Open Ownership comment on the United States Corporate Transparency Act interim final rule 2025
Comment on the interim final rule
Andrea Gacki
Director
Financial Crimes Enforcement Network
U.S. Department of the Treasury
P.O. Box 39
Vienna, VA 22183
27 May 2025
Submitted electronically via http://www.regulations.gov
RE: Docket No.: 31 CFR Part 1010 and RIN 1506-AB49
Dear Director Gacki:
This submission responds to the request by the Financial Crimes Enforcement Network (FinCEN) of the United States (U.S.) Department of the Treasury (Treasury) for comments on an interim final rule to narrow the existing beneficial ownership information (BOI) reporting requirements created under the 2021 Corporate Transparency Act (CTA) to require only entities previously defined as “foreign reporting companies” to report BOI.
Open Ownership is a global not-for-profit, non-governmental organisation that has provided technical assistance to over 40 countries implementing beneficial ownership (BO) transparency reforms. [1] These are aimed at helping generate accurate, high quality BOI that aligns with international standards and meets the needs of data users across government, obliged entities and the wider private sector, and civil society.
Background
FinCEN is to be commended for taking the historic step in 2024 to implement the new Beneficial Ownership Information Reporting Rule, as codified in amendments to the Bank Secrecy Act (BSA) that were introduced via the CTA. The positive impact of the BOI reporting requirements was reflected in the 7th Follow-Up Report & Technical Compliance Re-Rating (FUR) issued by the Financial Action Task Force (FATF) in March 2024. The lack of timely access to adequate, accurate and current BOI was identified as a “fundamental gap” in FATF’s 2016 Mutual Evaluation Report (MER), and subsequent FURs found the US to be “non-compliant” on Recommendation 24. [2] The 7th FUR focused on progress made to address technical compliance deficiencies on Recommendation 24, and for the first time re-rated the US to “largely compliant.” [3] The provisions set out in the CTA and Beneficial Ownership Information Reporting Rule were fundamental to this progress.
The importance of having a comprehensive BOI database has also been well recognised by the Treasury. For instance, it is a central component of 2024 National Strategy for Combating Terrorist and Other Illicit Financing, which commits Treasury to working, “diligently to maximize the operational value of the beneficial ownership database and look to finalize proposed rules to close existing gaps that illicit actors and their enablers exploit to access the U.S. financial system.” [4] The Strategy notes the importance of this database to, “mitigate critical vulnerabilities in the financial system and allow operational authorities to conduct more effective investigations and combat illicit finance facilitated by opaque corporate structures.” [5]
We recognise that in introducing this interim final rule, FinCEN is exercising its authority, “under 31 U.S.C. 5336(a)(11)(B)(xxiv) to exempt domestic reporting companies from the Reporting Rule and the authority under 31 U.S.C. 5318(a)(7) to exempt foreign reporting companies from having to report the BOI of any U.S. persons who are beneficial owners of the foreign reporting company, as well as to exempt U.S. persons from having to provide such information to the foreign reporting companies of which they are a beneficial owner. Related to the second exemption, FinCEN is also exercising the authority under 31 U.S.C. 5318(a)(7) to revise the special rule associated with foreign pooled investment vehicles to exempt such entities from having to report the BOI of U.S. persons who exercise substantial control over the entity.”
However, it is also noted that the effects of this rule will contradict the 2024 strategy. Instead of shoring up the U.S. anti-money laundering/countering the financing of terrorism (AML/CFT) regime by closing gaps and mitigating vulnerabilities in the US financial system, the new interim final rule would have the opposite effect. It is likely to maintain, if not heighten, the risk of domestically registered U.S. entities being used for the purposes of money laundering and other malicious activities, including by foreign agents.
Furthermore, the negative impacts of this rule are likely to be reflected in the upcoming FATF mutual evaluation. It will reverse much of the progress made on Recommendation 24. Having a central register of BOI is the backbone of Recommendation 24, but a central register that excludes domestic entities is unlikely to be found compliant.
