If You Want Privacy, the US Congress Is Saying You Are A Criminal

New FinCEN Beneficial Ownership Information reporting requirements pose a threat to privacy.

The official seal of the Financial Crimes Enforcement Network
In the US you can’t buy a house without disclosing your privacy as all purchases are collected in a public record – unless you form an LLC and make the purchase via this organization. Now Congress wants to stop this practice with the Corporate Transparency Act (CTA). The long standing private way of purchasing property and vehicles in the United States was by forming an LLC and making the purchases through it as a proxy.

In the US, a limited liability company (LLC) is a business structure that normally protects other assets of its owners for example if a credit of the business can not be paid back. However, for privacy reasons lots of individuals buying a house hid their real identity from the public database of home owners by doing the purchase via an LLC. This practice protected your identity from being disclosed in public records which are vacuumed up by data brokers. This private way of making purchases protected those in danger of stalkers, domestic violence, and other immediate physical threats. Unfortunately, the Corporate Transparency Act is threatening this important longstanding legal privacy practice.

Towards the end of 2020 the United States Congress passed the National Defense Authorization Act for Fiscal Year 2021. This law, among other things, introduced a relatively small section of law, describing the Corporate Transparency Act which is posed to wreak havoc on a tried and true method of protecting your privacy, the anonymous creation of Limited Liability Companies or LLCs.

The explicit goal of this bill is described by the Financial Crimes Enforcement Network as helping FinCEN and its law enforcement partners root out bad actors taking advantage of the U.S. financial system. They are also actively working to push foreign countries to engage in this information sharing. This disclosure is not a uniquely American phenomena and does occur in the EU to some degree. Ireland, for example, publishes all home owners in a database and German cities maintain a public Grundbuch which anyone can check. Fortunately, the Grundbuch is not digitally available and you must physically visit the city offices to request this information in person.

This case flew relatively under the radar with major debates in public view like KOSA and FISA §702 making the most noise, but it will have a real impact on many American's who are using the older LLC structure to keep their personal information safe. These are not people seeking to evade taxation or launder money. These are American's trying to keep alive their right to privacy.

There is a lot of terminology to unpack here and the acronyms can get a bit daunting, but let’s explain everything you need to know about the CTA anyway! Below, we will explore who the Financial Crimes Enforcement Network is, the history of the Corporate Transparency Act, and what the Business Ownership Information reporting requirements mean for the privacy of millions of Americans.

Who is FinCEN

The Financial Crimes Enforcement Network is a department within the US Department of the Treasury and it operates under the parent organization Office of Terrorism and Financial Intelligence. Their task and mission is to prevent money laundering, the financing of terrorist activities & organizations, and other finance related crimes.

FinCEN organizational structure

Organizational structure of the Financial Crimes Enforcement Network

Previously a relatively obscure branch of the Treasury Department, many American's only got to know this organization if they were to take a job abroad at which point they most likely needed to begin reporting their foreign owned bank accounts. It does seem a bit unfair that law abiding citizens be forced to submit their information to this organization yearly or risk paying absurdly hefty fines or imprisonment. And I know this personally, because as an American living abroad I am forced to deal with these shenanigans every tax season. This is a largely frustrating experience because the individuals who are actively committing financial fraud will simply skip the queue for this requirement, making it a prime example of unnecessary government bureaucracy.

But my own personal discrepancies with the US taxing global income via an unnecessary threat of cruel and unusual punishment aside, let's get back to FinCEN.

FinCEN's 314 Program

So, we have established that FinCEN are a non-IRS department of the US government which focuses on pursuing and stopping financial criminals. Just like other law enforcement agencies around the nation, following the September 11th attacks and the passing of the Patriot Act, FinCEN was required to create a secure network for sharing their collected financial information under what is called §314a. This network allows federal law enforcement to search and find contact information at financial institutions across the country in order to request information related to accounts and transactions made by persons suspected of crimes.

This centralized network has continued to grow and become more centralized, but the track record of FinCEN fairly prosecuting financial crimes has failed to be fully established. A 2020 report from Buzzfeed News disclosed leaked documents which were dubbed the FinCEN Files. Buzzfeed first obtained 2657 leaked documents which included 2121 suspicious activity reports (SARs). All financial institutions are required by law to file SARs and deliver them to FinCEN. But as their reporting states "What it does not do is force the banks to shut the money laundering down."

The fallout of these reports left bitter taste in the mouths of citizens around the world. Multinational banks and financial institutions like JPMorgan Chase, Deutsche Bank, Citibank, Bank of China, and Wells Fargo had all been filing SARs, accounting for a value of over 2 trillion USD. And here's the disgusting part, the banks submitted this information and knew of illegal financial activities happening through their institutions and FinCEN also knew about these illegal activities via the SARs, but nothing happened.

A report from the Bank Policy Institute found that "Suspicious Activity Reports" only drew a law enforcement response in 4% of cases, while 90-95% of these reports were false positives. This seems like a disgusting example of collecting everyone's information first without any suspicion of a crime to just pick out a few needles from the now privacy-robbed haystack.

This is the very organization who privacy loving citizens about to buy a home are now forced to turn over their personal information towards or face exorbitant fines or prison sentences.

