A clear-eyed view of the Corporate Transparency Act

Many readers may have seen articles or received emails from other law firms describing the long-anticipated effectiveness of the Corporate Transparency Act, requiring U.S. companies to report information regarding their beneficial owners (defined below) to a non-public government database maintained by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). What they may not have appreciated is the reach of the Act and its potential impact on companies who fail to comply. With an estimated 33 million filings required by the Act this year alone, understanding these factors is important to businesses large and small.

First, the basics: The Corporate Transparency Act is a bit of legislation enacted in 2021, effective on Jan. 1 of this year, to help curb the misuse of legally formed entities for illegal activities such as money laundering, tax evasion, and fraud. The underlying belief was that increasing the transparency of information regarding the ownership of such entities would prevent criminals from hiding their illegal gains, cash, and/or property in the United States.

The Act’s essential requirement is that any domestic entity formed by filing a document with a secretary of state or similar office – in other words, corporations, limited liability companies and limited partnerships – must report information regarding the entity’s beneficial owners to a government database maintained by FinCEN. The requirement also applies to foreign entities (including corporations and limited liability companies) formed under the laws of a foreign country that have registered to do business in the United States by the filing of a document with a secretary of state or any similar office. There are 23 categories of exempt entities generally consisting of publicly traded corporations and other businesses that the federal government heavily regulates.

Who are the entity’s beneficial owners? They include two categories of people associated with the entity. The first are those who, directly or indirectly, have “substantial control” of the entity. This category includes senior officers of the reporting company (such as the President, CEO, COO, CFO, GC), or anyone who is authorized to make important decisions on behalf of the reporting company. The second category consists of those who, directly or indirectly, have at least a 25% ownership interest in the reporting company.

What must be reported about the beneficial owners? In short, a lot. A reporting company must provide its full name and any name under which the company is “doing business,” its primary business address, the jurisdiction(s) in which the entity operates, and the entity’s Tax Identification Number (TIN or EIN). The individual beneficial owners must provide their full legal name, date of birth, residence address and a unique identifying number, issuing jurisdiction, and image from one of the following: (1) a passport issued by the U.S. Government; (2) an identification card issued by a state government; (3) a driver’s license; or (4) a passport from a foreign government.

Reporting companies that already exist as of Jan. 1, 2024, have until Jan. 1, 2025, to file their initial report. Reporting companies created after Jan. 1, 2024, must file their initial report within 90 days after receiving notice of their creation or registration; but for reporting companies formed after Jan. 1, 2025, the reporting deadline is shortened to 30 days after formation. Each reporting company, regardless of its date of formation, must file a new report with updates and corrections to previously reported information within 30 days of the change to any such information.

Where does all this information go? Into a non-public database maintained by FinCEN. Access to this cloud-based database will be limited and granted only to a variety of federal, state, local, Tribal, and foreign authorities engaged in law enforcement, national security, or intelligence activity and to financial institutions to facilitate their compliance with customer due diligence requirements.

What happens to those who fail to report? The penalties can be stiff for failing to report the information required by the Act. They include civil penalties of up to $500 per day for as long as the violation continues and criminal penalties in the form of fines up to $10,000, imprisonment of up to two years, or both.

I foresee three problems here. First, despite the potential for civil or criminal penalties for noncompliance, true criminals are unlikely to comply with the filing requirements; no self-respecting member of the Sinaloa Cartel, for example, is likely to want his name in the FinCEN database even if he controls multiple entities in the U.S.

Second, given the number of entities that will be required to make these filings in the first year alone and the quality of the information that must be reported, the FinCEN database will likely become a very tempting target for hackers from all around the world and we all know what a distinguished record the federal government has in maintaining the security of its databases.

Finally, the filing requirement is already proving to be a stalking horse for bad guys to steal personal information from unsuspecting, law-abiding people. The FinCEN website now carries this prominent alert: “FinCEN has been notified of recent fraudulent attempts to solicit information from individuals and entities who may be subject to reporting requirements under the Corporate Transparency Act. The fraudulent correspondence may be titled ‘Important Compliance Notice’ and ask the recipient to click on a URL or to scan a QR code. Those e-mails or letters are fraudulent. FinCEN does not send unsolicited requests. Please do not respond to these fraudulent messages or click on any links or scan any QR codes within them.”

Don’t say you haven’t been warned.