We recognise that various factors make implementing a central register of BOI in the U.S. context uniquely complex. Examples drawn from the most recent National Risk Assessment (NRA) include the U.S. having the world’s largest economy; being particularly susceptible to the laundering of illicit proceeds; and having a currency that is central to the global economy’s payment infrastructure. [6] Moreover, having a governance structure in which the formation of legal entities or legal persons is governed by State law, and therefore decentralised and heterogeneous, creates additional challenges when institutionalising BOT reforms. [7]
At the same time, these factors also point to the critical importance of BOI reporting in a U.S. context for AML/CFT and broader law enforcement efforts. This importance was reflected in the broad support these reforms received when the CTA was passed under the first Trump Administration. [8] This followed twenty years of congressional deliberation and debate to refine the law, which had at no point seriously contemplated widespread exemptions for domestic entities. [9]
The following sections address the potential implications of the two main changes introduced in the interim final rule: 1) the exemption of domestic reporting companies from the Reporting Rule, and 2) exemption of U.S. persons who are beneficial owners of a foreign reporting company, or who exercise substantial control over a pooled investment vehicle from reporting BOI.
Abuse of anonymous shell companies
Evidence abounds of anonymous shell companies being exploited for malign purposes in the U.S. Many cases have involved foreign actors using domestic U.S. entities, including from sanctioned regimes and organised criminal networks. For example, a March 2025 report by Transparency International U.S. identified $325 million in proceeds from over a dozen cases of fraud in which anonymous U.S. companies were used. In one case, Chinese nationals allegedly used over 70 shell companies to launder $73 million in proceeds from cryptocurrency investment scams. In another case, a California man with connections to Russian hackers was sentenced to prison for his alleged role in a $3.4 million credit card fraud scheme involving over 70 fraudulent companies, some of which were established in the names of victims without their knowledge. [10]
Money laundering risks from anonymously owned U.S. legal vehicles have been consistently documented, and result in public harms and national security threats. For example, the 2024 NRA cites the case of a Utah-based firm allegedly being used to launder more than U.S.$20 million for multiple drug trafficking organizations via wire transfers from Utah to Mexico and Honduras. [11] These proceeds were linked to fentanyl proceeds, which are fueling the deadly fentanyl crisis. Similarly, the 2024 NRA found that Russia and Russian-linked actors use global networks of anonymous shell companies for money laundering and to evade sanctions, creating national security threats such as the obfuscation of illicit activity on the part of oligarchs and the undermining the U.S.’s ability “to disrupt, deter, and prevent actions that undermine U.S. national security and the U.S. financial system.” [12]
Compliance burden
We take into account FinCEN’s view that, “the vast majority of domestic small businesses are legitimate and owned by hard-working American taxpayers who are not engaged in illicit activity.” [13] Therefore, minimising the burden on small businesses is of paramount importance to the effective implementation of the law. However, fully removing the requirement for domestic U.S. companies to report BOI will result in the exemption of more than 99 percent of all entities originally covered under the CTA, [14] and is a disproportionate response to the estimated compliance burden that will undermine the law’s effectiveness.
International experience shows that BOI reporting exemptions can shift risk from legal vehicles that are covered by these requirements to those that are not. [15] A 2024 report by the U.S. Government Accountability Office (GAO) found that more than 1.6 million limited liability companies and corporations – two types of domestic entities covered by BOI reporting requirements prior to the interim final rule – were named in Suspicious Activity Reports submitted to FinCEN between 2019 and 2023. [16] It also recommended that FinCEN consider closing reporting gaps by monitoring for the increased misuse of certain partnerships and trusts due to their exemption under the original BOI reporting rule. At that time, law enforcement officials told the GAO that, “some investigations were halted by the inability to determine the beneficial owners of businesses using existing methods”. [17] The interim final rule instead widens these gaps significantly.
International experience shows that other avenues are available to simplify compliance with BOI reporting requirements without undermining the effectiveness of how the law is implemented, for example:
- Digital forms can be made dynamic and adaptable to streamline reporting. For example, presenting fewer data fields to users in cases of simple ownership structures, or allowing users to map their ownership structure digitally to ensure accuracy.
