Report to Congressional Committees
United States Government Accountability Office
A report to congressional committees.
For more information, contact: Michael E. Clements at clementsm@gao.gov.
What GAO Found
The Financial Crimes Enforcement Network (FinCEN) collects and shares beneficial ownership information to help prevent misuse of corporate structures to conceal illicit financial activities. Beneficial owners are individuals who directly or indirectly own or control a certain percentage of ownership interests in, or exercise substantial control over, a reporting company. In early 2024, FinCEN began to securely collect, process, store, and manage in its IT system beneficial ownership information submitted by required filers. It also began to implement a five-phase program to allow authorized users—such as federal agencies engaged in national security, intelligence, or law enforcement—to request access to the system.
FinCEN completed its first phase (a pilot program) by granting six federal law enforcement agencies access to its IT system. Agency searches fell sharply in October 2024 and generally remained low through March 2026 (see figure). FinCEN attributed the decline to lawsuits, program changes, and its March 2025 interim final rule, which exempted about 99 percent of entities previously required to report their information. Three agencies also ended the pilot program.
Beneficial Ownership Information System Searches Conducted by Six Federal Agencies, June 2024–March 2026
FinCEN paused accepting and processing access requests under its second phase in December 2024 because of ongoing lawsuits but resumed its efforts in spring 2025. As of August 2025, FinCEN was processing requests from 22 federal agencies but largely paused its efforts again in December 2025 while working to finalize its interim final rule. FinCEN also delayed time frames for implementing the remaining program phases.
To protect the security and confidentiality of beneficial ownership information, FinCEN implemented processes to oversee agencies and revised its oversight procedures. FinCEN conducts monthly reviews to monitor individual users’ access to and use of its IT system and automatically deletes inactive users. FinCEN officials said the agency also began annual audits of four pilot agencies to assess their compliance with program requirements. In early 2025, FinCEN revised its oversight procedures to include guidance for escalating compliance concerns. The new procedures do not specify the types of noncompliance that would result in suspension or termination of an agency’s access. However, in March 2026, FinCEN officials said the agency was developing additional procedures to address noncompliance, including suspensions or termination of access, as additional agencies may be granted access under the second phase.
Why GAO Did This Study
The Corporate Transparency Act, enacted in 2021, requires certain legal entities to report their beneficial ownership information to FinCEN. This requirement supports U.S. efforts to prevent bad actors from using shell companies or other opaque ownership structures to benefit from illicit activity. The act required FinCEN to adopt regulations to safeguard this information from unauthorized use.
In late 2024 and early 2025, lawsuits challenging the Corporate Transparency Act resulted in two district courts initially pausing reporting deadlines. In February 2025, FinCEN extended the reporting deadlines for most reporting companies because of the litigation. In March 2025, FinCEN issued an interim final rule that exempted all U.S. companies and U.S. persons from the beneficial ownership information reporting requirements.
The act also includes a provision for GAO to determine how FinCEN is protecting access to and use of beneficial ownership information. This report is the second in a series of seven annual reports (beginning with GAO-25-107403).
This report examines (1) the status of FinCEN’s efforts to grant agencies access to beneficial ownership information and (2) the mechanisms it implemented to oversee agencies’ access to and use of the information.
GAO reviewed FinCEN’s policies and procedures for beneficial ownership information access, analyzed related documents, and interviewed FinCEN officials.
Abbreviations
BOI beneficial ownership information
BSA Bank Secrecy Act, as amended
FinCEN Financial Crimes Enforcement Network
MOU memorandum of understanding
This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.
June 23, 2026
The Honorable Tim Scott
Chairman
The Honorable Elizabeth Warren
Ranking Member
Committee on Banking, Housing, and Urban Affairs
United States Senate
The Honorable French Hill
Chairman
The Honorable Maxine Waters
Ranking Member
Committee on Financial Services
House of Representatives
The misuse of corporate structures poses significant risks to the U.S. financial system and can threaten national security. Bad actors use shell and front companies to conceal their identities and launder ill-gotten gains. In the United States, corporations, limited liability companies, and other legal entities are formed under state or tribal laws. But most jurisdictions do not require disclosure of beneficial owners—individuals who own or control these entities—at formation or thereafter.
