by Franca Harris Gutierrez, Boyd Johnson, Bruce Newman, Michael Dawson, Zachary Goldman, Rachel Dober, Michael Romais, Alina Lindblom, and Andrew Miller

Anti-money laundering (“AML”) issues have been a focus of regulators and law enforcement for the past decade and will likely continue to be a priority issue area for the Biden Administration. The AML landscape is shifting considerably as a series of regulatory actions in the last months of 2020 and the January 1, 2021 passage of the National Defense Authorization Act for Fiscal Year 2021 (“NDAA”)[1] — adopted with bipartisan support overriding President Trump’s veto—bring real change to the regulatory environment at the start of the new administration. Indeed, the NDAA is the most significant amendment to the AML landscape in a generation, since the adoption of the USA PATRIOT Act, and will require extensive implementation by the Treasury Department. The regulatory and legislative changes together have two principal themes: (i) a conscious effort to evolve AML compliance and the Bank Secrecy Act and its implementing regulations (collectively, the “BSA”) to make the system more efficient and effective; and (ii) adapting the BSA to a new generation of threats.

Although the NDAA may be perceived as a win for the industry, particularly to the extent it may lessen institutions’ burden with respect to obtaining beneficial ownership information, the law’s bipartisan support makes it likely that implementing agencies will move to implement it as intended (as indeed they are required by law to do), even with the expected appointment of new leadership at some of the implementing agencies. Further, the NDAA’s promise to facilitate the adaptation of advanced technology in BSA compliance and to help financial institutions focus AML resources on priorities identified by the government may also yield substantial dividends, though the devil will come in the details of implementation. It is worth noting that similar rulemakings, such as the Financial Crimes Enforcement Network’s (“FinCEN”) Customer Due Diligence Rule (“CDD Rule”), took years to be completed. It may therefore be some time before the industry sees benefits from the rulemaking, statutory deadlines for the rulemakings notwithstanding. Nevertheless, the industry should think through a strategy for proactively engaging with the government to inform those implementation efforts. This three-part post primarily focuses on regulatory changes, specifically with respect to three key areas: (i) the creation of a national beneficial ownership registry; (ii) innovation and reforms to the suspicious activity reporting regime; and (iii) changes aimed at new aspects of the risk environment. But financial institutions should also brace themselves for a more aggressive enforcement environment across the board in the Biden Administration, and on AML issues in particular. Attention to AML and sanctions issues in the banking space has increased significantly in the past decade since the last round of major AML and sanctions enforcement actions. However, in response to those changes, regulatory expectations—and the risk environment—have clearly evolved as well, and we expect AML and sanctions to remain a top regulatory and law enforcement priority. While this piece focuses on regulatory and compliance issues, financial institutions should pay careful attention to recent trends—including individual liability for compliance officers—as the Biden Administration seeks to flex its muscle on the enforcement front. Now is the time to identify and proactively mitigate risk to best position your institution in the event of future inquiries.

Beneficial Ownership Information Collection

The most salient aspect of the NDAA relevant to AML issues is the Corporate Transparency Act (“CTA”),[2] mandating that FinCEN create and maintain a registry of beneficial ownership information for a wide swath of “reporting companies.” The CTA registry is intended to help prevent money laundering, tax fraud, human and drug trafficking, foreign corruption, and other crimes by identifying beneficial owners of anonymous shell companies to cut down on the use of such companies to acquire and move illicit assets.[3] In many ways, the goal is similar to that of geographic targeting orders, which seek to prevent illicit activity by requiring identification of beneficial owners in certain high-value real estate transactions.[4] The CTA closes a significant gap as most states do not collect and make available to the industry information about beneficial owners of legal entities.[5] Particularly relevant for financial institutions, the CTA requires the Secretary of the Treasury to revise the CDD Rule[6] —which requires certain covered financial institutions to identify and verify beneficial owners of legal entity customers at account opening—to be consistent with the CTA and remove unnecessary or duplicative requirements.[7] Once in place, modifications will likely have a significant impact on covered financial institutions’ customer due diligence programs. Financial institutions must pay close attention to these changes and consider how to adapt their existing compliance programs to be consistent.

