Clark Schaefer
Share this
Beneficial Ownership Regulatory Requirements

Beneficial Ownership Regulatory Requirements

The rundown
  • How Does This Apply to My Organization?
  • What constitutes substantial control?
  • Who is a Beneficial Owner?

Beneficial Ownership Requirements for Non-Exempt Reporting Companies

On September 29, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued a final rule (31 U.S.C. §5336) implementing the Corporate Transparency Act’s (“CTA”) beneficial ownership information (“BOI”) reporting regulation. This updated rule, effective January 1, 2024, will enhance the ability of FinCEN and other agencies to address the AML risks that corporate structures such as shell and front companies present. 

Who is Affected?

Any company, foreign or domestic, is required to provide BOI under the new rules. A domestic reporting company is a corporation, limited liability company (“LLC”), or any entity created by the filing of a document with a secretary of state or any similar government office. Similarly, a foreign reporting company is a corporation, LLC, or other entity formed under the law of a foreign country that is registered to do business in any state or jurisdiction by the filing of a document with a secretary of state or any similar government office. 

What is Beneficial Ownership?

A beneficial owner is defined as any individual who, directly or indirectly:

  1. Exercises substantial control over a reporting company; or

  2. Owns or controls at least 25 percent of the ownership interests of a reporting company.

What constitutes substantial control? 

According to the final rule issued, substantial control is considered to be anyone who can make important decisions on behalf of the entity. FinCEN’s approach is designed to close loopholes that allow complex corporate structures to obscure the identity of owners or decision-makers. This is crucial to unmasking anonymous shell companies. It may seem complicated, but for reporting companies that have simple organizational structures, it should be a straightforward process. 

What are the Beneficial Ownership Information Reporting Obligations for Non-Exempt Reporting Companies?

When filing BOI reports with FinCEN, the rule requires a reporting company to identify itself and report four pieces of information about each of its beneficial owners: 

  1. Name;

  2. Birthdate;

  3. Address; and

  4. Unique identifying number & issuing jurisdiction from an acceptable identification document. 

Additionally, the rule requires that reporting companies created after January 1, 2024, provide the four pieces of information and document image for company applicants.

When Do You Need to be Compliant?

The effective date for the rule is January 1, 2024.

Reporting companies created or registered before January 1, 2024, will have one year (until January 1, 2025) to file their initial reports. Companies created or registered after January 1, 2024, will have 30 days after receiving notice of their creation or registration to file their initial reports.

Reporting companies have 30 days to report changes to the information in their previously filed reports and must correct inaccurate information in previously filed reports within 30 days of when the reporting company becomes aware or has reason to know of the inaccuracy of information in earlier reports.

Beneficial Ownership Requirements for Covered Financial Institutions

Effective May 2018, FinCEN’s Customer Due Diligence (“CDD”) final rule (81 FR § 29398) required financial institutions to establish and maintain written policies and procedures that are reasonably designed to:

  1. Identify and verify the identity of customers;

  2. Identify and verify the identity of the beneficial owners of companies opening accounts;

  3. Understand the nature and purpose of customer relationships to develop customer risk profiles; and

  4. Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

The CDD Rule amends the AML program requirements (31 U.S.C. § 5318(h)) for covered financial institutions and explicitly requires AML programs to contain appropriate risk-based procedures for conducting ongoing customer due diligence, to include bullet points three and four above. In addition, AML programs must also include: 

  • A system of internal controls;

  • Independent testing;

  • Designation of a compliance officer or individual(s) responsible for day-to-day compliance;

  • Annual training for appropriate personnel; and

  • Risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships and to conduct ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, to maintain and update customer information.

Who is a Beneficial Owner?

As previously stated for Reporting Companies, a beneficial owner is defined as any individual who, directly or indirectly:

  1. Exercises substantial control over a legal entity, or 

  2. Owns or controls at least 25 percent of the ownership interests of a legal entity.

With respect to the requirement to obtain beneficial ownership information, financial institutions will be required to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity. 

What are the Ongoing Monitoring Requirements for Beneficial Ownership Customers?

The requirement for ongoing monitoring of the customer relationship reflects existing practices established to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.

Therefore, in addition to policies, procedures, and processes for monitoring to identify and report suspicious transactions, the bank’s CDD program must include risk-based procedures for high-risk customers (Enhanced Due Diligence Program) for performing ongoing monitoring of the customer relationship, on a risk basis, to maintain and update customer information, including beneficial ownership information of legal entity customers (31 CFR § 1010.230). 

Regulatory and Compliance

Regulatory and Compliance

Navigate Compliance Complexity with Confidence

A few relevant factors towards determining when it is appropriate to review a customer relationship includes, but is not limited to:

  • Significant and unexplained changes in account activity;

  • Changes in employment or business operation;

  • Changes in ownership of a business entity;

  • Red flags identified through suspicious activity monitoring;

  • Receipt of law enforcement inquiries and requests such as criminal subpoenas, National Security Letters (NSL), and section 314(a) requests;

  • Results of negative media search programs; and

  • Length of time since customer information was gathered and the customer risk profile assessed.

Whether your compliance department requires additional subject matter experts to assist in gathering, organizing, and reporting beneficial ownership information, or general advisory consultation, Clark Schaefer Consulting can be of assistance.

Our consultants’ obligation is to come alongside our clients and serve in whatever capacity is required to meet the needs of any project. Being confident in our ability to service your specific business needs, our consulting team’s diverse backgrounds coupled with industry specific certifications is strategically designed to consistently deliver strong results for our clients.

Expert Contributors

Daniel Lipe

Manager
Daniel has brought his strong internal & external audit background and CFE designation to help clients identify ways to mitigate risks and controls in business processes. 

Kelsey Lichtefeld

Manager
With her diverse background and expertise, she has served clients in a multitude of industries and is passionate about delivering value-added solutions to help organizations achieve their strategic goals and objectives.

Andrew Sizemore

Director
Andrew uses his keen understanding of internal control and regulatory requirements to manage and deploy internal control testing throughout organizations globally.
You may also like