What is the Corporate Transparency Act?
Quick answer
The Corporate Transparency Act requires most US companies to disclose their beneficial owners to FinCEN. Any individual owning 25% or more of equity, or exercising substantial control, must be reported. Banks are exempt from filing but can access FinCEN's BOI database for customer due diligence. ---
What is the Corporate Transparency Act?
The Corporate Transparency Act requires most US companies to disclose their beneficial owners to a federal database maintained by FinCEN. Enacted January 1, 2021 as part of the Anti-Money Laundering Act of 2020 (Title LXIV of the National Defense Authorization Act for FY2021), it's the biggest reform to US corporate secrecy rules in decades.
The target was anonymous shell companies. Before the CTA, you could form an LLC in Delaware, Wyoming, or Nevada and no state agency asked who actually owned it. FATF's 2016 Mutual Evaluation of the United States flagged this directly, rating US beneficial ownership transparency as non-compliant. The US was one of the few FATF member jurisdictions where incorporating a company required less information than getting a library card.
Who must file, and what they must report
A "reporting company" is any domestic corporation, LLC, or similar entity created by filing with a secretary of state, plus any foreign entity registered to do business in a US state. There are 23 exempt categories. The relevant ones for financial institution compliance are banks, credit unions, broker-dealers, registered investment companies, and large operating companies (20+ full-time US employees, $5 million+ in US gross receipts, a physical US office).
Each report must include:
- Company legal name and trade names
- Current US business address
- State of formation and taxpayer identification number
- For each beneficial owner: full legal name, date of birth, residential address, and a copy of a government-issued ID
A beneficial owner is defined two ways: any individual owning or controlling 25% or more of the company's equity, or any individual exercising "substantial control." FinCEN's implementing regulations define substantial control broadly. It covers senior officers, individuals with authority to appoint or remove senior officers, and anyone with influence over major decisions including asset disposals, contract approvals, or compensation structures.
That "substantial control" prong is where attorneys spend most of their time. A 24.9% owner with veto rights over major decisions is still a beneficial owner under the substantial control definition.
Enforcement history and current status
FinCEN's BOI reporting rule took effect January 1, 2024. Companies formed before that date had until January 1, 2025. Companies formed after January 1, 2024 had 90 days to file.
The litigation came quickly. In December 2024, the Eastern District of Texas issued a nationwide preliminary injunction in Texas Top Cop Shop, Inc. v. Garland. The Fifth Circuit stayed it, then a different merits panel reinstated it. In January 2025, the Supreme Court stayed the nationwide injunction again. FinCEN extended filing deadlines repeatedly.
In March 2025, FinCEN issued an interim final rule removing domestic US entities from the reporting requirement. Foreign reporting companies still must file. The CTA statute itself hasn't changed; what changed is how Treasury chose to implement it.
For compliance teams, this creates a bifurcated picture: the database has records from companies that filed before the rule change, but it's no longer receiving new domestic filings. That limits its current utility as a cross-reference tool, but it doesn't eliminate it.
Why this matters for compliance teams
Banks are exempt from CTA filing. That doesn't make the CTA irrelevant.
The CDD Rule runs in parallel
FinCEN's Customer Due Diligence Rule (31 CFR 1020.220) has required banks to collect beneficial ownership information on legal entity customers since May 2018. It uses the same 25% threshold the CTA adopted. The March 2025 enforcement change didn't touch it.
Your KYC program still needs to capture beneficial ownership for every legal entity customer that doesn't otherwise qualify for an exemption. The difference is data destination: under the CDD Rule, it stays in your files. Under the CTA, it was also supposed to go to FinCEN.
Understanding the difference between CDD and EDD matters here. CDD establishes the baseline ownership picture at onboarding. EDD adds depth for higher-risk customers, which typically means verifying beneficial ownership through independent sources rather than relying solely on customer self-certification. The BOI database, where populated, is one such independent source.
BOI discrepancies as red flags
A discrepancy between what a customer self-certifies and what's in the FinCEN BOI record warrants documentation. It might be a simple filing error. It might be something else. Either way, it feeds into how often you refresh that customer's risk rating and, depending on the pattern, whether suspicious activity reaches a SAR threshold.
Perpetual KYC programs are built precisely for this kind of ongoing cross-referencing. Rather than waiting for a three-year periodic review cycle, they flag ownership changes in real time. If a beneficial owner changes and the customer doesn't notify the bank, the discrepancy shows up at the next BOI check.
Penalties for non-compliant reporting companies
For companies that were required to file, willful failure carries civil penalties of up to $591 per day (inflation-adjusted from the statutory $500) and criminal penalties of up to $10,000 and two years in prison. These apply to the company and to the individual responsible for the violation.
For banks, the exam implication is indirect: examiners reviewing KYC programs will look at whether the bank used available CTA data where relevant. A bank that had access to the BOI database, ignored a clear discrepancy, and failed to document its reasoning has a process gap. What happens when a bank fails an AML exam illustrates how that gap can become a formal finding.
What triggers a regulatory exam often includes exactly the kind of pattern the CTA was designed to surface: customers whose ownership structures change frequently, or where self-reported ownership doesn't match third-party records.
The bigger compliance picture
The CTA doesn't operate in isolation. It's part of a broader US AML reform package that also tightened real estate transaction reporting, expanded FinCEN's subpoena powers, and increased civil penalties across the BSA. The Anti-Money Laundering Act of 2020 that contained the CTA also established the AML/CFT national priorities that FinCEN now requires financial institutions to address in their program risk assessments.
Financial institutions whose customers include privately held companies, holding structures, or entities with nominee shareholders need to treat CTA data as one input among several, not a checkbox.
Related questions
- What is a beneficial owner? — the definition the CTA and the CDD Rule both rely on
- What is the difference between CDD and EDD? — how banks independently verify ownership regardless of CTA status
- What is perpetual KYC? — continuous monitoring that catches ownership changes between periodic reviews
- How often should customer risk ratings be refreshed? — how BOI data feeds refresh cadence decisions
- How does FinCEN define suspicious activity? — when a BOI discrepancy crosses the SAR threshold
Related concepts and regulations
- What triggers a regulatory exam? — how CTA-related KYC gaps become exam findings
- What happens when a bank fails an AML exam? — consequences of beneficial ownership process gaps
- Can AI be used for AML transaction monitoring? — AI tools that cross-reference BOI data against transaction patterns in real time
- What is the penalty for a missed CTR? — penalty framework context for BSA violations more broadly