1506-0077 BOI Access Final Rule Supporting Statement 12.22.2023

1506-0077 BOI Access Final Rule Supporting Statement 12.22.2023.docx

Beneficial Ownership Information Access and Safeguards

OMB: 1506-0077

Document [docx]
Download: docx | pdf

Supporting Statement

OMB Control Number 1506-0077 (RIN 1506-AB59)

Beneficial Ownership Information Access and Safeguards

  1. Circumstances necessitating collection of information.

The Financial Crimes Enforcement Network (FinCEN) is issuing this statement to support its request that the Office of Management and Budget (OMB) approve a final rule regarding access, by certain authorized recipients, to identifying information associated with reporting companies, their beneficial owners, and their company applicants (together “beneficial ownership information” or “BOI”), in order to implement the information collection required by 31 U.S.C. 5336(c). This statement identifies the estimated burden hours for the OMB control number associated with the final rule.

FinCEN exercises regulatory functions primarily under the Currency and Foreign Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act), Public Law 107–56 (October 26, 2001), and other legislation, including the Corporate Transparency Act (CTA).1  The overall legislative framework is commonly referred to as the Bank Secrecy Act (BSA). The CTA added a new section to the BSA, 31 U.S.C. 5336, to provide for FinCEN’s collection of certain legal entities’ BOI2 and access by authorized recipients to that BOI.

To implement the reporting provision at 31 U.S.C. 5336(b), FinCEN issued regulations at 31 CFR 1010.380 that require certain entities (“reporting companies”) to report their BOI to FinCEN beginning January 1, 2024.3 The CTA authorizes FinCEN to disclose this BOI to certain government agencies, financial institutions, and financial regulators, subject to appropriate protocols.4 These disclosures support law enforcement, intelligence, and national security activities and they facilitate customer due diligence efforts by financial institutions. The CTA further requires FinCEN to make BOI accessible for inspection or disclosure to officers and employees of the Department of the Treasury (Treasury) whose official duties require such inspection or disclosure, or for tax administration.5 Consistent with the CTA, FinCEN will permit certain Federal, State, local, and Tribal officials, as well as foreign officials that request BOI through a Federal agency (“foreign requesters”), to obtain BOI for use in furtherance of statutorily authorized activities such as those related to national security, intelligence, and law enforcement. Financial institutions with customer due diligence requirements under applicable law will have access to BOI to facilitate compliance with those requirements, as will the Federal functional regulators or other appropriate regulatory agencies that supervise or assess those financial institutions’ compliance with such requirements.

FinCEN intends to store BOI in, and manage requests for BOI through, a secure beneficial ownership IT system (BO IT system). For the purposes of this Supporting Statement, the term “BO IT system access request” refers to a request from an authorized recipient to FinCEN for access to the BO IT system, and the term “BOI request” refers to a request from an authorized recipient to FinCEN for a specific BOI report on a reporting company. The CTA requires the Secretary of the Treasury (Secretary) to establish protocols to safeguard BOI that authorized recipients must implement as a condition of accessing BOI.6 These protocols vary by the type of requester and, in the case of some requester types, constitute information collections under the Paperwork Reduction Act (PRA). This supporting statement provides information about the reporting and recordkeeping burdens associated with those collections. Consistent with PRA requirements, it only considers burdens incurred by “persons” deemed to be members of the public — a category that does not include Federal agencies or foreign national governments, although both will be eligible to request BOI from FinCEN under certain circumstances.7

This supporting statement analyzes burdens associated with three categories of persons: (1) State, local and Tribal agencies; (2) financial institutions with customer due diligence obligations under applicable law; and (3) financial self-regulatory organizations (SROs). In order to access BOI, FinCEN will require requesters to submit information with, or retain information about, each request for BOI, which FinCEN can use to confirm compliance with CTA requirements. The requirements that must be met in order for authorized recipients to obtain BOI will be specified in the final rule and codified at 31 CFR 1010.955.

