Category Archives: Middle Market Business

Accounting Firm, Employee Benefits, Financial Reporting, Intellectual Property, Law Firm, Middle Market Business, Small Business

Regulatory Protections in SMB Sales

The coming wave of business exits will not just test markets. It will test the people business owners may rely on to get deals done. As increasing numbers of small and mid-sized businesses come to market, the role of intermediaries – whether brokers, advisors, or “finders” – becomes more apparent. At the same time, the legal framework governing those intermediaries may go unnoticed because most business owners simply approach a sale as a commercial process no different than selling an old piece of manufacturing equipment. They expect someone to identify a buyer, negotiate terms, and bring the transaction to closing. In many cases, that expectation is met. What is less often considered is that an intermediary’s role is not purely commercial; it exists within a regulatory regime that can directly affect the enforceability and durability of the transaction itself.

That regime begins with the Securities Exchange Act of 1934, which makes it unlawful for any person to “effect any transactions in, or to induce or attempt to induce the purchase or sale of, any security” unless registered as a broker-dealer. See 15 U.S.C. § 78o(a)(1). The definition of a broker is very broad, encompassing “any person engaged in the business of effecting transactions in securities for the account of others.” See 15 U.S.C. § 78c(a)(4).

Notably, the statute does not distinguish between large and small transactions, or between public and private companies. Instead, it focuses on whether a transaction involves a “security” and whether a person is engaged in the business of effecting transactions in those securities. Courts applying this framework have consistently emphasized conduct over labels, examining what the intermediary actually does rather than how the parties describe the role.
Section 15(a) of the Exchange Act prohibits a broker or dealer from “mak[ing] use of the mails or any means or instrumentality of interstate commerce to effect any transactions in, or to induce or attempt to induce the purchase or sale of, any security … unless such broker or dealer is registered.” 15 U.S.C. § 78o(a)(1); SEC v. Almagarby, 92 F.4th 1306, 1315 (11th Cir. 2024) (“Unregistered dealers are prohibited from buying and selling securities in interstate commerce.”).

Within this framework, certain indicators of broker activity have emerged with consistency across enforcement actions and judicial decisions. These include soliciting or identifying buyers, participating in negotiations, structuring or facilitating the transaction, and receiving compensation contingent on closing. Transaction-based compensation, in particular, has long been viewed by the SEC as a hallmark of broker activity because it ties compensation directly to the success of a securities transaction. See SEC Guide to Broker-Dealer Registration.

For business owners, the relevance of this framework turns on how a transaction is structured. If a business is sold through an asset sale, the transaction typically does not involve securities, and the broker-dealer framework is generally not implicated. Many small and mid-sized service businesses are structured this way for tax and liability reasons. However, that structure is not universal, and transactions frequently evolve during negotiations.

Where a transaction involves the transfer of stock, membership interests, or other forms of equity, it is a securities transaction even if the buyer acquires full control and intends to operate the business. At that point, the intermediary’s conduct must be evaluated under the federal securities laws. What may appear to be a routine business sale from a commercial perspective can, as a matter of law, fall squarely within a regulated activity.

Congress addressed this tension in 2023 by enacting a limited exemption for certain intermediaries involved in private company sales. Consolidated Appropriations Act, 2023, Pub. L. No. 117-328, div. AA, § 501, codified at 15 U.S.C. § 78o(b)(13). The exemption permits qualifying intermediaries to facilitate transactions without registering as broker-dealers, but only under defined conditions.

Among other requirements, the intermediary must reasonably believe that the buyer will acquire control of the company and be active in its management following the transaction. The exemption also applies only to “eligible privately held companies,” generally defined by size thresholds tied to revenue or EBITDA. It further imposes specific limitations, including prohibitions on custody of funds, binding parties to transactions, and participation in public offerings.

Importantly, the exemption provides relief only from federal registration requirements. It contains no express preemption of state securities laws. As a result, state securities laws continue to operate alongside the federal framework. In New York, the Martin Act provides broad authority over securities transactions and enforcement. In New Jersey, the Uniform Securities Law prohibits acting as a broker-dealer without registration. See N.J.S.A. 49:3-56. In Connecticut, similar requirements apply under Conn. Gen. Stat. § 36b-6. These statutory schemes raise there own pitfalls for intermediaries.

