The vast majority of private and many nonprofit entities will be swept into the Corporate Transparency Act (CTA) compliance net. If you or your clients are an investor or have investors, you need to pay attention. Not only is reporting important; so is ongoing compliance.

The scope of the law

If you have not heard of the CTA, you are not alone. Many business owners, and their professional advisors, are taken aback upon first learning of the CTA’s existence and scope. At its core, the CTA requires reporting of personal direct and indirect beneficial ownership and control information pertaining to businesses operating in the U.S. The personal identifying information (PII) includes name, birthdate, residential street address and a personal photograph. The financial crimes enforcement arm of the U.S. Department of Treasury (FinCEN) is currently building out a beneficial ownership secure system (BOSS) to receive, store and manage a vast influx of information (FinCEN estimates 32.6 million now-existing businesses will be required to report in 2024). This law aims to prevent money laundering, illicit financial activities, corrupt practices and terrorist financing, at the expense of you or your clients’ businesses being swept up in its bycatch.

Who must report?

Beginning January 1, 2024, PII must be reported for persons owning, directly or indirectly, 25% or more of a business or who have “substantial control” over a business. Every business will have at least one person to report, regardless of its ownership or control structure. Once the initial report is filed, this information must be updated within 30 days of any subsequent event that makes the previously reported information inaccurate. Attribution of ownership and what constitutes substantial control will vary from business to business and will require analysis and professional legal advice.

There are exemptions

Some categories of business entities are exempted out of CTA compliance. These generally include regulated business entities, such as public reporting companies, insurance businesses, banking businesses, 501(c) federal tax-exempt non-profit entities (but not other nonprofits), and quasi-governmental organizations. In addition to the other exempt categories, a “catch-all” exemption is available for any business entity that meets all three of the following thresholds: (1) have a physical street address in the U.S., (2) have 21 or more full-time employees, and (3) generate more than $5 million in annual U.S. gross receipts as reported on last year’s federal tax filings. Missing any one of these thresholds will render a business ineligible for this exemption.

What will compliance look like?

Businesses will need to compile, maintain and update their reported PII constantly to meet the CTA’s compliance requirements. Any change to or correction of previously reported information must be done within 30 days of the change event — not when the business becomes aware of the event. All newly formed business entities beginning January 1, 2024, will be required to file their initial CTA report within 30 calendar days of formation. Reporting company businesses in existence before January 1, 2024, will have one year to make their initial CTA report filing, along with any subsequent amendment filings that would have been required had the report been filed on January 1, 2024.

Consequences of noncompliance

There are steep fines ($500 per day up to $10,000) per incident and possible jail time (up to two years) for those failing to timely and properly comply with the CTA. Those who fail to file their initial report will also be subject to fines for failing to file what should have been subsequent filings — the fines can rack up. Further, the IRS (also a part of the U.S. Department of Treasury) recently announced increased enforcement activity, utilizing new data analytics technology, to identify audit and criminal targets, with the IRS’s Chief of Criminal Investigation confirming that the BOSS database will be a key tool in these efforts.

Who may access the BOSS?

The BOSS will be accessible by law enforcement at the federal, state and local levels — including the law enforcement arms of various federal agencies. Financial institutions may also access the BOSS upon their customer’s consent. Importantly, the BOSS information is not accessible through Freedom of Information Act (FOIA) requests or by the public.

Conclusion

The compliance requirements under the CTA go live January 1, 2024. You have only the waning months of this year to take action to influence your future compliance position. Now is the time to discuss the CTA with your legal team for guidance.