Skip to main content
  1. Home
  2. Banks and Banking
  3. Bank Secrecy Act Regulations (Department of the Treasury, FinCEN)
  4. PART 1010
  5. SUBPART J
  6. SECTION 1010.955
3-1709.45

SECTION 1010.955—Availability of Beneficial Ownership Information Reported under This Part

(a) Prohibition on disclosure. Except as authorized in paragraphs (b), (c), and (d) of this section, information reported to FinCEN pursuant to section 1010.380 is confidential and shall not be disclosed by any individual who receives such information as—
(1) An officer, employee, contractor, or agent of the United States;
(2) An officer, employee, contractor, or agent of any State, local, or Tribal agency; or
(3) A director, officer, employee, contractor, or agent of any financial institution.
(b) Disclosure of information by FinCEN.
(1) Disclosure to Federal agencies for use in furtherance of national security, intelligence, or law enforcement activity. Upon receipt of a request from a Federal agency engaged in national security, intelligence, or law enforcement activity for information reported pursuant to section 1010.380 to be used in furtherance of such activity, FinCEN may disclose such information to such agency. For purposes of this paragraph (b)(1)
(i) National security activity means activity pertaining to the national defense or foreign relations of the United States, as well as activity to protect against threats to the safety and security of the United States;
(ii) Intelligence activity means all activities conducted by elements of the United States Intelligence Community that are authorized pursuant to Executive Order 12333, as amended, or any succeeding executive order; and
(iii) Law enforcement activity means investigative and enforcement activities relating to civil or criminal violations of law. Such activity does not include the routine supervision or examination of a financial institution by a Federal regulatory agency with authority described in paragraph (b)(4)(ii)(A) of this section.
(2) Disclosure to State, local, and Tribal law enforcement agencies for use in criminal or civil investigations. Upon receipt of a request from a State, local, or Tribal law enforcement agency for information reported pursuant to section 1010.380 to be used in a criminal or civil investigation, FinCEN may disclose such information to such agency if a court of competent jurisdiction has authorized the agency to seek the information in a criminal or civil investigation. For purposes of this section—
(i) A court of competent jurisdiction is any court with jurisdiction over the investigation for which a State, local, or Tribal law enforcement agency requests information under this paragraph.
(ii) A State, local, or Tribal law enforcement agency is an agency of a State, local, or Tribal government that is authorized by law to engage in the investigation or enforcement of civil or criminal violations of law.
(3) Disclosure for use in furtherance of foreign national security, intelligence, or law enforcement activity. Upon receipt of a request for information reported pursuant to section 1010.380 from a Federal agency on behalf of a law enforcement agency, prosecutor, or judge of another country, or on behalf of a foreign central authority or foreign competent authority (or like designation) under an applicable international treaty, agreement, or convention, FinCEN may disclose such information to such Federal agency for transmission to the foreign law enforcement agency, prosecutor, judge, foreign central authority, or foreign competent authority who initiated the request, provided that:
(i) The request is for assistance in a law enforcement investigation or prosecution, or for a national security or intelligence activity, that is authorized under the laws of the foreign country; and
(ii) The request is:
(A) Made under an international treaty, agreement, or convention; or
(B) Made, when no such treaty, agreement, or convention is available, as an official request by a law enforcement, judicial, or prosecutorial authority of a foreign country determined by FinCEN, with the concurrence of the Secretary of State and in consultation with the Attorney General or other agencies as necessary and appropriate, to be a trusted foreign country.
(iii) For purposes of this paragraph (b)(3), a national security activity authorized under the laws of a foreign country is an activity pertaining to the national defense or foreign relations of a country other than the United States, as well as activity to protect against threats to the safety and security of that country.
(iv) For purposes of this paragraph (b)(3), an intelligence activity authorized under the laws of a foreign country is an activity conducted by a foreign government agency that is authorized under a foreign legal authority comparable to Executive Order 12333 that is applicable to the agency.
(4) Disclosure to facilitate compliance with customer due diligence requirements.
(i) Financial institutions. Upon receipt of a request from a financial institution subject to customer due diligence requirements under applicable law for information reported pursuant to section 1010.380 to be used in facilitating compliance with such requirements, FinCEN may disclose the information to the financial institution for that use, provided that the reporting company that reported the information to FinCEN consents to such disclosure. For purposes of this paragraph, customer due diligence requirements under applicable law mean any legal requirement or prohibition designed to counter money laundering or the financing of terrorism, or to safeguard the national security of the United States, to comply with which it is reasonably necessary for a financial institution to obtain or verify beneficial ownership information of a legal entity customer.