A. CTA Overview

Reporting Companies. “Reporting companies” will be required to provide FinCEN with beneficial ownership information under the CTA. “Reporting company” is defined as “a corporation, limited liability company, or other similar entity” that is either “created by the filing of a document” with a state or created in a foreign jurisdiction but “registered to do business” in the United States by the filing of a document with a state.[8]

Notably, the CTA excludes various categories of entities, including many publicly traded, regulated, and tax-exempt companies; investment funds; registered broker-dealers; securities exchanges; clearing organizations; investment companies and advisers; banks and bank holding companies; credit unions; and companies owned or controlled by many of these exempted entities.[9] These exemptions largely track the exemptions currently found in the CDD Rule.[10] The CTA also excludes two types of entities from the reporting requirement based on specific identified qualities of the entity rather than their regulatory status:

• an entity that: (i) employs more than 20 full-time employees in the United States; (ii) filed, in the previous year, a U.S. federal income tax return demonstrating more than $5 million in gross receipts or sales in the aggregate, including the receipts or sales of affiliates; and (iii) operates at a physical office within the United States;[11] and
• an entity that (i) is in existence for over one year; (ii) is not engaged in an active business; (iii) is not owned, directly or indirectly, by a foreign person; (iv) has not, in the preceding 12-month period, experienced a change in ownership or sent or received funds in an amount greater than $1,000; and (v) does not otherwise hold any assets.[12]

These exemptions are intended to avoid imposing redundant reporting requirements on entities that already report similar information to other government agencies and to avoid unnecessary reporting requirements for entities at low risk of engaging in money laundering or other financial crime. To that end, the CTA also grants the Secretary of the Treasury, in consultation with the Attorney General and Secretary of Homeland Security, the ability to add to these categories of exempted entities by regulation where such reporting would not serve the public interest and would not be highly useful in national security, intelligence, and law enforcement agency efforts to detect, prevent, or prosecute money laundering, the financing of terrorism, proliferation finance, serious tax fraud, or other crimes.[13]

Beneficial Owners. Similar to the CDD Rule, a “beneficial owner” of a reporting company is one who, directly or indirectly, “exercises substantial control over the entity” or “owns or controls not less than 25 percent of the ownership interests of the entity.”[14] Intermediate entities, no matter how many or where organized, are transparent for this purpose; that is, the ultimate individual beneficial owners will still need to be reported under the CTA. Certain individuals are exempted from the definition of beneficial owners, including agents, intermediaries, or custodians (though their principals may not be excluded); employees of a reporting company whose interest in, or control of, the entity is attributable solely to their employment; and most creditors of the reporting company.[15]

Required Disclosures. The disclosure requirement is relatively straightforward. When the regulations under the CTA become effective, reporting companies must provide, for each beneficial owner, a name, address, date of birth, and driver’s license or other form of identification number prescribed by the statute.[16] Reporting companies will not be expected to provide details about a company’s purpose or operation, or the owners’ own functions within the company.

Reporting Timing. By the terms of the legislation, implementing regulations are to be issued by the Treasury Department by 2022. There is no “grandfathering” exemption for compliance; entities formed prior to the effective date of the CTA are still fully subject to its provisions. Reporting companies in existence on the effective date of the FinCEN implementing regulations will have two years from that date to report beneficial ownership information. Companies formed after the effective date of the regulations will be expected to report at the time of formation. Reporting companies will also be required to update beneficial ownership information within one year of any change.