To make it harder for bad actors to conceal their identities and launder money, the Corporate Transparency Act requires certain legal entities—known as reporting companies—to report their beneficial ownership information (BOI) to the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).[1] This information includes each beneficial owner’s name, date of birth, and address. The act permits FinCEN to share this information with law enforcement and other agencies upon receiving a lawful and proper request. Law enforcement can use BOI, along with related data collected under the Bank Secrecy Act, as amended (BSA), to support criminal or civil investigations.[2] Given the sensitivity of BOI, the Corporate Transparency Act requires FinCEN to maintain the information in a secure, nonpublic database and make the information available only to authorized government authorities, subject to effective safeguards and controls.
In January 2024, FinCEN launched its IT system to securely collect, process, store, and manage BOI. At that time, domestic and foreign reporting companies were required to submit initial BOI reports at different stages, depending on when they were created or registered to do business. Certain reporting companies had to file their initial BOI reports with FinCEN in 2024, but most companies had until January 1, 2025, to file their initial reports.[3] Later in 2024 (after the effective date of its final rule implementing the Corporate Transparency Act’s access and safeguard provisions), FinCEN began sharing BOI with several federal agencies under a pilot program.[4]
In December 2024 and January 2025, litigation challenging the Corporate Transparency Act resulted in two district courts initially pausing reporting deadlines.[5] In February 2025, FinCEN extended the reporting deadlines for most reporting companies because of the litigation. In March 2025, FinCEN issued an interim final rule that exempted all U.S. companies and U.S. persons from the BOI reporting requirements.[6] The rule exempts about 99 percent of previously covered entities—from approximately 32.5 million to approximately 124,000.[7] As of June 1, 2026, FinCEN had not finalized the interim final rule and had not established a firm time frame for doing so.
The Corporate Transparency Act includes a provision for us to conduct annual audits for 7 years to assess how FinCEN is protecting access to and use of BOI. We issued the first report in February 2025.[8]
This report, the second in the series, examines (1) the status of FinCEN’s efforts to grant authorized users access to BOI in accordance with its program requirements and (2) the mechanisms FinCEN has implemented to oversee authorized users’ access to and use of BOI.
For the first objective, we reviewed FinCEN’s policies, procedures, and other related documentation for granting agencies, including their staff, access to its BOI IT system. These included FinCEN’s standard operating procedure for processing access requests; memorandums of understanding (MOU) for granting access to agencies; and documentation submitted by agencies to obtain BOI access, such as agency reports specifying the standards, procedures, and systems used to protect the security and confidentiality of BOI. We compared FinCEN’s efforts to provide access against related program requirements.
For the second objective, we reviewed FinCEN’s standard operating procedure for managing MOUs and related guidance on accessing and securing BOI to identify and assess its mechanisms for overseeing agencies’ compliance with program requirements. We also reviewed documentation submitted by agencies pursuant to their MOUs and information demonstrating the operation of FinCEN’s oversight mechanisms. We determined that the control activities component of internal control was significant to this objective, along with the underlying principle that management should implement controls through policies.[9] We assessed whether FinCEN’s standard operating procedure contained control activities that respond to risks posed by agencies failing to comply with MOU requirements.
For both objectives, we interviewed FinCEN officials and requested documentation on the agency’s BOI access program and oversight mechanisms, including data on the number of agencies granted access and the number of BOI searches conducted. This report provides data as of April 2026, the most recent available.
We conducted this performance audit from March 2025 to June 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Background
FinCEN Roles and Responsibilities
FinCEN is a bureau in Treasury that administers BSA and its related anti-money laundering authorities and requirements, which provide the statutory and regulatory framework for preventing, detecting, and deterring money laundering. FinCEN has authority to enforce compliance with BSA requirements and serves as the repository for BSA reporting filed by financial institutions. FinCEN also analyzes information from these reports and shares such analyses with appropriate federal, state, local, and foreign law enforcement agencies.
