What is the Corporate Transparency Act?

The full answer

The Corporate Transparency Act (CTA), codified at 31 U.S.C. § 5336, is the first U.S. federal law requiring most private companies to affirmatively disclose who owns and controls them. Congress passed it as part of the National Defense Authorization Act for Fiscal Year 2021. For decades, the United States had no central beneficial ownership registry for the millions of LLCs and corporations formed under state law, a gap that made the U.S. financial system attractive for shell company abuse.

FinCEN's implementing rule took effect January 1, 2024. Most U.S. entities, including LLCs, corporations, and limited partnerships, must file a Beneficial Ownership Information (BOI) report identifying:

• Each individual who owns or controls at least 25% of the company's ownership interests, or who exercises substantial control over it
• Full legal name, date of birth, current residential address, and a copy of an acceptable government-issued ID for each beneficial owner
• For companies formed on or after January 1, 2024: the same information for the "company applicant," the person who filed the formation documents

"Substantial control" goes beyond equity percentages. Senior officers, individuals with authority to appoint or remove directors, and people who direct major decisions all qualify, even without an ownership stake. For how this plays out across complex holding structures, see What is a beneficial owner?

The 23 exemptions

Most large and regulated entities are exempt. Banks, credit unions, SEC-reporting companies, insurance companies, and money services businesses registered with FinCEN don't have to file. The large operating company exemption applies to entities with 20 or more full-time U.S. employees, over $5 million in annual U.S. gross receipts, and a physical U.S. office.

The exemptions are narrower than they look. A holding company that owns an exempt operating subsidiary isn't necessarily exempt itself. Private equity portfolio companies, family office vehicles, and real estate LLCs often fall within the CTA's scope despite their owners' assumptions.

The enforcement disruption

The original deadline for companies existing before January 1, 2024 was January 1, 2025. A federal district court in the Eastern District of Texas issued a nationwide preliminary injunction in December 2024 (Texas Top Cop Shop, Inc. v. Garland), blocking enforcement. The Fifth Circuit's handling of the subsequent appeal shifted multiple times. By March 2025, the Treasury Department had announced a suspension of enforcement against U.S. citizens and domestic reporting companies, pending a new rulemaking to narrow the CTA's scope. Foreign entities with U.S. reporting obligations were not included.

Statutory penalties remain on the books: civil fines of up to $500 per day and criminal penalties of up to $10,000 and two years' imprisonment for willful violations. The enforcement pause doesn't eliminate the statutory obligation.

FinCEN's BOI reporting page at fincen.gov/boi tracks current guidance and any deadline changes.

Why this matters

For bank compliance teams, the CTA creates three direct operational effects.

Customer risk signals. Your legal entity customers are now either in compliance with the CTA or they aren't. A small LLC that was formed before 2024 and hasn't filed its required BOI report is telling you something: either they don't know the law, or they've decided not to follow it. Both matter. Factor that into your customer risk rating refresh cycle and into decisions about whether to apply standard CDD or enhanced due diligence.

The FinCEN database. FinCEN's final rule, published at 87 FR 59498, includes an access framework for banks verifying customer identity. When that access is fully available, compliance teams will be able to cross-check customer-supplied ownership data against the federal registry. We've seen banks spend significant analyst time chasing corporate ownership documents for mid-tier clients. A government-maintained registry the customer is legally obligated to keep current changes that calculus. The access framework is still limited to law enforcement and specific government users as of mid-2025; check fincen.gov/boi for updates on authorized access for financial institutions.

Examiner attention. The CTA raised the profile of beneficial ownership across the regulatory community. Examiners know the law exists, and they're looking at whether your CDD program captures ownership accurately for complex structures. If your institution has gaps in legal entity coverage, address them before they surface during an examination. For what typically triggers an examination visit, see What triggers a regulatory exam?

Don't let the enforcement pause breed complacency. The statute is still in effect. If FinCEN defines suspicious activity partly by reference to what a customer should have done and didn't, a customer operating through a non-compliant entity structure is a meaningful signal for your SAR analysis. The enforcement pause affects their CTA filing obligation, not your monitoring obligations.

For the connection between continuous ownership monitoring and modern KYC programs, see What is perpetual KYC? and Can AI be used for AML transaction monitoring?

Related questions

• What is a beneficial owner?
• What is the difference between CDD and EDD?
• How often should customer risk ratings be refreshed?
• What triggers a regulatory exam?
• What happens when a bank fails an AML exam?

Related concepts and regulations

• How does FinCEN define suspicious activity?
• What is perpetual KYC?
• Can AI be used for AML transaction monitoring?
• What is the penalty for a missed CTR?