The collection of information is necessary to comply with the CTA requirement that BOI is disclosed only to authorized recipients. FinCEN expects that the information collection would occur electronically in the form and manner prescribed by FinCEN. FinCEN has aimed to reduce unnecessary burdens on authorized recipients to the extent practicable.

  1. Method of collection and use of data.

FinCEN intends to disclose BOI to authorized recipients after collecting specific information from them through electronically available request forms. FinCEN has not yet proposed the forms that will be used in this collection, but it has identified in the final rule the requirements in order for authorized recipients to obtain BOI from FinCEN. To the extent and in the manner required by the PRA, FinCEN would provide public notice of, and request public comment on, any proposed information collection associated with BOI requests.

State, local, and Tribal agencies, SROs, and financial institutions that wish to access BOI would follow the requirements in the final rule and provide information about following such requirements to FinCEN. Financial institutions would also be required to obtain and document customer consent and maintain a record of such consent for five years after it was last relied upon; those requirements may necessitate updates to existing processes and creation of consent forms. The resulting information, stemming from the requirements of the final rule, would be used to ensure compliance with the security and confidentiality requirements to access BOI.

3. Use of improved information technology to reduce burden.

Authorized recipients of BOI will be required to provide a certification to FinCEN for each BOI request electronically “in such form and manner as FinCEN shall prescribe.” FinCEN expects that compliance with other proposed requirements would necessitate the use of information technology systems by authorized recipients.

4. Efforts to identify duplication.

There are no Federal rules that directly or fully duplicate or overlap with the final rule, or that require the submission of the same information. Therefore, there is no information already available to the Federal government that could be used or modified to fully satisfy the statutory requirements identified in Section 1 or that fully serve the uses identified in Section 2.

The final rule is closely related to the issuance of the BOI reporting rule.8 The BOI reporting rule implements the CTA’s BOI reporting requirements, which describe who must file a report, what information must be provided, and when a report is due. In contrast, the final rule sets out the appropriate protocols for access to and disclosure of BOI to authorized recipients. The BOI reporting rule’s regulatory impact analysis (RIA) estimated the cost to the public of reporting and updating BOI and information related to FinCEN identifiers. It also estimated the cost to FinCEN of developing and maintaining this reporting mechanism, costs to other government agencies as a result of reporting requirements, and the benefits of the requirements. FinCEN has aimed to not duplicate costs and benefits covered in the BOI reporting rule in this final rule.

5. Methods to minimize burden on small businesses or other small entities.

Under the final rule, accessing BOI is not mandatory; therefore, the final rule will not impose requirements (and burden) in the strictest sense.9 However, the final rule will require those that elect to access BOI to establish standards, procedures, and safeguards, and to comply with other requirements. In particular, financial institutions will be required to develop and implement administrative, technical, and physical safeguards reasonably designed to protect the security, confidentiality, and integrity of BOI. Financial institutions will also be required to obtain and document customer consent to access their BOI, as well as maintain a record of such consent for five years after it was last relied upon, which may require updates to existing policies and procedures. Financial institutions will also be required to comply with certain geographic restrictions and notify FinCEN if they receive an information demand from a foreign government. The rule will also require those that access BOI to provide a certification for each BOI request, in the form and manner prescribed by FinCEN. FinCEN intends to provide additional details regarding the form and manner of BOI requests for all categories of authorized recipients through specific instructions and guidance as it continues developing the BO IT system. To the extent required by the PRA, FinCEN will publish for notice and comment any proposed information collection associated with BOI requests.

In the final regulatory flexibility analysis, conducted as part of the RIA in the final rule, FinCEN assesses that small financial institutions will be the small entities affected, as they will be required to comply with rule’s requirements if they access BOI. FinCEN assumes that the professional expertise needed to comply with such requirements already exists at small financial institutions with customer due diligence obligations. The steps FinCEN has taken to minimize the significant economic impact on small entities and the factual, policy, and legal reasons are described throughout Section III of the final rule.

