Supporting Statement
OMB Control Number 1506-0077
Beneficial Ownership Information Access and Safeguards
Circumstances necessitating collection of information.
The Financial Crimes Enforcement Network (FinCEN) is issuing this statement to support its request that the Office of Management and Budget (OMB) approve the information collection associated with requests made to FinCEN by certain authorized persons for beneficial ownership information (“BOI requests”), consistent with the requirements of the Beneficial Ownership Information Access and Safeguards final rule (the “BOI Access Rule”) that was published on December 22, 2023.1
On January 30, 2024, FinCEN issued a 60-day notice, consistent with the requirements of the Paperwork Reduction Act of 1995 (PRA), which proposed the information collection associated with BOI requests for public comment (the “BOI Request PRA Notice”).2 The comment period for the BOI Request PRA Notice closed on April 1, 2024.
The legislative framework generally referred to as the Bank Secrecy Act (BSA) consists of the Currency and Foreign Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act), Public Law 107–56 (October 26, 2001), and other legislation, including the Corporate Transparency Act (CTA).3 The BSA is codified at 12 U.S.C. 1829b and 1951-1960 and 31 U.S.C. 5311–5314 and 5316–5336, and notes thereto, with implementing regulations at 31 CFR Chapter X.
The BSA authorizes the Secretary of the Treasury (Secretary) to, inter alia, require financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory matters, risk assessments or proceedings, or in the conduct of intelligence or counter-intelligence activities to protect against terrorism, and to implement anti-money laundering (AML) programs and compliance procedures.4 The authority of the Secretary to administer the BSA has been delegated to the Director of FinCEN.5
The CTA added a new section to the BSA, 31 U.S.C. 5336, to provide for FinCEN’s collection of identifying information associated with certain entities (“reporting companies”), their beneficial owners, and their company applicants (together “beneficial ownership information” or “BOI”) 6 and access by authorized recipients to that BOI. To implement the reporting provision at 31 U.S.C. 5336(b), FinCEN issued regulations at 31 CFR 1010.380 that, since January 1, 2024, have required reporting companies to report their BOI to FinCEN.7 The CTA authorizes FinCEN to disclose this BOI to certain government agencies, financial institutions, and financial regulators, subject to appropriate protocols.8 The CTA further requires FinCEN to make BOI accessible for inspection or disclosure to officers and employees of the Department of the Treasury (Treasury) whose official duties require such inspection or disclosure, or for tax administration.9 Consistent with the CTA, FinCEN will permit certain Federal, State, local, and Tribal officials, as well as foreign officials that request BOI through a Federal agency (“foreign requesters”), to obtain BOI for use in furtherance of statutorily authorized activities such as those related to national security, intelligence, and law enforcement. Financial institutions with customer due diligence requirements under applicable law will have access to BOI to facilitate compliance with those requirements, as will the Federal functional regulators or other appropriate regulatory agencies that supervise or assess those financial institutions’ compliance with such requirements.
FinCEN stores BOI in, and manages requests for BOI through, a secure beneficial ownership IT system (“BO IT system”). For the purposes of this supporting statement, the term “BO IT system access request” refers to a request from an authorized recipient to FinCEN for access to the BO IT system, and the term “BOI request” refers to a request from an authorized recipient to FinCEN for a specific BOI report on a reporting company. The CTA requires the Secretary to establish protocols to safeguard BOI that authorized recipients must implement as a condition of accessing BOI.10 These protocols vary by the type of requester and, in the case of some requester types, constitute information collections under the PRA. In order to access BOI, FinCEN requires requesters to submit information with, or retain information about, each request for BOI, which FinCEN can use to confirm compliance with CTA requirements. The requirements that must be met in order for authorized recipients to obtain BOI are specified in the BOI Access Rule11 and codified at 31 CFR 1010.955.
This supporting statement provides information about the reporting and recordkeeping burdens associated with those collections. Consistent with PRA requirements, it only considers burdens incurred by “persons” deemed to be members of the public—a category that does not include Federal agencies or foreign national governments, although both are eligible to request BOI from FinCEN under certain circumstances.12 This supporting statement analyzes burdens associated with three categories of persons: (1) State, local, and Tribal agencies; (2) financial institutions with customer due diligence obligations under applicable law, as defined in the BOI Access Rule; and (3) financial self-regulatory organizations (SROs).
The collection of information is necessary to comply with the CTA requirement that BOI is disclosed only to authorized recipients. FinCEN expects that the information collection would occur electronically in the form and manner prescribed by FinCEN. FinCEN has aimed to reduce unnecessary burdens on authorized recipients to the extent practicable.
Method of collection and use of data.