Penalties. An unexcused failure to report correct beneficial ownership information is subject to a $500 daily penalty and, potentially, a $10,000 penalty and imprisonment for up to two years.[17] The CTA excuses liability for incorrect submissions upon a voluntary correction furnished within 90 days after the filing of the original report.[18]

B. Use of Information

Federal and state law enforcement agencies will have access to data collected pursuant to the CTA, but the registry will not be available to the public. Federal agencies will have access to the information upon request, and state law enforcement may gain access to information with court approval.[19] Treasury Department employees will have broad authorization to use the information,[20] and the CTA specifically provides that information may be used for tax administration purposes.[21] Information in the registry may be disclosed to financial institutions upon request—and only with the consent of the reporting company—to assist with customer due diligence.[22] The statutory text says that the form and manner of disclosure to financial institutions is to be determined by the Secretary of the Treasury by regulation.[23] Financial institution access is intended, in part, to help “confirm beneficial ownership information provided to financial institutions to facilitate the compliance of the financial institutions” with AML, countering the financing of terrorism, and customer due diligence requirements.[24] The CTA also requires that such information provided to a financial institution be available to the federal regulators who assess the financial institution’s compliance with customer due diligence requirements.[25]

C. Relevance to Financial Institutions

The BSA requires certain covered financial institutions to develop and maintain effective AML programs, including by identifying beneficial owners of companies. In 2016, FinCEN issued the CDD Rule, requiring financial institutions to obtain and verify beneficial ownership information for customers at the time an account is opened.[26] The CTA recognizes that there will now be overlap between information collected pursuant to the CDD Rule’s requirements and what FinCEN collects directly from reporting companies.[27]

Thus, the CTA directs the Secretary of the Treasury to revise the CDD Rule—no later than one year after the effective date of the CTA’s implementing regulations—to conform it with the CTA, account for the access of financial institutions to beneficial ownership information, and reduce “unnecessary or duplicative” burdens on financial institutions and customers.[28] Essentially, while the CTA directs the Treasury Department to leave in place the requirement that financial institutions identify and verify beneficial owners, it mandates the reconsideration and replacement of the accompanying mechanisms by which such identification is effectuated.[29] In revising the CDD Rule, the Secretary of the Treasury is directed to consider: (i) the use of risk-based principles for requiring reports of beneficial ownership information; (ii) “the degree of reliance by financial institutions on information provided by FinCEN for purposes of obtaining and updating beneficial ownership information;” (iii) strategies for more timely, accurate, complete information reporting to the Secretary; and (iv) any other matter deemed important by the Secretary.[30]

The effects of these changes on financial institutions will thus depend substantially on the specific regulations promulgated by the Secretary of the Treasury, but, depending on the rules that are ultimately published, the statute could result in making the customer onboarding process substantially more efficient. For example, beneficial ownership information may be provided to financial institutions merely as a verification tool, but alternatively, it could be provided as a resource for fulfilling customer information collection obligations.[31] To the extent financial institutions are permitted to use the FinCEN registry as a primary source for customer due diligence, it is not clear whether the Secretary will afford a safe harbor from liability for reliance on such data. Likewise, because financial institutions’ regulators will be able to access registry information, financial institutions may bear responsibility to verify against the registry information they have collected.[32]

Financial institutions should consider how to engage with Treasury as it considers these regulations, as the degree to which the CTA alleviates burdens on financial institutions will depend on the regulations that are ultimately published.

Until FinCEN revises the CDD Rule in light of the CTA, financial institutions’ customer due diligence procedures should remain in place. Financial institutions covered by the CDD Rule must still obtain and verify beneficial ownership information of legal entity customers subject to the rule, along with other AML program requirements. However, covered financial institutions should be prepared to update policies and procedures when the CDD Rule is revised.

Financial institutions will face a host of potential implementation challenges as they update their policies and procedures in light of the new requirements. They will also need to consider novel questions, such as whether to file a Suspicious Activity Report (“SAR”) to the extent beneficial ownership information in the national registry is inconsistent with information previously obtained from a customer.

Proactive financial institutions may wish to consider CTA preparedness initiatives. There is a significant likelihood that financial institutions will be drafted into a de facto role of identifying customers that should register and educating such companies about their registration requirements. To see why this is likely, imagine the scenario where a financial institution conducts a periodic refresh of customer due diligence and discovers that the customer is not registered. It is likely that the financial institution would then communicate with the customer, inform it of the requirements, and educate the customer on the requirements. If the customer does not then register, the financial institution would face questions about whether to file a SAR and/or exit the customer.