All of these requirements represent real risk to those having a business that buys and sells small businesses. In 2025, the Commission charged Paul McCabe and PMAC Consulting with acting as unregistered brokers in transactions involving private-company stock, alleging that they negotiated deals, advised buyers, and received substantial transaction-based compensation without registration. See SEC Press Release No. 2025-19. In an earlier proceeding, the SEC found that True Capital Management engaged in unregistered broker activity over a multi-year period while receiving transaction-based compensation in connection with securities transactions. See Exchange Act Release No. 98354 (Sept. 22, 2023).

These enforcement actions are instructive not because they involve large or complex institutions, but because the underlying conduct mirrors what occurs in many private-company transactions. Soliciting counterparties, participating in negotiations, and being paid upon closing are not unusual activities. They are routine features of the small business aquisition process, and it is precisely those features that trigger regulatory scrutiny when securities are involved.

There is a further layer of risk that applies regardless of registration status. Rule 10b-5 makes it unlawful, in connection with the purchase or sale of any security, to make any untrue statement of a material fact or omit material information necessary to make statements not misleading. See 17 C.F.R. § 240.10b-5. This provision applies broadly to participants in securities transactions, including, in certain circumstances, even sellers involved in small private placements.
In the context of small and mid-sized service businesses, that risk is not theoretical. Many smaller businesses lack audited financial statements or formal internal controls. Intermediaries often assist in presenting financial and operational information to prospective buyers. If such representations are inaccurate or incomplete, the issue does not remain confined to the intermediary; it becomes embedded in the transaction itself.

For business owners, the takeaway is not to avoid intermediaries, but to approach them with informed expectations. A competent intermediary should explain how the transaction is likely to be structured and whether it might involve securities. The intermediary should also be transparent about its regulatory posture, including whether it is registered or relying on an exemption. Finally, the process should reflect a disciplined approach to financial disclosure and diligence.

Moreover, business owners should not expect that potentially unlawful conduct will always lead to the rescission of a commission agreement. For example, the Second Circuit has reasoned that a stock purchase agreement that does not require a broker to engage in an unlawful transaction, i.e., “quintessential dealer activity”, will not lead to the rescission of the underlying transaction. As recognized by the Court, “because the contract can be performed lawfully, and because the contract is silent as to if, when, and how Auctus could sell discounted shares of Xeriant stock on the market (assuming that is, indeed, unlawful), the contract has not been made in violation of the Exchange Act.” See Xeriant, Inc. v. Auctus Fund LLC, 141 F. 4th 405, 413 (2d Cir. 2025).

There are, of course, alternatives to the retention of intermediaries who may skirt regulatory compliance. Owners can pursue a more direct process, working with their existing legal and accounting advisors to identify buyers through industry relationships, competitors, or management peers. Potential acquirers may also be owner operators actively seeking to acquire and run additional small businesses as a natural function of their prior success. A “trusted advisor” path can be very effective, particularly where the likely buyer pool is identifiable.

Regardless of the path chosen, the regulatory framework governing purchase transactions is not informal or discretionary. It is statutory, often enforced, and applies based on structure and conduct rather than terminology. For business owners, the question is not simply who can find a buyer. It is whether the process – and the people involved in it – are aligned with the legal framework that protects the seller and governs how the transaction must be executed and sustained.

Intellectual Property, Middle Market Business, Small Business

Service Business Exits: The Coming Transition

While a growing number of business owners continue nearing exit, the market remains unprepared for them. According to the 2026 UBS Global Entrepreneur Report released earlier this month, “[n]early a third (32%) of global entrepreneurs are actively considering exiting their businesses within the next five years.”  This number spikes for those aged 65 to over 57% with American entrepreneurs leading this monetization stampede, with a staggering 63% planning an exit, significantly outpacing their peers in Europe (38%) and Asia-Pacific (18%).  A few weeks earlier, McKinsey released its own report, The Great Ownership Transfer, also beating that same drum:  “By 2035, about six million small and medium-size businesses (SMBs) will face ownership transitions.” 

These figures are not just backroom projections from high-brow consultants – they reflect an obvious structural reality driven by demographics. Ownership of small and mid-sized businesses is heavily concentrated among aging founders, and this concentration is now unwinding itself.  Taken together, these dynamics point to a fundamental imbalance. A large and increasing supply of businesses will be seeking buyers at the same time, yet the infrastructure required to absorb that supply remains uneven.

