Beneficial ownership reform offers a historic opportunity—if strongly implemented—to build resilience against what has become a leading national security threat: malign actors funded by and weaponizing the proceeds of kleptocracy to harm the United States and its allies.
Making beneficial ownership implementing regulations fit for this vital national security purpose would require broadly scoping the entities and information covered by the reporting obligations, limiting exemptions to companies that already disclose ownership, verifying information for accuracy, and broadly ensuring timely and easy access to the database.
Introduction: National security matters
May 5, 2021 is the deadline to submit public comments about how Treasury’s Financial Crimes Enforcement Network (FinCEN) should write regulations that will specify how companies must report information about their beneficial owners (the individual natural persons who ultimately own or control companies) and how FinCEN should make it available to law enforcement and national security agencies in a secure database. The Corporate Transparency Act (CTA), enacted on January 1, 2021, requires Treasury to promulgate final regulations within a year, by January 1, 2022, a timeline that should be achievable at the current pace of regulatory rulemaking.
National security is the first justification for beneficial ownership reform—listed even before crime fighting—identified in the CTA, which warns that “malign actors seek to conceal their ownership … to facilitate illicit activity, … harming the national security interests of the United States and allies of the United States.”
Thus, it was quite fitting that the CTA was included in a National Defense Authorization Act. Even though beneficial ownership reform was recommended for nearly two decades by law enforcement, anti-money laundering authorities, and anti-corruption watchdogs, with limited interest during that period from the national security community, it repeatedly failed to move through Congress. That started to change around 2016, a year that brought the Panama Papers and Russian interference in the U.S. election, revelations that underscored the national security threat posed by aggressive authoritarian kleptocracies that exploit U.S.-enabled financial anonymity.
The top threat actors now identified by the U.S. intelligence community extensively abuse anonymous shell companies to carry out malign activities around the world. Chinese state companies, party elites, and criminal organizations use shell companies to facilitate sanctions evasion, fentanyl trade, exploitation of forced labor, and corruption throughout the Belt and Road Initiative. The Kremlin uses shell companies both as safe havens to hide and store the vast proceeds of kleptocracy and as geopolitical weapons to funnel secret donations meant to interfere in the elections of the United States and at least six other countries. Transnational threat actors use shell companies to fund terrorism and to traffic in drugs, weapons, humans, and blood diamonds.
Beneficial ownership disclosure is essential to countering today’s most threatening malign actors, who are often backed by kleptocracies that launder, hide, and store their ill-gotten gains in the names of U.S. corporations, LLCs, trusts, foundations, partnerships, and other similar entities. Importantly, that strategy pursued by authoritarian regimes presents an Achilles’ heel, because their deep financial pools—which support both their grips on power in their home countries and their geopolitical aggression abroad—are sitting within reach of U.S. authorities.
Crucially, however, this is not a threat that would be addressed by just any beneficial ownership registry. Funded by the practically unlimited resources of kleptocracy, malign actors employ some of the world’s most talented lawyers, bankers, and accountants to keep their dirty money hidden. They will scour the details of FinCEN’s implementing regulations, looking for loopholes that will allow them to continue harming U.S. national security interests.
Malign actors got an assist—wittingly or not—from U.S.-based sellers and users of financial secrecy vehicles, who lobbied relentlessly through front organizations and proxies in Congress to oppose beneficial ownership reform. They tried—and usually failed—at every turn to insert poison pills in negotiated drafts of the CTA that would have made the registry useless (narrow in scope with endless exemptions and no regular access for most of U.S. law enforcement). Many special interest groups without broader views on financial secrecy policy per se still spent vast resources resisting the requirement to tell the government the name and address of their true owners. Congressional negotiators had to block and tackle each type of entity, reaching compromises—including 23 exemptions enumerated in the CTA—meant to satisfy these groups without creating loopholes that could be exploited by bad actors.
Anti-corruption and transparency advocates led by the FACT Coalition won many of these battles, but they also lost a few and decided to kick some issues to the regulatory process. That is, while some terms—like “beneficial owner”—are defined in the CTA as strongly as they reasonably could be, other terms—like “other similar entity”—were deliberately left undefined in the statute in hopes that FinCEN regulations would produce a stronger result than legislative negotiations might have.
FinCEN needs to know where these bodies are buried in the statute in order to write strong regulations that would serve the national security objectives set forth in the CTA. To protect U.S. national security from malign actors, implementation of the CTA should prioritize six principles to establish a strong registry that covers a broad range of reporting companies and their beneficial owners while providing law enforcement and national security agencies with timely access to high-quality data.
