Download the Comment Letter

Financial Crimes Enforcement Network
Policy Division
P.O. Box 39
Vienna, VA 22183
FINCEN‐2021‐0005
RIN 1506‐AB49/AB59

Re: Notice of Proposed Rulemaking ‐ Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities

Dear Sir or Madam,

The Conference of State Bank Supervisors (“CSBS”)¹ appreciates the opportunity to comment on the Notice of Proposed Rulemaking (“NPRM”) issued by the Financial Crimes Enforcement Network (“FinCEN”) titled “Beneficial Ownership Information Access and Safeguards, and Use of FinCEN Identifiers for Entities.” CSBS appreciates FinCEN soliciting public comment on questions pertinent to the creation of a beneficial ownership information (“BOI”) database, and the details surrounding the access, security, and confidentiality protocols of such database to satisfy the objectives of the Corporate Transparency Act (“CTA”) while maintaining confidence in the U.S. government’s ability to protect sensitive information.

The effective implementation of the CTA is pivotal in helping bring the United States into compliance with international anti‐money laundering (“AML”) and countering the financing of terrorism (“CFT”) standards. In particular, by amending the Bank Secrecy Act (“BSA”) to require appropriate entities to disclose their BOI, Section 6403 of the CTA will help prevent malign actors from leveraging anonymity to hide illicit activity from law enforcement and other governmental authorities. For this reason, CSBS members, state banking and financial regulators (hereinafter “state regulators”), strongly support the core mission and implementation of the CTA.
Given their role in the supervision of state‐chartered banks, non‐depository trust companies and state‐ licensed nonbank financial institutions for compliance with BSA/AML requirements, state regulators also have a significant stake in the effective implementation of the CTA. As a result, this letter reaffirms and further expands upon the points made in our comment letter, submitted in response to FinCEN’s Advance Notice of Proposed Rulemaking (“ANPR”) titled “Beneficial Ownership Information Reporting Requirements.”² As explained below, CSBS believes that:
 

• State regulators should be explicitly classified, in regulation, as an “appropriate regulatory agency” eligible to make a request to access BOI when assessing state‐chartered banks and non‐depository trust companies for compliance with customer due diligence (“CDD”) requirements; and
• State regulators should be eligible to make requests to access BOI on an as needed basis for investigative and enforcement related purposes.

State Regulators Should be Explicitly Included as “Appropriate Regulatory Agencies” Eligible to Request Access to BOI

The NPRM classifies five categories of authorized recipients able to access BOI from the FinCEN database. The fourth category includes “Federal functional regulator[s] or other appropriate regulatory agenc[ies].”³ While “Federal functional regulator” is already defined in relevant regulatory and statutory provisions,⁴ FinCEN has elected not to further define “other appropriate regulatory agencies” in the NPRM as it believes the CTA sufficiently does so on its own. Specifically, FinCEN contends that 31 U.S.C. 5336(c)(2)(C)(i) sufficiently defines the category of “other appropriate regulatory agenc[ies]” who could request access to BOI, because such regulatory agencies must be authorized to assess, supervise, enforce, or otherwise determine financial institutions’ compliance with CDD requirements. The NPRM expressly invites comment on this proposed approach.

The NPRM also asks whether there are State government agencies that supervise financial institutions for compliance with FinCEN’s 2016 CDD Rule. State bank regulators charter and supervise approximately 80 percent of all U.S. banks, which qualify as “financial institutions”⁵ subject to CDD requirements as well as the other pillars of BSA/AML.⁶ State regulators play a critical role in supervising state‐chartered banks for compliance with BSA/AML requirements, including compliance with CDD requirements.⁷ In 2021 alone, state regulators conducted over 800 independent BSA compliance exams at state‐chartered banks. They conducted another nearly 400 joint BSA compliance exams with their federal agency counterparts at state‐chartered banks.⁸ As of March 2021, state‐chartered non‐depository trust companies must also comply with CDD and other AML program requirements.⁹

Given their critical role in supervising state‐chartered banks and non‐depository trust companies for compliance with CDD requirements, state regulators maintain that FinCEN should provide a clear regulatory definition of “other appropriate regulatory agencies” that includes state regulators in its final rulemaking. State regulators recommend that FinCEN leverage the term “State bank supervisor”¹⁰ as used in the AML Act and other federal banking statutes. This will ensure consistent, appropriate access for state regulators to BOI as they supervise state‐chartered banks and non‐depository trust companies for CDD compliance. It will also promote a more consistent supervisory experience for state‐chartered banks subject to CDD requirements and supervision by both state and federal regulatory agencies. While CSBS appreciates FinCEN noting in the Supplementary Information portion of the NPRM that “State banking regulators” are likely an example of a possible qualifying entity, CSBS believes an explicit regulatory definition is the best manner to achieve the critical and shared objectives of consistent treatment for both regulators and industry alike.

Moreover, the CTA authorizes the Secretary of the Treasury to determine via regulation which “other appropriate regulatory agencies” can request access to BOI.¹¹ This very rulemaking provides the Secretary with the opportunity to clarify that state regulators qualify as such appropriate regulatory agencies. Absent the Secretary explicitly including state regulators in the final regulation, the statute could be construed as providing the Secretary with discretionary power to determine, at any point in time, which “other appropriate regulatory agencies” can and cannot make BOI access requests when supervising a financial institution subject to CDD requirements. This outcome would seem to conflict with the intent of this particular provision¹², as well as numerous other provisions of the AML Act that explicitly reference state regulators and recognize the critical value they provide in supervising entities for BSA/AML compliance. CSBS believes this potential confusion is entirely avoidable if FinCEN includes state regulators in the final regulation as “other appropriate regulatory agencies,” using the term “State bank supervisor.”

