Much has been written about the Corporate Transparency Act (“CTA”), which was enacted on January 1, 2021, and went into effect on January 1, 2024. Briefly, the CTA requires “reporting companies” to disclose beneficial ownership information (“BOI”) to the federal government. A perhaps overlooked effect of the CTA's BOI reporting rule is its potential impact on the Department of the Treasury's continual search for foreign investment transactions that were not notified to the Committee on Foreign Investment in the United States (“CFIUS” or “the Committee”). The CTA's implementing regulations are promulgated by Treasury's Financial Crimes Enforcement Network (“FinCEN”), and CFIUS is an interagency committee chaired by Treasury and tasked with conducting national security reviews of foreign investments in and acquisitions of U.S. businesses. It would be naïve to believe that this agency relationship will not lead to the sharing of mutually relevant data.
Of the potentially tens of millions of businesses to which the BOI rule is applicable, there will undoubtedly be some that are required to report beneficial ownership by foreign persons that would have triggered CFIUS jurisdiction. The initial foreign investment or acquisition may even have triggered mandatory CFIUS filing requirements that were violated by parties to transactions. Additionally, the CTA's ongoing BOI reporting requirements, which require the reporting of a change of beneficial ownership within 30 days after the change, will continually provide new information to Treasury concerning foreign acquisition of U.S. businesses.
At Torres, we have previously written about CFIUS and its role in the national security and M&A regulatory landscape. (See, e.g., Amid TikTok Tensions, CFIUS Signals Increased Enforcement and Other Updates and CFIUS Heightens Scrutiny of Non-Notified Transactions, among others found here.) At issue here is the Committee's ability to review non-notified transactions, i.e., foreign investment deals within CFIUS jurisdiction that were not submitted to the Committee for review and approval. Below is a discussion of the CTA and the potential interplay with CFIUS regulations.
Corporate Transparency Act
The purpose of the CTA is to protect U.S. national security interests and to counter money laundering, the financing of terrorism, and other illicit activity. The CTA establishes mandatory BOI reporting requirements.
Who is a beneficial owner?
A “beneficial owner” under the CTA is any individual who, directly or indirectly, either exercises substantial control over a reporting company or owns or controls at least 25% of the reporting company's ownership interests. An individual exercising “substantial control” over a company includes a senior officer, an individual with the authority to appoint or remove a senior officer, and other individuals who can determine, direct, or substantially influence important decisions made by the company.
What information is required?
Reporting companies, which are companies that are required to report BOI and are not exempt, must report basic information, including legal name, address, and taxpayer identification number. The following information must be provided for each individual who is a beneficial owner:
- The individual's name;
- Date of birth;
- Residential address;
- An identifying number from an acceptable identification document (e.g., U.S. or foreign passport number); and
- An image of the identification document.
BOI Reporting Exemptions
The CTA's BOI reporting rule exempts 23 specific types of entities from the reporting requirements. For the most part, the exempt companies are already subject to stringent reporting requirements or oversight, like financial institutions, securities issuing companies, and accounting firms, among others. Importantly, an exemption applies to large operating companies that meet all the following criteria:
- Employs more than 20 full-time employees in the United States;
- Regularly conducts business at a physical U.S. location owned or leased by the entity; and
- Has greater than $5 million in gross receipts or sales (excluding gross receipts or sales from outside the United States), based on federal income tax returns.
CFIUS Access to BOI
The FinCEN regulations related to access to BOI, which are separate from the BOI reporting rules, specifically provide that federal agencies “engaged in national security, intelligence, or enforcement activity” may request BOI information for national security purposes. CFIUS, a committee comprised of multiple federal agencies and tasked with conducting national security reviews, would fit squarely within the type of organization having access to the BOI collected by FinCEN pursuant to the CTA.
