← All posts May 03, 2026

Beneficial ownership under the CTA — what changes and what doesn't

cta fincen beneficial-ownership kyb

What the CTA actually requires

The Corporate Transparency Act, passed in 2021 and effective for filings starting January 1, 2024, requires most US business entities to file a Beneficial Ownership Information (BOI) report with the Financial Crimes Enforcement Network (FinCEN). Each report identifies the entity’s “beneficial owners” — generally defined as anyone who owns 25% or more of the entity, or anyone who exercises “substantial control” over it.

The scope is broad. Most LLCs, corporations, LPs, and similar entities formed under US state law are “reporting companies” required to file. There are 23 categories of exemption (banks, SEC-registered companies, insurance companies, accounting firms, large operating companies above certain revenue and employee thresholds), but for the typical small operating business there is no exemption.

The penalty for non-filing is substantial — up to $500 per day, plus criminal penalties for willful violations. The compliance burden is real.

What the BOI report contains

A BOI report identifies, for each beneficial owner:

  • Full legal name.
  • Date of birth.
  • Current residential address.
  • Unique identifying number from an acceptable identification document (passport, driver’s license, etc.) and an image of the document.

Plus the entity’s information (name, address, tax identification number) and information about the “company applicant” — the person who filed the formation documents.

This is, by any measure, a deeper layer of ownership disclosure than any state SOS has ever required. For the first time in US history, there is a federal database of beneficial-ownership data on most operating entities.

What does NOT change for non-bank verification

Here is the critical limitation: BOI reports are not publicly accessible.

The CTA explicitly limits access to BOI data to:

  • Federal law enforcement (FBI, DEA, IRS-CI, etc.).
  • State and local law enforcement, with court authorization.
  • Foreign law enforcement, through specific information-sharing channels.
  • US financial institutions, but only when conducting customer due diligence for AML purposes — and only with the entity’s consent.
  • Federal regulators supervising financial institutions.
  • US Treasury for tax administration.

A commercial-finance processor running a credit-decision verification is not on the access list. A non-bank lender cannot pull a BOI report on a prospective borrower. Neither can an equipment-finance company, factoring shop, B2B credit team, or any other typical processor.

What this means: for non-bank verification workflows, the CTA does not provide an additional ownership-disclosure layer at the time of underwriting. The state SOS data, operating-state filings, federal contracting data, and credit-application self-disclosure remain the same sources they were before the CTA.

What does change

A few real changes that affect even non-bank processors:

1. The compliance status itself is a signal.

An entity that has filed its BOI report on time is in federal compliance. An entity that has missed the filing is exposed to up-to-$500/day penalties and potential criminal exposure. While the filing itself isn’t publicly visible, a borrower asked about their BOI compliance should be able to confirm they’ve filed. Inability or unwillingness to confirm is itself a signal.

2. Bank-level KYB is becoming more thorough.

Banks performing customer due diligence under the Bank Secrecy Act now have access to BOI data and increasingly cross-reference it against self-disclosed ownership. An entity that doesn’t bank cleanly — that has had bank accounts closed, struggled to open new ones, or operates without conventional banking — may be having BOI-related issues even though the underlying reason isn’t visible to a non-bank processor.

3. State-level disclosure regimes may follow.

A handful of states have proposed or passed state-level beneficial-ownership disclosure requirements that are publicly accessible. New York’s LLC Transparency Act, effective January 2026, requires LLCs to disclose beneficial owners to the New York Department of State, and the data is at least partially public. Similar bills are pending in California, Massachusetts, and Maryland. Over the next 3-5 years, state-level disclosure regimes will likely fill some of the gap that the federal CTA leaves for non-bank verification.

The CTA exemption list — what to know

The 23 exemption categories include some that matter for typical commercial-finance work:

  • Large operating company exemption. An entity with more than 20 full-time US employees, more than $5 million in US-sourced gross receipts on its prior-year federal tax return, and a physical office in the US is exempt. Most mid-market operating businesses qualify.
  • Inactive entity exemption. An entity formed before January 1, 2020, that has been continuously inactive, has no foreign owners, and has not changed ownership in the last 12 months is exempt.
  • Wholly-owned subsidiary exemption. A subsidiary entirely owned by exempt parent companies is itself exempt.

For verification, this means: a borrower may legitimately claim exemption from CTA filing. The exemption itself is not a red flag. The relevant question is whether the claimed exemption is plausible given the entity’s size and history.

The litigation history

CTA enforcement has been on-again, off-again since 2024 due to ongoing litigation. The Eleventh Circuit and the Fifth Circuit have both issued injunctions at various points, leading FinCEN to delay enforcement deadlines for affected entities. As of mid-2026, the enforcement landscape is settled for most entities but some non-resident foreign ownership categories remain in flux.

The practical effect for verification: an entity that has not yet filed because of the litigation-driven deadline extensions is not in violation. A processor asking about BOI compliance should know which deadline applies to the borrower before treating non-filing as a red flag.

What this means for you

The CTA increased regulatory burden on operating entities but did not create a new layer of publicly-accessible beneficial-ownership data. For non-bank verification workflows, the same sources — state SOS, operating-state filings, credit-application disclosure, cross-referenced operating-data sources — remain primary. Watch state-level disclosure regimes (New York first, others likely to follow) for the genuinely public layer that may emerge over the next several years.

A VerifySOS lookup does not access CTA BOI data (no public-records tool can). It does cross-reference state SOS records and operating-state filings to triangulate the principals. Developers get those records and cross-references on /api/v1/lookup.

Report a bug — straight to our team

See something broken or weird? Tell us. Your report submits directly to our team — no email client needed. Each report gets a unique ticket ID so we can track and respond.

v0.8-beta · 153ab05