The Corporate Transparency Act became law in the United States as part of the National Defense Authorization Act for FY2021.
While the intention of the act was noble in its creation, the broader implications of the law for the general public are likely to host a swath of critical impacts - such as for the case of investors, who would typically rather have transactions shielded from the public eye.
Let's take a closer look at how these new disclosure requirements and how they relate to the access and privacy considerations for families, family offices, legal teams, and operational risk management personnel.
According to the legislation, which goes into effect Jan. 1, 2024, virtually every legal entity must disclose information relating to its owners, officers, and controlling persons with FinCEN - or face criminal and civil penalties for failing to comply with the new reporting requirements.
A reporting company must divulge the names, dates of birth, home address, unique identifying numbers, and accompanying images of the aforementioned unique identifying number of these individuals.
The first concern that comes to mind is one of access.
In states like New York, where the New York State LLC Transparency Act is currently sitting on Gov. Kathy Hochul's desk for signature, BOs of Trusts, LLCs, LLPs, corporations, and other entities may very well be accessible through databases maintained by New York's Secretary of State.
As of July 2023, FinCEN was building a new IT system to collect and store CTA reports.
Ensure that staff members navigate to the official FinCEN website to gain access; when and where possible, employ end-to-end encryption for secure file transfer and storage of data and be wary of inbound requests soliciting data on behalf of FinCEN. Given the federal agencies who may have access to BO data, expect an increase in phishing attempts targeted at family, staff, family office, and/or financial institution coverage teams.
Review the 23 entity types which are exempt from the definition of reporting companies under the CTA. Consider the ease of access to certain entity data within your state's database, and prevalence of personally identifiable information available on BOs/senior officers within the organization.
According to the legislation, failure to comply or the provision of false or fraudulent reports may result in civil fines of $500 a day for as long as the reports remain inaccurate.
Review the intricacies of access and compliance regulations in each state, especially organizations with multiple areas of operation.
As mentioned above, in New York's case, BO information may be accessible through means that are not applicable in other regions of the United States.
Don't wait; seriously consider getting ahead of the process and compiling reporting information now.
Update internal policies to streamline report information gathering and create a system to continuously track and update upcoming changes to reporting information.
Consult with legal counsel on the upcoming changes, privacy consultants, and PII removal services to further mitigate risks posed by the availability of personal data on the open web.
Takeaways from the CTA. While the Corporate Transparency Act takes a significant step toward greater financial transparency and accountability, it doesn't come without trade-offs.
As we continue to grapple with the complexities of privacy in an increasingly interconnected world, the act serves as a timely reminder of the delicate equilibrium that must be maintained between transparency and privacy.
Tom Aldrich, VP Private Clients, 360 Privacy: Tom joined 360 Privacy as a Partner after having worked at Goldman Sachs as a private wealth advisor.
Tom is a Certified Ethical Hacker and obtained his CIPP/US Certification from the International Association of Privacy Professionals.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Mon, 18 Dec 2023 06:28:05 +0000