Corporate Transparency Act Provisions for BOI Reporting and Access
Reporting
The Corporate Transparency Act established BOI reporting requirements for specified legal entities (known as reporting companies), which FinCEN implemented through regulation.[10] To comply with these requirements, reporting companies must submit initial reports to FinCEN and update them in certain circumstances. These reports must contain each beneficial owner’s full legal name, date of birth, current residential or business street address, and a unique identifying number from an acceptable identification document or FinCEN identifier. Beneficial owners are any individuals who directly or indirectly (1) exercise substantial control over a reporting company, or (2) own or control at least 25 percent of the ownership interests of a reporting company.[11]
Access
The Corporate Transparency Act authorizes FinCEN to provide certain entities with access to BOI. Under the act, FinCEN may disclose BOI to (1) a federal agency engaged in national security, intelligence, or law enforcement activity; (2) a state, local, or tribal law enforcement agency; (3) a federal agency requesting BOI on behalf of a law enforcement agency, prosecutor, or judge of another country, including a foreign central authority or competent authority; and (4) a federal functional regulator or other appropriate regulatory agency. Financial institutions also may access BOI, with the reporting company’s consent, to help meet customer due diligence requirements.[12] Finally, FinCEN may disclose BOI to officers or employees of the Department of the Treasury whose official duties require such inspection or disclosure.
FinCEN implemented these access provisions through a December 2023 rule that allows authorized users to access BOI if they establish appropriate data-safeguarding procedures.[13] Under this rule, federal, state, local, and tribal agencies must meet several criteria to obtain access, including entering into an MOU with FinCEN specifying the standards, procedures, and systems they will maintain to protect the security and confidentiality of BOI. As we previously reported, the rule incorporated all Corporate Transparency Act provisions pertaining to access and use restrictions.
FinCEN Continued to Implement Its BOI Access Program in Phases, but Total Number of Searches Trended Downward
FinCEN planned to implement its BOI access program in five phases, spanning from spring 2024 to spring 2025. FinCEN granted six federal law enforcement agencies access to BOI under Phase I, and searches declined during the period. FinCEN also provided certain staff and contractors with access under its internal policies and procedures. In addition, FinCEN began processing Phase II requests but largely paused processing, revised its review procedures, and updated time frames for subsequent phases.
FinCEN Granted Six Agencies BOI Access in Phase I
FinCEN granted six federal law enforcement agencies participating in its pilot program access to its BOI system under Phase I after they submitted required documentation. Specifically, each agency provided FinCEN with (1) a signed MOU establishing the terms and conditions under which the agency may obtain, store, use, and redisclose BOI; (2) an initial report describing the standards and procedures established to comply with access rule requirements for protecting BOI; and (3) a certification signed by the agency’s head attesting that its standards and procedures comply with the rule’s security and confidentiality requirements.
As of October 2024, FinCEN had granted BOI access to the Federal Bureau of Investigation, Internal Revenue Service-Criminal Investigation, U.S. Postal Inspection Service, and U.S. Secret Service. FinCEN granted the Drug Enforcement Administration and Homeland Security Investigations access in November 2024 and March 2025, respectively, after they submitted the required documentation.
According to FinCEN officials, the U.S. Postal Inspection Service and Internal Revenue Service-Criminal Investigation terminated their pilot MOUs—and thus their access to BOI—in June and July 2025, respectively. FinCEN officials told us that the agencies may want to re-enter an MOU depending on finalization of the March 2025 interim final rule. Further, FinCEN officials told us that the Federal Bureau of Investigation’s pilot MOU expired on February 26, 2026, and was not renewed.
According to FinCEN officials, the agency’s phased approach to granting access to BOI was needed based on its experience with managing access to BSA data and differences in requirements between BSA and BOI data. FinCEN used a pilot program to help both it and the pilot agencies understand how to structure the MOUs and compliance functions to meet law enforcement needs and protect the data. The officials told us that the pilot MOUs and associated materials were part of an iterative process, where agency feedback would be reflected in future MOUs and FinCEN’s compliance and oversight policies and procedures.