(ii) Regulatory agencies. Upon receipt of a request by a Federal functional regulator or other appropriate regulatory agency, FinCEN shall disclose to such agency any information disclosed to a financial institution pursuant to paragraph (b)(4)(i) of this section if the agency—
(A) Is authorized by law to assess, supervise, enforce, or otherwise determine the compliance of such financial institution with customer due diligence requirements under applicable law;
(B) Will use the information solely for the purpose of conducting the assessment, supervision, or authorized investigation or activity described in paragraph (b)(4)(ii)(A) of this section; and
(C) Has entered into an agreement with FinCEN providing for appropriate protocols governing the safekeeping of the information.
(5) Disclosure to officers or employees of the Department of the Treasury. Consistent with procedures and safeguards established by the Secretary—
(i) Information reported pursuant to section 1010.380 shall be accessible for inspection or disclosure to officers and employees of the Department of the Treasury whose official duties the Secretary determines require such inspection or disclosure.
(ii) Officers and employees of the Department of the Treasury may obtain information reported pursuant to section 1010.380 for tax administration as defined in 26 U.S.C. 6103(b)(4).
(c) Use of information.
(1) Use of information by authorized recipients. Except as permitted under paragraph (c)(2) of this section, any person who receives information disclosed by FinCEN under paragraph (b) of this section shall not further disclose such information to any other person, and shall use such information only for the particular purpose or activity for which such information was disclosed. A Federal agency that receives information pursuant to paragraph (b)(3) of this section shall only use it to facilitate a response to a request for assistance pursuant to that paragraph.
(2) Disclosure of information by authorized recipients.
(i) Any officer, employee, contractor, or agent of a requesting agency who receives information disclosed by FinCEN pursuant to a request under paragraph (b)(1) or (2) or (b)(4)(ii) of this section may disclose such information to another officer, employee, contractor, or agent of the same requesting agency for the particular purpose or activity for which such information was requested, consistent with the requirements of paragraph (d)(1)(i)(F) of this section, as applicable. Any officer, employee, contractor, or agent of the U.S. Department of the Treasury who receives information disclosed by FinCEN pursuant to a request under paragraph (b)(5) of this section may disclose such information to another Treasury officer, employee, contractor, or agent for the particular purpose or activity for which such information was requested consistent with internal Treasury policies, procedures, orders or directives.
(ii) Any director, officer, employee, contractor, or agent of a financial institution who receives information disclosed by FinCEN pursuant to a request under paragraph (b)(4)(i) of this section may disclose such information to another director, officer, employee, contractor, or agent of the same financial institution for the particular purpose or activity for which such information was requested, consistent with the requirements of paragraph (d)(2) of this section.
(iii) Any director, officer, employee, contractor, or agent of a financial institution that receives information disclosed by FinCEN pursuant to paragraph (b)(4)(i) of this section may disclose such information to the financial institution’s Federal functional regulator, a self-regulatory organization that is registered with or designated by a Federal functional regulator pursuant to Federal statute, or other appropriate regulatory agency, provided that the Federal functional regulator, self-regulatory organization, or other appropriate regulatory agency meets the requirements identified in paragraphs (b)(4)(ii)(A) through (C) of this section. A financial institution may rely on a Federal functional regulator, self-regulatory organization, or other appropriate regulatory agency’s representation that it meets the requirements.
(iv) Any officer, employee, contractor, or agent of a Federal functional regulator that receives information disclosed by FinCEN pursuant to paragraph (b)(4)(ii) of this section may disclose such information to a self-regulatory organization that is registered with or designated by the Federal functional regulator, provided that the self-regulatory organization meets the requirements of paragraphs (b)(4)(ii)(A) through (C) of this section.
(v) Any officer, employee, contractor, or agent of a Federal agency that receives information from FinCEN pursuant to a request made under paragraph (b)(3) of this section may disclose such information to the foreign person on whose behalf the Federal agency made the request.
(vi) Any officer, employee, contractor, or agent of a Federal agency engaged in a national security, intelligence, or law enforcement activity, or any officer, employee, contractor, or agent of a State, local, or Tribal law enforcement agency, may disclose information reported pursuant to section 1010.380 that it has obtained directly from FinCEN pursuant to a request under paragraph (b)(1) or (2) of this section to a court of competent jurisdiction or parties to a civil or criminal proceeding.
(vii) Any officer, employee, contractor, or agent of a requesting agency who receives information disclosed by FinCEN pursuant to a request under paragraph (b)(1), (b)(4)(ii), or (b)(5) of this section may disclose such information to any officer, employee, contractor, or agent of the United States Department of Justice for purposes of making a referral to the Department of Justice or for use in litigation related to the activity for which the requesting agency requested the information.
