The Corporate Transparency Act (CTA), which will require businesses to report Beneficial Ownership Information (BOI) to the Financial Crimes Enforcement Network (FinCEN), is stalled for now due to a nationwide injunction – but that doesn’t mean financial institutions can forget about it.
The injunction could be lifted at any point, leading to confusion and a sprint to comply. It’s just the latest example of the impact of litigation on regulatory compliance and the uncertainty it causes.
Is your financial institution primed and ready to meet new and fast-changing regulatory demands? What do your current change management processes look like? Do you need to implement one from scratch?
Consider the answers to these questions as we explore how proper change management processes can help your financial institution more effectively navigate the CTA and future changes.
Related: Navigating Compliance Challenges: Lessons from Credit Union Enforcement Actions
Enacted by Congress in 2021, the CTA is designed to enhance transparency as part of the U.S. Treasury Department’s larger efforts to combat money laundering, other financial crimes, and “unmask shell corporations,” as Secretary of the Treasury Janet Yellen noted.
In September 2022, FinCEN finalized its rule implementing a beneficial ownership registry under the CTA, which requires most corporations, limited liability companies, and other entities created in or registered in the U.S. to report information on their beneficial owners.
There has been quite a bit of judicial activity regarding the CTA. In December 2024, the U.S. District Court for the Eastern District of Texas issued a nationwide preliminary injunction that paused enforcement. The U.S. Court of Appeals for the Fifth Circuit then stayed the nationwide preliminary injunction, which was then vacated by a different panel of the U.S. Court of Appeals for the Fifth Circuit. The Department of Justice (DOJ) responded by filing an Emergency Motion for Stay Pending Appeal with the Supreme Court. If the Court sides with the government, compliance with the CTA would resume – potentially with little advance notice.
Under the CTA, businesses – including many of the estimated 32 million small businesses in the U.S. – would be required to disclose the identities of their beneficial owners. This act covers individuals “who directly or indirectly own or control at least 25% or more of the reporting company’s ownership interests.” Furthermore, reporting companies must update the BOI with FinCEN when there are changes, such as a change in ownership or control.
This requirement marks a significant change for small business owners in a few ways:
Related: Compliance: Cost Saver or Cost Center
The CTA doesn’t just impact your business customers. It also impacts your institution.
FinCEN is engaged in a three-part rulemaking to implement the CTA. FinCEN’s third rule, which is expected in 2025, will require financial institutions to integrate BOI data into their Customer Due Diligence (CDD) and Know Your Customer (KYC) processes. This requirement includes accurately assessing and monitoring beneficial ownership for new and existing customers. They must verify BOI filings when onboarding new customers and flag discrepancies.
These changes might require investing in technology upgrades, new systems and processes to handle and cross-check BOI against the FinCEN database, staff training, and other resources to ensure compliance. It’s also a good idea to reassess CDD/KYC risk assessments and ensure you have sufficient controls in place.
Complying with CTA is a serious endeavor – and shouldn’t be a last-minute scramble.
The CTA is just one example of a significant regulatory change that financial institutions must manage effectively. Implementing a change management process ensures that the changes are identified, managed, tracked, and responded to appropriately, saving the organization valuable time and resources over the long run.
Regulatory change management is the process organizations use to identify, evaluate, and implement new or amended rules and regulations. Change management covers changes across specific departments, topics, and regulatory changes. A financial institution should establish a regulatory change management process to properly identify a regulatory change, create an impact analysis, establish an appropriate team to manage the change, create an action plan, communicate as needed, and implement the plan.
Enterprise change management, or ECM, goes beyond traditional or siloed change management processes by creating a structured approach to addressing changes that permeate the entire organization. It can help financial institutions assess the impact of regulatory changes, like those from the CTA, and ensure that the necessary compliance measures are taken and integrated seamlessly across departments, preventing wasted resources and the potential for non-compliance.
The Office of the Comptroller of the Currency (OCC) provides a few key areas for a successful ECM program. It’s a helpful resource for any institution navigating the CTA and future regulations.
Let’s explore how some of the pillars of an effective ECM process can be implemented within your organization.
Too often, teams operate in silos; one team member is working on a specific project, and a colleague is working on another, but neither understands the projects’ interdependencies or how the projects meet the company’s mission and strategy objectives.
Another common obstacle businesses face is poor communication from the top down. Changes or new action items should be communicated thoroughly throughout the organization, so all team members understand why the updates are occurring.
Action Step: Ensure all relevant team leaders and members know of the CTA, its implications for your business, and how your team will meet the requirements. Assign responsibilities to team members and ensure they have the time and resources to complete their tasks.
Related: How a Company Intranet Can Help Create a Culture of Compliance and Mitigate Risk
You want to be sure your institution is complying with the CTA. Following best practices like the COSO framework can help develop controls for the CTA and other risk areas, such as cybersecurity threats and third-party risk.
Action Step: While some businesses are hesitant to address risks, understanding compliance risks and implementing ECM processes to identify potential problems early is crucial to an organization's success. Retroactive solutions—or simply ignoring the risk altogether—can be costly and disruptive to the business's operations over the long term.
Related: Board Members: Keep an Eye on Internal Controls
As part of ECM, ensure that all employees completing CTA requirements and other compliance activities are well-trained on new systems, regulatory requirements, and risk management strategies. Procedures for key staff turnover or absences will also ensure that critical roles are covered and business continuity is maintained.
Action Step: Regulatory landscapes evolve quickly. A compliance management system (CMS) can help increase your team’s visibility to new and changing regulations and empower them to be change agents within your organization.
Related: Are New Employees Your Biggest BCP Risk?
While some institutions may take a 'wait and see' approach to complying with CTA, doing so could be costly. Risk aversion can be just as dangerous as risk-seeking.
Action Step: Despite the CTA's delay, financial institutions should continue preparing for eventual compliance and stay informed about legal developments to ensure readiness if the reporting requirements are reinstated.
As the CTA introduces new compliance demands, the importance of effective change management processes cannot be overstated. With the potential for regulatory changes that can arise suddenly, it is crucial for financial institutions to have systems in place that not only identify, but also monitor, risks associated with the CTA and other regulations.
The CTA’s tumultuous timeline highlights the need for effective change management processes, and it also underscores the value of automated compliance management solutions. Solutions like Ncomply enable financial institutions of all sizes to stay vigilant in the face of evolving compliance requirements, ensuring that they quickly adapt and maintain compliance standards.
Keeping up with regulatory change, including litigation, is a big challenge. How do you keep up? Download our free guide Navigating Change: A Comprehensive Guide to Effective Change Management in Financial Institutions.