As we previously reported, FinCEN revised the pilot MOU template based on feedback to clarify certain terms and conditions and help agencies better understand their compliance responsibilities. For example, while both versions require agencies to conduct an annual internal audit, the revised MOU requires agencies to submit their audit results and standards and procedures with their annual report. At the time of our prior report, FinCEN officials told us that the pilot agencies would be required to enter into the revised MOU.
In December 2025, FinCEN officials told us that the agency was waiting until it finalized its interim final rule to pursue revised MOUs with the pilot agencies, given possible changes to the rule and the content of the BOI database. Once finalized, revised MOUs could enhance FinCEN’s ability to oversee pilot agencies and protect BOI. For example, requiring submission of audit results, standards, and procedures will provide FinCEN with additional information on agencies’ controls and their effectiveness. This information also will inform its planning for annual audits.
Although not required under the pilot MOUs, FinCEN officials told us they expected pilot agencies to provide FinCEN with a copy of their standards and procedures and an overview of their internal audits with their annual reports. The officials said that the Federal Bureau of Investigation, Internal Revenue Service-Criminal Investigation, and U.S. Secret Service did so.[14]
Searches of BOI Declined
The number of BOI searches conducted monthly by the pilot agencies increased from June 2024 through September 2024. However, the number of searches dropped in October 2024 and generally remained low through March 2026, the latest month for which data were available. The number of agencies conducting searches varied during the period (see fig. 1).
Figure 1: Number of Pilot Agencies Conducting Beneficial Ownership Information Searches and Total Searches, June 2024–March 2026
Note: The six pilot agencies were granted access to beneficial ownership information from June 2024 through March 2025, and two agencies terminated their access in June and July 2025.
According to FinCEN officials, legal challenges and program changes contributed to the downward trend in BOI searches. These included the December 2024 and January 2025 district court cases that initially paused BOI reporting deadlines, FinCEN’s extension of reporting deadlines as a result of these cases, and FinCEN’s March 2025 interim final rule exempting all U.S. companies and U.S. persons from BOI reporting requirements.
According to FinCEN officials, the BOI database held approximately 16.4 million BOI reports as of March 2026, of which approximately 15,000 were filed by foreign reporting companies. All reports in the database are searchable. However, the officials told us that the agency planned to address the disposition of reports that are no longer legally required to be filed once it finalizes its interim final rule.
FinCEN Provided Certain of Its Staff and Contractors with Access to BOI
In addition to the pilot program agencies, FinCEN provided 104 of its own staff and contractors with access to its BOI IT system as of June 2025. FinCEN issued policies and procedures, effective October 2024, governing its staff’s access, inspection, use, and disclosure of BOI. According to FinCEN (as of April 2026)
· 8 staff access BOI to investigate potential BSA violations;
· 28 staff and contractors access BOI to conduct strategic analysis, research, intelligence, and other mission-related activities;
· three staff access BOI to generate reports to monitor and audit the use of the BOI system; and
· 65 staff and contractors access BOI to perform administrative, operational, and management functions, maintain the BOI portal and related IT systems, or support the contact center.
Under FinCEN’s policies and procedures, each FinCEN division’s senior manager is responsible for determining which staff should be granted access to BOI.
· Access approval process. Staff must complete an authorization form, which the staff’s supervisor reviews and an associate director or deputy associate director approves. In response to our document request, FinCEN officials identified some processed forms that had not been signed by an associate director or deputy associate director but confirmed they had approved access. Officials told us they have been automating the process to electronically route forms through the review and approval process, which they anticipated completing in early 2026, and FinCEN sent an email reminder of the BOI access approval policy as an interim refresher.
· Ongoing review of access. Each division’s senior manager is to annually review and certify that only appropriate staff have access to BOI. According to FinCEN, all senior managers completed the review and certification in June or July 2025. In May 2026, FinCEN officials told us that they transferred all audit oversight responsibilities to the agency’s Office of Security.
FinCEN Paused Phase II Processing and Revised Review Procedures and Time Frames for Future Phases
As we previously reported, FinCEN began Phase II in September 2024, accepting BOI requests from Treasury offices and federal agencies that had existing BSA MOUs with FinCEN. According to FinCEN officials, the agency temporarily paused Phase II because of the ongoing litigation (discussed previously) but resumed accepting and processing requests in spring 2025.
