Beneficial Ownership and the Cost of CTA Compliance 

  • Source: and


According to the Financial Crimes Enforcement Network (FinCEN), its new Beneficial Ownership regulations under the Corporate Transparency Act (CTA) will result in a significant annual compliance burden for financial institutions. The financial, operational, and compliance burdens are specific to accessing and using the government’s information database and pertain to creating programs around administrative, physical, and technical safeguards, customer consent, certifications, and training.

Treliant, a trusted advisor to financial services clients, provides critical support to institutions as they establish compliance and operational programs to meet FINCEN’s requirements. Treliant helps ensure that institutions efficiently establish tailored and robust programs with minimal impact on existing compliance, operations, and personnel.


On January 30, 2024, FinCEN issued a notice inviting comments on the reporting and recordkeeping burdens associated with collecting information to comply with the Beneficial Ownership Information (BOI) Access and Safeguards final rule (BOI Access Rule). The BOI Access Rule establishes strict requirements regarding the protection of sensitive personal information, recordkeeping, and accessing/using the government database. According to a FinCEN regulatory impact analysis (ROI), the BOI Access Rule will impact an estimated 15,934 entities, including state, local, and tribal agencies and self-regulatory organizations (collectively, “Agencies”), and financial institutions.

The ROI estimates the compliance burden at 8.74 million hours in the first year and about 3.62 million hours in subsequent years [1]. Of this total, FinCEN estimates the compliance cost to financial institutions to be 6.4 million hours in year one and 1.9 million hours in year two and onwards, equating to financial costs of approximately $868.2 million in year one and $339.3 million in subsequent years.

FinCEN also breaks down the hourly burden associated with each category of requirements of the BOI Access Rule for both the Agencies and financial institutions, including policies and procedures, secure systems, and certifications.

What This Means

The extensive requirements and associated costs underscore the seriousness with which the U.S. government is approaching issues of money laundering, terrorist financing, tax fraud, and other illicit activities. Financial institutions will face significant regulatory expectations for compliance and execution, particularly around data protection and documentation.

It is worth nothing that the compliance burden is extensive for both Agencies and financial institutions seeking to comply. Financial institutions will need to establish effective and robust procedures and systems for:

  • Administrative, physical, and technical safeguards.
  • Collection and documentation of customer consents.
  • Certifications for each request.
  • Training.
  • Notifications to FinCEN regarding foreign government requests.
  • Any requirements specific to certain jurisdictions.

Accurate data management and documentation will be also critical.

The operational, financial, and administrative impact of this rule will be specific to each institution. In certain cases, some of these requirements can be bolted onto existing programs; in other cases, it will require the institution to undertake significant program builds and invest in systems, technology and data management.

For their part, the Agencies must adhere to significant requirements around establishing secure and auditable systems to store BOI, access controls, conducting annual audits, obtaining certifications, and recordkeeping. As with financial institutions, the impact will also depend on existing controls and systems.

[1] FINCEN calculates the total annual hourly burden by multiplying the number of entities by the hours per entity for each action.

Ready to Talk?

We work with you to understand your needs, so we can tailor our approach to your engagement. Learn more when you connect with our team.


Rawan Abdelrazek

Rawan Abdelrazek, Managing Director with Treliant’s Financial Crimes and Fraud Solutions team, is a seasoned financial services executive with extensive experience in program buildouts, compliance, remediation, digital assets/cryptocurrency, strategic change, operational management, and government leadership.

Richard Lee

Richard Lee is an Analyst at Treliant. At Treliant, Richard brings his expertise in transaction monitoring and client due diligence to bear in helping financial institutions comply with regulatory requirements and prevent financial crime.