The Corporate Transparency Act: The Latest Iteration of Customer Due Diligence in the Financial Crime Toolkit


Keith Kessel

Publish Date


Compliance Alert

  • AML and Financial Crime
  • Compliance

Gathering know your customer (KYC) information is a critical part of the diligence process necessary to meet anti-money laundering (AML) requirements in the U.S. As of January 1, 2024, the Corporate Transparency Act (CTA) will be an additional component for firms to navigate.

The U.S. Financial Crimes Enforcement Network (FinCEN) issued the CTA to help fight financial crime and bolster the Bank Secrecy Act (BSA) framework by creating greater transparency into the beneficial owners of small companies.

Scope of coverage

Companies that are created under U.S. law or have filed a document with a secretary of state, or foreign companies registered to do business in the U.S. are considered “reporting companies” under the CTA.

There are 23 exemptions from the CTA, including publicly traded companies meeting specified requirements, many nonprofits, and certain large operating companies. A few of the exempt institutions to note include:

  • SEC-registered investment advisers
  • Venture capital exempt reporting advisers
  • Investment companies, 3c1 or 3c7 funds
  • SEC-registered broker-dealers
  • Pooled investment vehicles advised by an SEC-registered investment adviser
  • Large publicly traded companies (> 20 full time employees in the U.S. and $5 million in gross receipts/sales in the prior year)

Wholly owned subsidiaries of a public company that qualify for a CTA reporting exemption are also exempt, although partially owned subsidiaries are not.

CTA requirements

Reporting companies must file beneficial ownership information, or BOI reports with FinCEN about their beneficial owners, as well as individuals who exercise control over the filer.

BOI reports must include the following identifying information:

  • Legal name and any trade name or D/B/A
  • Address
  • The jurisdiction in which it was formed or first registered, depending on whether it is a U.S. or foreign company
  • Taxpayer identification number (TIN)
  • Specified government-issued IDs for its natural person owners (e.g., passport or driver license)

For entities in existence on January 1, 2024, the first reporting obligation is on January 1, 2025. New entities created in 2024,will have a 90 day window to prepare a filing.

Entities that perform a filing service to establish a company will have a filing requirement on behalf of the clients for which they perform formation services.

CTA compliance

Companies and trusts that hold ownership interests of a CTA reporting company will be included in that company’s BOI reports. Considering the transparency objective of the CTA, such owners cannot have any expectation of privacy of their ownership interests or control.

Ownership interest includes:

  • Equity, stock, or voting rights
  • A capital or profit interest (an interest in a revenue stream of the company that is designed to serve as a form of unofficial dividend payment)
  • Convertible instruments
  • Options or other non-binding privileges to buy or sell any of the foregoing
  • Any other instrument, contract, or other mechanism used to establish ownership

The CTA defines beneficial owners as those who either own or control 25% or more of the “ownership interest” of the company, as well as individuals or companies with a “substantial control” over a reporting company. Because CTA reporting companies need to declare beneficial owners, service providers to CTA reporting companies need to assess how they identify all qualifying ownership interests, including change in ownership interests as well as individuals who exercise substantial control over the company (control person).

Substantial control includes individuals with the following characteristics:

  • Senior officers
  • Authority to appoint or remove any senior officer or a majority of the Board of Directors
  • Substantial influence over important decisions made by the reporting company
  • Ability to exercise any other form of substantial control over the reporting company

Customer due diligence

The purpose of the CTA is to combat AML and serve as the intended extension of FINCEN’s Customer Due Diligence (CDD) Rule. Therefore, any firm required to have an AML program, including CTA-exempt firms, should consider CTA compliance violations as relevant for their AML programs. Ascertaining the compliance status of a CTA reporting company should become a step in the customer due diligence process. CTA-exempt companies that onboard non-exempt companies as customers should know whether or not their customers are complying with the CTA. This primarily includes identifying beneficial ownership of the CTA reporting company and whether reports were filed and relevant declarations made.

Although CTA reports are generally confidential (with limited ability to share with law enforcement), there is nothing that prohibits firms opening customer accounts to require that legal entity customers produce records/filings of CTA reporting companies. Moreover, because firms have the ability to sever or “offboard” customer relationship for compliance or risk reasons, or place various restrictions on customer investment accounts, broker-dealers and investment advisers could compel such legal entity customers to file a CTA or risk being offboarded as customers. It would be good practice to (i) integrate the various due diligence practices into overall customer relationship and onboarding processes and (ii) risk rate legal entity customer relationships as a function of both the business and their corporate compliance programs.