- User testing should be conducted from the outset and on an ongoing basis to inform and improve form design. After a service is launched, research to test and improve it can include questions such as: Can declarants complete your form accurately and within a reasonable timeframe? Do they understand the terminology you are using? Can they collaborate with colleagues in order to complete their task if necessary? Do they find the process frustrating or simple? What questions do they have about how the information will be used? [18]
- Clear guidance on the ownership and control criteria for legal vehicles and their reporting obligations facilitates compliance by helping the individuals filing disclosures understand the requirements. Separate guidance may be created for different categories of legal vehicles. This is especially relevant in cases where the application of reporting requirements is more complex based on a corporate vehicle’s purpose or mode of operation. [19] However, having separate guidance for legal vehicles with simple ownership structures could also be beneficial to help prevent users from needing to parse which information is relevant for them.
- Pre-population of information fields in a declaration by retrieving information from other government sources is best practice where BOI reporting is being implemented in a highly digitalised context. This reduces redundancy across data sources, minimises accidental errors, and helps with consolidating information collected by different government sources. It also reduces the burden of compliance, as it can be challenging for the person submitting a declaration to obtain complete information, for example, to fill in all required identification fields for each beneficial owner. If possible, a digital form should be used to link directly to other systems and automatically draw information from them. In other cases, data can be retrieved post-submission to complete or verify a BO declaration. [20]
Justification of exemptions
Moreover, the exemptions proposed in the interim rule are not well justified. As noted in the request for comment, the CTA authorizes the Treasury (Secretary) to exempt entities for which the Secretary has, by regulation, determined that “requiring beneficial ownership information from the entity or class of entities . . . would not serve the public interest” and “would not be highly useful in national security, intelligence, and law enforcement agency efforts to detect, prevent, or prosecute money laundering, the financing of terrorism, proliferation finance, serious tax fraud, or other crimes.”
The need for FinCEN to duly justify exemptions represents a significant provision in the law. However, the justification provided in the interim rulemaking has not clearly demonstrated that information on domestic entities previously covered by BOI reporting requirements “would not be highly useful” for law enforcement and national security agents. The brief period of implementation of the reporting requirements, resulting in a relatively low level of compliance, further undermines the possibility of making a comprehensive assessment. Nevertheless, the GAO found that for 100 federal staff from four agencies who had access during a pilot program lasting about 6 months or less ("spring 2024" to October 2024), FinCEN counted 1,700 BOI searches in the database. This was despite the database being less than 20% populated (appx. 6 million companies had reported of over 32 million expected). [21]
Meanwhile, in addition to the body of evidence about the abuse of anonymous shell companies, there is existing evidence of demand for this information from U.S. law enforcement agencies and national security actors that points to its usefulness to these groups. For example, a recent survey conducted by the GAO with Offices of Inspectors General (OIG) confirmed the usefulness of BOI for fraud detection and prevention. Around 60% of respondents said it could aid their fraud investigation efforts, and around 60% of respondents said it could aid their fraud detection efforts. The majority also believed it could aid fraud awareness efforts. [22] These findings echo prior expressions of support from law enforcement for the CTA’s BOI reporting requirements. [23]
The GAO’s assessment of the usefulness of BOI in the context of public procurement is also aligned with the provision in FATF Recommendation 24 that BOI be made available to public authorities “in the course of public procurement.” [24] While access for producing authorities to the BOI database is not a formal requirement of the CTA, the report notes the significant financial losses and risks that result from opaque ownership in public contracting:
“...federal programs face heightened fraud risks when BOI is opaque for private companies that compete for government contracts or apply for grants or benefits. In addition to financial losses, impact from such fraud can be nonfinancial, such as threats to national security or public safety. OIGs face challenges in identifying beneficial owner information when using multiple data sources and analytic tools as part of their fraud detection and response efforts.” [25]
International standards
The exemptions introduced under the final interim rule also fail to align with international best practices and standards. FATF’s Recommendation 24 applies to all companies and other legal persons created in a jurisdiction and potentially risky foreign legal entities with sufficient links to the country. It encourages countries to take similar measures in relation to foundations and limited liability partnerships, as well as to other types of legal persons as merited by the levels of money laundering and terrorist financing risks associated with each type. [26]
International experience shows that limited and narrowly interpreted exemptions for certain legal vehicles may be reasonable in cases where:
