About Us
Contact About Us Input Output ADA Compliance Statement Privacy Policy Satisfaction Guarantee Terms & Conditions
Solutions
Input Output Solutions WISP - Written Information Security Program
Blog Podcast
BOOK A CALL

BOI Changes Again: What Small Businesses Need to Know About The Corporate Transparency Act’s Legal Tug-of-War

cpm - compliance management fincen boi Jan 02, 2025
beneficial ownership information changes, woman frustrated, screaming

Small businesses in the United States are no strangers to compliance hurdles, but the Corporate Transparency Act (CTA) has thrown them into a particularly perplexing legal quagmire. Designed to curb illicit financial activity, the CTA requires the disclosure of Beneficial Ownership Information (BOI), a mandate enforced by the Financial Crimes Enforcement Network (FinCEN). As part of this requirement, businesses had to report beneficial ownership information by the approaching January 1 deadline to avoid potential penalties. However, ongoing legal challenges and a rollercoaster of court rulings have created uncertainty, leaving laundromats, corner stores, and other small enterprises grappling with what to do next.

This post delves into the CTA’s background, the legal battles surrounding it, and its implications for small businesses, providing a roadmap for navigating this rapidly changing compliance landscape.

 

The Corporate Transparency Act: An Overview of Beneficial Ownership Information Requirements

The CTA was enacted as part of the Anti-Money Laundering Act of 2020, aiming to bolster transparency in corporate ownership to combat financial crimes such as money laundering, tax evasion, and terrorism financing. Effective as of January 1, 2024, it requires certain U.S.-based corporations, LLCs, and similar entities to file BOI reports. These reports disclose the names, dates of birth, addresses, and identifying numbers of individuals who own or control 25% or more of a company.

FinCEN’s oversight ensures that law enforcement and national security agencies have access to this data to investigate illicit activities. Non-compliance carries stiff penalties, including fines up to $10,000 and imprisonment of up to two years.

While the CTA’s goals are laudable, its execution has been far from smooth.

 

Who is a Beneficial Owner?

beneficial owner document, desk, document

A beneficial owner is an individual who has direct or indirect ownership or control of a company. This includes individuals who own or control at least 25% of the company’s outstanding shares, as well as those who have the power to direct or influence the company’s decision-making processes. Beneficial owners may also include individuals who have a significant interest in the company, such as a senior officer or a person with a substantial interest in a parent or subsidiary company.

 

What Companies are Required to Report?

The Corporate Transparency Act (CTA) requires most existing U.S. businesses and foreign businesses that have registered to do business in the U.S. to disclose beneficial ownership information. This includes corporations, limited liability companies, and other business entities that are required to file articles of incorporation or the equivalent with the state in which they are registered to do business. However, there are 23 types of exempt entities, including banks, credit unions, insurance companies, government agencies, and publicly traded companies.

 

Reporting Requirements

Reporting companies are required to provide basic information for themselves and all beneficial owners. This includes the company’s legal name, trade names, address, jurisdiction of registration, and taxpayer identification number. For beneficial owners, the required information includes their name, date of birth, residential address, and identifying number from an identification document. The Beneficial Ownership Information Report must be filed electronically through the Financial Crimes Enforcement Network’s (FinCEN) BOI E-Filing system.

 

The Legal Challenges

The CTA’s rollout has met fierce resistance. The National Federation of Independent Business (NFIB), alongside The Center for Individual Rights (CIR) and several small business plaintiffs, filed a lawsuit questioning the constitutionality of the CTA. Their arguments center on three key points:

  1. Congressional Overreach: Critics claim that mandating such disclosures exceeds Congress’s legislative authority.

  2. Compelled Speech: Opponents argue that requiring individuals to disclose BOI violates the First Amendment.

  3. Privacy Concerns: The demand for detailed personal information raises Fourth Amendment questions about unreasonable searches and seizures.

In a dramatic series of events in December 2024, the courts issued a flurry of rulings that kept businesses on edge:

  • December 3: The Eastern District of Texas grants a preliminary injunction, temporarily halting the BOI reporting requirements.

  • December 23: The Fifth Circuit overturns the injunction, reinstating the reporting deadline.

  • December 26: A separate Fifth Circuit panel reinstates the injunction, once again pausing enforcement.

This back-and-forth has left business owners bewildered about their compliance obligations.

 

Implications for Small Businesses

The uncertainty surrounding the CTA is more than just a legal issue; it’s a practical one. In the tax preparation industry, professionals face specific challenges in complying with the CTA, including maintaining a security plan and staying updated on tax laws and software.