With the upcoming legal change, private citizens who may be using LLCs to protect themselves from data brokers are caught up in the government's attempts to fix this massive problem with the bank reporting systems.

The National Defense Authorization Act

Generally speaking, the National Defense Authorization Act (NDAA) is budget related legislation which is passed every year and assigns funding for various government programs related to national security. The NDAA of 2021 was a step by the US federal government to try and refine and increase the strength of FinCEN's ability to stop financial crimes. On itself this is a noble endeavor, but included in the massive NDAA are a number of measures which extend financial reporting requirements beyond those of suspected criminals and banks. One section of the NDAA, known as the Corporate Transparency Act (CTA) will require beneficiaries of companies to report their personal information to FinCEN where it will be stored for safe keeping.

Title and headers of the National Defense Authorization Act of 2021.

The Corporate Transparency Act treats law abiding citizens as criminals

Intended as legislation to crack down on the illicit use of shell companies, like those disclosed in the FinCEN Files, the CTA requires corporations registered for operation within the United States, including those which are located in foreign countries, to report the personal information of their beneficiaries. Beneficiaries are typically defined as individuals or persons who have an interest in or own a legal entity, trust, foundation, or a company. The aim of this bill is to strip the anonymity which was previously available to those using a company as a front for illicit activity, in the words of FinCEN "to make it harder for bad actors to hide or benefit from their ill-gotten gains", but many law-abiding Americans have also long used these kinds of company structures to protect their personal information.

Especially in cases of purchasing property or vehicles. Rather than having their personal information immediately added to public records, making such purchases through an LLC allows the person's name to be withheld from the public record. If you are a celebrity or another person of interest, this kind of practice keeps your address safe from data brokers and also from inevitable data breaches. Victims of stalking or other threats of violence have also taken advantage of this as a means of keeping their information away from those seeking to do them harm. These kinds of practices have been promoted by privacy and security experts like Mike Bazzell, who has dedicated multiple chapters of his books to the creation of anonymous LLCs.

Understanding the Business Ownership Information reporting requirements

The new reporting requirements put into place as part of the CTA are referred to by FinCEN as the Business Ownership Information reporting requirements. These new requirements for companies went into place in January 2024, and are now the law in the USA. But what are company owners and beneficiaries required to report?

BOI will be accessible to federal, state, local, tribal and even foreign law enforcement officials who submit proper requests through a US federal agency. They are legally allowed to request this information for activities linked to national security, intelligence, and law enforcement. They even state that "Financial institutions will have access to beneficial ownership information in certain circumstances, with the consent of the reporting company." Sharing this information with private companies is frightening, especially when the Third Party Doctrine is still the major law of the land in the United States. At the risk of being overly pessimistic, this kind of data will make a prime target for hackers or state actors looking to score a massive trove of personal information. It likely won't be long before some kind of breach incident occurs.

The reporting companies will be required to provide the following information about beneficial owners: Information from FinCEN's BOI FAQ list

  1. The beneficiary's full legal name

  2. Their date of birth

  3. Their current address

  4. An ID number from a valid driver's license or a valid US Passport

The reporting company will also need to provide scanned images of the identification document submitted.

All of this information combined in a single place is a terrible idea and it likely will not be long before it is compromised in some manner.

Non-compliance will land hefty fines.

This forced submission of extremely personal data was not met with applause and numerous lawsuits have been raised in protest. In the case National Small Business United vs Janet Yellen, a federal judge ultimately ruled that

"The Corporate Transparency Act is unconstitutional because it cannot be justified as an exercise of Congress’ enumerated powers. This conclusion makes it unnecessary to decide whether the CTA violates the First, Fourth, and Fifth Amendments. For these reasons, the Plaintiffs are entitled to summary judgment as a matter of law."

FinCEN in turn responded to this ruling claiming that it only applies to those who were directly involved in the lawsuit, which would seem to imply that resisting these requirements would require another lawsuit against the US Federal government.

For those not willing to take this action against the US Treasury Department, they face the following penalties for failure to report:

"A person who willfully violates the BOI reporting requirements may be subject to civil penalties of up to $500 for each day that the violation continues. That person may also be subject to criminal penalties of up to two years imprisonment and a fine of up to $10,000." Information from FinCEN's BOI FAQ list

This kind of personal database is un-American and poses a threat to the personal security of citizens around the country.

This is wholly incompatible with the freedoms which should be championed in the Land of the Free.

Is privacy possible in America?

With the rise in surveillance measure like FISA §702, the proliferation of personal information via public data brokers, and now the creation of a government database which will be shared with law enforcement both in and outside the country, what is going on with the state of privacy in America?!

LLCs have long been a prime choice for protecting your personal information, and while that might remain possible for a while, this kind of centralized collection of personal information is a lucrative target for malicious hackers.

Despite this downward turn, there is still hope for secure and private communication. By choosing privacy protecting services which are located in the EU you can take advantage of privacy laws like the GDPR. By choosing a service like Tuta for protecting your emails, calendars, and contacts you can rest assured that your information is securely encrypted and safe from exposure in data breaches. In the case of a leak, any information exposed would be encrypted data that is secured with our quantum-resistant encryption. By storing your data in Germany you can take part of the push for enshrining the human right to privacy in law!

Start taking your privacy back today by choosing Tuta!

Stay safe and happy encrypting.