The Corporate Transparency Act: Where are we now?
The Corporate Transparency Act (CTA) was enacted in late 2020 over a presidential veto. The law is aimed at enhancing national security and law enforcement efforts by creating a database of “beneficial owners” of certain business entities.
However, the CTA entails a significant change in the formation of business entities. In the U.S. — unlike European countries — such formation has been largely anonymous. The CTA changes that anonymity by mandating reporting requirements. Law enforcement will have access to this information, for the purpose of combating terrorism, money laundering and other financial misconduct.
The CTA mandates significant penalties for noncompliance. Compliance will require diligence, familiarity with complex regulations and the safeguarding of sensitive ownership information. Additionally, the CTA's implementation will impact state incorporation practices and will require changes in the way professionals assist clients in entity formation.
What does the CTA require?
The basic requirement of the CTA is that certain entities must report the identities of their “beneficial owners” to a national database maintained by the U.S. Financial Crimes Enforcement Network (FinCEN).
The reporting must include the company’s legal name, its trade name, its DBA, its taxpayer ID and street address. The entity’s beneficial owners must report their full legal name, date of birth, residential street address and a copy of a valid state-issued photo ID.
Companies formed after Jan. 1, 2024, must also identify the “Company Applicant.” This new term refers to the individual natural person who filed, caused to file, or ordered the filing of the document that created the new entity (or the document in which the foreign entity sought qualification to do business in the U.S.).
To assist in reporting, all states are required to notify new business filers of the CTA registration requirement and to provide a link to the reporting form.
There are no fees associated with filing these reports.
What entities are subject to the CTA?
The CTA applies to a wide range of entities. A reporting company is any corporation, limited liability company, or similar entity that is (1) created by filing a formation document with a Secretary of State or similar office, or (2) formed under the law of a foreign country and registered to do business in the U.S.
Also, companies owned by trusts are required to report the name of the trustee and any beneficiaries with more than 25% of the benefits. If a beneficiary is a minor, the parent or guardian’s information is reported until the child reaches the age of majority.
There are 23 exemptions from the definition of “reporting company.” Typically, companies in heavily regulated industries like insurance, banking, financial brokerages, accounting firms and others are exempt.
Larger domestic corporations with a minimum of 20 employees (who themselves will file tax returns), tax returns reflecting more than $5 million in gross receipts or sales and a physical presence in the U.S. are also exempt. Further, various tax-exempt entities and those supporting tax-exempt entities are not obligated to report ownership information.
To qualify for an exemption, a nonprofit entity must be a 501(c) and exempt under 501(a) of the IRS code.
What is the effective date?
The CTA took effect Jan. 1, 2024. Entities formed before the end of 2023 have until Jan. 1, 2025, to submit their beneficial ownership information.
For companies formed after Jan. 1, 2024, the reporting deadline is 90 days after registration. On Jan. 1, 2025, that deadline shortens to 40 days.
If there are changes in ownership in the ordinary course of business, the reporting company has 30 days to file updated reports.
What is a ‘beneficial owner’?
A beneficial owner is any individual who directly or indirectly exercises “substantial control” over a reporting company, or directly or indirectly owns or controls 25% or more of its ownership interests. The regulations contemplate that substantial control will be broadly defined, obviously with the purpose of identifying all people with significant influence over a reporting entity. However, commentary suggests that the term nevertheless will be subject to substantial ambiguity.
There are also several carveouts, including: minor children, individuals acting as a nominee or agent on behalf of another, individuals acting solely as the employee of the reporting entity, individuals who received their interest in the company through inheritance and creditors of the entity.
What are the penalties for noncompliance?
The penalties for noncompliance can be substantial. Reporting violations carry a $500 per day civil penalty, while criminal (i.e., willful or intentional) violations can result in fines of up to $10,000 or two years in prison. Unauthorized disclosure or use can lead to civil fines of $500 per day and criminal penalties of up to $250,000 or five years in prison or both. The CTA provides for a safe harbor for error corrections filed within 90 days.
What are the risks for professionals under the CTA?
The CTA seems to create many potential risks for professionals involved in entity formation.
Professionals involved in entity formation for their clients may themselves become “company applicants,” which would give rise to a personal duty by the lawyer or assistants to ensure correct filing and to provide Personally Identifiable Information (PII).
The CTA also creates many opportunities for professional malpractice, including:
- The simple failure to advise clients of the CTA’s existence and basic requirements.
- Miscommunicating with a client regarding the scope of representation regarding the professional’s role in complying with the CTA. This risk calls for careful drafting of engagement letters.
- The failure to understand and advise clients on key points of the law, such as:
- Mistakenly thinking a client entity is exempt from filing.
- Missing deadlines for compliance. As an example, imagine a lawyer assisting a client through a complex multi-entity formation process; in such a situation missing the 30-day deadline could be all too easy.
- Failure to understand and advise on the significance of a client’s changes in circumstances. Examples could include: an operating company that drops below the $5 million or 20 employee thresholds, a beneficial owner moves and thus causes a change in personal information (it is possible that even a mere renewal of the driver’s license would require an updated report); or a company’s ownership changes.
- Misunderstanding or misapplying the “substantial control” requirement. As an example, situations involving subsidiary/parent entities that are owned or controlled by a group must be carefully considered to identify all persons who meet the 25% threshold.
As another example, imagine a corporation that owns 20% of an LLC but retains a veto right over certain decisions. Does that corporation exercise “substantial control” over the LLC? If so, it may be that individual owners of that corporation who meet the 25% threshold need to be identified as “beneficial owners” of the LLC.
Or imagine a publicly traded company that forms a wholly owned subsidiary that enters into a joint venture with someone who receives an interest in the subsidiary.
It is possible to imagine scenarios in which clients “go down the road” in entity formation, without understanding these requirements, and thus commit to a course of action that they claim they would have not chosen if they had understood the reporting requirements.
The CTA also creates opportunities for significant data privacy issues arising out of the receipt, retention, and handling of the multiple forms of personally identifiable information, including driver’s license number and other data.
Data privacy and the CTA
Beneficial ownership information submitted through the CTA’s portal is not made public. It is accessible only to specific requesting agencies, including federal law enforcement agencies, certain other enforcement agencies with court approval, non-U.S. law enforcement agencies, and financial institutions and regulators with the consent of the reporting company. The CTA requires the Secretary of the Treasury to maintain information security protections, including encryption, for all reported information. Also, the CTA contemplates civil and criminal penalties for any misuse of the information by any requesting agency. An estimated 25 million entities will have to file reports under the CTA. Obviously, this database will be a juicy target for hackers.
Staying in the know
As discussed, it’s important for CPAs to stay informed regarding these new reporting requirements, not just for their clients — but for themselves, too. On Sept. 18, 2023, FinCEN released the Small Entity Compliance Guide. This guide addresses several issues, such as further detail on the definition of beneficial owner and what steps to take if a company learns that the reporting was inaccurate.
There is a lot of information to keep track of with the CTA, so it is important to stay up to date as we move forward with implementation and enforcement of the law.
*This article originally appeared in the June/July 2024 edition of Footnote, a publication of The Minnesota Society of Certified Public Accountants. Republished with permission of the publisher.