Compliance Confusion: How to Report Beneficial Ownership Information

For small businesses, particularly those without in-house legal teams, understanding and adhering to the CTA’s requirements is no small feat. The rapidly changing legal status exacerbates this challenge, with owners unsure whether to prepare reports or wait for clarity.

Financial Strain

Compliance comes with costs, including potential legal fees and administrative burdens. For mom-and-pop shops, these expenses are often disproportionate to their limited resources, leading to frustration and financial stress.

Risk of Penalties

The threat of significant fines or imprisonment looms large for businesses that either misunderstand or fail to meet their obligations, even amid the legal uncertainty. Compliance is crucial to avoid data breaches and the associated penalties, which can be severe and damaging to a business's reputation.

Impact on Trust

The requirement to disclose sensitive ownership details has also raised concerns about privacy and data security. Introducing a comprehensive security plan that includes protocols for reporting a security incident is crucial to maintain trust. Business owners fear that their confidential information may be mishandled or misused, eroding trust in regulatory systems.

 

Written Information Security Program (WISP) Requirements - Additional Business Requirements & Headaches

written information security plan, keyboard, information security policy

In addition to having to worry about the ever changing Business Ownership Information reporting requirements, businesses (CPA's especially) must also have a fully developed Written Information Security Program (WISP) in place to ensure they are also complying with the updated FTC Safeguards Rule requirements.

A Written Information Security Program (WISP) is a crucial component organization's that handle sensitive data, like personally identifiable information (PII). A WISP is a general guide and starting point that should be heavily customized to meet the business’ individual needs. Written security plans and policies must outline the administrative, technical, and physical controls the organization utilizes to protect sensitive data and the organization's information assets, and must meet all applicable regulatory requirements (which for tax professionals, are extensive).

The IRS (Internal Revenue Service), and under the FTC Safeguards Rule federal law requires financial institutions WISP's include risk assessment and management processes, security measures for protecting sensitive information, incident response and notification, control monitoring and review, and acknowledgment of the program by employees, contractors, and third-party service providers. Additionally, the program must be reviewed annually or in response to significant changes in the business or threat landscape to ensure information systems are appropriately protected. While this can be daunting to put together, an information security policy template and help tax preparers develop their written information security plan in no time.

 

FinCEN Business Ownership Information (BOI) - Current Status and Next Steps

As of December 30, 2024, the nationwide injunction remains in place, preventing FinCEN from enforcing the BOI reporting requirements. However, the expedited appeal process means this reprieve may be short-lived. Protecting customer data is crucial for compliance, especially under regulations like the Gramm-Leach-Bliley Act (GLBA) and the FTC Safeguards Rule, which mandates that tax and accounting professionals implement a data security plan to safeguard sensitive information.

What can small businesses do in the meantime?

  1. Stay Updated: Monitor developments through reliable sources like FinCEN’s official website or industry associations.

  2. Consult Legal Counsel: Professional advice is critical to understanding how potential rulings may affect your specific situation.

  3. Prepare for Compliance: Even during a pause in enforcement, consider proactively gathering BOI to streamline future compliance.

 

The Bigger Picture: Balancing Transparency, Privacy, and Data Protection

data security, protect client data

The CTA (Corporate Transparency Act) underscores a fundamental tension in regulatory policy: how to balance the need for transparency with the rights and operational realities of businesses. It is crucial to protect customer data while complying with transparency requirements. While transparency is vital for curbing illicit activities, overly burdensome or invasive requirements risk alienating law-abiding business owners.

The ongoing litigation may ultimately provide much-needed clarity, not just on the CTA but on the broader question of how far governments can go in demanding transparency from private entities.

 

Conclusion

The Corporate Transparency Act represents an ambitious effort to combat financial crime, but its implementation has been anything but straightforward. Small businesses are caught in the crossfire of a legal tug-of-war, struggling to navigate shifting compliance requirements while staying afloat.

As the legal battle unfolds, the best course of action for business owners is to stay informed, seek expert advice, and be prepared for potential changes. The CTA saga is a reminder that even well-intentioned regulations must be carefully crafted and executed to avoid unintended consequences.

In the meantime, small businesses should brace for impact and hope that the courts deliver a resolution that balances enforcement with fairness.

STAY INFORMED

Subscribe now to receive the latest expert insights on cybersecurity, compliance, and business management delivered straight to your inbox.

We hate SPAM. We will never sell your information, for any reason.

CATEGORIES

iO Circle Logo

INPUT OUTPUT

Information Security Policies, Programs, & Audits Made Easy

Input Output integrates cybersecurity and compliance seamlessly with business management and development. With expertise in security, compliance, and risk management, we empower businesses to enhance productivity and profitability. Our blog shares insights drawn from years of experience, helping companies navigate complex security challenges while fostering growth and operational excellence.