WBK Industry - Federal Regulatory Developments

FinCEN Publishes Beneficial Ownership Information Access Final Rule

On December 22, 2023, FinCEN published a final rule covering access to, use of, and safeguarding of beneficial ownership information (BOI).  This rule (the Access Rule) implements the access and safeguard provisions of the Corporate Transparency Act (CTA). The Access Rule prescribes the circumstances under which BOI reported to FinCEN may be disclosed to authorized BOI recipients, and how the information must be protected.

The CTA and Access Rule allow disclosure of BOI to the following categories of recipients:

  • Federal agencies engaged in national security, intelligence, or law enforcement activity;
  • State, local, and tribal law enforcement agencies for use in criminal or civil investigations;
  • Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities for use in furtherance of foreign national security, intelligence, or law enforcement activity;
  • Financial institutions with customer due diligence compliance obligations;
  • Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions; and
  • U.S. Department of Treasury.

The Access Rule further defines and clarifies these recipient categories, and the associated restrictions and conditions on each recipient’s access to BOI. Additionally, among other things, the Access Rule allows more financial institutions to access BOI than originally proposed.  However, at this time, FinCEN will permit access to the BOI database only to financial institutions with obligations under the 2016 Customer Due Diligence Rule. 

Under the Access Rule, if a financial institution wants BOI, the company reporting that BOI must consent.  The Access Rule does not require written consent from the company, but it does require that the consent be documented.

The Access Rule also implements certain security and confidentiality requirements for any recipient of BOI.  Note, financial institutions can generally satisfy these safeguarding requirements by applying to BOI the same security and information handling procedures they use to protect customers’ nonpublic personal information in compliance with section 501 of the Gramm-Leach-Bliley Act and its implementing regulation.

The Access Rule becomes effective on February 20, 2024. 

For additional information on BOI reporting requirements for small entities, please refer to this prior WBK article.