Corporate Transparency Act: Who Will Be Granted Access to Your Business Information?
By: Marian A. Kornilowicz and Christopher A. Ouellette
Starting January 1, 2024, with the enactment of the Corporate Transparency Act (CTA), there is going to be a flurry of reporting companies sending their sensitive beneficial ownership information (BOI) to the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN). With this new requirement for reporting companies that fall under the jurisdiction of the CTA, the drafters and enforcers of the act recognized the need to create a secure database to protect the BOI and to limit the parties who have access to the database.
Who Can Access the BOI?
Under the act, FinCEN is required to store the reporting companies’ BOI in a secure, nonpublic database, which will be known as the Beneficial Ownership Secure System (BOSS) that will be cloud-based and will meet the highest level of Federal Information Security Management requirements. Because of the sensitive nature of the BOI and the security requirements implemented by FinCEN, the act limits who can access this information, the purposes for which they can view and use this information, and what protocols these parties will need to meet to access the BOI.
There are five categories of groups that can access the BOSS, and each can do so only for limited purposes:
Categories of Groups with Access
- U.S. Federal, State, Local, and Tribal Government Agencies
Federal agencies can access BOI when engaged in national security, intelligence, or law enforcement activities, and the requested BOI is to be used to further such activities. As for state, local and tribal agencies, FinCEN can disclose BOI to them if a court of competent jurisdiction has authorized the agency to seek the information in a criminal or civil investigation. - Foreign Law Enforcement Agencies, Judges, Prosecutors, Central Authorities, and Competent Authorities (Foreign Requestors)
Foreign requestors can access certain BOI, provided their requests come through an intermediary Federal agency and are made either under an international treaty or agreement or via a request made by authorities in a trusted foreign country. - Financial Institutions Subject to Customer Due Diligence Requirements
These financial institutions can access only certain entities’ BOI, provided they have the relevant reporting company’s consent for the disclosure. - Federal Functional Regulators and Other Appropriate Regulatory Agencies
These agencies can access the BOI when acting in a supervisory capacity when assessing the FIs for compliance with customer due diligence requirements, and only the BOI the FIs received from FinCEN. - The Department of Treasury
Officers and employees of the Department of Treasury can access BOI in their official duties requiring BOI inspection or disclosure, including tax administration.
Within these groups, the individuals who can access the BOI may only do so if they meet certain requirements, such as being directly engaged in an authorized investigation, having duties or responsibilities requiring said access, and having undergone appropriate training and identity verifications.
Protocols and Safeguards
With the sensitivity of the BOI and the heightened security measures of BOSS, the CTA requires the Secretary of the Department of Treasury (the Secretary) to establish protocols, which require the requesting agencies to meet seven levels of standards, protocols, and verifications to protect the BOI that they are requesting to access. In addition, the Secretary has discretionary authority to prescribe additional safeguards that they deem necessary and appropriate.
For further information or questions about this aspect of the CTA, please review FinCEN’s Notice of Proposed Rulemaking dated December 16, 2022 or contact the firm’s Business Transactions Group.