Footnotes

[1] The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, H.R. 6395, 116th Cong. (2020).

[2] NDAA §§ 6401-6403.

[3] Id. § 6402(3).

[4] Press Release, FinCEN, FinCEN Reissues Real Estate Geographic Targeting Orders for 12 Metropolitan Areas (Nov. 5, 2020), https://www.fincen.gov/news/news-releases/fincen-reissues-real-estate-geographic-targeting-orders-12-metropolitan-areas-2.

[5] NDAA § 6402(2).

[6] See 81 Fed. Reg. 29,398 (May 11, 2016), https://www.govinfo.gov/content/pkg/FR-2016-05-11/pdf/2016- 10567.pdf (PDF: 1.1 MB).

[7] NDAA § 6403(d)(1).

[8] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(11)).

[9] Id.

[10] See 31 C.F.R. § 1010.230(e)(2).

[11] NDAA § 6403(a) (adding 31 U.S.C. § 5336(a)(11)(B)(xxi)).

[12] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(11)(B)(xxiii)).

[13] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(11)(B)(xxiv)).

[14] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(3)(A)).

[15] Id. § 6403(a) (adding 31 U.S.C. § 5336(a)(3)(B)).

[16] Id. § 6403(a) (adding 31 U.S.C. § 5336(b)(2)).

[17] Id. § 6403(a) (adding 31 U.S.C. § 5336(h)(3)(A)).

[18] Id. § 6403(a) (adding 31 U.S.C. § 5336(h)(3)(C)(i)(I)(bb)).

[19] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(2)(B)(i)).

[20] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(5)(A)).

[21] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(5)(B)).

[22] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(2)(B)(iii) (FinCEN may disclose beneficial ownership information upon “(iii) a request made by a financial institution subject to customer due diligence requirements, with the consent of the reporting company, to facilitate the compliance of the financial institution with customer due diligence requirements under applicable law;”).

[23] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(2)(C)).

[24] Id. § 6402(6)(B).

[25] Id. § 6403(a) (adding 31 U.S.C. § 5336(c)(2)(C)).

[26] See 81 Fed. Reg. 29,398 (May 11, 2016), https://www.govinfo.gov/content/pkg/FR-2016-05-11/pdf/2016- 10567.pdf (PDF: 1.1 MB).

[27] NDAA § 6403(d).

[28] Id. § 6403(d)(1).

[29] Id. § 6403(d)(2).

[30] Id. § 6403(d)(3).

[31] Compare id. §§ 6402(6) (It is the sense of Congress that “beneficial ownership information collected under the amendments . . . will be directly available only to authorized government authorities . . . [to] . . . confirm beneficial ownership information provided to financial institutions to facilitate the compliance of the financial institutions with anti-money laundering, countering the financing of terrorism, and customer due diligence requirements under applicable law;”) (emphasis added) and 6403(d)(1)(B) (The Department of Treasury is to revise the CDD Rule, in part, to “account for the access of financial institutions to beneficial ownership information filed by reporting companies under section 5336 . . . in order to confirm the beneficial ownership information provided directly to the financial institutions to facilitate the compliance of those financial institutions with anti-money laundering, countering the financing of terrorism, and customer due diligence requirements under applicable law;”), with id. § 6403(d)(3)(B) (In revising the CDD Rule, the Secretary shall consider “the degree of reliance by financial institutions on information provided by FinCEN for purposes of obtaining and updating beneficial ownership information;”) (emphasis added).

[32] CDD Rule revisions should “account for the access of financial institutions to beneficial ownership information filed by reporting companies under [the CTA] . . . to confirm the beneficial ownership information provided directly to the financial institutions to facilitate the compliance of those financial institutions with anti-money laundering, countering the financing of terrorism, and customer due diligence requirements.” Id. § 6403(d)(1)(B).

Franca Harris Gutierrez, Boyd Johnson, Bruce Newman, and Michael Dawson are partners, Zachary Goldman and Rachel Dober are counsel, Michael Romais and Alina Lindblom are senior associates, and Andrew Miller is an associate, at WilmerHale.

Disclaimer

The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.