The second FinCEN rule describing changes to reporting on ownership is the Beneficial Ownership Information Access and Safeguards Final Rule, which was issued in December 2023. This rule implements the CTA provision establishing guidelines for who may access BOI through the registry, for what purposes, and for safeguards to ensure that the information is protected. FinCEN said the rule for the beneficial ownership registry balances the statutory requirement to create a database with the need to safeguard BOI from unauthorized use. The final rule includes requirements for disclosing information about beneficial ownership to financial institutions and other specific groups.
3 Key provisions of the BOI registry access rule that are especially relevant to AML programs cover the following topics:
- Authorized recipients of beneficial ownership information: Financial institutions are one of five groups of authorized BOI recipients that will have access to the FinCEN registry. Compared to the original proposed rule, the final access rule broadens the purposes for which financial institutions may use BOI. Institutions are allowed to use BOI for all of their AML/CFT program, including customer due diligence, sanctions screening, enhanced due diligence efforts, and investigations and reporting of suspicious activity. This gets to the heart of the CTA’s purpose: deterring illicit financial activity. Other categories of authorized recipients are:
- Certain domestic agencies, including law enforcement
- Certain foreign agencies and other authorities
- Certain regulatory agencies
- Certain officers and employees of the U.S. Department of Treasury
2. When financial institutions will gain access to BOI: FinCEN’s scaled approach for providing access to the BOI registry begins Feb. 20, 2024. Financial institutions will be the last group to gain access, and the timeline is undetermined.
Once they are given the go-ahead by FinCEN, banks and credit unions are required to obtain consent from the reporting customer, the FI’s client, before accessing the information. The final access rule does not dictate how to receive consent and allows for flexibility based on differences in FIs across the nation.
Financial institutions will have to certify to FinCEN that they obtained consent, although the certification format has not yet been disclosed. FIs must also certify that they are protecting the data by adhering to all aspects of the Gramm-Leach-Bliley Act.
3. Verification of BOI: Verification of information that a reporting entity provides to FinCEN is briefly mentioned in the final reporting rule.
The rule states that the beneficial owners will be verified as living persons. However, they will not be verified as being the true beneficial owner for that particular company. This is in line with the current CDD regulations. However, FinCEN confirmed that verification of BOI is an integral part of its overall efforts and continues to assess options to verify BOI. More is expected on this later.