Gavel hitting the plate

It is Final: The New Beneficial Ownership Access Rule

January 31, 2024

Authored by Crystal Streeper, Senior Compliance Officer & Training Coordinator.

In case you missed it, the Financial Crimes Enforcement Network (FinCEN) published the final Beneficial Owner Information (BOI) Reporting Rule on September 30, 2022. This rule requires reporting companies — certain corporations, limited liability companies, and other similar entities created in or registered to do business in the United States — to report their BOI directly to FinCEN. The reporting deadline for businesses formed in 2024 is 90 days and businesses formed in 2025 and beyond will only have 30 days to report their BOI.

FinCEN’s final rule on BOI was published in December 2023, took effect on January 1, 2024, and implements sections of the Corporate Transparency Act of 2020 (CTA). The discussion in the final rule touches on required consent for reporting information, acceptable uses of the information, requesting the information from FinCEN, and the verification and accuracy of collected information.

Execution of Rule:

The implementation of this rule has been presented by FinCEN in several phases, starting with the inaction of the CTA.

Stage One: Pilot

Serves as a trial, offered to a handful of key federal agency users beginning January 2024.

Stage Two: Continuation

Extends access to treasury offices and certain federal agencies engaged in law enforcement and national security activities. These agencies should already have Memoranda of Understanding (MOUs) for access to Bank Secrecy Act (BSA) information.

Subsequent Stages: Development and Finalization

Additional extension of access to other federal agencies as well as to state, local, and tribal law enforcement partners, and moreover, to financial institutions and their supervisors. FinCEN has stated financial institutions will be the last category of users that will receive access to BOI stored.

How the BOI Reporting Rule Impacts Credit Unions

  • Credit unions are subject to customer due diligence requirements, which the final access rule defined to include “any legal requirement or prohibition designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States, to comply with which it is reasonably necessary for a financial institution to obtain or verify beneficial ownership information of a legal entity customer.”
  • Credit unions are not reporting companies under the new rule, but their legal entity members may be required to comply, as well as many Credit Union Service Organizations (CUSOs) and third-party affiliates.
  • Credit unions that obtain BOI from FinCEN must develop and implement protective safeguards designed to keep this information safe. This can be satisfied by the same procedural handling credit unions use to secure and protect customers’ nonpublic personal information.
  • BOI requests will have to be certified to satisfy the applicable criteria, including geographic restrictions if applicable.
  • The rules current requirements in section 1010.230 require credit unions to obtain and verify a legal entity’s BOI.

What You Should Do Now

Affected credit unions should start adopting this rule by establishing policies and procedures that address the BOI collection and reporting process. As FinCEN continues to provide additional information and possible changes to the rule, compliance consultants like ViClarity can assist with reviews, but credit unions must ultimately make their own business decisions on how to execute updates to their processes.  


Recent/Related Articles

The Top 8 Risk Reports for GRC Leaders

May 20, 2024

With factors ranging from the economy to the environment to artificial intelligence playing a part, it is essential for financial institutions, insurers and other regulated businesses to have a sound risk management program in place, and here are 8 reports that help GRC leaders become more strategic.

Video: Why Should Risk Management Be Top of Mind for Boards?

May 13, 2024

Global CIO & Interim CEO, Ogie Sheehy, talked with CU Management (CUES) about why risk management and creating and maintaining a risk register are critical for boards.