Impact on CFIUS Non-Notified Reviews
The types of companies that are often most in danger of failing to file a notification with CFIUS are the kinds of companies that are not exempted from the BOI reporting requirements. With the exclusion of large operating companies, the remaining companies subject to BOI reporting are those that are smaller, often less sophisticated, and unfamiliar with federal reporting requirements. Captured in the net of the BOI reporting requirements will be companies that are primed for foreign investment, and potentially concerning for national security, like small tech start-ups that are engaged in the design or production of critical technologies, or app developers that may collect sensitive personal data of U.S. citizens.
The even greater impact on non-notified CFIUS transactions is related to the CTA's ongoing reporting requirements related to changes in beneficial ownership of reporting companies. For countless entities, this new report to FinCEN of a change in BOI will be an entirely novel process. This reporting of changes in BOI will almost certainly uncover non-notified transactions subject to CFIUS jurisdiction, including some transactions that required a mandatory filing. As a brief refresher, the CFIUS mandatory filing requirement is triggered in two situations:
- Where the U.S. business in the transaction is involved in the production, design, testing, manufacturing, fabrication, or development of critical technologies, defined largely in reference to export-controlled items and technologies; and
- Where the U.S. business is involved with critical technologies, critical infrastructure, or sensitive personal data, and a foreign government owns a substantial interest in the foreign investor.
Relevant CFIUS Updates
The CTA requirements are becoming effective at the same time that CFIUS has proposed the revision of relevant penalty, enforcement, and information-gathering provisions. For example, Treasury proposes to increase the penalties for a failure to file a mandatory filing from $250,000 to $5 million. Also, and importantly for CFIUS personnel attempting to determine where an investment could trigger a mandatory filing, the revised CFIUS regulations would allow the Committee to request, or subpoena for, information beyond mere jurisdiction determination. Now, the Committee may request information establishing the basis for a mandatory filing. Therefore, it is easy to imagine a scenario where BOI available to Treasury about Chinese investment in a critical technologies company is cross-referenced with CFIUS filings, the Committee finds that no filing has been submitted to the Committee, and the Committee follows up with the company, determining a basis for a mandatory filing that was never submitted. The parties to this non-notified transaction are now exposed to potential penalties for failure to submit a mandatory filing.
And there will be more people looking for non-notified transactions. There are 122 full-time employees at Treasury working on CFIUS matters, and Treasury has requested budget for 16 more full-time employees for fiscal year 2025. Many of these employees are primarily focused on identifying non-notified transactions, and the CTA's BOI reporting requirements will give them a bounty of new information potentially triggering national security concerns and outreach from Treasury.
Avoiding CFIUS Issues when Fulfilling CTA BOI Reporting Requirements
As with any regulatory requirement, the best way to avoid future CFIUS issues is to proactively comply with CFIUS requirements. For companies of any size, it is prudent to seek the advice of experienced CFIUS counsel and conduct an initial CFIUS analysis of an investment transaction anytime there are foreign persons anywhere within the chain of acquisition or investment. Even seemingly innocuous U.S. business activities may trigger interest or concern from the Committee, depending on the identity of the foreign investor. For example, a Chinese controlling investment in a U.S. business with facilities located near a military installation or a U.S. business that has received grant money from the federal government could lead to a CFIUS review. With new BOI reporting requirements, information about such an investment will be available to Treasury in a federal database.
Some reporting companies filing an initial BOI report to FinCEN or, after January 1, 2025, filing an update to their BOI, disclosing a change in ultimate beneficial ownership, will likely recognize an unintentional failure to submit a mandatory CFIUS filing. In those cases, violating parties have the option of submitting a self-disclosure to CFIUS. CFIUS strongly encourages self-disclosure but has not explicitly published guidance detailing benefits or mitigation that may be provided by the Committee to incentivize self-disclosure. For Companies that may not be required to file a mandatory filing but whose transaction may be subject to CFIUS jurisdiction, voluntary submissions to the Committee can be filed at any time, even months or years after the transaction has closed. Depending on the nature of the transaction, this may also be a prudent option.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.