Table of Contents:
Share this article!
The landscape of corporate transparency in the United States is undergoing a significant transformation with the finalization of the BOI Access Rule under the Corporate Transparency Act (CTA). This newly finalized portion of the regulatory framework, is set to take effect on February 20, 2024, and outlines specific authorized recipients and purposes for accessing the Beneficial Ownership Information (BOI) database. It includes stringent security measures and confidentiality requirements to prevent and penalize unauthorized use. Once FinCEN collects certain information about reporting companies and their beneficial owners under the Reporting Rule, the Access Rule is there to regulate who will be able to see this information. The Access Rule introduces a phased implementation strategy, beginning with a pilot program for federal agency users in 2024 and extending to Treasury offices, certain law enforcement, and then to remaining authorized users. This tiered approach aims to ensure a smooth transition and effective integration of the new system.
Understanding the BOI Access Rule
On February 20, 2024, the Access Rule will come into play, delineating who gains entry to the coveted “Beneficial Owner IT System,” a database that will have all reported BOI. Authorized users under this rule fall into six distinct categories:
Federal Government Agencies
Those engaged in national security, intelligence, or law enforcement activities will have direct access to the database.
State, Local, or Tribal Law Enforcement Agencies
These agencies must certify authorization from a court of competent jurisdiction and relevance to an investigation to gain direct access.
Financial Institutions
For compliance with customer due diligence (CDD Rule to be finalized by FinCEN) and contingent upon the reporting company’s consent, financial institutions will have direct, but limited access to the database once certified.
Federal Regulators
Overseeing financial institutions will enable regulators to have direct, but limited access to the Beneficial Owner IT System.
Foreign Law Enforcement and Central Authorities
Federal requesters that are engaged in national security, intelligence, or law enforcement activities will have indirect access to the database and are subject to stringent requirements and agreements to acquire BOI.
Department of the Treasury
Any Treasury officer or employee performing official duties including BOI inspection or disclosure, tax administration, enforcement actions, analytical purposes, audits, etc. will have direct access to the database.
Stringent Security and Confidentiality Protocols
Access to the BO IT System demands strict adherence to confidentiality and security measures, which vary by recipient category, however, requirements generally include:
- Establishing protocols for securely storing the information in a system that is accessible only to approved personnel and strictly for sanctioned purposes.
- Formalizing an agreement with FinCEN that outlines these security protocols and procedures.
- Keeping records for potential review or audit, detailing the specifics of each request or search for Beneficial Ownership Information (BOI).
- Submitting certifications affirming adherence to relevant laws and regulations governing the handling of BOI.
Violations and Penalties
Redisclosure of BOI is generally not allowed. The final rule interprets “unauthorized use” of BOI as any illicit access, including instances where an employee, officer, director, contractor, or agent of an authorized entity breaches established security and confidentiality norms while accessing the information. FinCEN will enforce both civil and criminal repercussions for such violations, with civil penalties reaching $500 per day and criminal penalties extending to fines up to $250,000 or imprisonment for up to five years. Additionally, FinCEN holds the authority to restrict or prohibit an entity’s access to BOI if they fail to meet the stipulated criteria for obtaining, using, and safeguarding BOI.
Challenges and Future Considerations
With upwards of 16,000 financial institutions alone, the Access Rules will hold crucial implications to banks and other users of this information. Redisclosure restrictions, lack of provision for bulk data exports, and the reliance on APIs for access pose challenges and concerns for any authorized user navigating these regulatory changes. In essence, FinCEN’s BOI Access Rule declares a new era in financial data access, where strict protocols safeguard sensitive information, and ensure transparency while holding accountable those entrusted with crucial financial data. Understanding and adapting to these regulations will be imperative for authorized personnel to navigate the evolving landscape of compliance and data security effectively.
Get in Touch
Table of Contents