Key highlights of FinCEN’s final rule on access to Beneficial Ownership Information


People Capabilities In this section you can find Services Banking and Finance Banking and Finance overview Asset & Lease Finance Capital Markets Corporate Debt Leveraged Finance Project, Energy and Infrastructure Finance Real Estate Finance Restructuring and Insolvency Securitization and Structured Finance Trade and Export Finance Competition, Trade and Foreign Investment Competition, Trade and Foreign Investment overview Antitrust and Competition Litigation Dawn Raids Foreign Investment and National Security Law International Sanctions and Export Controls International Trade Law Merger Control Procurement and State Aid Construction and Engineering Construction and Engineering overview Construction Disputes Contracts and Procurement EPC Project Advisory Corporate and M&A Corporate and M&A overview Capital Markets Corporate Governance International Corporate Reorganizations Joint Ventures Mergers and Acquisitions Private Equity Venture Capital Corporate Crime Corporate Crime overview Anti-Bribery and Corruption Anti-Money Laundering International Sanctions and Export Controls Regulatory Investigations and Enforcement Data Privacy, Security and Technology Data Privacy, Security and Technology overview Cybersecurity Data Privacy Disruptive Technology Electronic and Mobile Commerce Information Law Product Counseling Regulatory Defense and Litigation Technology Transactions and Sourcing Telecom Services Employment, Labor and Pensions Employment, Labor and Pensions overview Corporate Transactions Cross-Border Employment and Pensions Diversity, Pay and Discrimination Employee Benefits and Executive Compensation Employment Employment Litigation Global Mobility and Immigration Labor and Industrial Relations Pensions and Retirement Plans Pensions Risk Transfer and Management Pensions Scheme Disputes Public Sector Pensions Financial Services Regulation Financial Services Regulation overview Asset Management Crypto Assets Derivatives Funds Financial Services Disputes and Investigations Insurance Insurance overview Captives Insurance and Reinsurance Disputes Insurance and Retirement Products, Insurance Distribution Insurance Financing and Capital Markets Insurance M&A, Reinsurance and Restructuring Insurance Regulation and Compliance Insurance Regulatory Investigations and Enforcement Insurance Taxation Insurtech Pensions Risk Transfer and Management Intellectual Property Intellectual Property overview IP Audits and Assessments IP Litigation IP Transactional Patents Trademarks, Trade Dress and Copyrights Trade Secrets Investigations Investigations overview Antitrust and Competition Investigations Employment Investigations Internal Investigations Konexo Konexo overview Legal Services Interim Resourcing Data and Cyber Consulting Legal Team Consulting Litigation and Dispute Resolution Litigation and Dispute Resolution overview Class Actions Commercial Litigation Construction Disputes Corporate Claims Costs unit Energy Disputes Environmental, Health and Safety Financial Services Disputes and Investigations Fraud Insurance and Reinsurance Disputes International Arbitration Procurement Disputes Product Liability and Product Recall Professional Liability Public Inquiries and Investigations Public International Law Real Estate Disputes Regulatory Investigations and Enforcement Tax Controversy and Litigation Technology and Communications Disputes Real Estate and Planning Real Estate and Planning overview Commercial Development and Leasing Corporate Real Estate Planning and Environmental Planning and Infrastructure Real Estate Disputes Real Estate Finance Living Strategic Contracts Strategic Contracts overview Contract Modernization Outsourcing Strategic Partnerships Tax Tax overview Acquisitions and Restructuring Business Taxation Employee Benefits and Executive Compensation Real Estate Tax Taxation of Financial Transactions and Institutions Tax Controversy and Litigation Transfer Pricing US State and Local Tax VAT/Indirect Taxes Industries Charities and Not for Profit Consumer Consumer overview Food and Beverage Luxury Retail and Wholesale Education Education overview Further Education Higher Education Schools and Academies Energy Energy overview Clean Energy Energy Regulatory Hydrogen Nuclear Oil and Gas Power Water and Wastewater Financial Services Financial Services overview Corporate and Investment Banking Payments and Fintech Private Capital Retail Banking and Consumer Finance Governments and Infrastructure Governments and Infrastructure overview Governments and Strategic Projects Infrastructure Local Government Parliamentary Public Sector Transportation Industrials Industrials overview Aerospace, Defense and Security Automotive Chemicals Manufacturing and Industrial Engineering Life Sciences and Healthcare Life Sciences and Healthcare overview Agriculture and Medicinal Cannabis and CBD Healthcare Industrial Biotechnology Medical Devices Pharmaceuticals and Biotechnology Research and Development Vaccines Real Estate Real Estate overview Alternative Assets Multi and Single Family Residential Office and Industrial Real Estate Investment Retail and Mixed Use Transport Related Real Estate Sports Technology & Digital Technology & Digital overview Digital Content Digital Infrastructure Technology Resources Insights Client tools Events and training Business topics About About us Firm leadership Purpose and values Responsible business Community