FinCEN came through with a Christmas present of sorts on December 21, 2023, by finalizing the long-awaited Access Rule for beneficial ownership information. FinCEN is continuing to target January 1, 2024, for the release date of the BO IT system and the effective date of the Access Rule will be February 20, 2024. The final rule weighs in at 247 pages and might have you wondering if you should cancel your holiday plans for some light reading. Luckily, the FFIEC provided a “Statement for Banks” which is a short and informative summary on general expectations for banks. Here is the main information from the BOI “Statement for Banks”.
“The Access Rule does not create a new regulatory requirement for banks to access BOI from the BO IT System or a supervisory expectation that they do so. Therefore, the Access Rule does not necessitate changes to Bank Secrecy Act (BSA)/anti-money laundering (AML) compliance programs designed to comply with the existing Customer Due Diligence rule (the “current CDD Rule”) and other existing BSA requirements, such as customer identification program requirements and suspicious activity reporting. However, any access to and use of BOI obtained from the BO IT System must comply with the requirements of the CTA and the Access Rule.
To date, FinCEN has issued two rules—and will be issuing a third rule—to implement the CTA. The first rule regarding the reporting of BOI to FinCEN (the “Reporting Rule”) was issued on September 30, 2022. The second rule is the Access Rule, which governs access to and use of BOI. The third rule, which has not yet been proposed, will revise the current CDD Rule. In particular, the CTA directs FinCEN to revise the current CDD Rule to: (i) bring it into conformity with the AML Act of 2020, including the CTA; (ii) account for financial institutions’ access to BOI reported to FinCEN so financial institutions may confirm BOI provided directly to them for the purpose of facilitating their compliance with AML, countering the financing of terrorism, and customer due diligence requirements; and (iii) reduce any burdens on financial institutions and legal entity customers that are, in light of the CTA, unnecessary or duplicative.”
As we take a deeper dive into the final Access Rule, we will keep you all informed via blog posts; however, there are a few things to keep in mind and some steps to consider at this point.
- Keep completing your beneficial ownership forms as you have since May of 2018. The current CDD rule (beneficial ownership) requirements are still in place.
- It is likely that more guidance documents and possible rule changes/clarifications will be published once the BO IT system gets up and running.
- We do not have a proposed or final rule for the CDD rule yet and likely won’t have it until 2025. This is the rule making which will significantly change what FIs do on a daily basis for beneficial ownership.
“The CTA requires that FinCEN revise the 2016 CDD Rule within one year of the BOI reporting requirements taking effect. In particular, the CTA directs FinCEN to revise the 2016 CDD Rule to: (1) bring it into conformity with the AML Act as a whole, including the CTA; (2) account for financial institutions’ access to BOI reported to FinCEN “in order to confirm the beneficial ownership information provided directly to the financial institutions” for AML/CFT and customer due diligence purposes; and (3) reduce unnecessary or duplicative burdens on financial institutions and legal entity customers.”
- High level frontline training: Frontline staff should be aware that any entity formed after 1/1/24 will have 90 days to register with FinCEN. It would be a good idea to inform any newly formed entity customers of the requirements as they are opening accounts. You could have a printout with FinCEN’s website information noted for customers as they have tons of information for small businesses that should help them understand the requirements. Existing companies have until 1/1/25 to report BOI data to FinCEN.
- Determine the level of assistance that will be provided to customers: We need to consider how much assistance we are going to provide to customers, we suggest giving them the information and informing them to get help, if needed, from their legal counsel or accountants. Banks may not want to assume any liability by getting too involved with registering entity customers with FinCEN. Banks have no requirements to help entities register their BOI with FinCEN.
- Determine if your financial institution will access the BOI database: Accessing the BOI database is clearly not required but some will find it useful for suspicious activity investigations and cases.
- If your FI does choose to access the database:
- Deposit and loan account agreements will likely need to be updated to request access as specific customer consent is required.
- Consideration will need to be given to tracking access as customers have the right to revoke consent to access.
- Training is required for employees that have access to the database.
- Policies and procedures will need to be developed.