FinCEN will disclose BOI to recipients authorized to submit BOI requests after collecting specific information from them electronically via a web-based application. As discussed in more detail in Section 8, FinCEN published the BOI Request PRA Notice in the Federal Register on January 30, 2024, with the proposed data fields for BOI requests as an appendix.13 This appendix identified the specific information required in order for certain authorized recipients to obtain BOI from FinCEN.
State, local, and Tribal agencies, SROs, and financial institutions that wish to receive BOI must follow the requirements in the BOI Access Rule and provide information about following such requirements to FinCEN.14 Financial institutions are also required to obtain and document customer consent and maintain a record of such consent for five years after it was last relied upon; those requirements may necessitate updates to existing processes and creation of consent forms. The resulting information, stemming from the requirements of the BOI Access Rule, will be used to ensure compliance with the security and confidentiality requirements to access BOI.
3. Use of improved information technology to reduce burden.
Those requesting BOI from FinCEN will be required electronically to provide a certification to FinCEN for each BOI request. FinCEN expects that compliance with other proposed requirements will necessitate the use of information technology systems by authorized recipients.
4. Efforts to identify duplication.
There are no Federal rules that directly or fully duplicate or overlap with the BOI Access Rule, or that require the submission of the same information. Therefore, there is no information already available to the Federal government that could be used or modified to fully satisfy the statutory requirements identified in Section 1 or that fully serve the uses identified in Section 2.
The BOI Access Rule is closely related to the issuance of the BOI Reporting Rule.15 The BOI Reporting Rule implements the CTA’s BOI reporting requirements, which describe who must file a report, what information must be provided, and when a report is due. The BOI Access Rule sets out the protocols for access to and disclosure of BOI to authorized recipients. The BOI Reporting Rule’s regulatory impact analysis (RIA) estimated the cost to the public of reporting and updating BOI and information related to FinCEN identifiers. It also estimated the cost to FinCEN of developing and maintaining this reporting mechanism, costs to other government agencies as a result of reporting requirements, and the benefits of the requirements. FinCEN aimed to not duplicate costs and benefits covered in the BOI Reporting Rule in the BOI Access Rule.
5. Methods to minimize burden on small businesses or other small entities.
Under the BOI Access Rule, accessing BOI is not mandatory; therefore, the BOI Access Rule does not necessarily impose requirements (and burden).16 However, the BOI Access Rule requires those that elect to access BOI through the BO IT system to establish standards, procedures, and safeguards, and to comply with other requirements. In particular, financial institutions are required to develop and implement administrative, technical, and physical safeguards reasonably designed to protect the security, confidentiality, and integrity of BOI. Financial institutions are also required to obtain and document customer consent to access their customers’ BOI, as well as maintain a record of such consent for five years after it was last relied upon, which may require updates to existing policies and procedures. Financial institutions are also required to comply with certain geographic restrictions and notify FinCEN if they receive an information demand from a foreign government. The BOI Access Rule also requires those that access BOI through the BO IT system to provide a certification for each BOI request, in the form and manner prescribed by FinCEN. FinCEN intends to provide additional details regarding the form and manner of BOI requests through specific instructions and guidance.
FinCEN considered the comments it received in response to the notice of proposed rulemaking on beneficial ownership information access and safeguards.17 In response to the comments on proposed 31 CFR 1010.955(d)(2)(iv), which would have required a financial institution to “make a written certification to FinCEN” for each BOI request certifying certain facts about the BOI request, FinCEN revised the proposed BOI Access Rule to require that financial institutions provide a certification to FinCEN “in such form and manner as FinCEN shall prescribe.” Furthermore, in response to comments, FinCEN revised the proposed BOI Access Rule to allow the agency to take a flexible approach towards implementation of the certification requirement, which will allow it to take into account a range of considerations, such as technological feasibility. Accordingly, in the BOI Request PRA Notice, FinCEN proposed to prescribe a certification mechanism whereby a financial institution will be able to make the certification via a simple checkbox when requesting BOI via the BO IT system, which seeks to minimize the burden related to the certification requirement for BOI requests.
Additionally, FinCEN amended proposed 1010.955(d)(2)(iv) to require a financial institution to certify that it has obtained and “documented” a reporting company’s consent to request the reporting company’s BOI from FinCEN. The revised approach eliminates the requirement for the financial institution to obtain “written” consent from the reporting company, requiring only that consent be “documented.”18
FinCEN also aims to minimize the burden on small financial institutions by providing the ability for financial institutions to submit search requests through an automated process, lessening costs associated with manual searches by financial institutions. FinCEN expects that financial institutions will use Application Programming Interfaces (APIs) to access BOI, and that the BO IT system will accommodate the use of APIs for this purpose (including the submission of required certifications).