Diversity and Inclusion Environmental sustainability Pro bono Reports Alumni News Careers UK Careers Applications Why us? Lawyers and partners Business professionals Students and recent graduates Apprenticeships Students Graduates Recruitment process Events Student and graduate applications Offices United Kingdom Visit global site Select a local version of the site Angola Asia Austria Belgium Bulgaria Czech Republic Estonia Finland France Germany Hungary Iraq Ireland Italy Jordan Latvia Lithuania Luxembourg Mauritius Mozambique Netherlands Poland Portugal Qatar Romania Saudi Arabia Slovakia South Africa Spain Sweden Switzerland Tunisia United Arab Emirates United Kingdom United States Rest of the world en Select language English Key highlights of FinCEN’s final rule on access to Beneficial Ownership Information Home Resources Insights Home Resources Insights Key highlights of FinCEN’s final rule on access to Beneficial Ownership Information Key highlights of FinCEN’s final rule on access to Beneficial Ownership Information Key highlights of FinCEN’s final rule on access to Beneficial Ownership Information January 04, 2024 United States United States United States The Financial Crimes Enforcement Network (FinCEN) issued the Beneficial Ownership Information Access and Safeguards Rule¹ (Access Rule) establishing the framework for access to and protection of beneficial ownership information (BOI). The Access Rule is the second of three rulemakings required to implement the Corporate Transparency Act (CTA), which was enacted to “strengthen the integrity of the US financial system”² and reduce abuse of the US financial system for money laundering and other illicit financial activity.³ The Access Rule largely adopted FinCEN’s Notice of Proposed Rulemaking issued on December 16, 2022⁴ (NPRM), with slight modifications responsive to the comments received. The Access Rule takes effect on February 20, 2024. BOI reported to FinCEN will be housed in a national database that FinCEN launched January 1, 2024 (BO IT System). The CTA authorizes FinCEN to disclose BOI to five categories of recipients: (1) financial institutions; (2) regulatory agencies; (3) domestic recipients; (4) foreign requesters; and (5) the US Department of Treasury. Authorized recipients of BOI must use the information for the “particular purpose or activity for which such information was disclosed.”⁵ FinCEN can authorize the re-disclosure of BOI via written consent, or through applicable protocols or guidance, that FinCEN may issue.⁶ The Access Rule also provides specific steps to request BOI and confidentiality and security requirements based on the category of authorized recipient. As further explained below, financial institutions should begin preparing to comply with the requesting process and mandatory security and confidentiality protocols prescribed by the Access Rule. 1. Financial Institutions Authorized Purpose: Financial institutions can request BOI to facilitate their compliance with customer due diligence requirements under applicable law. Financial institutions’ requests for BOI should directly relate to its “compliance with a legal obligation . . . designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States.”⁷ While the Access Rule is broadly drafted to permit “financial institutions” to access BOI from the BO IT System, “FinCEN, in the exercise of its discretion, intends to permit only financial institutions with obligations under the 2016 CDD Rule to have access to the BO IT System.”⁸ How to Request: A financial institution needs the reporting company’s consent to request its BOI. This consent must be documented (but it does not have to be in writing) and maintained for five years after the financial institution last relied upon the consent in connection with the request for BOI.⁹ Additionally, the financial institution must make a written certification that it: (1) is requesting the information to facilitate its compliance with customer due diligence requirements under applicable law, (2) obtained the reporting company’s consent, and (3) fulfilled the other security and confidentiality requirements. Financial institutions are authorized to re-disclose BOI information received from FinCEN under the following circumstances: Any director, officer, employee, contractor, or agent of a financial institution who received BOI from FinCEN may re-disclose the information to another director, officer, employee, contractor, or agent of the same financial institution for the particular purpose or activity for which the BOI was requested. Financial institutions can re-disclose BOI to regulators that meet certain requirements set forth in the Access Rule.¹⁰ Security and Confidentiality Requirements: Financial institutions must develop and implement administrative, technical, and physical safeguards reasonably designed to protect BOI as a precondition for receiving BOI. Financial institutions must implement security and information handling procedures that satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act and its implementing regulations.¹¹ In addition, financial institutions will need to notify FinCEN within three business days if it receives a foreign government subpoena or legal demand that would require disclosure of the received BOI. They also will need to ensure that the BOI is not available to persons physically located in, and is not stored in, certain jurisdictions, such as the People’s Republic of China, the Russian Federation, and countries deemed to be a state sponsor of terrorism or subject to comprehensive financial or economic sanctions. 