Congress is Unconstitutionally Criminalizing Privacy
On December 11 2020, with a bipartisan veto-proof majority, the US Senate joined the House of Representatives in passing the National Defense Authorization Act for Fiscal Year 2021, a ~1500 page bill which included ~20 pages describing the Corporate Transparency Act. The CTA requires a report be filed with the Financial Crimes Enforcement Network (FinCEN) that identifies every beneficial owner of any company formed in the US, or any foreign company that registers to do business in the US. FinCEN defines “beneficial owner” as "any individual who, directly or indirectly, either exercises substantial control over such reporting company or owns or controls at least 25 percent of the ownership interests of such reporting company."
The CTA eventually took effect on January 1, 2024. More than 30 million existing entities are expected to be subject to the CTA, and approximately 5 million new entities are expected to join that number each year. According to FinCEN ~500,000 reports were filed in the first 2 months of 2024.
What Must be Reported?
Every report must include each beneficial owner's:
- name
- date of birth
- current address
- unique identifying number (such as social security number)
Existing entities will be required to report this information by January 1, 2025. The report will be required for newly formed entities at the time of formation. Finally, a reporting company will need to update their information on file upon any change in beneficial ownership.
Who Can Access This Information?
FinCEN will store the information in a private database. It will be made available to Federal and state law enforcement agencies pursuant to an appropriate request. The Department of the Treasury, the custodian of the records through FinCEN, has its own broad and separate authorization to use the information, including for purposes related to tax administration. Foreign law enforcement also may request information from the database. Finally, financial institutions will have access to the database for customer due diligence purposes.
It's hard to put a number on just how many people and organizations will be able to access this data. And that's being optimistic that the private database remains private. I think it's safe to assume the database is connected to the Internet; after all, the process of submitting your disclosure information is via FinCEN's web site. Unfortunately I suspect it's only a matter of time before this information gets compromised and falls into the wrong hands.
Customer due diligence requirements for financial institutions will be updated to conform to the requirements of the CTA and to take into account access by financial institutions to the information compiled under the CTA. This means that the establishment of any entity account with a financial institution will require compliance, making non-compliance impossible.
What are the Penalties for Non-Compliance?
Failure to provide complete information required under the CTA or willfully providing false information comes with steep consequences.
- civil penalties of up to $500 per day
- criminal fines up to $10,000
- imprisonment for up to two years
Why Does This Matter?
I'm sure there are a wide variety of reasons why beneficial owners of companies would prefer to retain their privacy. I can only speak for myself. As I laid out 5 years ago, a substantial portion of my own privacy is built upon the fact that the US allows for protecting your privacy with legal entities such as corporations and trusts.
The wonderful aspect of using such entities as proxies for my ownership of publicly registered assets such as real estate and vehicles is that it keeps my name out of the public databases and data brokers used by attackers who leverage open source intelligence (OSINT) to track down targets. This is because the actual ownership of said entities is only written down on the privately held documents defining the governance and operation of the entity. These documents don't exist in a database anywhere that can be queried or hacked.
In short, we're facing an immense broadening of the attack surface against folks who protect their privacy via legal entities.
Corporate Transparency Act Ruled Unconstitutional
A legal challenge was brought by the National Small Business Association (NSBA) and one of its members against the Secretary of the U.S. Treasury Department.
As a result, earlier this month a US Federal Judge ruled:
The Corporate Transparency Act is unconstitutional because it cannot be justified as an exercise of Congress’ enumerated powers. This conclusion makes it unnecessary to decide whether the CTA violates the First, Fourth, and Fifth Amendments.
Burke’s ruling suggested that there was not a clear enough case that the CTA was supported on the grounds of national security.
FinCEN Responds
A few days after the ruling that the CTA is unconstitutional, FinCEN posted the following notice.
"Other than the particular individuals and entities subject to the court’s injunction, as specified below, reporting companies are still required to comply with the law and file beneficial ownership reports as provided in FinCEN’s regulations."
What. The. Fuck?
We know the law is unconstitutional.
FinCEN knows the law is unconstitutional.
FinCEN knows we know the law is unconstitutional.
And yet we're supposed to pretend like nothing happened and comply with an illegal law.
What's Next?
It looks like legal appeals are ongoing. In 2023, the median time for the Eleventh Circuit to resolve a case was over 9 months. However, the deadline by which 30+ million companies must file their initial report under the CTA is January 1, 2025. Not a particularly optimistic set of circumstances for a timely resolution of this matter.
For the time being, lawyers advise that the effect of the Treasury Department's defeat in federal court is only unconstitutional as-applied to the plaintiffs in that particular case: member organizations of the National Small Business Association who were members prior to March 1st, 2024. The government's position is that everyone else has to comply in the meantime, unless of course we bring separate lawsuits and win separate victories of our own.
This poses some uncomfortable questions.
- Do I obey an unconstitutional order under the threat of penalty?
- Do I cross my fingers and hope the courts resolve this logically and speedily?
- Do I have to sue Janet Yellen in order to not have my rights tread upon?
- Is it worth attempting a class action lawsuit against the Department of Treasury?
If you are affected by the CTA and are interested in fighting back against this government overreach, please reach out via my contact form. We know there are over 30 million affected entities; I am surely not alone in my concerns. I have already spent a lot of resources on attorneys to defend my privacy; if funding a lawsuit is the latest requirement then so be it.
I don't know what will happen over the course of this year, but I do know one thing.