FinCEN also aims to minimize the burden on small entities by providing clear guidance on how to comply with the BOI Access Rule. For instance, FinCEN has published a Small Entity Compliance Guide to help small entities comply with the BOI Access Rule.19
6. Consequences to the Federal government of not collecting the information.
The BOI Access Rule implements the strict protocols required by the CTA to protect sensitive personally identifiable information reported to FinCEN and to establish the circumstances in which authorized recipients have access to BOI, as well as data protection protocols and oversight mechanisms applicable to each recipient category. The BOI Access Rule also provides a robust framework to ensure that BOI reported to FinCEN, and received by authorized recipients, is subject to strict cybersecurity controls, confidentiality protections and restrictions, and robust audit and oversight measures.
The collection of information from authorized users is necessary to adequately protect BOI from unauthorized disclosure, as well as to ensure that authorized recipients use that BOI only for purposes permitted by the CTA. Therefore, not collecting this information would be contrary to the statutory requirements of the CTA to establish appropriate protocols and protect sensitive personally identifiable information.
7. Special circumstances requiring data collection inconsistent with guidelines.
There are no special circumstances under which the BOI Access Rule will require data collection inconsistent with guidelines.
8. Consultation with individuals outside of the agency on availability of data, frequency of collection, clarity of instructions and forms, and data elements.
FinCEN received 25 comments on the BOI Request PRA Notice from financial institutions, financial services industry groups, businesses, individuals, and anonymous commenters. Of these 25 comments, six comment letters addressed the certification requirement for BOI requests, and FinCEN’s burden estimate in connection with BOI requests in the BOI Access Rule’s regulatory impact analysis (RIA). All six of these comment letters pertain to financial institutions. The remaining 19 comment letters addressed issues that fell outside the scope of the BOI Request PRA Notice. These comments addressed aspects of CTA rulemakings more generally and did not address the subject matter of this PRA Notice.
A. BOI Request Requirements
Six comment letters addressed several aspects of the BOI request requirements, including the: (1) certification mechanism; (2) data fields; (3) instructions and guidance; and (4) use of APIs to access BOI.
Certification mechanism
One commenter stated that the form of such certifications should be comparable to what is required when a financial institution accesses 314(a) information from FinCEN. The commenter explained that a person accessing FinCEN’s 314(a) system information is provided with notice of the required certifications at login and agrees that access to the FinCEN system constitutes agreement to the required certifications. Two commenters stated that certifying each time a request for BOI is made to FinCEN may be onerous. One of these commenters supports a simplified mechanism such as a simple checkbox (or click, if electronic) exercise as referenced in the BOI Access Rule. The other commenter requested that FinCEN consider requiring the written certification by the financial institution only once upon creating the initial account with FinCEN to access the BO IT system.
FinCEN appreciates the suggestion for the certification to be comparable to certifications provided when accessing 314(a) requests. Since the certification requirement for BOI requests pertains to whether a financial institution has obtained customer consent, the request for the particular customer’s information must first be entered and attributed to the certification before a financial institution can certify. Therefore, this suggestion would not align with the intended purpose of the certification requirement, which is for a financial institution to certify that it has obtained and documented the consent of the particular customer that is the subject of the BOI request. FinCEN understands that providing a certification each time a request for BOI is made to FinCEN may be burdensome; however, this is necessary to ensure that the appropriate safeguards are in place to protect BOI held in the BO IT system, in particular to confirm that the financial institution has obtained consent from the customer to obtain the specific BOI from FinCEN. Further, FinCEN has designed the certification to be as simple as possible by allowing the use of a checkbox to provide the certification.
2. Data fields
One commenter recommended that the certification form include only a single identifier rather than multiple fields, stating that it would be most efficient from a financial institution perspective. The commenter explained that Employer Identification Numbers (EINs) or foreign company identifiers are specific and unique datapoints for many reporting companies searchable in the BOI database. The commenter also explained that, for single members limited liability company (LLCs), social security numbers (SSNs) and individual taxpayer identification numbers (ITINs) may be appropriate data points. Lastly, the commenter stated that to the extent available, FinCEN identifiers could be used to perform efficient BOI searches as well, especially if every reporting company were to be issued a FinCEN identifier automatically when filing its BOI report.
FinCEN understands that providing a single identifier rather than multiple fields may be less burdensome for financial institutions making a BOI request to FinCEN. However, FinCEN considers that the two additional data points of the reporting company’s legal name and the reporting company’s tax identification number type are desirable to ensure the BOI request generates a BOI report for the appropriate reporting company. The additional data points would identify any inaccuracy in the identifier number provided if the number did not align with the name of the reporting company. Lastly, a reporting company providing its FinCEN identifier to a financial institution is not a permitted use of a FinCEN identifier pursuant to the BOI Reporting Rule. Regardless, since reporting companies are not required to obtain FinCEN identifiers, not all reporting companies will request them; therefore, this would not be a consistent data point for BOI requests even if such use of a FinCEN identifier were permitted.
