The CTA was passed into law January 1, 2021, by the U.S. Congress. A component of the National Defense Authorization Act for Fiscal Year 2021, the CTA is intended to combat the use of ‘shell’ companies in the commission of money laundering, terrorist financing, financial and tax fraud and other domestic and international illicit activity and corrupt practices, as well as to protect U.S. national security. But in its wake many businesses in the U.S., including small and medium-sized franchisors and franchisees, will be required to report personal direct and indirect beneficial ownership and control information to the Financial Crimes Enforcement Network of the U.S. Department of Treasury, also referred to as FinCEN. This personal identifying information (PII) includes name, date of birth, physical home address and photograph. It is estimated that over 32 million now-existing businesses will be required to report in year one.
Beginning January 1, 2024, PII must be reported for persons owning, directly or indirectly, 25% or more of the business or who have ‘substantial control’ over the business. Franchisors and franchisees will need to compile, maintain and update their reported PII constantly to meet the CTA’s compliance requirements. All newly formed business entities beginning January 1, 2024, will be required to file their initial CTA report within 30 calendar days of formation. Reporting company businesses in existence before January 1, 2024, will have one year to make their original CTA report filing, along with any subsequent amendment filings that would have been required had the report been filed on January 1, 2024. Once the initial report is filed, this information must be updated within 30 days of any subsequent event that makes the previously reported information inaccurate.
Some categories of business entities are exempted from CTA compliance. These generally include regulated business entities, such as publicly traded companies, insurance businesses, banking businesses, 501(c) registered non-profit entities, and quasi-governmental organizations. In addition to the other exempt categories, a catch-all exemption is available for any business entity that meets all three of the following thresholds: (1) having a physical street address in the U.S., (2) having 21 or more full-time employees, and (3) generating more than $5 million in annual gross receipts as reported on last year’s federal tax return. Missing any of these thresholds will render a business ineligible for this exemption.
For non-compliance there are fines ($500 per day up to $10,000) per incident and possible jail time (up to two years). Those who fail to file their initial report will also be subject to fines for failing to file what should have been subsequent filings – causing fines to constantly increase. Also, the IRS recently announced increased enforcement, utilizing new data analytics technology to identify audit targets. FinCEN’s database will be a key component to such data analytics technology.
Information in FinCEN’s Beneficial Ownership Secure System will be accessible to law enforcement at the federal, state and local levels. Financial institutions may also have access upon their customer’s consent. However, the information reported under the CTA is confidential and may not be disclosed by an officer or employee of the United States, an officer or employee of any state, local, or tribal agency or an officer or employee of any financial institution or regulatory agency receiving information that was collected under the CTA. These officials are subject to stiff sanctions for any instance of violation of the CTA’s access parameters. Also importantly, PII is not available to the general public, and is not accessible through Freedom of Information Act (FOIA) requests.
The CTA reporting obligations touch on the sensitive issue of personal anonymity historically enjoyed by U.S. beneficial owners. No investor or owner will be comfortable providing their personal identifying information into a governmental law enforcement database, and all that implicates for personal privacy, attribution of associations with business partners and types of investment, and data security, among other considerations.
Franchisors should prepare to comply immediately and ensure that their franchisees are aware of the requirements and how to comply.
Read the full article here