- certain legal vehicles are already disclosing adequate and up-to-date information on ownership and control to a third-party body that is regulated or subject to supervision, and that maintains and performs reporting and oversight;
- the information that is being disclosed to this third party body is as easily accessible to all relevant data user groups as it would be through a government register; and
- complying with the disclosure requirements is impossible or excessively difficult for certain corporate vehicles. [27]
Most prior exemptions to the CTA were justified on the basis of adequate information being available elsewhere, i.e. for “entities that are otherwise subject to significant regulatory regimes”. [28] However, exclusion of large companies on the basis that they were considered to be a low risk for money laundering was less well founded, as active money-laundering cases involving large companies exist in other jurisdictions. [29] [30] Moreover, large domestic companies have engaged in predicate offences such as fraud and bribery, [31] and they participate in public procurement. Similarly, opacity in investment funds in the U.S. has led to documented cases of their misuse. In one example, the lack of disclosure of private funds obscured the fact that a majority stake in a U.S. voting management firm in 2018 was owned by a Russian oligarch, calling into question election security. [32]
Extending the existing exemptions to all domestic entities will reintroduce documented weaknesses in the AML/CFT and national security architecture, and the primary criteria for reasonable exemptions will not be met. Nor has the Treasury proposed a viable alternative mechanism to a central BO register held by a single federal public authority or body for ensuring “adequate, accurate and up-to-date information on the beneficial ownership and control of legal persons that can be obtained or accessed rapidly and efficiently by competent authorities.” [33] For instance, in Canada the government is working with provinces and territories to establish pan-Canadian access to BOI by joining up information that is collected subnationally. [34]
However, a lack of sufficient and accessible BOI at the State-level is well documented in the 7th FUR. [35] There is some overlap between the information that is reported to FinCEN under the reporting rules created by the CTA and that which is collected by States or required to be held by companies. For instance, most but not all States require companies to hold information about their directors, who may also be beneficial owners. Shareholder information can be useful for understanding beneficial ownership networks, especially when recorded in a register, [36] but U.S. companies are typically only required to hold an internal shareholder register and this may or may not be stored domestically.
State information has other drawbacks. It is typically not inclusive of all aspects of the BO definition, such as individuals who exercise ‘substantial control’. Nor has it proven to be efficiently accessible. International experience speaks to the efficiency gains for law enforcement when central BO registers are introduced, [37] and a recent GAO report documents some of the barriers:
“Identifying beneficial owners of a company generally requires accessing states’ records for registrations, but this data source is not a reliable means of identifying potential fraud or beneficial owners. This is because state systems are generally not standardized […] For example, the fields and standard business identifiers vary by state […] it is time-consuming to find and structure the results into a consistent data format for analysis to identify beneficial ownership across multiple companies. In addition […] some state systems may require special accounts or paid access.” [38]
Finally, State-level ownership and control information is not guaranteed to be up to date. Having access to both historical information, in which users can see changes in ownership and control over time, and to current information is an important characteristic that makes BOI useful for data users including law enforcement. [39] Availability of up-to-date BOI is also important for FATF compliance. For these reasons, reverting to a State-level approach is insufficient as an alternative mechanism to a central register. The U.S. is therefore likely to be found noncompliant with Recommendation 24 in the upcoming FATF mutual evaluation.
In addition, the proposed exemptions reinstate opacity in nominee relationships. Recommendation 24 requires the risks posed by undisclosed nominees to be addressed, giving jurisdictions three options for ensuring appropriate transparency: disclosure, licensing, or prohibition. The 7th FUR notes that these requirements do not generally exist at the State level in the U.S., so the removal of BOI reporting requirements will effectively deregulate the use of nominees. This is likely to contribute to the U.S. being found noncompliant in the upcoming MER. [40] The exemption of U.S. citizens from BOI reporting further exacerbates the risks of undisclosed nominee relationships being abused, as U.S. citizens could serve as fronts for foreign nationals seeking to avoid disclosure. [41]
Finally, while its implementation in the context of U.S. law and regulations is paramount, the new interim rule should also be considered in the context of a rising tide of BOT reforms globally. Since 2016, the establishment of a central register or alternative mechanism for BOI reporting, as set out in the 2022 revisions to FATF Recommendation 24, has become the global norm. [42] The exemptions proposed in the interim rule will make the U.S. an outlier and a more attractive jurisdiction for illicit financial activities, creating undue vulnerability to public harm through the U.S. financial system.