It is no surprise that McKinsey observes that closure – not continuity – has become the de facto dominant exit path:

Yet the systems for transferring business ownership in the United States are fragmented and under- developed. Today, most exits end in closure rather than transfer, not because the businesses lack value, but because pathways to succession are limited, opaque, or costly. Moreover, starting a business can be more straightforward than acquiring one. The result is a consequential lost opportunity: Firms shut down, jobs disappear, and hard-won mobility gains dissipate—not through disruption, but through inaction.

The implications are particularly acute in the service sector.  As the Federal Reserve Bank of St. Louis explains in its analysis of the services economy, services now account for the majority of both U.S. GDP and employment. More specifically, at the end of 2025, the services sector accounted for 72% of U.S. employment.  This includes healthcare providers, contractors, professional services firms, and hospitality businesses – categories where many small and mid-sized enterprises operate.  Interestingly, the BizBuySell Insight Report points out that the service sector had the strongest business sales growth in 2025, “with transaction volume up 4% over the past year and the median sale price rising 5% to $340,000 and service business values also held strong, with the average cash flow multiple increasing by 2% to 2.52.”

Despite this upswing, service businesses share structural characteristics that complicate ownership transfer. They are frequently owner-dependent, relationship-driven, and operationally concentrated. As well, they also tend to fall below the thresholds that attract institutional capital. McKinsey describes many of these firms as occupying the “missing middle” – economically viable enterprises that nonetheless struggle to transfer due to fragmented buyer markets and limited financing pathways.

A more pressing issue, however, is not market structure. It is owner preparedness.  As starkly revealed by McKinsey, “fewer than one in three small-business owners have a documented exit plan.” At the same time, the BizBuySell Insight Report indicates that a substantial portion of owner wealth – often the majority – is tied up in the business itself.  This combination creates a clear asymmetry. Owners are economically dependent on a successful exit, yet many approach that exit without the structural readiness required to complete one.

For service businesses, the consequences become further amplified. When value depends on personal relationships, undocumented processes, or the continued involvement of the owner, the business becomes difficult to transfer. Buyers discount valuations based on that risk. Lenders hesitate to even finance it. As a result, transactions fail – not because the underlying business lacks value, but because it is not configured for continuity. 

Proper packaging of an SMB’s intellectual property – whether it is a company’s method of doing business or its proprietary client lists, i.e., trade secrets, or the trademarks registered by lawyers long ago to distinguish it from other companies, becomes an essential requirement for a business sale.

This is where success becomes less about markets and more about owner behavior. An exit is often treated as an event – something that occurs at the end of a business lifecycle. It is, however, a process that should be embedded into the business well in advance of that exit. In addition to protecting and packaging relied-upon intellectual property, this ongoing process should reduce owner dependency, formalize operations, strengthen financial reporting, and identifying realistic buyer opportunities.

Not surprisingly, buyer pathways are also often misunderstood. For many service businesses, the most likely acquirers are not institutional investors but independent operators, key employees, or local strategic buyers. In that context, alternative transition structures – employee ownership plans, phased buyouts, or internal succession – may be more viable than a traditional sales process.

The broader societal implications of correcting these imbalances extend well beyond individual transactions. Effective ownership transitions have the potential to preserve employment, maintain local economic continuity, and retain enterprise value within communities. Conversely, failed transitions result not only in lost business opportunities but in the erosion of economic infrastructure that is difficult to rebuild.

The emerging picture, then, is not just of a weak market, but of a mismatched system. Supply and demand may exist but they are unevenly distributed and often inaccessible. The overall limiting factor becomes not opportunity, but coordination – and, at the level of the individual business, this lack of preparation will continue as an owner’s Achilles Heel until awareness and proper resources supplant this widespread failure.   

Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

The Need to Comply With the CTA comes Into Focus

October 8, 2024 was a bellwether date for those waiting on a court to clarify whether the statutory requirement for filing BOI Reports sits on solid ground.  It was on October 8, 2024 when the oral argument in the pending Eleventh Circuit appeal from Small Bus. United d/b/a Nat’l Small Bus. Ass’n v. Janet Yellen, Case No. 5:22-cv-01448, Dkt. No. 52 (N.D. Ala. Mar. 1, 2024) was released to the public.   

Given the tempo and questions raised during this September 27, 2024 hearing, reporting companies can now reasonably assume there is likely no longer any reason to delay filing their BOIR Report based on any perceived lack of judicial clarity.  Before the end of the year – the deadline for over 30 million reporting companies, subject companies should likely file their BOI Report because there is no Judge that will likely remove that obligation. 

