Understanding what the CTA entails

            According to the legislation, which goes into effect Jan. 1, 2024, virtually every legal entity (incorporated,
            organized,  or  registered  to  do  business  in  a  state)  must  disclose  information  relating  to  its  owners,
            officers, and controlling persons with FinCEN - or face criminal and civil penalties for failing to comply
            with the new reporting requirements. A reporting company (defined as domestic and foreign privately
            held entities) must divulge the names, dates of birth, home address, unique identifying numbers (i.e.
            passport or driver’s license number), and accompanying images of the aforementioned unique identifying
            number  of  these  individuals.  The  combination  of  such  information  moves  an  individual  from  being
            “identifiable” to “identified,” which sparks the debate between proactive security measures taken by the
            government versus the rights of individuals to remain private.



            Privacy concerns for the public

            The first concern that comes to mind is one of access. According to this report issued by DLA Piper,
            reports filed with FinCEN “will not be accessible to the public and are not subject to requests under the
            Freedom of Information Act.” However, some federal agencies will have access by the nature of their
            work:  national  security,  civil/criminal  law  enforcement,  intelligence,  the  Department  of  Treasury,
            state/local  law  enforcement  agencies,  and  financial  institutions  as  part  of  KYC/AML  compliance
            requirements. In states like New York, where the New York State LLC Transparency Act is currently
            sitting on Gov. Kathy Hochul’s desk for signature, BOs of Trusts, LLCs, LLPs, corporations, and other
            entities may very well be accessible through databases maintained by New York’s Secretary of State.



            Considerations from the past and for the future

            For  BOs  and  reporting  companies  who  will  be  required  to  adhere  to  the  updated  CTA  disclosure
            requirements  –  or  for  those  who  are  unsure  about  their  newfound  compliance  requirements  –  it  is
            important to note a few items:
            Know  the  strategic  and  tactical compliance  requirements of  your  financial  institution(s)  and  advisory
            teams. If the “FinCEN Files” have taught us anything, it is that suspicious activity reports can be leaked
            to the public, even when transactions and structural changes to legal entities were compliant and/or
            legitimate.

            As of July 2023, FinCEN was building a new IT system (dubbed the Beneficial Ownership Secure System)
            to collect and store CTA reports. Ensure that staff members navigate to the official FinCEN website to
            gain access; when and where possible, employ end-to-end encryption for secure file transfer and storage
            of data and be wary of inbound requests soliciting data on behalf of FinCEN.


            Given the federal agencies who may have access to BO data, expect an increase in phishing attempts
            targeted at family, staff, family office, and/or financial institution coverage teams. Spear phishing attacks
            from within an organization may also become a common tactic.






            Cyber Defense eMagazine – October 2023 Edition                                                                                                                                                                                                          41
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.