3. Instructions and guidance
One commenter urged FinCEN to release instructions and guidance as soon as possible, explaining that although credit unions and other financial institutions will not have access to the database until later this year, it is important that they have detailed information on the process now in order to make any necessary system updates and train staff.
FinCEN expects that financial institutions will not receive access to the BO IT system until Spring 2025. However, FinCEN is currently developing additional tools to assist authorized users that submit BOI requests. While FinCEN has also published frequently asked question (FAQs) and a Small Entity Compliance Guide20 to provide guidance and help small entities comply with the BOI Access Rule, FinCEN will take this comment under consideration as a possible subject for additional future guidance.
4. Application Programming Interface (API) capabilities
One commenter stated that it is unclear the degree to which allowance of API capabilities will permit or encourage development in this space for a fintech or core processor to build systems to link to the database in order to pull in BOI, similar to how credit reports and certain Office of Foreign Assets Control checks are handled. This commenter requested FinCEN to be mindful of this in connection with the BOI database, as well as the upcoming revisions to the 2016 CDD Rule. FinCEN appreciates this advice and is taking such technological possibilities into account in light of the relevant resource, technology, and security considerations.
B. Burden
Four comment letters addressed the estimated annual burden hours. Two of these commenters stated that the estimate of annual burden hours is low. These commenters explained that they anticipate the certification submission (Section 12, Table 1, Action G, below) will be performed by a limited number of employees separate from those employees obtaining and documenting consent from reporting companies (Section 12, Table 1, Action F, below). One of these commenters stated that the annual burden hours estimate should be 1 hour per customer for each financial institution. Two commenters encouraged FinCEN to reissue this BOI Request PRA Notice once it becomes possible to provide what they consider to be a more reasonable burden estimate. One of those commenters stated that the estimated annual burden appears reasonable; however, they expect the annual burden hour estimate to change in the future when revisited by FinCEN under the PRA. The other commenter explained that it is premature to develop estimates of cost relating to collecting information associated with BOI requests because the estimate of burden will depend heavily on: (i) exactly how BOI requests will be submitted to FinCEN; (ii) how many BOI requests a financial institution will be able to make at one time; and (iii) several other factors including the requirements as might be set out in the upcoming revisions to the 2016 CDD Rule. Another commenter stated that in the absence of any prescribed or suggested guidance on “form and manner” it is difficult to accurately estimate the time needed for a community bank to make certifications.
Although two commenters stated that the estimated annual burden is low, the commenters did not provide an alternative burden estimate. One commenter stated that the annual burden hours estimate should be 1 hour per customer for each financial institution, but did not provide an estimated number of hours per entity or estimated total annual burden.
As explained in the regulatory impact analysis (RIA) of the BOI Access Rule, FinCEN estimates that submitting a request to FinCEN for BOI will take one employee approximately 15 minutes, or 0.25 hours, per request. This estimate is based in part on the form and manner for which BOI requests would be submitted, which is performed by populating three or four data fields and providing certification via checkbox. This estimate is also based on FinCEN’s experience with submitting requests for BSA data in the FinCEN Query system, a web-based application that provides access to BSA reports maintained by FinCEN.
As noted by commenters and acknowledged by FinCEN, the BOI Access Rule relates to access to newly required information that is not yet available; thus, the estimates are based on several assumptions where FinCEN lacks certain direct supporting data.21 FinCEN agrees with commenters to the BOI Request PRA Notice that note the burden estimates will need to be revisited in the future, in accordance with the PRA. In particular, FinCEN acknowledges the commenter’s point that the burden estimate will depend on the extent to which customer BOI in the database will be sought by financial institutions, how access to BOI via API may be utilized, and the extent to which multiple financial institutions’ requests for BOI may be processed at once. FinCEN will continue to evaluate the burden and impact of the BOI Access Rule throughout its implementation.
9. Payments and gifts.
No payments or gifts were made to respondents.
10. Assurance of confidentiality of responses.
FinCEN will maintain the confidentiality of responses, including information associated with BOI requests, consistent with its obligations under the Privacy Act of 1974 (5 U.S.C. 552a), as amended, and 31 CFR 1.36.
11. Justification of sensitive questions.
There are no questions of a sensitive nature in the collection of information.
12. Estimated annual hourly burden.
As explained in Section 1 and consistent with PRA requirements, this supporting statement only considers burdens incurred by “persons” deemed to be members of the public—a category that does not include Federal agencies or foreign national governments, although both will be eligible to request BOI from FinCEN under certain circumstances. Therefore, this supporting statement analyzes the estimated annual hourly burden associated with three categories of persons: (1) State, local, and Tribal agencies; (2) financial institutions with customer due diligence obligations under applicable law, as defined in the BOI Access Rule; and (3) SROs.