(viii) Any officer, employee, contractor, or agent of a State, local, or Tribal law enforcement agency who receives information disclosed by FinCEN pursuant to a request under paragraph (b)(2) of this section may disclose such information to any officer, employee, contractor, or agent of another State, local, or Tribal agency for purposes of making a referral for possible prosecution by that agency, or for use in litigation related to the activity for which the requesting agency requested the information.
(ix) A law enforcement agency, prosecutor, judge, foreign central authority, or foreign competent authority of another country that receives information from a Federal agency pursuant to a request under paragraph (b)(3)(ii)(A) of this section may disclose and use such information consistent with the international treaty, agreement, or convention under which the request was made.
(x) FinCEN may by prior written authorization, or by protocols or guidance that FinCEN may issue, authorize persons to disclose information obtained pursuant to paragraph (b) of this section in furtherance of a purpose or activity described in that paragraph.
(d) Security and confidentiality requirements.
(1) Security and confidentiality requirements for domestic agencies.
(i) General requirements. To receive information under paragraph (b)(1), (2), or (3) or (b)(4)(ii) of this section, a Federal, State, local, or Tribal agency shall satisfy the following requirements:
(A) Agreement. The agency shall enter into an agreement with FinCEN specifying the standards, procedures, and systems to be maintained by the agency, and any other requirements FinCEN may specify, to protect the security and confidentiality of such information. Agreements shall include, at a minimum, descriptions of the information to which an agency will have access, specific limitations on electronic access to that information, discretionary conditions of access, requirements and limitations related to re-disclosure, audit and inspection requirements, and security plans outlining requirements and standards for personnel security, physical security, and computer security.
(B) Standards and procedures. The agency shall establish standards and procedures to protect the security and confidentiality of such information, including procedures for training agency personnel on the appropriate handling and safeguarding of such information. The head of the agency, on a non-delegable basis, shall approve these standards and procedures.
(C) Initial report and certification. The agency shall provide FinCEN a report that describes the standards and procedures established pursuant to paragraph (d)(1)(i)(B) of this section and that includes a certification by the head of the agency, on a non-delegable basis, that the standards and procedures implement the requirements of this paragraph (d)(1).
(D) Secure system for beneficial ownership information storage. The agency shall, to the satisfaction of the Secretary, establish and maintain a secure system in which such information shall be stored.
(E) Auditability. The agency shall establish and maintain a permanent, auditable system of standardized records for requests pursuant to paragraph (b) of this section, including, for each request, the date of the request, the name of the individual who makes the request, the reason for the request, any disclosure of such information made by or to the requesting agency, and information or references to such information sufficient to reconstruct the reasons for the request.
(F) Restrictions on personnel access to information. The agency shall restrict access to information obtained from FinCEN pursuant to this section to personnel—
(1) Who are directly engaged in the activity for which the information was requested;
(2) Whose duties or responsibilities require such access;
(3) Who have received training pursuant to paragraph (d)(1)(i)(B) of this section or have obtained the information requested directly from persons who both received such training and received the information directly from FinCEN;
(4) Who use appropriate identity verification mechanisms to obtain access to the information; and
(5) Who are authorized by agreement between the agency and FinCEN to access the information.
(G) Audit requirements. The agency shall:
(1) Conduct an annual audit to verify that information obtained from FinCEN pursuant to this section has been accessed and used appropriately and in accordance with the standards and procedures established pursuant to paragraph (d)(1)(i)(B) of this section;
(2) Provide the results of that audit to FinCEN upon request; and
(3) Cooperate with FinCEN’s annual audit of the adherence of agencies to the requirements established under this paragraph to ensure that agencies are requesting and using the information obtained under this section appropriately, including by promptly providing any information FinCEN requests in support of its annual audit.
(H) Semi-annual certification. The head of the agency, on a non-delegable basis, shall certify to FinCEN semiannually that the agency’s standards and procedures established pursuant to paragraph (d)(1)(i)(B) of this section are in compliance with the requirements of this paragraph (d)(1). One of the semiannual certifications may be included in the annual report required under paragraph (d)(1)(i)(I) of this section.
(I) Annual report on procedures. The agency shall provide FinCEN a report annually that describes the standards and procedures that the agency uses to ensure the security and confidentiality of any information received pursuant to paragraph (b) of this section.
(ii) Requirements for requests for disclosure. A Federal, State, local, or Tribal agency that makes a request under paragraph (b)(1), (2), or (3) or (b)(4)(ii) of this section shall satisfy the following requirements in connection with each request that it makes and in connection with all such information it receives.