While it is never easy to predict which way the judicial winds blow, it seems likely the Eleventh Circuit will at least remand the Alabama decision for further review of the Fourth Amendment argument raised during that hearing – something not touched upon by the court below, if not just rule outright for reversal.  The appellee raised the Fourth Amendment argument because federal, state, local and foreign law enforcement can access BOIR data without the need for a Court Order.  Overall, the Judges – especially the Honorable Andrew L. Brasher who was appointed in 2020, seemed skeptical of this and all other arguments suggesting that Congress passed in 2021 the Corporate Transparency Act (“CTA”) without proper Constitutional footing.

The Eleventh Circuit hearing is on the heels of a District Court Judge in Oregon denying requested injunctive relief, in part, by ruling the CTA was likely constitutional.  See Michael Firestone, et al. v. Janet Yellen, Case No. 3.24-cv-1034, Dkt. No. 18 (D. Or. Sept. 20, 2024).  Indeed, in the second of two supplemental filings with the Eleventh Circuit, the appellee tried to distinguish the Oregon case as well as a recent Supreme Court case that may have shifted the burden in this case slightly in favor of the government – a case the Eleventh Circuit requested supplemental briefing on in its August 14, 2024 Order.  Not surprisingly, the government filed a contrary reply with the Court

As it stands, the Eleventh Circuit and the Court of Appeals of the Ninth Circuit – by way of the likely appeal from the Firestone decision, will squarely rule upon the constitutionality of the CTA – setting up the exact sort of case the Supreme Court likes to hear, namely an appeal where more than one Circuit Court rules on the constitutionality of a far-reaching federal statute. 

Indeed, there are other Courts of Appeal that could also likely chime in on this issue given pending District Court cases, including the First Circuit (William Boyle v. Janet Yellen, Case No. 2:24-cv-00081 (D. Me. filed Mar. 15, 2024) and Black Econ. Council of Mass., Inc. v. Janet Yellen, Case No. 1:24-cv-11411 (D. Mass. filed May 29, 2024)); the Fifth Circuit (Texas Top Cop Shop, Inc. v. Merrick Garland, Case No. 4:24-cv-00478 (E.D. Tex. filed May 28, 2024)), the Sixth Circuit (Small Bus. Ass’n of Mich. v. Janet Yellen, Case No. 1:24-cv-00314 (W.D. Mich. filed Mar. 26, 2024) and Robert J. Gargasz Co. LPA v. Janet Yellen, Case No. 1:23-cv-02468 (N.D. Ohio filed Dec. 29, 2023)); and the Tenth Circuit (Taylor v. Janet Yellen, Case No. 2:24-cv-00527 (D. Utah filed July 29, 2024)).

This mosaic of potentially conflicting upper court decisions leaves little doubt that in the short term FinCEN holds the upper hand and might use such built-up judicial equity to aggressively enforce its BOIR regulations in 2025.  One thing is for sure – the only way this fast-approaching BOIR Train gets derailed is by either the Supreme Court – which is unlikely given the very case the Eleventh Circuit sought briefing on, or by Congress – which is even less likely given the treasure trove of information derived from the CTA may be useful for tracking individuals with large cryptocurrency holdings and eventually bringing in more money into federal coffers as well as potential crime prevention.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

Practical Steps for Advising on BOIR Compliance

When advising clients on filing FinCEN’s Beneficial Ownership Information (BOI) reporting obligations, professionals should offer clear, practical guidance to ensure compliance and mitigate potential risks. 

It is obviously helpful to start out by educating small business clients on the fundamentals of BOIR filing:

   – Who needs to file: Explain that most small corporations, LLCs, and similar entities must comply unless specifically exempt.

   – What needs to be reported: Discuss the required information, such as names, dates of birth, addresses, and ID numbers of beneficial owners (anyone with 25% or more ownership or substantial control).

   – Filing deadlines: Highlight the deadlines—new businesses must file upon formation, and existing businesses have until the start of 2025.

Small business ownership structures can be complex.   Professionals should emphasize that beneficial ownership extends to anyone with substantial control, even if their equity stake is less than 25%.  For example, CPAs should direct their clients to experts who can help them identify all individuals who qualify as beneficial owners, ensuring no key person is missed.  Discuss how trusts are to be handled.

The importance of accurate and up-to-date documentation should be stressed:

   – Maintain records: Recommend that clients keep detailed records of beneficial owners and any changes over time. Establishing a system for periodic updates will help ensure compliance in the future.