FinCEN estimates that during year 122 the annual hourly burden will be 8,743,781 hours.23 In year 224 and onward, FinCEN estimates that the annual hourly burden will be 3,616,964 hours. The annual estimated burden hours for State, local, and Tribal entities as well as SROs is 2,268,789 hours in the first year, and 1,699,612 hours in year 2 and onward. As shown in Table 1 below, the hourly burden in year 1 for State, local, and Tribal entities and SROs includes the hourly burden associated with the following requirements: entering into an agreement with FinCEN and establish standards and procedures (Action B); establishing a secure system to store BOI (Action D); establishing and maintaining an auditable system of standardized records for requests (Action E); submitting written certification for each request that it meets certain requirements (Action G);25 restricting access to appropriate persons within the entity (Action H); conducting an annual audit and cooperate with FinCEN’s annual audit (Action I); obtaining certification of standards and procedures, initially and then semi-annually, by the head of the entity (Action J); and providing annual reports on procedures (Action K). The hourly burden in year 2 and onward for State, local, and Tribal entities and SROs is associated with the same requirements as year 1, with the exception of Action B because FinCEN expects this action will result in costs for these entities in year 1 only.
The annual estimated hourly burden for financial institutions is 6,474,992 hours in the first year and 1,917,352 hours in year 2 and onward. The hourly burden for financial institutions in year 1 is associated with the following: developing and implementing administrative and physical safeguards (Action A); developing and implementing technical safeguards (Action C); obtaining and documenting customer consent (Action F); submitting certification for each request that it meets certain requirements (Action G); undergoing training (Action H); complying with certain geographic restrictions (Action L); and notifying FinCEN if they receive an information demand from a foreign government (Action M). The hourly burden in year 2 and onward for financial institutions is associated only with the requirements for Actions F, G, and H because FinCEN expects the other actions will result in costs for these entities in year 1 only.
Annual estimated burden declines in year 2 and onward because State, local, and Tribal agencies, SROs, and financial institutions no longer need to complete Actions A and B, and have a lower hourly burden for Actions E and F. State, local, and Tribal agencies have a lower hourly burden for Action G. Table 1 below lists the type of entity, the number of entities, the hours per entity, and the total hourly burden by action. For Actions A, B, C, D, E, F, I, J, K, L, and M the hours per entity are the maximum of the range estimated in the cost analysis of the RIA. For Action G and H, the hours per entity calculations are specified in footnotes to Table 1. Total annual hourly burden is calculated by multiplying the number of entities by the hours per entity for each action. In each subsequent year after initial implementation, FinCEN estimates that the total hourly annual burden is 3,616,964. This results in a 5-year average burden estimate of approximately 4,642,327 hours.26
Table 1 — Annual Hourly Burden Associated with Requirements
Action |
Type of Entity |
Number of Entities |
Hours per Entity |
Total Annual Hourly Burden |
|
Financial institutions |
15,716 |
240 in Year 1; 0 in Years 2+ |
3,771,840 in Year 1; 0 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
300 in Year 1; 0 in Years 2+ |
65,400 in Year 1; 0 in Years 2+ |
|
Financial institutions |
15,716 |
0 in Year 1; 0 in Years 2+ |
0 in Year 1; 0 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
300 in Year 1; 4 in Years 2+ |
65,400 in Year 1; 872 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
200 in Year 1; 20 in Years 2+ |
43,600 in Year 1; 4,360 in Years 2+ |
|
Financial institutions |
15,716 |
70 in Year 1; 20 in Years 2+ |
1,100,120 in Year 1; 314,320 in Years 2+ |
|
Financial institutions |
15,716 |
94 in Year 1; 94 in Years 2+ |
1,474,161 in Year 1; 1,474,161 in Years 2+ |
|
State, local, and Tribal law enforcement |
158 |
12,975 in Year 1; 10,443 in Years 2+ |
2,050,003 in Year 1; 1,649,994 in Years 2+ |
|
State regulatory agencies and SROs |
60 |
125 in Year 1; 125 in Years 2+ |
7,500 in Year 1; 7,500 in Years 2+ |
|
Financial institutions |
15,716 |
8 in Year 1; 8 in Years 2+ |
128,871 in Year 1; 128,871 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
9 in Year 1, 9 in Years 2+ |
2,006 in Year 1; 2,006 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
160 in Year 1; 160 in Years 2+ |
34,880 in Year 1; 34,880 in Years 2+ |
|
State, local, and Tribal agencies and SROs |
218 |
Included in I. |
Included in I. |
|
State, local, and Tribal agencies and SROs |
218 |
Included in I. |
Included in I. |
|
Financial institutions |
15,716 |
0 in Year 1; 0 in Years 2+ |
0 in Year 1; 0 in Years 2+ |
|
Financial institutions |
15,716 |
0 in Year 1; 0 in Years 2+ |
0 in Year 1; 0 in Years 2+ |
Total Annual Hourly Burden |
8,743,781 in Year 1; 3,616,964 in Years 2+ (Average of 5,325,903 hours across first 3 years) |
|||
1 For all types of entities, the hours per entity for Action G is the per entity share of the aggregate burden estimated in the RIA. 2 For financial institutions, the hours per entity for Action H equals the weighted average of the large and small financial institutions’ maximum burden estimated in the RIA. 3 For State, local, and Tribal agencies and SROs, the hours per entity for Action H equals the per entity share of the aggregate burden. |