1. Adopt the law’s broad definition of “beneficial owner” and list activities that indicate control
The single strongest part of the CTA is its multi-part definition of a “beneficial owner,” which meets the best practices of international standards and leaves less room for abuse than registries in some other countries and U.S. regulatory requirements around bank due diligence.
The CTA defines a beneficial owner as anyone who directly or indirectly (via any contract, arrangement, understanding, relationship, or otherwise) owns or controls at least 25 percent of an entity or exercises substantial control, and it cannot be the owner’s employee, child, heir, nominee, intermediary, custodian, agent, or creditor.
That statutory formulation is designed to prohibit several tactics that malign actors have innovated to hide beneficial ownership. For example, Russian leader Vladimir Putin is notorious for holding his vast wealth in the hands of custodians, intermediaries, and agents. For situations like that in the United States, the CTA would require companies to report the true owners.
Another common deception—which is actually permitted in some foreign registries and U.S. regulations such as the Customer Due Diligence (CDD) rule—is for companies to pretend nobody is in control and only identify a single manager or official who works at the company. The CTA protects against this tactic by prohibiting the identification of a mere employee and suggesting that several beneficial owners could be named.
Similarly, if the law only included the 25 percent threshold, a kleptocrat could evade detection by simply dividing a shell company into five equal stakes of 20 percent each and distributing them among himself, his wife, and their three children. For this reason, the CTA’s inclusion of anyone who exercises “substantial control” could become a powerful fail safe, but only if FinCEN relies on the strength of the statutory language while also providing a thorough list of activities that could constitute the power to control an entity.
Adopt into regulations without any alternations the statutory definition of a beneficial owner in the CTA, which meets international best practices and should replace the more limited definition in the CDD rule.
To ensure meaningful disclosures of “substantial control,” FinCEN should provide a checkbox list of key indicators, making companies identify anyone with the power to vote company shares, direct such votes, appoint or replace board members or senior officers, decide on the sale or termination of the company, or direct who takes possession of company funds or assets.
2. Broadly define an entity that must report, including an “other similar entity”
In addition to the issue of what information a given reporting entity must disclose, the other main definitional debate is about which entities beyond the two types of companies named in the law—corporations and LLCs—must report to FinCEN. This has important national security implications, because malign actors and their enablers are adept at moving their dirty money from one vehicle to another to avoid new disclosure requirements.
The Panama Papers were famous for showing how shell companies are abused by Russian oligarchs, Chinese princelings, African strongmen, Middle Eastern royals, and other corrupt figures. Importantly though, the revelations also showed how law firm Mossack Fonseca helped these beneficial owners arrange trusts, foundations, partnerships, and other secrecy vehicles, often layered on top of each other for extra protection.
Trusts are the most natural next line of defense to structure financial secrecy, because unlike companies they do not usually have the same formalities of incorporation and share ownership. The Wall Street Journal has already advised owners of mansions that they might be able to “use a trust” to avoid the requirements of the CTA. And this market segment was booming even before the CTA passed, with assets held in South Dakotan trusts alone having jumped over the past decade from $57 billion to $355 billion. An example of a typical case involved four Chinese tycoons wanting to spirit $17 billion out of China at the end of 2018 before Beijing toughened up its tax regime, so they all transferred shares to family trusts such as South Dakota Trusts.
Foundations can also be more attractive than companies to obscure ownership and funding because they often do not require members, shares, or financial records. For example, the lobbying effort against Russia sanctions in the United States led by Kremlin-connected lawyer Natalia Veselnitskaya was organized as a Delaware foundation purportedly advocating for Russian adoptions. This legal structure helped conceal the sources of funding from Moscow, which, if revealed, might have required registering as a foreign agent. The Kremlin has used foundations in other covert influence operations too, pretending to be environmental groups opposing U.S. hydraulic fracking and civil rights groups stoking racial discord ahead of U.S. elections.
Partnerships are also financial secrecy entities that can be defanged by inclusion in beneficial ownership registries. Over much of the last decade, for example, Scottish Limited Partnerships were a secrecy vehicle of choice among organized criminals in the former Soviet Union and proxies of Russian intelligence services, who used them to fund disinformation against Kremlin opponents, operate unregulated trading and gambling websites, ship asbestos to poor countries, and launder the proceeds of corruption in Russia, Ukraine, Moldova, Azerbaijan, and Uzbekistan. Scottish Limited Partnerships only fell out of favor in 2017 when the United Kingdom imposed upon them beneficial ownership reporting obligations—arguably the single greatest success achieved by Britain’s Companies House registry.