(A) Minimization. The requesting agency shall limit, to the greatest extent practicable, the scope of such information it seeks, consistent with the agency’s purposes for seeking such information.
(B) Certifications and other requirements.
(1) The head of a Federal agency that makes a request under paragraph (b)(1) of this section or their designee shall make a written certification to FinCEN, in the form and manner as FinCEN shall prescribe, that:
(i) The agency is engaged in a national security, intelligence, or law enforcement activity; and
(ii) The information requested is for use in furtherance of such activity, setting forth specific reasons why the requested information is relevant to the activity.
(2) The head of a State, local, or Tribal agency, or their designee, who makes a request under paragraph (b)(2) of this section shall submit to FinCEN a written certification, in the form and manner as FinCEN shall prescribe, that:
(i) A court of competent jurisdiction has authorized the agency to seek the information in a criminal or civil investigation; and
(ii) The requested information is relevant to the criminal or civil investigation, setting forth a description of the information the court has authorized the agency to seek.
(3) The head of a Federal agency, or their designee, who makes a request under paragraph (b)(3)(ii)(A) of this section shall:
(i) Retain for the agency’s records the request for information under the applicable international treaty, agreement, or convention;
(ii) Submit to FinCEN, in the form and manner as FinCEN shall prescribe: the name, title, agency, and country of the foreign person on whose behalf the Federal agency is making the request; the title of the international treaty, agreement, or convention under which the request is being made; and a certification that the requested information is for use in furtherance of a law enforcement investigation or prosecution, or for a national security or intelligence activity, that is authorized under the laws of the relevant foreign country.
(4) The head of a Federal agency, or their designee, who makes a request under paragraph (b)(3)(ii)(B) of this section shall submit to FinCEN, in the form and manner as FinCEN shall prescribe:
(i) A written explanation of the specific purpose for which the foreign person is seeking information under paragraph (b)(3)(ii)(B) of this section, along with an accompanying certification that the information is for use in furtherance of a law enforcement investigation or prosecution, or for a national security or intelligence activity, that is authorized under the laws of the relevant foreign country and that the foreign person seeking information under paragraph (b)(3)(ii)(B) has been informed that the information may only be used only for the particular purpose or activity for which it is requested and must be handled consistent with the requirements of paragraph (d)(3) of this section;
(ii) The name, title, agency, and country of the foreign person on whose behalf the Federal agency is making the request; and
(iii) Any other information that FinCEN requests in order to evaluate the request.
(5) The head of a Federal functional regulator or other appropriate regulatory agency, or their designee, who makes a request under paragraph (b)(4)(ii) of this section shall make a written certification to FinCEN, in the form and manner as FinCEN shall prescribe, that:
(i) The agency is authorized by law to assess, supervise, enforce, or otherwise determine the compliance of a relevant financial institution with customer due diligence requirements under applicable law; and
(ii) The agency will use the information solely for the purpose of conducting the assessment, supervision, or authorized investigation or activity described in paragraph (b)(4)(ii)(A) of this section.
(2) Security and confidentiality requirements for financial institutions. To receive information under paragraph (b)(4)(i) of this section, a financial institution shall satisfy the following requirements:
(i) Geographic restrictions on information. The financial institution shall not make information obtained from FinCEN under paragraph (b)(4)(i) of this section available to persons physically located in, and shall not store such information in, any of the following jurisdictions:
(A) The People’s Republic of China;
(B) The Russian Federation; or
(C) A jurisdiction:
(1) That is a state sponsor of terrorism, as determined by the U.S. Department of State;
(2) That is the subject of comprehensive financial and economic sanctions imposed by the Federal Government, i.e., is a jurisdiction with a government whose property and interests in property within U.S. jurisdiction are blocked pursuant to U.S. sanctions authorities, or a jurisdiction subject to broad-based prohibitions on transactions by U.S. persons involving that jurisdiction, such as prohibitions on importing or exporting goods, services, or technology to the jurisdiction or dealing in goods or services originating from the jurisdiction, pursuant to U.S. sanctions authorities; or
(3) To which the Secretary has determined that allowing information obtained from FinCEN under paragraph (b)(4)(i) of this section to be made available would undermine the enforcement of the requirements of paragraph (d)(2) of this section or the national security of the United States.
(ii) Safeguards. The financial institution shall develop and implement administrative, technical, and physical safeguards reasonably designed to protect the security, confidentiality, and integrity of such information. These shall include:
(A) Information procedures. The financial institution shall:
(1) Apply such information procedures as the institution has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.), and applicable regulations issued thereunder, with regard to the protection of its customers’ nonpublic personal information, modified as needed to account for any unique requirements imposed under this section; or
(2) If the institution is not subject to section 501 of the Gramm-Leach-Bliley Act, apply such information procedures with regard to the protection of its customers’ nonpublic personal information as are required, recommended, or authorized under applicable law and are at least as protective of the security and confidentiality of customer information as procedures that satisfy the standards of section 501 of the Gramm-Leach-Bliley Act.
