info@thewbkfirm.com
202.628.2000

WBK Industry News - Federal Regulatory Developments

FinCEN Releases Small Entity Guide on BOI Authorized Access and Required Safeguards

29 Feb 2024

FinCEN recently issued its Small Entity Compliance Guide for Beneficial Ownership Information (BOI) Access and Safeguards Requirements, which intends to provide an overview of the requirements of, and assist small entities in complying with, the recently promulgated Beneficial Ownership Information Access and Safeguards Rule (Access Rule).  See WBK’s prior article on the Access Rule here.  In general, the Guide provides guidance to small entities that obtain BOI from FinCEN.

Due to FinCEN’s phased approach to allowing access to BOI, FinCEN states in the Guide that no financial institutions have access to BOI at this time.  However, the Access Rule will allow financial institutions access to BOI of certain customers in connection with their due diligence obligations.  The Guide gives a non-exhaustive list of examples of permissible uses of BOI that is obtained from FinCEN, including:

  • Customer identification requirements, such as “Know your Customer” (KYC);
  • Enhanced Due Diligence as required by the Bank Secrecy Act;
  • Suspicious Activity Report filing;
  • Facilitation of Office of Foreign Asset sanctions compliance; and
  • Requests, reviews, and investigations related to anti-money laundering and countering the financing of terrorism.

The Guide reiterates the strict rules around re-disclosure of BOI that a financial institution director, officer, employee, contractor, or agent receives.

Additionally, the Guide summarizes the geographic restrictions placed on entities accessing BOI – specifically that they cannot store in or disclose this information to people in certain countries or jurisdictions, including, but not limited to, the People’s Republic of China, the Russian Federation, and state sponsors of terrorism.  Moreover, it describes the specific procedures an accessing entity must have in place for protecting nonpublic personal information, such as procedures that address: (i) complying with the Gramm-Leach-Bliley Act; (ii) the requirement to notify FinCEN within three business days of receiving any foreign government subpoena or foreign legal demand to produce BOI; (iii) the customer consent required prior to requesting BOI; and (iv) the required certification when requesting BOI.

The Guide also discusses BOI information request submission, and penalties associated with violations of these access, security, and confidentiality requirements.

WBK previously wrote an article addressing the Small Entity Compliance Guide on the Beneficial Ownership Information Reporting Rule (BOI Rule), and it can be found here.