FinCEN considered the comments it received in response to the notice of proposed rulemaking on beneficial ownership information access and safeguards (the “Access NPRM”). In response to the comments on proposed 31 CFR 1010.955(d)(2)(iv), which would have required a financial institution to “make a written certification to FinCEN” for each BOI request, FinCEN has revised the proposed rule to require that financial institutions provide a certification to FinCEN “in such form and manner as FinCEN shall prescribe.” Furthermore, in response to comments, FinCEN revised the proposed rule to allow the agency to take a flexible approach towards implementation of the certification requirement, which will allow it to take into account a range of considerations, such as technological feasibility. Accordingly, FinCEN intends to prescribe a certification mechanism that seeks to minimize burdens, which may include checkboxes or other forms. For instance, FinCEN anticipates that a financial institution will be able to make the certification via a simple checkbox when requesting BOI via the BO IT system. Additionally, FinCEN amended proposed 1010.955(d)(2)(iv) to require a financial institution to certify that it has obtained and “documented” a reporting company’s consent to request the reporting company’s BOI from FinCEN. The revised approach eliminates the requirement for the financial institution to obtain “written” consent from the reporting company, requiring only that consent be “documented.”

FinCEN also aims to minimize the burden on small financial institutions by providing the ability for financial institutions to submit search requests through an automated process, lessening costs associated with manual searches by financial institutions. FinCEN expects that financial institutions will use Application Programming Interfaces (APIs) to access BOI, and that the BO IT system will accommodate the use of APIs for this purpose (including the submission of required certifications).

FinCEN also aims to minimize the burden on small entities by providing clear guidance on how to comply with the final rule.

6. Consequences to the Federal government of not collecting the information.

The final rule implements the strict protocols required by the CTA to protect sensitive personally identifiable information reported to FinCEN and to establish the circumstances in which authorized recipients have access to BOI, as well as data protection protocols and oversight mechanisms applicable to each recipient category. The final rule also provides a robust framework to ensure that BOI reported to FinCEN, and received by authorized recipients, is subject to strict cybersecurity controls, confidentiality protections and restrictions, and robust audit and oversight measures.

The collection of information from authorized users is necessary to adequately protect BOI from unauthorized disclosure, as well as to ensure that authorized recipients use that BOI only for purposes permitted by the CTA. Therefore, not collecting this information would be contrary to the statutory requirements of the CTA to establish appropriate protocols and protect sensitive personally identifiable information.

7. Special circumstances requiring data collection inconsistent with guidelines.

There are no special circumstances under which the final rule will require data collection inconsistent with guidelines.

8. Consultation with individuals outside of the agency on availability of data, frequency of collection, clarity of instructions and forms, and data elements.

On December 16, 2022, FinCEN published the Access NPRM.10 The Access NPRM described who would be authorized to access BOI reported to FinCEN, how those parties could use the information, and how they would be required to safeguard it. The Access NPRM reflected information gleaned from over 30 outreach sessions with representatives from Federal agencies, state courts, state and local prosecutors’ offices, Tribal governments, financial institutions, SROs, and government offices that had established beneficial ownership databases. It also reflected input that FinCEN received in response to an advanced notice of proposed rulemaking, published on April 5, 2021, which sought input from the public on five open-ended categories of questions, including questions concerning key CTA definitions and on implementation of CTA provisions governing the maintenance and disclosure of BOI.11

In response to the Access NPRM, FinCEN received over 80 comments from a broad array of individuals and organizations, including members of Congress, the financial industry and related trade associations, groups representing small business interests, corporate transparency advocacy groups, law enforcement representatives, regulatory associations, legal associations, and other interested groups and individuals. The commenters expressed a range of opinions about the Access NPRM, and they suggested specific modifications to the proposed regulations to enhance clarity, refine policy expectations, ensure technical accuracy, and improve implementation more broadly. Commenters sought clarification on specific definitions, use cases, technical requirements and processes, and database functionality, among other things. Commenters also opined that the proposed regulations would be too costly and burdensome for small businesses.