(B) Notification of information demand. The financial institution shall notify FinCEN within three business days of receipt of any foreign government subpoena or legal demand under which the financial institution would have to disclose any information the financial institution has received pursuant to a request under paragraph (b)(4)(i) of this section.
(iii) Consent to obtain information. Before making a request for information regarding a reporting company under paragraph (b)(4)(i) of this section, the financial institution shall obtain and document the consent of the reporting company to request such information. The documentation of the reporting company’s consent shall be maintained for 5 years after it is last relied upon in connection with a request for information under paragraph (b)(4)(i) of this section.
(iv) Certification. For each request for information regarding a reporting company under paragraph (b)(4)(i) of this section, the financial institution shall make a certification to FinCEN in such form and manner as FinCEN shall prescribe that the financial institution:
(A) Is requesting the information to facilitate its compliance with customer due diligence requirements under applicable law;
(B) Has obtained and documented the consent of the reporting company to request the information from FinCEN; and
(C) Has fulfilled all other requirements of paragraph (d)(2) of this section.
(3) Security and confidentiality requirements for foreign recipients of information.
(i) To receive information under paragraph (b)(3)(ii)(A) of this section, a foreign person on whose behalf a Federal agency made the request under that paragraph shall comply with all applicable handling, disclosure, and use requirements of the international treaty, agreement, or convention under which the request was made.
(ii) To receive information under paragraph (b)(3)(ii)(B) of this section, a foreign person on whose behalf a Federal agency made the request under that paragraph shall ensure that the following requirements are satisfied:
(A) Standards and procedures. A foreign person who receives information pursuant to paragraph (b)(3)(ii)(B) of this section shall establish standards and procedures to protect the security and confidentiality of such information, including procedures for training personnel who will have access to it on the appropriate handling and safeguarding of such information.
(B) Secure system for beneficial ownership information storage. Such information shall be maintained in a secure system that complies with the security standards the foreign person applies to the most sensitive unclassified information it handles.
(C) Minimization. To the greatest extent practicable, the scope of information sought shall be limited, consistent with the purposes for seeking such information.
(D) Restrictions on personnel access to information. Access to such information shall be limited to persons—
(1) Who are directly engaged in the activity described in paragraph (b)(3) of this section for which the information was requested;
(2) Whose duties or responsibilities require such access; and
(3) Who have undergone training on the appropriate handling and safeguarding of information obtained pursuant to this section.
(e) Administration of requests.
(1) Form and manner of requests. Requests for information under paragraph (b) of this section shall be submitted to FinCEN in such form and manner as FinCEN shall prescribe.
(2) Rejection of requests.
(i) FinCEN will reject a request under paragraph (b)(4) of this section, and may reject any other request made pursuant to this section, if such request is not submitted in the form and manner prescribed by FinCEN.
(ii) FinCEN may reject any request, or otherwise decline to disclose any information in response to a request made under this section, if FinCEN, in its sole discretion, finds that, with respect to the request:
(A) The requester has failed to meet any requirement of this section;
(B) The information is being requested for an unlawful purpose; or
(C) Other good cause exists to deny the request.
(3) Suspension of access.
(i) FinCEN may permanently debar or temporarily suspend, for any period of time, any individual requester or requesting entity from receiving or accessing information under paragraph (b) of this section if FinCEN, in its sole discretion, finds that:
(A) The individual requester or requesting entity has failed to meet any requirement of this section;
(B) The individual requester or requesting entity has requested information for an unlawful purpose; or
(C) Other good cause exists for such debarment or suspension.
(ii) FinCEN may reinstate the access of any individual requester or requesting entity that has been suspended or debarred under this paragraph (e)(3) upon satisfaction of any terms or conditions that FinCEN deems appropriate.
(f) Violations.
(1) Unauthorized disclosure or use. Except as authorized by this section, it shall be unlawful for any person to knowingly disclose, or knowingly use, the beneficial ownership information obtained by the person, directly or indirectly, through:
(i) A report submitted to FinCEN under section 1010.380; or
(ii) A disclosure made by FinCEN pursuant to paragraph (b) of this section.
(2) For purposes of paragraph (f)(1) of this section, unauthorized use shall include accessing information without authorization, and shall include any violation of the requirements described in paragraph (d) of this section in connection with any access.
Back to top