Beginning January 1, 2024, the Corporate Transparency Act (CTA) will require most entities formed in the US to disclose information relating to their owners, officers and control persons – known as beneficial ownership information (BOI) – to the Financial Crimes Enforcement Network (FinCEN).
The CTA, a sweeping law that received broad bipartisan support at its passage in 2021, aims to enhance transparency about ownership of corporate structures in the US and thereby strengthen the federal government’s efforts to combat money laundering, corruption, sanctions evasion and other illicit activities. The penalties for non-compliance, both civil and criminal, are stringent and include significant fines and up to two years’ imprisonment.
Although this expansive new reporting regime rolls out in just over six weeks, there is still a lack of appreciation as to who will bear the practical burden of compliance. The CTA places the onus on the reporting company to ensure that fulsome and accurate filings are made and, as such, much of the focus of regulatory outreach has been on educating small businesses on compliance expectations. But liability for violations extends to any person (or entity) who willfully (or with willful blindness/conscious disregard) does either of the following:
- Directly or indirectly provides or attempts to provide false or fraudulent ownership information to FinCEN, including by providing information to another person for the purposes of a CTA filing
- Causes an entity to fail to report complete or updated information to FinCEN or is a senior officer of the entity at the time of the failure.
This liability provision leaves room for civil and criminal enforcement against a broad scope of entities and individuals involved in forming and administering entities in the US – including senior officers, corporate service providers, trustees and lawyers who may be involved in advising on or making CTA filings on behalf of reporting companies.
Although small operating businesses surely will have CTA reporting obligations to navigate, senior officers, in-house lawyers, corporate service providers, trust companies and law firms – often referred to in the anti-money-laundering (AML) context as ‘gatekeepers’ – are typically associated with the more complex corporate structures that will raise thorny ambiguities under the CTA. In practice, these are the individuals likely to be prime targets for CTA enforcement once FinCEN and the US Department of Justice (DoJ) start pursuing charges under this new regime.
What is the CTA?
From January 1, 2024, the CTA will require most US entities and foreign entities registered in the US – unless they are subject to one of the 23 exemptions under the law – to identify their beneficial owners to FinCEN. Critical exemptions to the CTA include many highly regulated entities, such as public companies, investment advisers, tax-exempt entities and many types of financial institutions.
There is also an exemption for large operating companies that employ more than 20 people in the US, have revenue of more than $5 mn and have a physical office in the US, among others. Many of these exemptions will also cover wholly owned or controlled subsidiaries of exempt entities.
Entities formed after January 1 will likely have 90 days to report to FinCEN during 2024 and 30 days thereafter, subject to the finalization of a pending rule. Entities formed before January 1, 2024 will have until January 1, 2025 to report.
The CTA requires each reporting company to provide information to FinCEN about all company applicants and beneficial owners. Company applicants will include the individual who directly and physically files the document that creates a domestic entity or registers a foreign entity as well as the individual who is primarily responsible for directing or controlling such filings.
Beneficial owners include equity owners, direct and indirect, as well as senior officers and anyone else who has the ability to control or substantially influence important decisions of the reporting company. Reporting companies will have to provide FinCEN with the following information for each beneficial owner and company applicant:
- Full legal name
- Date of birth
- Current residential street address, or business address for company applicants acting in a professional capacity
- Unique identifying number from a passport, state identification or driver’s license
- An image of the individual’s passport, state identification or driver’s license.
Reports will be filed electronically through a secure, cloud-based system that is accessible only to federal law enforcement for specifically designated purposes. Banks subject to customer due diligence obligations under the Bank Secrecy Act are also likely to have access, though the breadth of that access remains undetermined.
After initial CTA filings, companies will have 30 days to file any updates, corrections or changes to previously filed BOI reports. Such changes can include changes to the owner’s legal name, address or other required details. Importantly, many critical ambiguities remain about the application of this rule. FinCEN is expected to issue guidance addressing key ambiguities but the effective date is fast approaching.
When will CTA enforcement begin?
As a threshold matter, we are unlikely to see robust civil enforcement under the CTA in the near term. Implementing the CTA has been a huge undertaking for FinCEN. Initially, the agency’s limited resources will likely be focused on public education and guidance to relevant industries as well as addressing any technological hurdles that may arise in the roll-out of the CTA reporting database.
But the inevitable delay in enforcement should not be taken to suggest the CTA will not be subject to robust enforcement efforts. We should expect to see a slew of both civil and criminal enforcement actions relating to non-compliance with the CTA as the agency gets its sea legs and as the DoJ enters the ring. As always, enforcement will focus first on the misconduct occurring from the outset of CTA reporting on January 1 and prosecutors will have the benefit of hindsight.