   – Secure documentation: Encourage clients to securely store identifying information, such as government-issued ID numbers, to ensure data privacy and protection.

Professionals should inform clients of the risks of non-compliance:

   – Fines and penalties: Non-compliance can result in daily fines of $591 per day, potentially leading to substantial financial liability.

   – Business risks: Emphasize that failing to comply could lead to regulatory investigations or civil penalties, which can be costly and damaging to the business’s reputation.

For businesses that may find the filing process challenging, you should either:

   – Assist with filing: Offer to help prepare and file the BOIR on behalf of the client or coordinate with professionals focused on such filings.

   – Refer to a Compliance specialist: CPAs can also recommend working with a compliance expert or other professional specializing in corporate governance and regulatory filings.

Clients should be told to approach BOI filings proactively:

   – Plan for future updates: Encourage clients to set up procedures for regularly reviewing and updating beneficial ownership information to avoid missing future reporting obligations.

   – Consult early: Suggest addressing BOIR filing well in advance of deadlines to prevent rushed submissions that could lead to errors. Professionals who are diligent and invest the time can easily help their clients navigate FinCEN’s BOI reporting obligations effectively, minimizing risk and ensuring ongoing compliance.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

Risks of Non-Compliance with FinCEN’s BOI Reporting Rule

Non-compliance with FinCEN’s Beneficial Ownership Information (BOI) reporting requirement could expose your business to significant financial and legal risks. Here’s what you need to know about the potential consequences of failing to comply with this critical regulation.

FinCEN has the authority to impose hefty fines on businesses failing to meet the BOI reporting requirement. Penalties for non-compliance is $591 per day, with no maximum cap. This means even small delays in filing could result in substantial financial costs if FinCEN targets your company.

Non-compliance with BOIR can be seen as an attempt to obscure ownership information, which could trigger further investigation into potential financial crimes.

Businesses found to be in non-compliance with the BOI reporting requirements may also suffer reputational damage. Investors, clients, and partners expect transparency in ownership structures, and failure to comply could result in a loss of trust and business opportunities.

Non-compliant businesses may find it harder to secure loans, attract investors, or engage in mergers and acquisitions. Transparency in beneficial ownership is becoming a key factor in financial and business transactions, and non-compliance could hinder growth opportunities.

As of today, there are no reported instances of fines being assessed against a company for violation of the BOI reporting rule.  Nevertheless, the risks of non-compliance with FinCEN’s BOIR requirement far outweigh the effort of filing. Businesses that take proactive steps to meet the reporting deadlines and maintain accurate information will avoid fines, legal action, and reputational harm. Make compliance a priority to safeguard your business.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

Five Common Mistakes to Avoid Before Filing Your BOI Report

Business owners preparing to file their Beneficial Ownership Information (BOI) reports should be aware of common pitfalls that might lead to civil penalties or worse.

The most common mistake is identifying one owner but not identifying every individual qualifying as a beneficial owner. Even if someone owns less than 25% of the business, that person may still be considered a beneficial owner if they hold significant decision-making authority evidencing “substantial control” over the reporting company.

For example, an indirect way to exercise substantial control over a reporting company is by controlling one or more intermediary entities that separately or collectively exercises substantial control over a reporting company. The best way to avoid this mistake is to review your company’s structure carefully and consult an expert if you’re unsure about who is a potential beneficial owner.

Another likely common mistake is submitting incorrect or incomplete details for beneficial owners. Mistakes in names, dates of birth, or identification numbers can lead to rejected filings or regulatory scrutiny – and possibly even fines and jail time if done deliberately. This mistake can easily be avoided by double-checking all information before submission and ensuring you’ve provided accurate and up-to-date details.

A third common mistake is failing to timely file. Businesses underestimate how long the process can take, leading to missed deadlines. For new businesses, filing is required 90 days after formation or registration, while companies formed or registered prior to 2024 have until January 2025 to comply. Companies can avoid this potential problem by marking important dates on your calendar and preparing your filing early to avoid a last-minute rush and a possible $591 a day fine for an untimely filing.

A fourth mistake would be the failure to update information as it changes. As set forth in the applicable regulations, the failure to update beneficial ownership information as changes occur can result in non-compliance. Any changes in ownership or control must be reported within thirty days of the change. This can be avoided by Implementing an internal system to track changes in ownership and file updated reports with FinCEN when necessary.