2. Regulatory Agencies Authorized Purpose: Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions for compliance with customer due diligence requirements can access BOI previously made available to the financial institutions that they supervise.¹² Additionally, the rule allows regulatory agencies to use BOI to conduct “the assessment, supervision, or authorized investigation” in connection with a financial institution’s use of BOI obtained from FinCEN to comply with legal requirements to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States.¹³ How to Request: For a regulatory agency to request BOI, the regulatory agency must certify that it (1) is acting in its supervisory capacity, (2) will use BOI solely for that purpose, (3) and has entered into an agreement with FinCEN to properly safeguard BOI received. Regulatory agencies will be able to retrieve any BOI that the financial institutions they supervise received from FinCEN during a particular period, but will not be able to broadly search the BO IT System.¹⁴ The Access Rule also includes a provision that would permit FinCEN to disclose BOI to any “other appropriate regulatory agency that assessed, supervised, enforced, or otherwise determined the compliance of such financial institution with customer due diligence requirements under applicable law.” FinCEN noted that state bank supervisors, as defined in the AML Act, state credit union regulators and other state supervisory authorities that meet the criteria set forth in the Access Rule may have access to the BO IT System. However, although SROs are not a part of this category the Access Rule allows qualifying SROs to receive BOI disclosed to them from a financial institution or Federal functional regulator.¹⁵ Security and Confidentiality Requirements: Any access to and use of BOI obtained from the BO IT System must comply with the requirements of the CTA and the Access Rule. 3. Domestic Recipients Authorized Purpose: Federal agencies engaged in “national security,” “intelligence,” or “law enforcement activity” can request BOI if the requested BOI is limited in scope and for use in furtherance of such activity.¹⁶ State, local and Tribal law enforcement agencies (Local Enforcement Agencies) also can request BOI if “a court of competent jurisdiction” has authorized the law enforcement agency to seek the information in a criminal or civil investigation.¹⁷ Local Enforcement Agencies can obtain court authorization from a variety of court officers (including a judge, clerk of the court, or magistrate), but “being an attorney, by itself, is not sufficient to…grant the required court authorization under the CTA.”¹⁸ How to Request: A federal agency must certify that (1) it is engaged in a national security, intelligence, or law enforcement activity, and (2) that BOI requested is for use in such activity, along with the specific reasons why BOI is relevant to the activity. Local Enforcement Agencies must (1) certify that they have received authorization to seek BOI from a court of competent jurisdiction and that requested BOI is relevant to a civil or criminal investigation, and (2) provide a description of the information the court has authorized the agency to seek. Federal, state, local, or Tribal agencies are permitted to re-disclose BOI for making a referral to another state, local, or Tribal agency for possible prosecution. FinCEN declined to include a “joint investigation” provision in the Access Rule and indicated that it would issue guidance to address this scenario. Security and Confidentiality Requirements: To be eligible to receive BOI from FinCEN, a domestic requesting agency must establish standards and procedures to protect the security and confidentiality of BOI, restrict access to BOI, and provide reports and certifications throughout the year to FinCEN. 4. Foreign Requesters Authorized Purpose: Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities (Foreign Requesters) can request BOI for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, authorized under the laws of the foreign country.¹⁹ How to Request: Foreign Requesters must (1) make their request through a Federal agency, (2) tailor their request to be for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, authorized under the laws of the foreign country, and (3) make their request pursuant to an international treaty, agreement, or convention, or, when no agreement is available, be an official request by a law enforcement, judicial, or prosecutorial authority of a trusted foreign country.²⁰ Security and Confidentiality Requirements: Foreign Requesters who request BOI when a treaty, agreement, or convention applies must handle, disclose, and use BOI consistent with the requirements of the applicable international treaty, agreement, or convention under which it was requested. Foreign Requesters who make a BOI request when no treaty, agreement, or convention applies must (1) have security standards and procedures, (2) maintain a secure storage system that complies with the security standards that the foreign requester applies to the most sensitive unclassified information it handles, (3) minimize the amount of information requested, and (4) restrict personnel access to BOI to persons who have undergone training on the appropriate handling and safeguarding.