In effect, U.S. regulators need to consider that risk can be displaced not only within, but between jurisdictions. The exemption of U.S. companies from BOI reporting requirements creates an opportunity and incentive for regulatory arbitrage amongst bad actors looking for jurisdictions that offer a favourable environment for laundering funds and stolen assets via legal vehicles. This new interim rule is likely to further entrench its status as the world’s leading financial secrecy jurisdiction, [43] and could create unintended negative spillover effects in other areas of FATF assessment. Being found noncompliant on Recommendation 24 would increase the risk of the U.S. being added to the list of Jurisdictions under Increased Monitoring (i.e. FATF’s “grey list”), creating additional economic vulnerabilities for the U.S. in the context of a moderated global growth forecast. [44]
Footnotes
[1] See: www.openownership.org. Open Ownership is fiscally sponsored by Global Impact, a U.S. non-profit.
[3] https://www.fatf-gafi.org/content/dam/fatf-gafi/fur/USA-FUR-2024.pdf.coredownload.inline.pdf
[4] https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf, p6
[5] https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf, p8
[6] https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf, p3
[7] For information on how Canada has navigated this challenge, see: https://star.worldbank.org/sites/default/files/2024-04/Beneficial%20Ownership%20Guide_Canada%202024%20%20.pdf
[8] https://thefactcoalition.org/fact-sheet-administration-support-for-beneficial-ownership-disclosure/
[11] https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf, 19
[12] https://home.treasury.gov/system/files/136/2024-National-Money-Laundering-Risk-Assessment.pdf, p31
[13] https://www.federalregister.gov/d/2025-05199/p-49
[15] For example, in the UK, see: https://oo.cdn.ngo/media/documents/oo-policy-briefing-coverage-of-corporate-vehicles-2023-04.pdf, p8
[16] https://www.gao.gov/assets/gao-25-106955.pdf
[17] https://www.gao.gov/assets/gao-25-106955.pdf, Highlights
[18] https://oo.cdn.ngo/media/documents/oo-guidance-user-research-2024-10.pdf
[19] https://oo.cdn.ngo/media/documents/oo-policy-briefing-coverage-of-corporate-vehicles-2023-04.pdf
[20] https://oo.cdn.ngo/media/documents/oo-briefing-sufficient-detail-2025-04.pdf, p5
[21] https://www.gao.gov/assets/gao-25-107403.pdf
[22] https://www.gao.gov/assets/gao-25-107143.pdf, p26-28
[23] For example, from the Fraternal Order of Police and National District Attorneys: https://thefactcoalition.org/fraternal-order-of-police-sends-letter-of-support-on-h-amdt-1/; https://thefactcoalition.org/national-district-attorneys-association-sends-letter-to-house-in-support-of-h-amdt-1/
[25] https://www.gao.gov/assets/gao-25-107143.pdf, p11
[27] https://oo.cdn.ngo/media/documents/oo-policy-briefing-coverage-of-corporate-vehicles-2023-04.pdf, p3
[28] https://www.federalregister.gov/d/2022-27031/p-44.
[29] Defined as companies with over 20 employees, a physical office, and a turnover of more than USD 5 million. See: https://www.wolterskluwer.com/en/expert-insights/understanding-the-corporate-transparency-act-reporting-requirements
[30] For example: https://www.ft.com/content/e5b60129-64b8-415a-ba23-76b2277ba726
[31] For example: https://www.nytimes.com/2012/12/18/business/walmart-bribes-teotihuacan.html
[32] https://thefactcoalition.org/report/private-investments-public-harm/, p27
[35] https://www.fatf-gafi.org/content/dam/fatf-gafi/fur/USA-FUR-2024.pdf.coredownload.inline.pdf, p3-4
[37] https://oo.cdn.ngo/media/documents/oo-report-understanding-data-use-2025-04.pdf, p15
[38] https://www.gao.gov/assets/gao-25-107143.pdf, p21-22
[39] https://oo.cdn.ngo/media/documents/oo-report-understanding-data-use-2025-04.pdf, p9
[40] https://www.fatf-gafi.org/content/dam/fatf-gafi/fur/USA-FUR-2024.pdf.coredownload.inline.pdf, p12
[41] For example, proxies and nominees have been misused in Ukraine: https://oo.cdn.ngo/media/documents/oo-impact-story-ukraine-2022-02_z0DqeyY.pdf
[42] https://www.openownership.org/en/map/