The fifth common mistake is simply assuming the existence of an exemption without really confirming it applies. Certain businesses, like larger companies already subject to similar rules, are exempt from the BOI reporting requirement. Assuming you are covered by an exemption without having proper confirmation could lead to fines. This can be avoided by double checking your exemption status by consulting the list of exempt entities or seeking expert advice. For example, even if your company has filed for dissolution, that would not automatically exempt you as an inactive company if that dissolution took place in 2024.

Avoiding these five common mistakes will help ensure a smooth BOI reporting process. By simply taking the time to understand key requirements and double-checking your information, you can protect your business from most of these unnecessary risks.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

Preparing Your Business for FinCEN’s BOI Reporting Rule

With the Beneficial Ownership Information (BOI) reporting requirement now in effect, many businesses are wondering how to comply with this new rule issued by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). Preparing early will help you avoid fines and penalties, ensuring a smooth filing process.

The first step is determining who qualifies as a beneficial owner. This includes anyone who exerts substantial control or has ownership of 25% or more in your business. It’s crucial to assess both direct and indirect control, so be sure to evaluate individuals who might have critical influence over decision-making even if they don’t own a large percentage of equity.

You will need the following details for each beneficial owner:

  • Full name
  • Date of birth
  • Residential or business address
  • A government-issued identification number (such as from a driver’s license or passport)

Having this information on hand before filing will streamline the process and ensure accuracy.

If filing for an entity formed in 2024, you will also need to provide similar details for “applicants”, namely those persons who filed formation or registration documents with the state of formation or registration.

New businesses must file their BOI reporting information upon formation. For existing businesses, FinCEN has provided a one-year grace period to comply, meaning the deadline for companies formed or registered prior to 2024 is January 1, 2025. Don’t wait until the last minute — start preparing now.

Develop internal procedures to ensure ongoing compliance. This could involve creating a system for regularly updating beneficial ownership information when ownership or critical management changes over time.

Consider seeking advice from compliance experts to ensure whether you meet all the requirements. While the BOIR filing might seem straightforward, nuances in ownership or control structures could complicate the process. Ensuring your business is prepared for BOI reporting compliance long before the applicable deadline is the exact sort of proactive approach that will save you time, reduce stress, and help avoid costly penalties.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Middle Market Business, Risk Management, Small Business

What Every Business Owner Needs to Know About FinCEN’s BOIR Requirement

The Beneficial Ownership Information (BOI) reporting requirement, introduced by FinCEN (the Treasury Department’s Financial Crimes Enforcement Network) increases transparency in business ownership with the stated goal of reducing financial crimes such as money laundering and tax evasion. As a business owner, it’s essential to understand what this regulation means for you and your company.

The BOIR rule mandates that certain companies report information about their beneficial owners to FinCEN. A “beneficial owner” is any individual who directly or indirectly exercises substantial control over the company or owns 25% or more of its equity

Corporations, limited liability companies (LLCs), and similar entities created or registered by a state to do business in the United States are required to file their BOI Report. Larger companies, regulated financial institutions, and inactive companies, are exempt because they largely already have to conduct this disclosure.

Businesses must report identifying information about each beneficial owner, including:

  • Full legal name
  • Date of birth
  • Current residential or business address
  • A unique identification number from a government-issued document (such as a driver’s license or passport)

The BOIR requirement officially went into effect in January 2024, and new companies must file within 90 days after their formation. Existing companies have until the end of 2024 to comply, so it’s essential to immediately start gathering the necessary information. Compliance with FinCEN’s BOIR requirement is a crucial regulatory obligation so take the time to understand these requirements and prepare your business for the upcoming changes.

Accounting Firm, Financial Reporting, FinCEN BOI Reporting, Law Firm, Middle Market Business, Risk Management, Small Business

Constitutionality of FinCEN’s BOIR Requirement

Found in the nearly 1,500-page National Defense Authorization Act of 2021, is the 21-page Corporate Transparency Act (“CTA”), 31 U.S.C. § 5336.  The CTA currently requires most entities incorporated or doing business under State law to disclose personal stakeholder information to the Treasury Department’s criminal enforcement arm, Financial Crimes Enforcement Network (“FinCEN”), including Tax ID numbers, date of birth, government identification number and copies of government identification documents of all beneficial owners and company state formation applicants (collectively a Beneficial Ownership Information Report or “BOI Report”).

