Do you know who your customers’ owners are?
The federal government may require your financial institution to prove that they are who they – and you – say they are.
Last September, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a final rule establishing a beneficial ownership information (BOI) reporting requirement as part of the Corporate Transparency Act (CTA). The following month, FinCEN put out a final rule specifying what beneficial ownership entails and what entities have to file BOI reports.
FinCEN defines a beneficial owner as anyone who, directly or indirectly, owns or controls at least 25% of the ownership interests of a company registered to do business in the U.S. Alternatively, a beneficial owner can be defined as someone exercising “substantial control” over that company. The entities required to report include corporations, limited liability companies (LLCs), business trusts, and limited partnerships. (Some entities, such as certain types of trusts, are exempt from reporting.)
FinCEN’s BOI reporting requirement takes effect January 1, 2024. The goal is to stop criminal actors, including oligarchs, financiers of terrorism, drug traffickers, human traffickers, and those who would use anonymous shell companies and other corporate structures to hide their ill-gotten gains. The Treasury Department has estimated that $300 billion in illicit proceeds are generated annually via this type of activity. The federal government also wants to stop Russian entities seeking to evade U.S. sanctions from setting up fictional financial accounts.
Who needs to report?
While the new guidelines require reporting companies to send BOI reports to FinCEN, banks and credit unions also will need to collect BOI data from companies with which they do business. If your role is helping your institution manage risk, you’ll have a hand in gathering and maintaining all that information. How can you and your colleagues do this so that your entity is protected from risks such as fraudulent or incomplete reporting by customer companies?
What should reporting companies report?
FinCEN requires a BOI report to provide the name, birthdate, and address for each of the reporting company’s beneficial owners. It will also need to provide, for each beneficial owner, a unique identifying number from an identification document acceptable to FinCEN, along with the image of that document.
A beneficial owner is allowed to provide these four pieces of information directly to FinCEN him- or herself. That owner can then obtain a “FinCEN identifier,” which must be included in that company’s BOI filing to FinCEN. Reporting companies created or registered in the U.S. before January 1, 2024, will have one year — that is, until January 1, 2025 — to file their initial BOI reports. Companies created or registered after January 1, 2024, will have 30 days after creation or registration to file. Once they’ve filed an initial report, both existing and new reporting companies will be required to provide updates of any changes in ownership information within 30 days of the change.
What are financial institutions’ responsibilities?
FinCEN is currently developing compliance and guidance documents designed to help companies comply with the new reporting rules.
The agency also will be publishing a “Small Entity Compliance Guide” that will inform smaller companies and other entities required to file reports. It plans to reach out to industry associations as well as secretaries of state and similar offices so that they can provide BOI reporting implementation guidance to the companies within their organization or state.
Many details about financial institutions’ responsibilities – and potential liabilities – have yet to be clarified. Case in point: FinCEN is developing what it calls a Beneficial Ownership Secure System (BOSS) to secure and store the BOI data it receives. According to proposed regulations, financial institutions that want to cross-check customer-supplied BOI with this database would have to request permission from the customer to do so.
But what if the customer doesn’t give permission? And if it does, what are the institution’s responsibilities if the information it receives doesn’t match the BOSS data? How often will banks and credit unions need to review their customers’ BOI for ownership changes? FinCEN’s current rules also say that if a bank or credit union doesn’t safeguard BOI information from the database, it could be liable for civil or criminal penalties. In addition, financial institutions would have only limited access to BOSS data.
What is the right BOI data?
You might already be imagining the headaches that gathering all of your customers’ BOI data will cause – especially when many crucial details about how to manage it remain unclear (at least for now). What is clear is that your financial institution will need digital tools to deal with these reporting requirements. These tools should also be able to help you verify BOI data.
Thomson Reuters Risk & Fraud Solutions can help you ascertain that those individuals are who they say they are. Its global ID, fraud prevention, and other tools can help you and your company get ready to meet FinCEN’s BOI requirements and deadlines. One way you can get up to speed is by learning more about Risk & Fraud Solutions and its capabilities, which you can do here.
______________________________________________________________________________________
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.