The reporting entities named in the CTA include any “corporation, limited liability company, or other similar entity that is created by the filing of a document with a secretary of state or a similar office” under state law. A key to meeting the national security objectives of the CTA and ensuring it becomes more than an exercise in paper structuring is to broadly define “other similar entity.”
Define “other similar entity” to include partnerships, trusts, foundations, sole proprietorships, special purpose vehicles, and business associations.
Include all such entities that file documents with secretaries of state or other similar offices, not only as part of the original formation process per se, but also in order to “create” their authority to do business, operate under a fictitious name, buy property, or engage in any other activities that could facilitate financial secrecy.
3. Limit exemptions to companies that already disclose ownership
After defining entities that must report, FinCEN should provide guidance limiting the scope of the 23 exemptions enumerated in the CTA, even if they seem small and inconsequential today, because they could develop into cottage industries of financial secrecy tomorrow.
Let us revisit the example of Scottish Limited Partnerships, which were created in 1890 to help farmers and were not used very often until they were abused in the infamous 2010-2014 “laundromat” scheme to funnel $20 billion of dirty money out of Russia. Over the seven years that followed, more Scottish Limited Partnerships were created than in the first 100 years of this instrument’s history. That was the period when they became particularly popular laundering vehicles for the Russian mafia and intelligence services. Because regulatory processes are slow to catch up with malign actors, by the time Britain and the EU added Scottish Limited Partnerships to their beneficial ownership registries in 2017, hundreds of billions of dollars had already been moved by secret owners to unknown destinations and money launderers were starting to move on to new exemptions.
In addition to covering obscure entities, it is also important for registry authorities to develop narrowly interpreted eligibility requirements and strictly verified application processes to quality for exemptions. To see how permissive and non-transparent application processes for exemptions have been abused by malign actors to harm national security, consider the example of AQUIND LIMITED, a company registered in the U.K. and donating £242,000 to the Conservative Party while seeking approval to build a sensitive electrical connector from Britain to France. Investigative reporting and Luxembourg public records revealed that AQUIND LIMITED is secretly run by former executives of major Kremlin-connected companies in Moscow. However, that beneficial ownership information is not revealed in Companies House, because the Russians’ lawyers successfully argued behind closed doors that the owners could be at risk of “serious violence or intimidation,” a claim that is not seen as credible by U.K. security and law enforcement agencies.
Adopt a general principle that every exemption should be narrowly interpreted and limited to entities that are already required to report beneficial ownership elsewhere (such as to the SEC). Eligibility for exemptions should be strictly circumscribed and subject to significant application processes, disclosure requirements, and verification protocols.
Five exemptions in the CTA present a particularly heightened risk of being abused as secrecy vehicles for malign actors if the rules are not stringently limited in the following ways:
- Pooled investment vehicles: Should only be exempt if they are operated or advised by regulated financial institutions. FinCEN should also urge regulators to scrutinize any financial institution that chooses to operate or advise a pooled investment vehicle, given the heightened risk of money laundering. FinCEN should also make these vehicles disclose their full legal names (not just SEC codes) and file detailed certifications if they are foreign. This is the most troubling of the 23 exemptions in the CTA.
- Unregistered private equity and hedge fund advisors: Should only be exempt if they already disclose their beneficial ownership to the SEC.
- Subsidiaries of reporting companies: Should only be exempt if they are wholly owned.
- Dormant companies: Should only be exempt if they already existed at least one year before CTA enactment and continue to not conduct any activity, meaning that this exemption should just narrowly grandfather unused pre-CTA companies.
- Money transfer companies: Should have to list a beneficial owner (not a legal entity) on their Treasury registration forms and link to that information in exemption notification forms.
4. Require information about parent companies, subsidiaries, and affiliates
Turning to the extent of information that reporting companies should have to disclose beyond just the identity of their beneficial owners, it is also important that they provide enough context about their ownerships structure for Treasury to automatically map detailed diagrams linking together all related affiliates, parents, and subsidiaries, as well as full chains of layered beneficial owners.
A notorious case of a malign actor using a web of corporate affiliates, parents, and subsidiaries to obscure beneficial ownership and harm the national security of the United States and its allies first came onto the radar of U.S. authorities as an international mystery.