According to Congress, this law is intended to prevent financial crimes such as money laundering and tax evasion committed using shell corporations.  The relevant Constitutional question recently put before an Alabama federal court was whether Congress’ broad powers to regulate commerce, oversee foreign affairs and national security, and impose taxes and related regulations were enough to power such a massive information grab. 

In a 53-page opinion, Judge Liles C. Burke of the Northern District of Alabama answered this question in the negative and struck down the CTA as unconstitutional.  See Mem. Op. at 3 (“Because the CTA exceeds the Constitution’s limits on the legislative branch and lacks a sufficient nexus to any enumerated power to be a necessary or proper means of achieving Congress’ policy goals, the Plaintiffs are entitled to judgment as a matter of law.”).   As recognized by Judge Burke, there was no comparable State or federal law to the CTA.  Mem. Op. at 35.

As a result of Judge Burke’s March 1, 2024 ruling – which began its appellate journey on March 11, 2024, all the plaintiffs in that case are for the time being exempt from filing a BOI Report – including the over 65,000 businesses and entrepreneurs located in all 50 states who are members of Plaintiff National Small Business Association (“NSBA”).  As for everyone else who may be a Reporting Company, the CTA very much still applies.

By way of background, FinCEN issued a final rule implementing the CTA on September 29, 2022 and made that rule effective as of January 1, 2024.  87 Fed. Reg. 59498.  Because only the plaintiffs in the Alabama action are safe from the CTA’s reporting reach all other businesses operating in the United States who are considered Reporting Companies will have to comply with the Rule. 

More specifically, the CTA requires disclosures from “reporting company[ies],” defined as “corporation[s], limited liability company[ies], or other similar entit[ies]” that are either “(i) created by the filing of a document with a secretary of state or a similar office under the law of a State or Indian Tribe, or (ii) formed under the law of a foreign country and registered to do business in the United States.” 31 U.S.C. § 5336(a)(11)(A). The CTA exempts twenty-three kinds of entities from its reporting requirements, including banks, insurance companies, and entities with more than twenty employees, five million dollars in gross revenue, and a physical office in the United States. 31 U.S.C. § 5336(a)(11)(B).  In other words, this statute not only targets shell companies involved in criminal conduct or fraud, it expressly hits most small business owners in the country as well.

“FinCEN estimates that there will be approximately 32.6 million reporting companies in Year 1, and 5 million additional reporting companies each year in Years 2–10.”   87 Fed. Reg. at 59549. The CTA requires these millions of entities to disclose the identity and information of any “beneficial owner.” 31 U.S.C. § 5336(b)(1)(A). A beneficial owner is defined as “an individual who . . . (i) exercises substantial control over the entity; or (ii) owns or controls not less than 25 percent of the ownership interests of the entity,” with some exceptions for children, creditors, and a few others. 31 U.S.C. § 5336(a)(3).

For new entities formed or operating in the United States after January 1, 2024, the CTA requires them to disclose the identity and information of both Beneficial Owners and “Applicants,” defined as “any individual who files an application to form a corporation, LLC, or other similar entity under the laws of a State or Indian Tribe; or registers [a foreign entity] to do business in the United States.” 31 U.S.C. § 5336(a)(2).  Such filings must be made within 90 days of the relevant state filings and those companies formed or operating in the United States prior to January 1, 2024 have until year end.

Reporting entities must give FinCEN a Beneficial Owner or Applicant’s full legal name, date of birth, current address, and identification number from a driver’s license, ID card, or passport. 31 U.S.C. § 5336(a)(1), (b)(2)(A).   Under the final rule, reporting entities are also required to submit an image of the identifying document. 31 C.F.R. § 1010.380(b)(1)(ii)(E). If any of that information changes, the reporting company must update FinCEN, 31 U.S.C. § 5336(b)(1)(D), and FinCEN retains Applicant and Beneficial Owner information on an ongoing basis for at least five years after the reporting company terminates. 31 U.S.C. § 5336(c)(1).  Determining whether someone is a Beneficial Owner can be somewhat difficult given it requires a determination of who “has substantial influence over important decisions made by the reporting company” among other potentially vague criteria.  31 C.F.R. § 1010.38 (d)(1)(i)(C).