As of August 2025, FinCEN was processing Phase II requests from 22 federal agencies. Specifically, FinCEN was drafting MOUs for 18 agencies and awaiting signed MOUs from one federal agency and three Treasury components. Eleven of these entities are offices of inspector general. To be granted access to BOI, each agency must provide FinCEN with a signed MOU, an initial report describing its standards and procedures for protecting BOI, and a signed certification attesting that its standards and procedures comply with the access rule’s requirements.
In December 2025, FinCEN officials told us that the agency had not entered into MOUs with any of these entities because it had largely paused Phase II while it was working to finalize the interim final rule. FinCEN officials told us that as of March 31, 2026, the agency fully executed one Phase II access MOU with the Department of the Treasury, Office of Investment Security.
In April 2025, FinCEN revised its standard operating procedures for reviewing and approving or denying agency requests to enter into MOUs for BOI access. The revisions expanded the procedures to cover requests from state, local, and tribal agencies (Phase III) and introduced new or enhanced review steps and documentation requirements. For example, after receiving a request, FinCEN determines whether the agency is an authorized user and will use BOI for only authorized purposes. If so, the request is subject to review and approval by a manager and the Office of Chief Counsel (see fig. 2). The revised procedure also includes more specific guidance for documenting and storing information in FinCEN’s case management system.
Figure 2: Process for Reviewing Agency Requests to Access Beneficial Ownership Information, as of December 2025
We reviewed three BOI access requests and found that FinCEN documented staff’s review of each agency’s type and mission, managerial review of the request, and the Office of the Chief Counsel’s review and approval in its case management system.
FinCEN also delayed the expected time frames for implementing Phases III, IV, and V of the BOI access program. We reported in February 2025 that FinCEN planned to implement these phases from fall 2024 through spring 2025 and was on schedule to do so.[15] In December 2025, FinCEN officials told us that the time frames for implementing these phases would depend on when the agency finalizes its interim final rule.
FinCEN Implemented Processes to Protect the Security and Confidentiality of BOI and Was Developing Procedures to Address Potential MOU Compliance Issues
FinCEN implemented processes to monitor agencies’ access to BOI, including monthly reviews of query audit logs, controls over user eligibility, and annual audits of authorized user agencies. It also revised its oversight procedures and began developing additional policies to address potential MOU noncompliance, including how to respond to late or missing reporting and when to escalate or restrict access.
FinCEN Monitors Agencies’ Access to BOI and Conducts Annual Audits
Query Audit Logs
As we previously reported, FinCEN developed plans to monitor individual users’ access to and use of its IT system for BOI through query audit logs.[16] The system records and maintains authorized user activity, including request dates, usernames, requests made on behalf of others, and justifications for queries.
In revising its standard operating procedures in April 2025, FinCEN included procedures for reviewing query audit logs each month and documenting its findings in a monthly access review report. These procedures include
· extracting query audit log reports and data, including user activity, search history, and justifications;
· selecting a sample and reviewing for red flags, such as inadequate justifications, search strings that appear unrelated to the stated justification, and excessive searches;
· drafting a monthly access review report summarizing the full data set, sample selection, review results (including any identified red flags), and any recommended remediation;
· submitting the report to management for review and approval; and
· notifying the agency of any corrective actions required, documenting the information in the case management system, and escalating the matter if the agency does not take corrective actions in a timely manner.
FinCEN began conducting monthly reviews pursuant to its finalized standard operating procedures in May 2025. For reviews conducted in May, June, and July (the most recent months for which access review reports were available), FinCEN identified no negative findings and determined that agency search queries appeared to align with applicable requirements. FinCEN officials told us that, as of March 2026, their subsequent monthly reviews also identified no negative findings.
Eligibility of Authorized Users
Under the revised MOU, the authorized user agency has an ongoing obligation to ensure that authorized users remain eligible to access BOI and continue to have a need to access BOI, consistent with the MOU terms. FinCEN also monitors authorized users and automatically disables user accounts that have been inactive for more than 90 days.