²¹ 5. US Department of the Treasury Officers or employees of the US Department of the Treasury can access BOI when “official duties require such inspection or disclosure, subject to internal procedures and safeguards.” The access also extends to officers or employees of the Department of the Treasury for tax administration. ***** FinCEN has yet to propose the third rule revising the 2016 CDD Rule to be consistent with the CTA’s requirements. In the meantime, financial institutions with customer due diligence obligations can use the information in the Access Rule to begin implementing the procedures and controls that will be required to access BOI. These financial institutions should ensure that their systems and procedures fully comply with section 501 of the Gramm-Leach-Bliley Act, and implement procedures and controls for obtaining and maintaining record of customers’ consent, promptly notifying FinCEN about foreign government subpoenas or legal demands that require disclosure of BOI, and limiting BOI access to certain jurisdictions. In addition, financial institutions may want to consider updating their policies, procedures, and trainings regarding the handling of customers’ nonpublic personal information to account for these changes, and creating a plan to audit whether BOI received from FinCEN has been accessed and used appropriately. _________ If you have any questions about this Legal Briefing, please feel free to contact any of the attorneys listed or the Eversheds Sutherland attorney with whom you regularly work. ₁_{Beneficial Ownership Information Access and Safeguards.} _{2 Beneficial Ownership Information Reporting Rule Fact Sheet \| FinCEN.gov} _{3 Beneficial Ownership Information Reporting Rule Fact Sheet, FinCEN.gov (Sept. 29, 2022), (BOI Rule Fact Sheet). Congress passes the Anti-Money Laundering Act of 2020, amending and modernizing the Bank Secrecy Act - Eversheds Sutherland (eversheds-sutherland.com); Congress passes the Anti-Money Laundering Act of 2020, amending and modernizing the Bank Secrecy Act - Eversheds Sutherland (eversheds-sutherland.com).} _{4 87 Fed. Reg. 77404 (Dec. 16, 2022). 5 Id. at 88762. 6 Id. at 88765. 7 Id. 8 87 Fed. Reg. 88756 (Dec. 16, 2022).} _{9 Id. at 88772. 10 31 CFR 1010.955(b)(4)(ii)(A)–(C). 11 87 Fed. Reg. 88769 (Dec. 16, 2022). 12 Id. at 88757. 13 Id. at 88758. 14 Id. at 88778. 15 See 31 C.F.R. § 1010.955(c)(2)(iii), (iv). 16 31 U.S.C. 5336(c)(2)(B)(i)(I). 17 Id. 5336(c)(2)(B)(i)(II). 18 88 Fed. Reg. 88748 (Dec. 22, 2023). 19 Id. at 88748. 20 Id. 21 Id. at 88751.} The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer. Services Corporate and M&A Corporate Crime Data Privacy, Security and Technology Financial Services Disputes and Investigations Internal Investigations Litigation and Dispute Resolution Tax Business Topics Corporate Transparency Act Key contacts Craig T. Alcorn Partner Chicago, United States Xenia J. Garofalo Partner Washington, DC, United States Andrea L. Gordon Partner Washington, DC, United States Svetlanna N. Espinosa-Valdes Associate Washington, DC, United States Latest Insights legal updates UK Retail Finance Horizon Scanner - May 2026 legal updates Employer contributions to the Teachers' Pension Scheme (TPS) set to ease following Government announcement legal updates UK: Reform of the Consumer Credit Act 1974 takes shape legal updates Consumer Lens - Session 1 \| The Rise of European Class Actions Latest News client news Next stop, public ownership: Eversheds Sutherland advises DfT on GTR transition firm news Eversheds Sutherland strengthens restructuring offering with senior partner appointment firm news Eversheds Sutherland strengthens Commercial Advisory practice with technology partner hire client news Eversheds Sutherland advises Schroders Greencoat on acquisition of Dutch biomethane platform Latest Events virtual \| June 04, 2026 Education Webinar - Legal refresher for education institutions – governance, company administration and subsidiary companies virtual \| June 09, 2026 UK employment law training virtual \| June 10, 2026 Education Webinar - Occupational Stress : Preventing Suffering, Enhancing Wellbeing virtual \| June 16, 2026 Nordic (Denmark, Finland, Norway and Sweden) employment law training Tabs Label legal updates June 02, 2026 UK Retail Finance Horizon Scanner - May 2026 legal updates June 02, 2026 Employer contributions to the Teachers' Pension Scheme (TPS) set to ease fo... legal updates June 01, 2026 UK: Reform of the Consumer Credit Act 1974 takes shape legal updates May 29, 2026 Consumer Lens - Session 1 \| The Rise of European Class Actions Legal notices Terms & conditions Privacy notice Cookies Modern Slavery Whistleblowing ES(I)LLP Members LinkedIn Facebook YouTube Connect Contact us Client login Staff login Subscribe About us About Eversheds Sutherland Purpose and values Responsible business Alumni Insights Client tools Events and training Business topics Careers Offices © Eversheds Sutherland 2026. All rights reserved. Eversheds Sutherland is a provider of legal and other services operating through various separate and distinct legal entities. For further information about these entities and Eversheds Sutherlands' structure please see the Legal Notice page of this website. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client. For further information about these Eversheds Sutherland Entities and Eversheds Sutherlands’ structure please see the Legal Notices page of this website. For information on Konexo please also see the Legal Notices page of this website