Why will enforcement be pursued under the CTA?
When FinCEN and the DoJ turn their gaze to enforcement of the CTA, we should expect action primarily in connection with underlying misconduct or significant systemic failures to file. It does not appear that the CTA is intended to focus on technical violations. In fact, there is no provision for liability for negligent violations. Violations of the CTA can be enforced only when committed willfully or by extension under circumstances where the violator was ‘willfully blind’ or ‘consciously disregarded’ a high risk that he/she/it was violating the CTA.
In this context, we are likely to see CTA violations pursued where misconduct is uncovered in connection with underlying misuse of the entity or entities involved in furtherance of wrongdoing. For example, where reporting companies (or companies that should have been reporting under the CTA) are associated with laundering of proceeds of corruption by foreign government officials or sanctions evasion by Russian oligarchs, we may see charges relating to failures under the CTA in addition to substantive criminal or civil charges regarding the underlying misconduct.
Another scenario in which we may see enforcement relates to egregious systemic failures. Again, there is no mechanism for enforcement in relation to negligence in CTA filing but, where failures to file or misleading/erroneous filings were systemic, enforcement for violation of the CTA could be pursued on a theory that it was intentional.
For example, enforcement may be pursued against senior officers where a company routinely declined to identify senior officers in its CTA filings based on a determination that doing so would be an undue violation of their privacy. Practically, pursuing this type of violation may be worth enforcement resources only in a circumstance involving violations egregious enough to both raise the attention of law enforcement and where pursuing enforcement would send a message of deterrence.
Who will be targeted for enforcement?
A frequent criticism of the CTA as an AML tool is the argument that the criminals abusing corporate structures are likely to just ignore the filing requirements. But this characterization misses a much broader swath of CTA enforcement targets.
The CTA will create new opportunities to bring enforcement actions against a vast industry of individuals and entities associated with the creation and administration of US entities used for misdeeds. This may be the greatest benefit of the CTA as an AML tool: it creates real risks for those who run entities day to day –gatekeepers such as senior officers and in-house counsel – and will likely encourage these players to ask more questions and be more alert to potential wrongdoing by their clients.
Criminals – even ‘corporate criminals’ – are not typically forming their own entities to transact in their criminal proceeds, nor are they making the various filings associated with the administration of such entities. They hold their assets through complex webs of entities across many jurisdictions that are intended to obscure their ownership and/or control.
These tasks are accomplished through engaging others to make their companies run as their agents, officers, corporate services providers, trustees and in-house or external lawyers, often without their knowledge of the intent. Responsibility for filings under the CTA on behalf of such entities will in large measure fall to the professionals who have historically undertaken the day-to-day administration of those entities.
With the availability of charges for CTA violations, it will now be much easier to bring enforcement actions against the vast network of individuals who may be engaged in facilitating illicit activities through their creation and administration of corporate structures as well as the senior officers and in-house counsel who may support the companies in which wrongdoers hide the proceeds of their misconduct.
These individuals and entities may have no involvement in or knowledge of underlying misconduct. Today, they may not know or care who the beneficial owners of their clients or the company are. But to the extent their services enable misconduct they will face a much more realistic threat of enforcement after January 1, 2024 if they have ignored perceived red flags or risk factors and have failed to fully comply with the CTA.
Where do we go from here?
Given that willfulness is required to pursue enforcement, the legal process will be extremely protective of individuals associated with CTA filings. It will behoove senior officers, in-house counsel and others involved in preparing and advising on CTA filings to put in place robust procedures to ensure timely and accurate reporting. In particular, it will be critical to document diligence and vetting in gathering BOI from the individuals required to be reported.
In the near term, corporate officers, in-house counsel and gatekeepers should be developing internal procedures to:
- Ensure they can meet their CTA reporting obligations for future corporate formations after January 1, 2024
- Develop an inventory of entities formed before 2024 and begin developing the record, including gathering required BOI, to file the necessary reports relating to those entities by January 1, 2025.
For gatekeepers, now may be the time to enhance your client diligence process or update your evaluation of key clients. For senior officers and in-house counsel, developing a robust process for examining exemption decisions and gathering/vetting BOI from your owners will be critical. As the end of the year approaches swiftly, all those who provide services to potential reporting companies should be assessing their potential exposure under the CTA and taking steps to ensure they are not in that first wave of CTA enforcement coming down the pike.
Olivia Radics is an associate with Perkins Coie and Jamie Schafer is a partner in the firm’s white collar and investigations practice