According to FinCEN officials, the agency began automatically deleting inactive user accounts in October 2024. However, a coding-related error introduced in March 2025 caused the automatic deletion function to stop working. FinCEN officials told us that the error was corrected in April 2025.
Annual Audits of Authorized User Agencies
FinCEN must annually audit each authorized user agency to assess its compliance with the MOU, applicable provisions of the Corporate Transparency Act and access rule, and agency standards and procedures. Audits may be conducted in person or virtually. In addition, FinCEN may review an agency’s standards, procedures, and BOI training at any time, and require revisions as needed.
In revising its standard operating procedures in April 2025, FinCEN included procedures for conducting annual audits. These procedures include
· performing preaudit work, such as reviewing the agency’s MOU and other documents in the case management system, and reviewing monthly access review reports (discussed above);
· preparing and submitting a document request and audit questionnaire to the agency;
· reviewing submitted documents and questionnaire responses, documenting findings and observations, and drafting the audit report; and
· providing draft audit reports (including any findings, observations, and corrective actions) to management for review and approval.
In December 2025, FinCEN officials told us that the agency was auditing the Federal Bureau of Investigation, Internal Revenue Service-Criminal Investigation, U.S. Postal Inspection Service, and U.S. Secret Service. FinCEN sent these agencies a questionnaire and document request and received responses from three of the four agencies. Officials said FinCEN also reviewed the BOI searches agencies conducted, as well as their MOUs and standards and procedures as part of the audits. FinCEN officials did not provide a time frame for completing these audits.
FinCEN Revised Oversight Procedures and Was Developing Additional Procedures to Address Potential MOU Compliance Issues
Pursuant to the MOU, agencies must submit semiannual certifications attesting to their compliance with the access rule’s security and confidentiality requirements, as well as an annual report on their security and confidentiality standards and procedures. In April 2025, FinCEN revised and expanded its standard operating procedures for BOI access requests to include mechanisms for overseeing agencies’ compliance with these reporting requirements. Under the revised procedures, FinCEN is to
· notify agencies approximately 30 days before the due date of the semiannual certifications and annual reports; and
· review submitted materials, including results of internal audits, for compliance with MOU requirements.
FinCEN officials told us they have been developing templates to guide the document reviews based on their ongoing review of these materials.
Under the MOUs, FinCEN may temporarily suspend or permanently terminate an agency’s or authorized person’s access to BOI for not complying with MOU requirements. Such compliance issues can vary in severity and in the level of risk posed to the improper use or disclosure of BOI. For example, it may include not submitting certifications or reports on time, failing to adequately train staff on BOI safeguards, not conducting annual internal audits, or not maintaining adequate safeguards.
In revising its procedures in April 2025, FinCEN included instructions for staff to escalate concerns about compliance with certain MOU requirements to senior management, including annual reports, semiannual certifications, and standards and procedures. However, the revised procedures do not specify the types of MOU compliance failures that would result in suspension or termination of agency access to BOI or the procedures FinCEN would use to take such action.
In December 2025, FinCEN officials told us they did not want to predetermine, through policies and procedures, the actions the agency would take to address MOU compliance failures during the pilot program. Instead, they said they were using the pilot to assess issues on a case-by-case basis and retain flexibility.
In March 2026, officials told us that the agency was developing policies and procedures to address MOU compliance failures, as additional agencies may be provided with access to BOI under Phase II. These policies and procedures are expected to include steps for extending reporting due dates, addressing late or missing reports in a timely manner, and imposing penalties such as suspension or termination of access. We will continue to monitor FinCEN’s progress in developing these policies and procedures through our ongoing work.
Agency Comments
We provided a draft of this report to FinCEN for review and comment. In written comments (reproduced in app. I), FinCEN neither agreed nor disagreed with our findings but thanked us for our review and oversight of the BOI access program. FinCEN also provided technical comments, which we incorporated as appropriate.
We are sending copies of this report to the appropriate congressional committees, the Secretary of the Treasury, and other interested parties. In addition, the report is available at no charge on the GAO website at https://www.gao.gov.
If you or your staff have any questions about this report, please contact me at clementsm@gao.gov. Contact points for our Offices of Congressional Relations and Media Relations may be found on the last page of this report. GAO staff who made key contributions to this report are listed in appendix II.