The Financial Crimes Enforcement Network (FinCEN) issued the Beneficial Ownership Information Access and Safeguards Rule¹ (Access Rule) establishing the framework for access to and protection of beneficial ownership information (BOI). The Access Rule is the second of three rulemakings required to implement the Corporate Transparency Act (CTA), which was enacted to “strengthen the integrity of the US financial system”² and reduce abuse of the US financial system for money laundering and other illicit financial activity.³ The Access Rule largely adopted FinCEN’s Notice of Proposed Rulemaking issued on December 16, 2022⁴ (NPRM), with slight modifications responsive to the comments received. The Access Rule takes effect on February 20, 2024.

BOI reported to FinCEN will be housed in a national database that FinCEN launched January 1, 2024 (BO IT System). The CTA authorizes FinCEN to disclose BOI to five categories of recipients: (1) financial institutions; (2) regulatory agencies; (3) domestic recipients; (4) foreign requesters; and (5) the US Department of Treasury. Authorized recipients of BOI must use the information for the “particular purpose or activity for which such information was disclosed.”⁵ FinCEN can authorize the re-disclosure of BOI via written consent, or through applicable protocols or guidance, that FinCEN may issue.⁶

The Access Rule also provides specific steps to request BOI and confidentiality and security requirements based on the category of authorized recipient. As further explained below, financial institutions should begin preparing to comply with the requesting process and mandatory security and confidentiality protocols prescribed by the Access Rule.

1. Financial Institutions

Authorized Purpose: Financial institutions can request BOI to facilitate their compliance with customer due diligence requirements under applicable law. Financial institutions’ requests for BOI should directly relate to its “compliance with a legal obligation . . . designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States.”⁷ While the Access Rule is broadly drafted to permit “financial institutions” to access BOI from the BO IT System, “FinCEN, in the exercise of its discretion, intends to permit only financial institutions with obligations under the 2016 CDD Rule to have access to the BO IT System.”⁸

How to Request: A financial institution needs the reporting company’s consent to request its BOI. This consent must be documented (but it does not have to be in writing) and maintained for five years after the financial institution last relied upon the consent in connection with the request for BOI.⁹ Additionally, the financial institution must make a written certification that it: (1) is requesting the information to facilitate its compliance with customer due diligence requirements under applicable law, (2) obtained the reporting company’s consent, and (3) fulfilled the other security and confidentiality requirements.