In 2004, associates of Putin created a Swiss company called RosUkrEnergo, which soon started reaping billions in profits by buying gas well below market prices from Russian government-owned Gazprom and selling it expensively to Ukrainians and other customers in Europe. The intermediary was owned half by Gazprom and half by an unknown owner whose shares were held in custody by a subsidiary of Vienna-based Raiffeisen Bank. The U.S. Justice Department began investigating RosUkrEnergo for links to Russian mafia boss of bosses Semion Mogilevich. The secret beneficial owner turned out to be Kremlin-connected oligarch Dmytro Firtash, whose stake was owned by a subsidiary of his holding company, Group DF.
According to an indictment issued in 2012 as part of a major U.S. criminal investigation, Group DF is an international conglomerate comprised of hundreds of subsidiary companies controlled by Firtash. This octopus of corporate affiliates, parents, and subsidiaries functions as a sprawling machine of malign foreign influence, having reportedly underwritten Kremlin-aligned political parties and television channels in Ukraine, maintained ties with Mogilevich, bought influence with several British elites, bribed Indian officials to obtain mining licenses, and resisted Firtash’s extradition to the United States (which is how he entered the corrupt dealings featured in Trump’s first impeachment).
While Firtash’s companies are organized outside the United States, some of them do business with U.S. companies and the overall portrait they paint of corporate complexity demonstrates the need for beneficial ownership registries to fully capture affiliates, parents, and subsidiaries and to be packaged for law enforcement through data analytics that integrate domestic and international sources.
Collect data needed to paint a full picture of ownership structures by requiring reporting companies to identify the official legal name and legal entity identifier (LEI) of any parent organizations, subsidiaries, and affiliates, as well as the full ownership chain tied to any indirect beneficial owner.
FinCEN should input that information into integrated data analytics—potentially making use of existing software packages such as those developed by OpenOwnership—to automatically map detailed schematics depicting corporate ownership structures.
5. Verify the accuracy of data immediately at the point of entry
The biggest problem with the Companies House registry in the United Kingdom is that it lacks effective data verification, so whoever sets up a company can just make up false information with impunity. As journalist Oliver Bullough has reported, the database is littered with endless entries like Mr. Mmmmmm Xxxxxxxxxxx, who lists his address as Mmmmmmm, Mmmmmm, Mmm, MMM. Mr. Mmmmmmm Yyyyyyyyyyyyyyyyyy just left the address field blank. A company that called itself XXXXXXXXXX for some reason changed its name to XXXXXXXXXXXX, but still resides at X, X, X, X, X. There are multiple companies called NONE OF YOUR BUSINESS LIMITED and ANONYMOUS LIMITED, as well as company directors with last names like NONE and ANONYMOUS. There are plenty of curse words. Shockingly, the only person Britain ever convicted of falsifying data entered into Companies House was a whistleblower who named a couple fake companies after variants of the names of government ministers responsible for the issue and told them about the stunt to demonstrate how easy it would be to commit fraud.
The more dangerous cases involve companies that sound like they could be real. POMPOLO LIMITED only existed in Companies House for 19 months, just enough time for Paul Manafort to launder some dirty money to Florida and Virginia. LANTANA TRADE LLP lied to Companies House by saying it was dormant and owned by companies in the Marshall Islands and Seychelles, while it was in fact laundering millions of euros daily—part of the Danske bank scandal—on behalf of people linked to Putin’s family and the FSB. LANTANA TRADE LLP was also one of at least several hundred different companies using the exact same signature supposedly belonging to a dentist in Belgium—who says it is a forgery—but whose name in the database throws off investigators because it is spelled many ways, including Ali Moulaye, Alli Moulaye, Aly Moulaye, Ali Moyllae, Ali Moulae, Ali Moullaye, and Aly Moullaye.
More than the current practice of simply prohibiting blank fields or letters entered for numbers, FinCEN’s filing protocols should operate more like the authentication process of making purchases with a credit card. After swiping a credit card or entering information online, the acquiring bank forwards the details to the credit card network, which instantly pings the issuing bank, which immediately uses fraud protection tools to validate the customer’s credit card, check the amount of funds available, and match to addresses on file and the CVV number, before finally transmitting an approval or declination back to the merchant within a matter of seconds, all in time for the customer to try again in case they made a mistake.
FinCEN should invest in automated techniques to instantly verify data by checking passport information against the State Department’s Consular Consolidated Database and comparing driver’s license information to databases maintained by the National Law Enforcement Telecommunications System—official data sources that already have partnerships granting access to nine other federal government departments, including Defense, Justice, Homeland Security, and Commerce. Addresses should be checked to ensure they exist and comply with U.S. Postal Service standards.