In particular, commenters expressed concern over the access provisions relating to State, local, and Tribal law enforcement authorities and financial institutions. Some commenters stated that certain requirements for law enforcement access to BOI, such as the requirement to submit “a copy of a court order” and “written justification” would create undue barriers for State, local and Tribal law enforcement and contradict the statutory text. More specifically, commenters to the Access NPRM generally opposed the requirements in proposed 31 CFR 1010.955(d)(1)(ii)(B)(2)(i) that the head of a State, local, or Tribal law enforcement agency, or their designee, must obtain and submit a copy of a court order to FinCEN authorizing the agency to seek BOI in a criminal or civil investigation. These commenters explained that these requirements would create burdens on State, local, and Tribal agencies that would impede their ability to access BOI in a timely manner, which would be contrary to the goals of the CTA. In general, commenters encouraged FinCEN to take a more flexible approach in specifying the manner in which a court authorizes a request for BOI, which court personnel can provide that authorization, and at what stage in an investigation or proceeding agencies may seek the BOI from FinCEN.

Commenters to the Access NPRM also generally opposed, for largely the same reasons, the requirement in proposed 31 CFR 1010.955(d)(1)(ii)(B)(2)(i) that the agency head must also submit a written justification to FinCEN explaining the relevance of the BOI for the investigation. Specifically, some commenters noted that the CTA does not contain such a requirement, expressed concerns that this requirement would unduly delay requests by agencies for BOI, and highlighted the challenges involved in FinCEN reviewing each justification provided by an agency that requests BOI.

FinCEN was persuaded by comments that were critical of the requirements in proposed 31 CFR 1010.955(d)(1)(ii)(B)(2) that State, local, and Tribal law enforcement agencies submit a copy of a court order and written justification for FinCEN review prior to searching for BOI. Accordingly, FinCEN has made several changes to that provision in the final rule. These revisions are intended to streamline State, local, and Tribal agency access to BOI and reduce burdens on these agencies and courts as well as on FinCEN, while at the same time, maintaining robust confidentiality and security requirements for these agencies and FinCEN oversight and audit of these requests.

9. Payments and gifts.

No payments or gifts were made to respondents.

10. Assurance of confidentiality of responses.

FinCEN will maintain the confidentiality of responses, including information associated with BOI requests, consistent with its obligations under the Privacy Act of 1974 (5 U.S.C. 552a), as amended, and 31 CFR 1.36.

11. Justification of sensitive questions.

There are no questions of a sensitive nature in the collection of information.

12. Estimated annual hourly burden.

As explained in Section 1 and consistent with PRA requirements, this Supporting Statement only considers burdens incurred by “persons” deemed to be members of the public — a category that does not include Federal agencies or foreign national governments, although both will be eligible to request BOI from FinCEN under certain circumstances. Therefore, this supporting statement analyzes the estimated annual hourly burden associated with three categories of persons: (1) state, local, and Tribal agencies; (2) financial institutions subject to customer due diligence requirements under applicable law; and (3) SROs.

FinCEN estimates that during year 112 the annual hourly burden will be 8,743,781 hours.13 In year 214 and onward, FinCEN estimates that the annual hourly burden will be 3,616,964 hours. The annual estimated burden hours for State, local, and Tribal entities as well as SROs is 2,268,789 hours in the first year, and 1,699,612 hours in year 2 and onward. As shown in Table 1 below, the hourly burden in year 1 for State, local, and Tribal entities and SROs includes the hourly burden associated with the following requirements in the rule: enter into an agreement with FinCEN and establish standards and procedures (Action B); establish a secure system to store BOI (Action D); establish and maintain an auditable system of standardized records for requests (Action E); submit written certification for each request that it meets certain requirements (Action G); restrict access to appropriate persons within the entity (Action H); conduct an annual audit and cooperate with FinCEN’s annual audit (Action I); obtain certification of standards and procedures, initially and then semi-annually, by the head of the entity (Action J); and provide annual reports on procedures (Action K). The hourly burden in year 2 and onward for State, local, and Tribal entities and SROs is associated with the same requirements as year 1, with the exception of Action B because FinCEN expects this action will result in costs for these entities in year 1 only.