A willful provision of false or fraudulent beneficial ownership information or failure to report “complete or updated beneficial ownership information to FinCEN” by “any person” is punishable by a $500 per day civil penalty and up to $10,000 in fines and 2 years in federal prison, 31 U.S.C. § 5336(h)(1), (3)(A); a knowing and unauthorized disclosure or use of beneficial ownership information by “any person” is punishable by a $500 per day civil penalty, along with a $250,000 fine and 5 years in federal prison, 31 U.S.C. § 5336(h)(2), (3)(B); and a knowing and unauthorized use or disclosure while violating another federal law “or as part of a pattern of any illegal activity involving more than $100,000 in a 12-month period” by “any person” is punishable with a $500,000 fine and 10 years in federal prison, 31 U.S.C. § 5336(h)(3)(B)(ii)(II). Over time, this daily penalty increased to $591 per day.

As recognized by Judge Burke, “[t]he ultimate result of this statutory scheme is that tens of millions of Americans must either disclose their personal information to FinCEN through State-registered entities, or risk years of prison time and thousands of dollars in civil and criminal fines.”  Mem. Op. at 8.  Given the importance of this information, FinCEN already compels banks and other financial institutions to obtain nearly identical information from State entity customers and provide it to FinCEN.  

More specifically, FinCEN’s 2016 Customer Due Diligence rule requires “covered financial institutions” to “identify and verify beneficial owners of legal entity customers.” 31 C.F.R. § 1010.230(a).   As with the CTA, this rule defines a “legal entity customer” as “a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account,” unless the entity fits into one of sixteen exemptions – seven less than the CTA exemptions. 31 C.F.R. § 1010.230(e)(1)-(2).

The CDD rule also defines beneficial owners in the same manner: “Each individual . . . who owns, directly or indirectly, 25 percent or more” of the entity; has “significant responsibility to control, manage, or direct a legal entity,” including “a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer)” and “[a]ny  other  individual  who  regularly  performs  similar  functions.”  31 C.F.R. § 1010.230(d)(1)-(2).

In other words, FinCEN’s CDD rule and the CTA provide FinCEN with nearly identical information.  The CTA itself acknowledges the similarity. See 31 U.S.C. § 5336(b)(1)(F) (requiring the Secretary of the Treasury to promulgate regulations that “collect [beneficial owner and applicant] information . . . in a form and manner that ensures the information is highly useful in . . . confirming beneficial ownership information provided to financial institutions.” (emphasis added).  See also Pub. L. 116-283 § 6402 (6)(B) (134 STAT. at 4604 – 4605) (“It is the sense of Congress that . . . [collection of] beneficial ownership information . . . [will] confirm beneficial ownership information [already] provided to financial institutions.”).

According to FinCEN’s compliance with the Paperwork Reduction Act of 1995: “The estimated average burden associated with this collection of information from Reporting Companies is 90 to 650 minutes per respondent for reporting companies with simple or complex beneficial ownership structures, respectively. The estimated average burden associated with Reporting Companies updating information previously provided is 40 to 170 minutes per respondent for reporting companies with simple or complex beneficial ownership structures, respectively.”

Given the appellate route will likely take well over a year to resolve and the NSBA plaintiffs no longer have any injury to adjudicate – which might have expedited an appeal if they had, it is incumbent on business owners to take the CTA at its face value and comply with the implemented regulations of FinCEN.

Behavioral Advertising, Middle Market Business, Network Security, Privacy, Risk Management, Small Business, Technology Law

Our Current Cyber Pandemic Will Also Subside

On April 17, 2020, it was reported that researchers at Finland’s Arctic Security found “the number of networks experiencing malicious activity was more than double in March in the United States and many European countries compared with January, soon after the virus was first reported in China. ”

Lari Huttunen at Arctic Security astutely pointed out why previously safe networks were now exposed: “In many cases, corporate firewalls and security policies had protected machines that had been infected by viruses or targeted malware . . . . Outside of the office, that protection can fall off sharply, allowing the infected machines to communicate again with the original hackers. “

Tom Kellerman – a cybersecurity thought leader, distills it this way: “There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring.”

While there are certain internal ways of addressing cybersecurity threats arising from a viral pandemic, the exposures now faced by corporations become doubly damaging when the outside resources absolutely necessary to combat active threats are considered off-budget or not a critical enough priority. Smart companies generally survive stressful times by prioritizing with some foresight. Network security during a Cyber Pandemic should be a top priority no matter what size business.

During our Cyber Pandemic, companies recognizing and properly addressing the potential damage caused by threat actors will not only survive minor short-term hits to their bottom line caused by paying outside resources, they will likely be the ones coming on top after both Pandemics subside. There is definitely a light at the end of the tunnel for those willing to take the ride – just continue using trusted vehicles to get you there.