If data entries fail these verification checks, FinCEN should immediately push out a pop-up message alerting the reporting company that the information does not match and must be corrected before proceeding.
This would serve two purposes: reducing the burden on businesses (which will need accurate data in the registry the next time they try to open bank accounts or get loans) and enhancing the usefulness of the data for law enforcement and national security agencies.
6. Ensure broad, timely, and easy access to the database
One of the most important priorities in the regulatory approach to beneficial ownership should be a general principle to facilitate broad, timely, and easy access to the database by law enforcement and national security agencies, regulators, financial institutions, and legitimate foreign requestors. Swift access to the database is a major national security priority because a key reason why governments are outmatched by harmful malign actors is the difference in timeliness.
Take the example of the Magnitsky affair, which among other malign behaviors, involved Kremlin cronies stealing and laundering a $230 million fraudulent tax refund. The illicit money moved from the Russian treasury to two small Russian banks, then through a series of bank accounts held by shell companies and intermediaries across 24 transfers, flowing through Moldova and then into the Western financial system, ultimately ending up in high-end real estate such as luxury condominiums at 20 Pine Street in Manhattan.
Most of the funds from the Magnitsky case moved in a rapid time span ranging from 10 days to two months. By contrast, the scheme took 10 years for enforcement authorities to unravel, and even that only happened because activist Bill Browder started dedicating his life to the mission by hearing from whistleblowers, making complaints to governments, and sharing law enforcement findings across governments (the type of global coordination that FinCEN should promote through the Egmont Group).
Far more often, kleptocrats, terrorists, drug cartels, human traffickers, arms dealers, and other bad actors are long gone by the time law enforcement catches up with them, or more likely, governments do not have the resources to complete the investigations at all or within statutes of limitations.
Address the problem of governments being perpetually outpaced by more nimble malign actors by allowing and enabling quick access to the beneficial ownership database by a broad cross-section of law enforcement and national security personnel.
This will require several careful regulatory definitions, given that opponents of beneficial ownership reform repeatedly tried to insert statutory provisions meant to make the registry inaccessible, efforts that mostly failed but left some textual vestiges for FinCEN to clean up.
Rather than limiting access to a specific list of federal agencies that conduct criminal investigations, FinCEN should rule that access may be granted to personnel working on criminal, civil, national security, intelligence, tax, and administrative matters that are not limited to open investigations but also include initial inquiries, preliminary investigations, grand jury proceedings, financial analyses, intelligence reviews, national security inquiries, and related activities. Federal agency heads should be allowed to delegate approval authority to many subordinates.
Rather than making FinCEN double check that state and local law enforcement really did get the court authorization they said they got, state and local investigators should be allowed to self-certify authorization by checking a box and naming the court that authorized access. To prevent judicial bottlenecks, courts (around the country) and court officers (more than just judges) that may grant such access should be broadly defined and equipped with simple forms and flexible rules (not subpoena processes).
However, as for sharing data with foreign countries, careful protocols should be developed in consultation with State, particularly for countries that have mutual legal assistance treaties with the United States but are neither NATO members nor non-NATO major allies (such as Russia, whose requests should face a presumption of denial on grounds of prejudicing security interests).
Authoritarian regimes who see themselves as waging war against the United States but unable to compete militarily have taken to weaponizing the corruption that is endemic to their political systems. If the realm of malign finance is their geopolitical battlefield of choice, their favorite armaments are anonymous U.S. corporations, LLCs, trusts, foundations, partnerships, and other similar entities.
FinCEN has a historic opportunity and solemn duty to build resilience against this national security threat by writing strong regulations that broadly define reporting companies, provide activity-based indicators of beneficial ownership, strictly limit exemptions, require ample and accurate information, and ensure timely and easy access to the database.
This report is an abridged version of a comment the author submitted in response to FinCEN’s solicitation for public comments about an advance notice of proposed rulemaking on beneficial ownership information reporting requirements.
While views in this report are those of the author alone and his appreciation is not meant to imply any endorsement, the author owes immense gratitude to the world-class pros at the FACT Coalition (currently and formerly) and Transparency International’s U.S. office. They led the charge on the passage of beneficial ownership reform through Congress and have collected an impressive quality and quantity of guidance around regulatory priorities in a remarkably short period of time, proposals that are very closely mirrored by several policy recommendations in this report. In particular, the author thanks Elise Bean, Clark Gascoigne, Erica Hanichak, and Gary Kalman.