The annual estimated hourly burden for financial institutions is 6,474,992 hours in the first year and 1,917,352 hours in year 2 and onward. The hourly burden for financial institutions in year 1 is associated with the following: develop and implement administrative and physical safeguards (Action A); develop and implement technical safeguards (Action C); obtain and document customer consent (Action F); submit certification for each request that it meets certain requirements (Action G); undergo training (Action H); comply with certain geographic restrictions (Action L); and notify FinCEN if they receive an information demand from a foreign government (Action M). The hourly burden in year 2 and onward for financial institutions is associated only with the requirements for Actions F, G and H because FinCEN expects the other actions will result in costs for these entities in year 1 only.

Annual estimated burden declines in year 2 and onward because State, local, and Tribal agencies, SROs, and financial institutions no longer need to complete Actions A and B, and have a lower hourly burden for Actions E and F. State, local, and Tribal law enforcement agencies have a lower hourly burden for Action G. Table 1 below lists the type of entity, the number of entities, the hours per entity, and the total hourly burden by action. For Actions A, B, C, D, E, F, I, J, K, L, and M the hours per entity are the maximum of the range estimated in the cost analysis of the RIA. For Action G and H, the hours per entity calculations are specified in footnotes to Table 1. Total annual hourly burden is calculated by multiplying the number of entities by the hours per entity for each action. In each subsequent year after initial implementation, FinCEN estimates that the total hourly annual burden is 3,616,964. This results in a 5-year average burden estimate of approximately 4,642,327 hours.15

Table 1 — Annual Hourly Burden Associated with Rule Requirements

Action

Type of Entity

Number of Entities

Hours per Entity

Total Annual Hourly Burden

  1. Develop and implement administrative and physical safeguards

Financial institutions

15,716

240 in Year 1; 0 in Years 2+

3,771,840 in Year 1; 0 in Years 2+

  1. Enter into an agreement with FinCEN and establish standards and procedures

State, local, and Tribal agencies and SROs

218

300 in Year 1; 0 in Years 2+

65,400 in Year 1; 0 in Years 2+

  1. Develop and implement technical safeguards

Financial institutions

15,716

0 in Year 1; 0 in Years 2+

0 in Year 1; 0 in Years 2+

  1. Establish a secure system to store BOI

State, local, and Tribal agencies and SROs

218

300 in Year 1; 4 in Years 2+

65,400 in Year 1; 872 in Years 2+

  1. Establish and maintain an auditable system of standardized records for requests

State, local, and Tribal agencies and SROs

218

200 in Year 1; 20 in Years 2+

43,600 in Year 1; 4,360 in Years 2+

  1. Obtain and document customer consent

Financial institutions

15,716

70 in Year 1; 20 in Years 2+

1,100,120 in Year 1; 314,320 in Years 2+

  1. Submit certification for each request that it meets certain requirements1

Financial institutions

15,716

94 in Year 1; 94 in Years 2+

1,474,161 in Year 1; 1,474,161 in Years 2+

  1. Submit written certification for each request that it meets certain requirements, including court authorization

State, local, and Tribal law enforcement

158

12,975 in Year 1; 10,443 in Years 2+

2,050,003 in Year 1; 1,649,994 in Years 2+

  1. Submit written certification for each request that it meets certain requirements

State regulatory agencies and SROs

60

125 in Year 1; 125 in Years 2+

7,500 in Year 1; 7,500 in Years 2+

  1. Undergo training2

Financial institutions

15,716

8 in Year 1; 8 in Years 2+

128,871 in Year 1; 128,871 in Years 2+

  1. Restrict access to appropriate persons within the entity, which specifies that appropriate persons will undergo training3

State, local, and Tribal agencies and SROs

218

9 in Year 1, 9 in Years 2+

2,006 in Year 1; 2,006 in Years 2+

  1. Conduct an annual audit and cooperate with FinCEN’s annual audit

State, local, and Tribal agencies and SROs

218

160 in Year 1; 160 in Years 2+

34,880 in Year 1; 34,880 in Years 2+

  1. Obtain certification of standards and procedures initially and then semi-annually, by the head of the entity

State, local, and Tribal agencies and SROs

218

Included in I.