Michael E. Clements
Director, Financial Markets and Community Investment
GAO Contact
Michael E. Clements, ClementsM@gao.gov
Staff Acknowledgments
In addition to the contact named above, Rich Tsuhara (Assistant Director), Deena Richart (Analyst in Charge), Lauren Capitini, Jill Lacey, Marc Molino, Barbara Roesmann, and Mary Stack made key contributions to this report.
The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.
Order by Phone
The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.
Place orders by calling (202) 512-6000, toll free (866) 801-7077,
or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.
Connect with GAO
Connect with GAO on X,
LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.
To Report Fraud, Waste, and Abuse in Federal Programs
Contact FraudNet:
Website: https://www.gao.gov/about/what-gao-does/fraudnet
Automated answering system: (800) 424-5454
Media Relations
Sarah Kaczmarek, Managing Director, Media@gao.gov
Congressional Relations
David A. Powner, Acting Managing Director, CongRel@gao.gov
General Inquiries
[1]The Corporate Transparency Act was enacted as part of the Anti-Money Laundering Act of 2020, Division F, Title LXIV of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. No. 116-283, §§ 6401-6403, 134 Stat. 3388, 4604-4625. Section 6403 of the act, among other things, amends the Bank Secrecy Act by adding a new section—Beneficial Ownership Information Reporting Requirements—which is codified at 31 U.S.C. § 5336.
[2]The Bank Secrecy Act is the commonly used name for the framework of anti-money laundering laws codified at 12 U.S.C. § 1829b, 12 U.S.C. §§ 1951-1960, and 31 U.S.C. §§ 310, 5311-5314, 5316-5336, and includes notes thereto, with implementing regulations at 31 C.F.R. Chapter X.
[3]In January 2024 (under prior beneficial ownership reporting rules), a reporting company (domestic or foreign) in existence before January 1, 2024, had until January 1, 2025, to file its initial BOI report. For domestic reporting companies created, and entities that became foreign reporting companies, on or after January 1, 2024, and before January 1, 2025, an initial BOI report was required to be filed within 90 calendar days of receipt of notice that its creation or registration, respectively, was effective. For domestic reporting companies created, and entities that became foreign reporting companies, on or after January 1, 2025, an initial BOI report was required to be filed within 30 calendar days of receipt of notice that its creation or registration, respectively, was effective. Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498, 59591-59592 (Sept. 30, 2022); Beneficial Ownership Information Reporting Deadline Extension for Reporting Companies Created or Registered in 2024, 88 Fed. Reg. 83499 (Nov. 30, 2023).
[4]Beneficial Ownership Information Access and Safeguards, 88 Fed. Reg. 88732 (Dec. 22, 2023) (effective Feb. 20, 2024).
[5]On December 3, 2024, in Texas Top Cop Shop, Inc. v. Garland, the U.S. District Court for the Eastern District of Texas, Sherman Division, issued an order that preliminarily enjoined the government from enforcing the Corporate Transparency Act and stayed its implementing regulation’s reporting deadlines. 758 F. Supp. 3d 607 (E.D. Tex. 2024). This case was subsequently appealed. While it remains on appeal, the U.S. Supreme Court permitted FinCEN’s enforcement of the Corporate Transparency Act and implementation of the regulation’s reporting deadlines (McHenry v. Texas Top Cop Shop, Inc. 145 S. Ct. 1 (2025)). On January 7, 2025, in Smith v. U.S. Department of the Treasury, the U.S. District Court for the Eastern District of Texas, Tyler Division, issued a preliminary order that prevented the government from enforcing the Corporate Transparency Act against the plaintiffs and stayed the effective date of the implementing regulation during the pendency of that litigation. 761 F. Supp. 3d 952 (E.D. Tex. 2025). Subsequently, after the Supreme Court’s ruling in Texas Top Cop Shop, the district court issued an order in Smith permitting enforcement of the Corporate Transparency Act and reporting deadlines. Case No. 6:24-cv-336-JDK. Since then, the district court issued an order to hold the case in abeyance pending the resolution of FinCEN’s rulemaking on the beneficial ownership rule, as discussed herein. 2025 U.S. Dist. LEXIS 145466 (E.D. Tex. 2025). See also National Small Business United v. Yellen, Case No. 5:22-cv-01448 (N.D. Ala.), rev’d, 161 F. 4th 1323 (11th Cir. 2025).