13. Estimated annual cost to respondents for hour burdens.
FinCEN calculated the fully loaded hourly wage for each type of affected entity type.27 Using these estimated wages, the total cost of the annual burden in year 1 is $868,200,270. In year 2 and onward, FinCEN estimates that the total cost of the annual burden is $339,309,502, owing to Actions A and B only imposing burdens in year 1, Actions D and E having lower annual per entity burdens, and Action G having lower burden per request for State, local, and Tribal law enforcement agencies. The annual estimated cost for State, local, and Tribal agencies and SROs is $181,851,118 in the first year and $136,070,190 in year 2 and onward. The annual estimated cost for financial institutions is $686,349,152 in the first year and $203,239,312 in year 2 and onward. The 5-year average annual cost estimate is $445,087,656.28
Table 2 — Annual Cost Associated with Requirements
Action |
Type of Entity |
Hourly Wage |
Total Annual Hourly Burden |
Total Annual Cost |
|
Financial institutions |
$106 |
3,771,840 in Year 1; 0 in Years 2+
|
$399,815,040 in Year 1; $0 in Years 2+ |
|
State, local, and Tribal agencies |
$80 |
65,400 in Year 1; 0 in Years 2+
|
$5,232,000 in Year 1; $0 in Years 2+
|
|
Financial institutions |
$106 |
0 in Year 1; 0 in Years 2+ |
$0 in Year 1; $0 in Years 2+ |
|
State, local, and Tribal agencies |
$80 |
65,400 in Year 1; 872 in Years 2+
|
$5,232,000 in Year 1; $69,760 in Years 2+
|
|
State, local, and Tribal agencies |
$80 |
43,600 in Year 1; 4,360 in Years 2+
|
$3,488,000 in Year 1; $348,800 in Years 2+
|
|
Financial institutions |
$106 |
1,100,120 in Year 1; 314,320 in Years 2+
|
$116,612,720 in Year 1; $33,317,920 in Years 2+
|
|
Financial institutions |
$106 |
1,474,161 in Year 1; 1,474,161 in Years 2+ |
$156,261,066 in Year 1; $156,261,066 in Years 2+ |
|
State, local, and Tribal law enforcement |
$80 |
2,050,003 in Year 1; 1,649,994 in Years 2+
|
$164,000,240 in Year 1; $131,999,520 in Years 2+
|
|
State regulatory agencies |
$80 |
7,500 in Year 1; 7,500 in Years 2+ |
$600,000 in Year 1; $600,000 in Years 2+ |
|
Financial institutions |
$106 |
128,871 in Year 1; 128,871 in Years 2+
|
$13,660,326 in Year 1; $13,660,326 in Years 2+
|
|
State, local, and Tribal agencies |
$80 |
2,006 in Year 1; 2,006 in Years 2+ |
$160,480 in Year 1; $160,480 in Years 2+ |
|
State, local, and Tribal agencies |
$80 |
34,880 in Year 1; 34,880 in Years 2+
|
$2,790,400 in Year 1; $2,790,400 in Years 2+
|
|
State, local, and Tribal agencies |
$80 |
Included in I. |
Included in I. |
|
State, local, and Tribal agencies |
$80 |
Included in I. |
Included in I. |
|
Financial institutions |
$106 |
0 in Year 1; 0 in Years 2+ |
$0 in Year 1; $0 in Years 2+ |
|
Financial institutions |
$106 |
0 in Year 1; 0 in Years 2+ |
$0 in Year 1; $0 in Years 2+ |
Actions B, D, E, G, H, I-K |
SROs |
$106 |
3,283 in Year 1; 955 in Years 2+ |
$347,998 in Year 1; $101,230 in Years 2+ |
Total Annual Cost |
$868,200,270 in Year 1; $339,309,502 in Years 2+ (Average of $515,606,425 across first 3 years) |