Included in I.

  1. Provide initial and then an annual report on procedures

State, local, and Tribal agencies and SROs

218

Included in I.

Included in I.

  1. Comply with certain geographic restrictions

Financial institutions

15,716

0 in Year 1; 0 in Years 2+

0 in Year 1; 0 in Years 2+

  1. Notify FinCEN of information demand from foreign government

Financial institutions

15,716

0 in Year 1; 0 in Years 2+

0 in Year 1; 0 in Years 2+

Total Annual Hourly Burden

8,743,781 in Year 1; 3,616,964 in Years 2+

(Annualized average of 5,325,903 hours across first 3 years)

1 For all types of entities, the hours per entity for Action G is the per entity share of the aggregate burden estimated in the RIA.

2 For financial institutions, the hours per entity for Action H equals the weighted average of the large and small financial institutions’ maximum burden estimated in the RIA.

3 For State, local, and Tribal agencies and SROs, the hours per entity for Action H equals the per entity share of the aggregate burden.


13. Estimated annual cost to respondents for hour burdens.

FinCEN calculated the fully loaded hourly wage for each type of affected entity type.16 Using these estimated wages, the total cost of the annual burden in year 1 is $868,200,270. In year 2 and onward, FinCEN estimates that the total cost of the annual burden is $339,309,502, owing to Actions A and B only imposing burdens in year 1, Actions D and E having lower annual per entity burdens, and Action G having lower burden per request for State, local, and Tribal law enforcement agencies. The annual estimated cost for State, local, and Tribal agencies and SROs is $181,851,118 in the first year and $136,070,190 in year 2 and onward. The annual estimated cost for financial institutions is $686,349,152 in the first year and $203,239,312 in year 2 and onward. The 5-year average annual cost estimate is $445,087,656.17

Table 2 — Annual Cost Associated with Rule Requirements

Action

Type of Entity

Hourly Wage

Total Annual Hourly Burden

Total Annual Cost

  1. Develop and implement administrative and physical safeguards

Financial institutions

$106

3,771,840 in Year 1; 0 in Years 2+


$399,815,040 in Year 1; $0 in Years 2+

  1. Enter into an agreement with FinCEN and establish standards and procedures

State, local, and Tribal agencies

$80

65,400 in Year 1; 0 in Years 2+


$5,232,000 in Year 1; $0 in Years 2+


  1. Develop and implement technical safeguards

Financial institutions

$106

0 in Year 1; 0 in Years 2+

$0 in Year 1; $0 in Years 2+

  1. Establish a secure system to store BOI

State, local, and Tribal agencies

$80

65,400 in Year 1; 872 in Years 2+


$5,232,000 in Year 1; $69,760 in Years 2+


  1. Establish and maintain an auditable system of standardized records for requests

State, local, and Tribal agencies

$80

43,600 in Year 1; 4,360 in Years 2+


$3,488,000 in Year 1; $348,800 in Years 2+


  1. Obtain and document customer consent

Financial institutions

$106

1,100,120 in Year 1; 314,320 in Years 2+


$116,612,720 in Year 1; $33,317,920 in Years 2+


  1. Submit certification for each request that it meets certain requirements

Financial institutions

$106

1,474,161 in Year 1; 1,474,161 in Years 2+

$156,261,066 in Year 1; $156,261,066 in Years 2+

  1. Submit written certification for each request that it meets certain requirements, including court authorization

State, local, and Tribal law enforcement

$80

2,050,003 in Year 1; 1,649,994 in Years 2+


$164,000,240 in Year 1; $131,999,520 in Years 2+


  1. Submit written certification for each request that it meets certain requirements

State regulatory agencies

$80

7,500 in Year 1; 7,500 in Years 2+

$600,000 in Year 1; $600,000 in Years 2+

  1. Undergo training

Financial institutions

$106

128,871 in Year 1; 128,871 in Years 2+


$13,660,326 in Year 1; $13,660,326 in Years 2+


  1. Restrict access to appropriate persons within the agency, which specifies that appropriate persons will undergo training

