FinCEN Issues Final Rule Regarding Access to Beneficial Ownership Information

Following the implementation of rules to require the reporting of beneficial ownership by nearly all firms operating in the U.S. in an effort to enhance transparency on ownership and to reduce money laundering and financing of terrorism activity in the U.S. – and – following a subsequent consultation on regulating the access to such collected beneficial ownership information (BOI), the Financial Crimes Enforcement Network (FinCEN) has now announced and published in the Federal Register a final rule in this context.
The final rule largely adopts the rule as proposed with certain modifications in response to the comments received by FinCEN to „reduce barriers to the effective use of BOI, while maintaining appropriate protections for the information“.
Specifically, under the final BOI access rule, FinCEN grants access to its BOI database holding all BOI information reported by entities to a number of regulatory agencies, bodies, and firms, including the following:
– federal agencies involved in national security, intelligence, or law enforcement activities;
– state, local, and tribal law enforcement agencies for criminal or civil investigations;
– foreign law enforcement agencies upon request and provided various conditions are met;
– financial institutions; and
– the supervisory authorities of financial institutions.
Each category of recipients must meet specific requirements and obtain necessary authorizations before accessing the BOI database. Unlike proposed, financial institutions can use the BOI to comply with their AML/CFT obligations under the Bank Secrecy Act AND other legal requirements designed to safeguard U.S. national security, such as sanctions laws and regulations. In this context, FinCEN has broadened the definition of „customer due diligence requirements (CDD)“ for purposes of the access rule to facilitate access to the BOI for complying with U.S. rules and regulations, as long as such compliance reasonably requires identifying and verifying beneficial ownership.
The final rule also requires financial institutions and government entities and bodies to implement controls and policies to safeguard BOI, ensuring it is used only for permissible purposes. Financial institutions must establish security and information handling procedures aligning with the Gramm-Leach-Bliley Act’s standards and implement procedures for employee training. In same context and just like proposed, the final rule requires financial institutions to obtain client consent prior to accessing BOI. However, the rule does not prescribe the methods to be used to obtain such consent.
As far as redisclosure and reuse of retrieved BOI information is concerned, FinCEN is deviating from its original proposal which interpreted the re-disclosure provisions narrowly and only permitted financial institutions to re-disclose information to individuals within the United States. However, in view of the responses received to the consultation, the final rule now allows financial institutions to send BOI to most jurisdictions outside of the United States, with the exception of China, Russia, any jurisdiction designated as a state sponsor of terrorism, and any jurisdiction that is subject to comprehensive sanctions.
Additionally, FinCEN has clarified that financial institutions could share BOI with third-party service providers, such as beneficial ownership data service providers, RegTech firms, due diligence vendors, and other entities performing a function on behalf of the financial institution. Nevertheless, financial institutions remain responsible for ensuring that such firms comply with all the provisions under the new rule.
As far as the implementation is concerned, FinCEN will take a staged approach to „onboard“ eligible parties. Starting in 2024, it will launch a pilot program first grating access to the database to select federal agency users, followed by federal and local law enforcement agencies. Financial institutions will be the last ones to be granted access to BOI information.
—
Please note in this context that „financial institutions“ refers to a large range of financial market participants, ranging from banks, to financial advisers, to investment companies (mutual and closed-end funds) and insurance undertakings, to name a few.
Please also note that FinCEN has published an accompanying fact sheet which will be discussed in another Event.