Financial institutions are authorized to re-disclose BOI information received from FinCEN under the following circumstances:

Any director, officer, employee, contractor, or agent of a financial institution who received BOI from FinCEN may re-disclose the information to another director, officer, employee, contractor, or agent of the same financial institution for the particular purpose or activity for which the BOI was requested.
Financial institutions can re-disclose BOI to regulators that meet certain requirements set forth in the Access Rule.¹⁰

Security and Confidentiality Requirements: Financial institutions must develop and implement administrative, technical, and physical safeguards reasonably designed to protect BOI as a precondition for receiving BOI. Financial institutions must implement security and information handling procedures that satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act and its implementing regulations.¹¹ In addition, financial institutions will need to notify FinCEN within three business days if it receives a foreign government subpoena or legal demand that would require disclosure of the received BOI. They also will need to ensure that the BOI is not available to persons physically located in, and is not stored in, certain jurisdictions, such as the People’s Republic of China, the Russian Federation, and countries deemed to be a state sponsor of terrorism or subject to comprehensive financial or economic sanctions.

2. Regulatory Agencies

Authorized Purpose: Federal functional regulators and other appropriate regulatory agencies acting in a supervisory capacity assessing financial institutions for compliance with customer due diligence requirements can access BOI previously made available to the financial institutions that they supervise.¹² Additionally, the rule allows regulatory agencies to use BOI to conduct “the assessment, supervision, or authorized investigation” in connection with a financial institution’s use of BOI obtained from FinCEN to comply with legal requirements to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States.¹³

How to Request: For a regulatory agency to request BOI, the regulatory agency must certify that it (1) is acting in its supervisory capacity, (2) will use BOI solely for that purpose, (3) and has entered into an agreement with FinCEN to properly safeguard BOI received. Regulatory agencies will be able to retrieve any BOI that the financial institutions they supervise received from FinCEN during a particular period, but will not be able to broadly search the BO IT System.¹⁴

The Access Rule also includes a provision that would permit FinCEN to disclose BOI to any “other appropriate regulatory agency that assessed, supervised, enforced, or otherwise determined the compliance of such financial institution with customer due diligence requirements under applicable law.” FinCEN noted that state bank supervisors, as defined in the AML Act, state credit union regulators and other state supervisory authorities that meet the criteria set forth in the Access Rule may have access to the BO IT System. However, although SROs are not a part of this category the Access Rule allows qualifying SROs to receive BOI disclosed to them from a financial institution or Federal functional regulator.¹⁵

Security and Confidentiality Requirements: Any access to and use of BOI obtained from the BO IT System must comply with the requirements of the CTA and the Access Rule.

3. Domestic Recipients

Authorized Purpose: Federal agencies engaged in “national security,” “intelligence,” or “law enforcement activity” can request BOI if the requested BOI is limited in scope and for use in furtherance of such activity.¹⁶

State, local and Tribal law enforcement agencies (Local Enforcement Agencies) also can request BOI if “a court of competent jurisdiction” has authorized the law enforcement agency to seek the information in a criminal or civil investigation.¹⁷ Local Enforcement Agencies can obtain court authorization from a variety of court officers (including a judge, clerk of the court, or magistrate), but “being an attorney, by itself, is not sufficient to…grant the required court authorization under the CTA.”¹⁸

How to Request: A federal agency must certify that (1) it is engaged in a national security, intelligence, or law enforcement activity, and (2) that BOI requested is for use in such activity, along with the specific reasons why BOI is relevant to the activity. Local Enforcement Agencies must (1) certify that they have received authorization to seek BOI from a court of competent jurisdiction and that requested BOI is relevant to a civil or criminal investigation, and (2) provide a description of the information the court has authorized the agency to seek.

Federal, state, local, or Tribal agencies are permitted to re-disclose BOI for making a referral to another state, local, or Tribal agency for possible prosecution. FinCEN declined to include a “joint investigation” provision in the Access Rule and indicated that it would issue guidance to address this scenario.

Security and Confidentiality Requirements: To be eligible to receive BOI from FinCEN, a domestic requesting agency must establish standards and procedures to protect the security and confidentiality of BOI, restrict access to BOI, and provide reports and certifications throughout the year to FinCEN.