[6]Beneficial Ownership Information Reporting Requirement Revision and Deadline Extension, 90 Fed. Reg. 13688 (Mar. 26, 2025). In the interim final rule, FinCEN revised its definition of “reporting company” and its exemptions to codify that only those entities previously known as “foreign reporting companies” will be required to report beneficial ownership information to FinCEN as a “reporting company” under the new rule, assuming they are not otherwise exempt. However, these foreign entities will not be required to report any U.S. persons as beneficial owners, and U.S. persons will not be required to report beneficial ownership information to such entity.
[7]FinCEN’s September 2022 final rule identified 32,556,929 reporting entities, excluding the 23 original exempt entity categories. The March 2025 interim final rule identified about 20,000 reporting entities (about .06 percent of the original population of reporting companies) that would be compliant in year one and approximately 5,000 new reporting companies that would file their first report in each of years 1 through 3.
[8]GAO, Illicit Finance: Treasury’s Initial Safeguards for Allowing Access to Information on Corporate Ownership, GAO‑25‑107403 (Washington, D.C.: Feb. 20, 2025).
[9]GAO, Standards for Internal Control in the Federal Government, GAO‑14‑704G (Washington, D.C.: Sept. 10, 2014). The 2025 revision—Standards for Internal Control in the Federal Government, GAO‑25‑107721 (Washington, D.C.: May 15, 2025)—went into effect in fiscal year 2026.
[10]Pub. L. No. 116-283, § 6403, 134 Stat. 3388, 4605-4625, codified at 31 U.S.C. § 5336(b). Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498 (Sept. 30, 2022). See also Beneficial Ownership Information Reporting Requirement Revision and Deadline Extension, 90 Fed. Reg. 13688 (Mar. 26, 2025).
[11]There are exceptions to the definition of beneficial owner, such as minor children and certain creditors of the reporting company 31 U.S.C. § 5336(a)(3)(B).
[12]The Corporate Transparency Act requires FinCEN to promulgate regulations to revise its Customer Due Diligence Rule to conform to the act’s provisions that require direct beneficial ownership reports to FinCEN. FinCEN had not initiated this rulemaking as of June 1, 2026, notwithstanding the Corporate Transparency Act’s requirement to do so within 1 year of the effective date of FinCEN’s rules pertaining to the reporting of BOI (January 2025). 31 U.S.C. § 5336(b)(4), (5). See also Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498 (Sept. 30, 2022). On February 13, 2026, FinCEN issued an order granting exceptive relief to covered financial institutions from the requirement to identify and verify the identity of beneficial owners at each new account opening. Exceptive Relief from Requirement to Identify and Verify Beneficial Owners at Each Account Opening, FIN-2026-R001 (Washington, D.C.: Feb. 13, 2026). FinCEN indicated that this excepted relief was part of FinCEN’s obligations under the Corporate Transparency Act to revise the 2016 Customer Due Diligence Rule, and it anticipates pursuing further changes to this rule through the rulemaking process, which will be informed by these efforts. In our prior work, we discussed similar delays that FinCEN experienced in implementing the Anti-Money Laundering Act of 2020, which includes the Corporate Transparency Act. We recommended, among other things, that FinCEN develop and implement a communications plan to regularly inform Congress and the public in full about its progress implementing the Anti-Money Laundering Act of 2020. GAO, Anti-Money Laundering: Better Information Needed on Effectiveness of Federal Efforts, GAO‑24‑106301 (Washington, D.C.: Feb. 8., 2024).
[13]Beneficial Ownership Information Access and Safeguards, 88 Fed. Reg. 88732 (Dec. 22, 2023).
[14]Under the pilot MOU, an agency must alert FinCEN within 5 business days after it identifies any failure to comply with its standards and procedures during its internal audit.