14. Estimated annual cost to the Federal government.
The Federal government will have costs under the BOI Access Rule because Federal government agencies may be authorized recipients of BOI. Federal government agencies will also incur costs associated with coordinating and submitting requests for BOI on behalf of foreign requesters. Additionally, FinCEN itself will have costs associated with administering access to BOI. FinCEN estimates that the maximum overall cost to the Federal government is $91,377,200 in year 1. This is the total of $78,377,200 the maximum aggregate cost estimate for Federal agencies of meeting the BOI Access Rule’s requirements to access BOI29and the estimated $13 million in FinCEN administration costs. In year 2 and onward, this estimated cost is $73,707,680. This is the total of $60,707,680—the maximum cost estimate for Federal agencies’ meeting the BOI Access Rule’s requirements to access BOI30 and the estimated $13 million in FinCEN administration costs. The 5-year average annual cost estimate is $77,241,584.31
15. Reason for change in burden.
There is no change in the burden estimate from the estimate provided in the BOI Access Rule.
16. Plans for tabulation, statistical analysis, and publication.
The information will not be tabulated or compiled for publication.
17. Request not to display expiration date of OMB control number.
FinCEN requests that it not be required to display the expiration date so that the regulations will not have to be amended for the new expiration date every three years.
18. Exceptions to the certification statement.
There are no exceptions to the certification statement.
1 FinCEN, Beneficial Ownership Information Access and Safeguards, 88 FR 88732 (Dec. 22, 2023), available at https://www.federalregister.gov/documents/2023/12/22/2023-27973/beneficial-ownership-information-access-and-safeguards.
2 FinCEN, Agency Information Collection Activities; Proposed Collection; Comment Request; Beneficial Ownership Information Requests, 89 FR 5995 (Jan. 30, 2024), available at https://www.federalregister.gov/documents/2024/01/30/2024-01828/agency-information-collection-activities-proposed-collection-comment-request-beneficial-ownership.
3 The CTA is Title LXIV of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283 (Jan. 1, 2021) (NDAA). Division F of the NDAA is the Anti-Money Laundering Act of 2020 (the AML Act), which includes the CTA.
4 Section 358 of the USA PATRIOT Act expanded the purpose of the BSA by including a reference to reports and records “that have a high degree of usefulness in intelligence or counterintelligence activities to protect against international terrorism.” See 12 U.S.C. 1829b(a). Section 6101 of the AML Act further expanded the purpose of the BSA to cover such matters as preventing money laundering, tracking illicit funds, assessing risk, and establishing appropriate frameworks for information sharing. See 31 U.S.C. 5311.
5 Treasury Order 180-01 (Jan. 14, 2020).
6 The CTA requires certain legal entities, referred to as “reporting companies” to report BOI to FinCEN pursuant to 31 U.S.C. 5336(b).
7 31 CFR 1010.380; see FinCEN, Beneficial Ownership Information Reporting Requirements, 87 FR 59498 (Sept. 30, 2022), available at https://www.federalregister.gov/documents/2022/09/30/2022-21020/beneficial-ownership-information-reporting-requirements.
8 See 31 U.S.C. 5336(c)(2).
9 See 31 U.S.C. 5336(c)(5).
10 See 31 U.S.C. 5336(c)(3).
11 FinCEN, Agency Information Collection Activities; Proposed Collection; Comment Request; Beneficial Ownership Information Requests, 89 FR 5995 (Jan. 30, 2024), available at https://www.federalregister.gov/documents/2024/01/30/2024-01828/agency-information-collection-activities-proposed-collection-comment-request-beneficial-ownership.
12 See 5 CFR 1320.3(k), defining “person” as “an individual, partnership, association, corporation (including operations of government-owned contractor-operated facilities), business trust, or legal representative, an organized group of individuals, a State, territorial, tribal, or local government or branch thereof, or a political subdivision of a State, territory, tribal, or local government or a branch of a political subdivision.”
13 FinCEN, Agency Information Collection Activities; Proposed Collection; Comment Request; Beneficial Ownership Information Requests, 89 FR 5995 (Jan. 30, 2024), available at https://www.federalregister.gov/documents/2024/01/30/2024-01828/agency-information-collection-activities-proposed-collection-comment-request-beneficial-ownership.
14 SROs cannot directly access the BO IT system or submit BOI requests to FinCEN under the BOI Access Rule. Financial institutions and Federal functional regulators, however, may redisclose BOI they receive from FinCEN to SROs under certain conditions, thereby giving SROs derivate access to BOI. 31 CFR 1010.955(c)(2)(iii), (iv). In particular, to receive BOI via such redisclosure, an SRO must be authorized by law to assess, supervise, enforce, or otherwise determine the compliance of financial institutions with customer due diligence requirements under applicable law; use the BOI received solely for the purpose of conducting such assessment, supervision, or authorized investigation or activity; and enter into an agreement with FinCEN providing for appropriate protocols governing the safekeeping of the BOI. Id.; id. at 1010.955(b)(4)(ii).