4. Foreign Requesters

Authorized Purpose: Foreign law enforcement agencies, judges, prosecutors, central authorities, and competent authorities (Foreign Requesters) can request BOI for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, authorized under the laws of the foreign country.¹⁹

How to Request: Foreign Requesters must (1) make their request through a Federal agency, (2) tailor their request to be for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, authorized under the laws of the foreign country, and (3) make their request pursuant to an international treaty, agreement, or convention, or, when no agreement is available, be an official request by a law enforcement, judicial, or prosecutorial authority of a trusted foreign country.²⁰

Security and Confidentiality Requirements: Foreign Requesters who request BOI when a treaty, agreement, or convention applies must handle, disclose, and use BOI consistent with the requirements of the applicable international treaty, agreement, or convention under which it was requested. Foreign Requesters who make a BOI request when no treaty, agreement, or convention applies must (1) have security standards and procedures, (2) maintain a secure storage system that complies with the security standards that the foreign requester applies to the most sensitive unclassified information it handles, (3) minimize the amount of information requested, and (4) restrict personnel access to BOI to persons who have undergone training on the appropriate handling and safeguarding.²¹

5. US Department of the Treasury

Officers or employees of the US Department of the Treasury can access BOI when “official duties require such inspection or disclosure, subject to internal procedures and safeguards.” The access also extends to officers or employees of the Department of the Treasury for tax administration.

*****

FinCEN has yet to propose the third rule revising the 2016 CDD Rule to be consistent with the CTA’s requirements. In the meantime, financial institutions with customer due diligence obligations can use the information in the Access Rule to begin implementing the procedures and controls that will be required to access BOI. These financial institutions should ensure that their systems and procedures fully comply with section 501 of the Gramm-Leach-Bliley Act, and implement procedures and controls for obtaining and maintaining record of customers’ consent, promptly notifying FinCEN about foreign government subpoenas or legal demands that require disclosure of BOI, and limiting BOI access to certain jurisdictions. In addition, financial institutions may want to consider updating their policies, procedures, and trainings regarding the handling of customers’ nonpublic personal information to account for these changes, and creating a plan to audit whether BOI received from FinCEN has been accessed and used appropriately.

_________

If you have any questions about this Legal Briefing, please feel free to contact any of the attorneys listed or the Eversheds Sutherland attorney with whom you regularly work.

₁_{Beneficial Ownership Information Access and Safeguards.}

_{2 Beneficial Ownership Information Reporting Rule Fact Sheet | FinCEN.gov}

_{3 Beneficial Ownership Information Reporting Rule Fact Sheet, FinCEN.gov (Sept. 29, 2022), (BOI Rule Fact Sheet). Congress passes the Anti-Money Laundering Act of 2020, amending and modernizing the Bank Secrecy Act - Eversheds Sutherland (eversheds-sutherland.com); Congress passes the Anti-Money Laundering Act of 2020, amending and modernizing the Bank Secrecy Act - Eversheds Sutherland (eversheds-sutherland.com).}

_{4 87 Fed. Reg. 77404 (Dec. 16, 2022).

5 Id. at 88762.

6 Id. at 88765.

7 Id.

8 87 Fed. Reg. 88756 (Dec. 16, 2022).}

_{9 Id. at 88772.

10 31 CFR 1010.955(b)(4)(ii)(A)–(C).

11 87 Fed. Reg. 88769 (Dec. 16, 2022).

12 Id. at 88757.

13 Id. at 88758.

14 Id. at 88778.

15 See 31 C.F.R. § 1010.955(c)(2)(iii), (iv).

16 31 U.S.C. 5336(c)(2)(B)(i)(I).

17 Id. 5336(c)(2)(B)(i)(II).

18 88 Fed. Reg. 88748 (Dec. 22, 2023).

19 Id. at 88748.

20 Id.

21 Id. at 88751.}

The materials on the Eversheds Sutherland website are for general information purposes only and do not constitute legal advice. While reasonable care is taken to ensure accuracy, the materials may not reflect the most current legal developments. Eversheds Sutherland disclaims liability for actions taken based on the materials. Always consult a qualified lawyer for specific legal matters. To view the full disclaimer, see our Terms and Conditions or Disclaimer section in the footer.