State Regulators Should be Eligible to Make Requests to Access BOI on an “As Needed” Basis for Investigative and Enforcement Related Purposes

Under the CTA, the first category of authorized recipients of BOI includes a “State, local, or Tribal law enforcement agency” seeking BOI as part of “a criminal or civil investigation.”¹³ The NPRM asks whether a State regulatory agency could qualify as a “State, local, or Tribal law enforcement agency” based on its investigation or enforcement activities involving potential civil or criminal violations, and whether those activities would require access to BOI.

State regulators’ investigation and enforcement authority qualifies them as “State enforcement agenc[ies],” and authorizes them to request access to BOI for investigative and enforcement related purposes pursuant to the NPRM. As part of their basic regulatory and supervisory remits, state regulators routinely investigate state‐chartered and state‐licensed financial services providers for administrative, civil, or criminal violations of a wide range of state and federal laws. They also regularly pursue enforcement actions, independently or in concert with other law enforcement agencies at the local, state, and federal level, against state‐regulated financial services providers for violations of financial services laws.

States have authority to demand investigative information directly from financial institutions, third parties, or others, typically under subpoena. Moreover, most state laws contain criminal penalties in addition to administrative/civil penalties, and frequently state regulators work alongside criminal law enforcement agencies such as the FBI, U.S. Department of Justice, local or state police and prosecutors, IRS, Secret Service, Attorneys General, and others. State regulators may be assigned to special law enforcement task forces as subject matter experts. At times, state regulators build the case independently and then make formal criminal referral to law enforcement, expediting the process of investigation and prosecution, and continuing with the case as key investigators or trial expert witnesses. Additionally, state regulatory agencies frequently conduct and pursue examinations, investigations, and enforcement actions on a coordinated or multi‐state basis, particularly for nonbank financial services companies licensed in multiple states.

State regulators’ investigative and enforcement responsibilities would be aided by discrete access to BOI on an “as needed” basis. For example, a state regulatory agency could discover and investigate potentially fraudulent activity committed by one or more owners of a financial services company, and the agency may wish to verify the company’s BOI with FinCEN during the course of that investigation.

Conclusion

CSBS appreciates the opportunity to comment on the NPRM to provide the perspective of state regulators with respect to the access of BOI. As explained herein, CSBS is of the opinion that state regulators should be classified, in regulation, as an “appropriate regulatory agency” eligible to make requests to access BOI reported to FinCEN pursuant to the CTA when assessing a financial institution’s compliance with CDD requirements. State regulators also maintain their routine investigative and enforcement activities qualify them as “State enforcement agencies,” which authorizes them to request access to BOI in order to carry out these functions. State regulators strongly support the implementation of the CTA through the prudent collection and sharing of BOI and look forward to our continued collaboration with FinCEN and our other federal counterparts in achieving the CTA’s mission.

Sincerely,

James M. Cooper
President & CEO

Footnotes

1 CSBS is the nationwide organization of state banking and financial regulators from all 50 states, American Samoa, the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands. CSBS supports the state banking agencies by serving as a forum for policy and supervisory process development, by facilitating regulatory coordination on a state‐to‐state and state‐to‐federal basis, and by facilitating state implementation of policy through training, educational programs, and exam resource development.
2 CSBS, Comment Letter Re: Advance Notice of Proposed Rulemaking – Beneficial Ownership Information Reporting Requirements. Comment ID: FINCEN‐2021‐0005‐0141, 2021.
3 31 U.S.C. 5336(c)(2)(B)(iv), added by CTA Section 6403(a) (emphasis added).
4 31 CFR 1010.100(r); AMLA Section 6003(3)
5 See AMLA Section 6003(5). See also 31 U.S.C. 5312(a)(2).
6 See 31 C.F.R. 1010.230(f) (incorporating by reference definition of “financial institution” in 31 C.F.R. 1010.605(e)(1)).
7 See “FFIEC BSA/AML Manual: Assessing Compliance with BSA Regulatory Requirements – Customer Due Diligence.”
8 Data from the CSBS “Profile of State Chartered Banking.”
9 See “Financial Crimes Enforcement Network; Customer Identification Programs, Anti‐Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator. Final Rule.” 10 The AML Act refers to state banking regulators as “State bank supervisors” as defined in 12 U.S.C 1813.
11 31 U.S.C. 5336(c)(2)(C), added by CTA Section 6403(a). “The Secretary of the Treasury shall, by regulation, prescribe the form and manner in which information shall be provided to a financial institution under subparagraph (B)(iii), which regulation shall include that the information shall also be available to a Federal functional regulator or other appropriate regulatory agency, as determined by the Secretary…” (emphasis added). 12 Id. In particular, 31 U.S.C. 5336(c)(2)(C)(i)‐(iii), added by CTA Section 6403(a), further clarifies that an agency (1) must be “authorized by law to assess, supervise, enforce, or otherwise determine the compliance of the financial institution with” CDD requirements; (2) must “use the information solely for the purpose of conducting the assessment, supervision, or authorized investigation or activity” in determining the compliance of a financial institution with CDD requirements; and (3) must “enter[] into an agreement . . . providing for appropriate protocols governing the safekeeping of the information.”
13 See 31 U.S.C. 5336(c)(2)(B)(i)(II). The CTA establishes that FinCEN may disclose BOI upon request “from a State, local, or Tribal law enforcement agency, if a court of competent jurisdiction, including any officer of such a court, has authorized the law enforcement agency to seek the information in a criminal or civil investigation.”