State, local, and Tribal agencies

$80

2,006 in Year 1; 2,006 in Years 2+

$160,480 in Year 1; $160,480 in Years 2+

  1. Conduct an annual audit and cooperate with FinCEN’s annual audit

State, local, and Tribal agencies

$80

34,880 in Year 1; 34,880 in Years 2+


$2,790,400 in Year 1; $2,790,400 in Years 2+


  1. Obtain certification of standards and procedures initially and then semi-annually, by the head of the entity

State, local, and Tribal agencies

$80

Included in I.

Included in I.

  1. Provide initial and then an annual report on procedures

State, local, and Tribal agencies

$80

Included in I.

Included in I.

  1. Comply with certain geographic restrictions

Financial institutions

$106

0 in Year 1; 0 in Years 2+

$0 in Year 1; $0 in Years 2+

  1. Notify FinCEN of information demand from foreign government

Financial institutions

$106

0 in Year 1; 0 in Years 2+

$0 in Year 1; $0 in Years 2+

Actions B, D, E, G, H, I-K

SRO

$106

3,283 in Year 1; 955 in Years 2+

$347,998 in Year 1; $101,230 in Years 2+

Total Annual Cost

$

868,200,270 in Year 1; $339,309,502 in Years 2+

14. Estimated annual cost to the Federal government.

The Federal government would have costs under the final rule because Federal government agencies may be authorized recipients of BOI. Federal government agencies would also incur costs associated with coordinating and submitting requests for BOI on behalf of foreign requesters. Additionally, FinCEN itself would have costs associated with administering access to BOI. FinCEN estimates that the maximum overall cost to the Federal government would be $91,377,200 in year 1. This is the total of $78,377,200 the maximum aggregate cost estimate for Federal agencies of meeting the final rule’s requirements to access BOI18and the estimated $13 million in FinCEN administration costs. In year 2 and onward, this estimated cost would be $73,707,680. This is the total of $60,707,680 the maximum cost estimate for Federal agencies’ meeting the final rule’s requirements to access BOI19 and the estimated $13 million in FinCEN administration costs. The 5-year average annual cost estimate is $77,241,584 .20

15. Reason for change in burden.

The burden estimate has changed from the Access NPRM in response to comments and due to changes made in the final rule. Additionally, burden estimates have changed because of ongoing technological development.

In response to comments, FinCEN has made the following changes to its estimates: increased the number of SROs that may access BOI; increased the hourly burden for financial institutions to establish administrative and physical safeguards by 200 percent; increased the hourly burden for financial institutions to obtain and document customer consent by 400–600 percent in year 1 and an additional 10 to 20 hours in subsequent years; and increased the expected number of financial institution employees requiring training to 4 to 5 for small financial institutions and 25 to 30 for large financial institutions. FinCEN also decreased the hourly burden estimate for written certification of requests by State, local, and Tribal law enforcement agencies, and described additional requirements for financial institutions, consistent with changes made to this requirement in the final rule. FinCEN also made changes to update data, underlying sources, and estimates with more recent information, if available. Please see the NPRM’s PRA section and the final rule’s PRA section for details on the initial and updated estimates.

16. Plans for tabulation, statistical analysis, and publication.

The information will not be tabulated or compiled for publication.

17. Request not to display expiration date of OMB control number.

FinCEN requests that it not be required to display the expiration date so that the regulations will not have to be amended for the new expiration date every three years.

18. Exceptions to the certification statement.

There are no exceptions to the certification statement.