Relevant due diligence practices include:

Due Diligence Process Description CTA Relevance
Customer Due Diligence (CDD) Foundational data gathering and investigation for all customers/investors Ascertain whether a legal entity customer is defined as a CTA reporting company. If so, ascertain whether a CTA filing has been made. If so, obtain a copy reflecting the beneficial owners and controlling persons or companies, Office of Foreign Assets Control (OFAC)/sanctions check all beneficial owners and those with control specified in the CTA. Also, ensure that any controlling interests are factored into the risk scoring and the surveillance system.
Enhanced Customer Due Diligence (EDD) Greater or more intensive data gathering and investigative efforts for higher risk customers and accounts Take all steps relevant to CDD, but evidence additional steps warranted in the firm’s EDD process steps. Examples include obtaining (i) third-party vendor searches of all beneficial owners and individuals and companies with control, (ii) EDD reports from reputable vendors, (iii) background checks, (iv) known networks and affinity relationships, (v) reputational searches, (vi) third-party financial institutions used, and references from them, (vii) payment and funds flow projections, (viii) industry and jurisdictional/geographical risks, (ix) corporate compliance program controls, (x) vendor/supply chain compliance and risk management practices, etc. Ensure that any controlling interests are factored into the risk scoring and the surveillance system.

Effective due diligence will foreseeably have relevance into other aspects of financial crime compliance, such as sanctions, insider trading and market manipulation, and other crimes as contemplated in the suspicious activity report (SAR) filings (e.g., acting on behalf of an undisclosed principal), among other areas. Customers who are involved in aggressive tax strategies and tax frauds, market manipulation, and other market frauds generally would want to conceal their identities and business purposes. Such customers would generally be less transparent about their beneficial ownership and control interests. Moreover, any entity owned or controlled by such individuals would be acting on behalf of an undisclosed principal, which is a SAR-reportable activity that broker-dealers and banks would be duty-bound to report.

Risk scoring the customer relationship

CTA compliance will also impact the risk rating. The relationship between customer risk and ownership interests could represent a higher expected risk rating and should elicit various risk mitigation measures. Therefore, if a legal entity customer has not filed its BOI reports with FinCEN, there is an elevated risk that either the information financial institutions receive is outdated or could otherwise be incorrect. If a customer is not in compliance with BOI filing obligations, there is a heightened risk that firms are engaged in business with companies associated with the personnel that financial crime legislation, regulations, and rules seek to detect or exclude from the financial services industry.

From an investment adviser perspective, particularly when the investment adviser serves as a discretionary investment manager, there could be a regulatory expectation that the adviser apprises customers of their CTA obligations for their legal entity customers opening accounts. Private fund managers should understand that BOI reporting requirements may apply to their portfolio companies, as well as to certain affiliated entities within their private fund structures.

For private investment funds and private placement issuers that have their own AML programs, the diligence conducted on each investor is relevant for many of the reasons articulated above. Furthermore, while private funds operated by an SEC-registered investment adviser are exempt from the CTA themselves (absent another exemption), private placement issuers that are not an investment fund will have compliance obligations regarding their employees if they are beneficial owners or the issuer has individuals and companies with controlling interests. CTA compliance would also be relevant and important to ensure that any person associated with a private placement issuer is in compliance with the Securities Act of 1933, as amended, and Regulation D promulgated thereunder. Specifically, Regulation D prohibits issuers and various defined individuals from sponsoring private placements or accepting investments if they are “Bad Actors.” In other words, issuers that structure and engage in private placements may not associate with Bad Actors. This prohibition extends to finders and promoters who are not investment advisers or broker-dealers. Without adequate transparency about the ownership or control that would be disclosed in the BOI filings, the private placement issuers might not know whether there was a Bad Actor involved in the offering. Failure to ensure compliance with that aspect of Regulation D may result in the issuer being disallowed from engaging in additional private placement offerings, as well as other penalties contemplated below.

Company governance

It would be prudent for all CTA-exempt companies to monitor (at least annually) whether an exemption remains applicable for themselves. Such oversight would reasonably include:

  • Reporting and monitoring policies for initial BOI reporting
  • Update processes for when such information changes
  • Obtain BOI/control information for initial reports and to obtain updated information to revise the CTA filings
  • Information collection and handling

Penalties for non-compliance

The CTA should be taken seriously by any firm that engages in business with a CTA reporting company. The willful failure to report complete or updated beneficial ownership information to FinCEN, or provide false or fraudulent beneficial ownership information, may result in civil or criminal penalties. This could include civil penalties of up to $500 for each day that the violation continues, or criminal penalties, including imprisonment for up to two years and/or a fine of up to $10,000. Senior officers of an entity that fail to file a required BOI report may be held accountable for that failure.


The importance and risk associated with CTA compliance may be significant. CTA compliance is the latest element to be considered by firms that have AML and financial crime programs. There are legal and regulatory risks, as well as reputational risks, related to onboarding customers that are not in compliance with CTA or any federal AML/financial crime legislation, regulations and rules.

FINCEN has published a Small Entity Compliance Guide (FinCEN CTA Guide) that provides answers to many of the practical questions about the CTA.

How we help

The compliance environment has never been more complex or demanding. We can help you to navigate the evolving regulatory landscape while considering the complexity of your firm’s unique compliance requirements.   

ACA Signature is a scalable solution curated to suit your firm’s unique compliance needs. With ACA Signature, you can choose the combination of compliance advisory services,  innovative technology and managed services that is right for your firm. ACA Signature puts you in complete control of your compliance program.  

Reach out to your ACA consultant, or contact us to find out how ACA Signature can help transform your firm’s compliance program. 

Contact Us