safeguard provisions of the CTA (the Access Rule). The Access Rule advises when BOI reported to FinCEN may be disclosed to authorized recipients and how the BOI must be protected. The Access Rule also prescribes specific security and confidentiality requirements for each of the six categories of authorized users established by the CTA. Among the six categories of authorized users are financial institutions with customer due diligence (CDD) requirements and regulators supervising them for compliance with those requirements.

How Can Banks Access This Information?

The Access Rule permits FinCEN to disclose BOI to banks and other financial institutions for use in complying with applicable CDD requirements if the financial institution has the reporting company’s consent. Notably, while general business or commercial use of BOI is not permitted, the rule broadens the traditional definition of CDD requirements to include:

[A]ny legal requirement or prohibition designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States, to comply with which it is reasonably necessary for a financial institution to obtain or verify beneficial ownership information of a legal entity customer.

The effect of this expanded definition is that banks can access BOSS not only to fulfill their anti-money laundering and countering terrorist financing obligations under the Bank Secrecy Act (AML/CFT), but also for compliance with sanctions imposed by the Office of Foreign Assets Control (OFAC).

However, just as access to BOSS is not mandatory, neither is it automatic. Banks and other financial institutions accessing BOSS must develop and implement “administrative, technical, and physical safeguards that are reasonably designed to protect BOI as a precondition for receiving the information.” The Access Rule expressly adopts the principles-based approach of Title V of the Gramm-Leach-Bliley Act and its related regulations for the protection of nonpublic personal information as a guideline, including for financial institutions not normally subject to Title V's regulations. Additionally, for each BOI request, a financial institution will have to certify in writing that the request satisfies applicable criteria.

What Does This Mean for Banks?

The CTA and its corresponding rulemakings initiated major updates to corporate and anti-money laundering laws in the United States. Access to BOSS and the use of BOI for CDD, AML/CFT and OFAC compliance purposes could greatly ease compliance burdens for banks. Access will require:

• • Development and adoption of policies and procedures to ensure customer consent
  • Appropriate use and protection of BOI
  • Increased reporting and certification obligations to FinCEN

On balance, though, this new tool is expected to assist banks and other financial institutions in meeting their BSA obligations and knowing their non-consumer customers.

Please contact Mark Fullmer, Chris Couch, Andrew Meaders or any member of Phelps’ Banking and Financial Services team with questions or for advice and guidance.