1 The CTA is Title LXIV of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283 (Jan. 1, 2021) (NDAA). Division F of the NDAA is the Anti-Money Laundering Act of 2020 (the AML Act), which includes the CTA. Section 6003(1) of the AML Act defines the BSA as comprising Section 21 of the Federal Deposit Insurance Act (12 U.S.C. 1829b), Chapter 2 of Title I of Public Law 91-508 (12 U.S.C. 1951 et seq.), and Subchapter II of Chapter 53 of Title 31, United States Code. Congress has authorized the Secretary of the Treasury (Secretary) to administer the BSA. The Secretary has delegated to the Director of FinCEN the authority to implement, administer, and enforce compliance with the BSA and associated regulations. Treasury Order 180–01 (Jan. 14, 2020).

2 The CTA requires certain legal entities, referred to as “reporting companies” to report BOI to FinCEN pursuant to 31 U.S.C. 5336(b).

3 See 87 FR 59498 (Sept. 30, 2022).

4 See 31 U.S.C. 5336(c)(2).

5 See 31 U.S.C. 5336(c)(5).

6 See 31 U.S.C. 5336(c)(3).

7 See 5 CFR 1320.3(k), defining “person” as an individual; partnership; association; corporation (including operations of government-owned contractor-operated facilities); business trust, or legal representative; an organized group of individuals; a state, territorial, tribal, or local government or branch thereof; or a political subdivision of a state, territory, tribal, or local government or a branch of a political subdivision.

8 See 87 FR 59498 (Sept. 30, 2022).

9 FinCEN anticipates considering whether to require financial institutions to access BOI reported to FinCEN in the future, potentially as part of its revisions to the 2016 CDD Rule.

10 87 FR 77404 (Dec. 16, 2022).

11 86 FR 17557-17565 (April 5, 2021).

12 As discussed in the final rule’s RIA, Year 1 in the analysis is the first year in which all potentially affected parties access a database that includes BOI reports from reporting companies that are in existence as of the BOI reporting rule’s effective date.

13 The full burden and cost associated with the final rule is assessed in the final rule’s RIA. The cost analysis in the final rule’s RIA estimates a potential range of burden for some activities. For purposes of this supporting statement, the analysis assumes the maximum estimate of such ranges.

14 Subsequent years (sometimes referred to as “Years 2+”) in this analysis are the years after the first year in which all potentially affected parties access a database that includes BOI reports from reporting companies that are in existence as of the BOI reporting rule’s effective date.

15 The 5-year average equals the sum of (Year 1 burden hours of 8,743,781 + Year 2 burden hours of 3,616,964 + Year 3 burden hours of 3,616,964 + Year 4 burden hours of 3,616,964 + Year 5 burden hours of 3,616,964) divided by 5.

1

2

3

16 See Table 3 in the final rule for details on the fully loaded hourly wages.

17 The 5-year average equals the sum of (Year 1 costs of $868,200,270 + Year 2 costs of $339,309,502 + Year 3 costs of $339,309,502 + Year 4 costs of $339,309,502 + Year 5 costs of $339,309,502) divided by 5.

18 The maximum aggregate cost estimate for Federal agencies that access BOI directly to meet the final rule’s requirements is $78,179,200 in year 1. Additionally, Federal agencies may incur costs from submitting and coordinating BOI requests on behalf of foreign partners, with an estimated maximum aggregate cost of $198,000. These amounts total $78,377,200.

19 The maximum aggregate cost estimate for Federal agencies that access BOI directly to meet the final rule’s requirements is $60,509,680 in year 2 and onward. Additionally, Federal agencies may incur costs from submitting and coordinating BOI requests on behalf of foreign partners, with an estimated maximum aggregate cost of $198,000. These amounts total $60,707,680.

20 The 5-year average equals the sum of (Year 1 costs of $91,377,200 + Year 2 costs of $73,707,680 + Year 3 costs of $73,707,680 + Year 4 costs of $73,707,680 + Year 5 costs of $73,707,680) divided by 5.

5


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
AuthorJerome, Molly
File Modified0000-00-00
File Created2023-12-23

© 2024 OMB.report | Privacy Policy