The regulatory journey of beneficial ownership information (BOI) reporting has been anything but straightforward.
According to Alessa, since the Corporate Transparency Act (CTA) took effect at the start of 2024, compliance teams have navigated a gauntlet of court injunctions, reinstated deadlines, and sweeping rule reversals — all within the span of little more than a year.
Understanding where the rules now stand is essential for any financial institution or business operating within or alongside the US financial system.
Alessa recently delved deeper into the topic of beneficial ownership information (BOI) requirements in 2026.
At its core, BOI reporting was designed to pull back the curtain on anonymous company structures. Under the CTA, certain businesses were required to disclose the individuals who ultimately own or control them — defined by the Financial Crimes Enforcement Network (FinCEN) as anyone who exercises substantial control over a reporting company, or who holds 25% or more of its ownership interests. Filers were required to submit each beneficial owner’s full legal name, date of birth, address, and a copy of government-issued identification.
The legislation was always ambitious in scope. When it first came into force, tens of millions of domestic and foreign companies were expected to file. What followed was a protracted legal dispute that played out across federal courts — injunctions were issued, lifted, and then superseded by regulatory action. The decisive shift came in March 2025, when the Treasury Department signalled its intent to exempt domestic companies entirely. By 26 March 2025, an interim final rule was published in the Federal Register removing BOI filing obligations for all US domestic entities, effective immediately. The Small Business Administration’s Office of Advocacy estimated the rollback would save small businesses $6.7bn annually over the next decade, a figure that underscores just how burdensome the original requirements had become.
Today, the reporting landscape is considerably narrower. Domestic US companies of all types — along with the beneficial owners of those entities — are no longer subject to BOI obligations. The requirement now falls exclusively on foreign companies registered to conduct business in the United States. Those registered before 26 March 2025 had until 25 April 2025 to file their initial reports. Foreign entities registering on or after that date must submit their BOI report within 30 calendar days of receiving notice that their registration has taken effect. Notably, US persons who are beneficial owners of foreign reporting companies are not themselves required to file.
It is worth flagging that FinCEN has indicated it intends to finalise the interim rule, meaning further changes remain possible. Compliance teams would be prudent to monitor any subsequent rulemaking activity closely.
The removal of domestic BOI obligations should not be read as a signal to loosen broader financial crime controls. The CTA was always one instrument within a wider compliance framework, and that framework remains firmly in place. FinCEN has extended exceptive relief to covered financial institutions, allowing them to rely on previously obtained beneficial ownership information for new account openings rather than re-verifying at every instance — unless new information calls earlier data into question or internal risk procedures require an update.
Transaction monitoring, sanctions screening against OFAC and politically exposed persons lists, and suspicious activity report (SAR) and currency transaction report (CTR) filing obligations are unchanged. For institutions with foreign company clients, there is also an operational dimension to consider: those clients remain in scope for BOI reporting, and the 30-day window for newly registered foreign entities moves quickly. Onboarding workflows and KYC procedures should be calibrated accordingly.
The underlying rationale for the CTA — reducing the opacity that allows financial crime to flourish through shell companies and layered ownership structures — has not been abandoned. Regulators continue to expect robust anti-money laundering programmes regardless of the specific filing rules in effect at any given moment. The risk environment is unchanged; only one of the tools used to navigate it has been modified.
Compliance programmes built on sound, durable principles rather than those structured around satisfying a single filing requirement will be far better placed to absorb future regulatory shifts without material disruption.
Read the full Alessa post here.
Copyright © 2026 RegTech Analyst
Copyright © 2018 RegTech Analyst