15 See FinCEN, Beneficial Ownership Information Reporting Requirements, 87 FR 59498 (Sept. 30, 2022), available at https://www.federalregister.gov/documents/2022/09/30/2022-21020/beneficial-ownership-information-reporting-requirements.
16 FinCEN anticipates considering whether to require financial institutions to access BOI reported to FinCEN in the future, potentially as part of its revisions to FinCEN’s 2016 Customer Due Diligence Rule. FinCEN, Customer Due Diligence Requirements for Financial Institutions, 81 FR 29,398-29,402 (May 11, 2016), codified in relevant part at 31 CFR 1010.230. (“2016 CDD Rule”).
17 FinCEN, Notice of Proposed Rulemaking, Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities, 87 FR 77404 (Dec. 16, 2022), available at https://www.federalregister.gov/documents/2022/12/16/2022-27031/beneficial-ownership-information-access-and-safeguards-and-use-of-fincen-identifiers-for-entities.
18 In the BOI Access Rule, financial institutions requesting BOI must certify the financial institution (1) is requesting the information to facilitate its compliance with customer due diligence requirements under applicable law; (2) has obtained and documented the consent of the reporting company to request the information from FinCEN; and (3) has fulfilled all other requirements of 31 CFR 1010.955(d)(2).
19 FinCEN, Small Entity Compliance Guide for Beneficial Ownership Information Access and Safeguards Requirements (Feb. 2024), available at https://www.fincen.gov/sites/default/files/shared/BOI_Access_and_Safeguards_SECG_508C.pdf.
20 See FinCEN, Small Entity Compliance Guide for Beneficial Ownership Information Access and Safeguards Requirements (Feb. 2024), available at https://www.fincen.gov/sites/default/files/shared/BOI_Access_and_Safeguards_SECG_508C.pdf.
21 Id. at 88782.
22 As discussed in the BOI Access Rule’s RIA, Year 1 in the analysis is the first year in which all potentially affected parties access a database that includes BOI reports from reporting companies that are in existence as of the BOI Reporting Rule’s effective date.
23 The full burden and cost associated with the BOI Access Rule is assessed in the BOI Access Rule’s RIA. The cost analysis in the BOI Access Rule’s RIA estimates a potential range of burden for some activities. For purposes of this supporting statement, the analysis assumes the maximum estimate of such ranges.
24 Subsequent years (sometimes referred to as “Years 2+”) in this analysis are the years after the first year in which all potentially affected parties access a database that includes BOI reports from reporting companies that are in existence as of the BOI Reporting Rule’s effective date.
25 As noted previously, SROs will not have direct access to the BO IT system, but may receive BOI through redisclosure. Accordingly, SROs may not need to meet every requirement that they are described as meeting in Tables 1 and 2 to receive BOI. However, except where noted in those tables, FinCEN has generally assessed similar costs for SROs as for State, local, and Tribal agencies for analytical purposes. This analysis thus may overestimate the burden on SROs, but FinCEN lacks reliable data from which to formulate SRO-specific estimates for receiving BOI.
26 The 5-year average equals the sum of (Year 1 burden hours of 8,743,781 + Year 2 burden hours of 3,616,964 + Year 3 burden hours of 3,616,964 + Year 4 burden hours of 3,616,964 + Year 5 burden hours of 3,616,964) divided by 5.
27 See Table 3 in the BOI Access Rule for details on the fully loaded hourly wages.
28 The 5-year average equals the sum of (Year 1 costs of $868,200,270 + Year 2 costs of $339,309,502 + Year 3 costs of $339,309,502 + Year 4 costs of $339,309,502 + Year 5 costs of $339,309,502) divided by 5.
29 The maximum aggregate cost estimate for Federal agencies that access BOI directly to meet the BOI Access Rule’s requirements is $78,179,200 in year 1. Additionally, Federal agencies may incur costs from submitting and coordinating BOI requests on behalf of foreign partners, with an estimated maximum aggregate cost of $198,000. These amounts total $78,377,200.
30 The maximum aggregate cost estimate for Federal agencies that access BOI directly to meet the BOI Access Rule’s requirements is $60,509,680 in year 2 and onward. Additionally, Federal agencies may incur costs from submitting and coordinating BOI requests on behalf of foreign partners, with an estimated maximum aggregate cost of $198,000. These amounts total $60,707,680.
31 The 5-year average equals the sum of (Year 1 costs of $91,377,200 + Year 2 costs of $73,707,680 + Year 3 costs of $73,707,680 + Year 4 costs of $73,707,680 + Year 5 costs of $73,707,680) divided by 5.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Jerome, Molly |
File Modified | 0000-00-00 |
File Created | 2024-07-26 |