House Committee Chair Seeks Database Security Audit for FinCEN’s BOI Reporting Rule
House Financial Services Committee Chairman Patrick McHenry, R-N.C., asked the Government Accountability Office Oct. 15 to determine whether the Financial Crimes Enforcement Network is adequately securing the information it collects through its new beneficial ownership information (BOI) reporting rule.
The BOI rule requires many companies to submit information on who owns and controls them. Those disclosures are supposed to include personally identifiable information, including addresses, legal representatives, dates of birth and unique identifying numbers for each beneficial owner, and Republicans on McHenry's committee are skeptical the agency will be able to protect that information. McHenry cited two recent Treasury Office of Inspector General audit reports that highlight deficiencies in FinCEN’s Bank Secrecy Act (BSA) database, which includes suspicious activity reports and currency transaction reports.
“FinCEN’s failure to properly manage the BSA database leaves Congress reluctant [to believe] that the agency will properly safeguard” BOI data, McHenry told the GAO.
In a statement, a Treasury official defended FinCEN’s database management capabilities, saying the agency “takes seriously its responsibility” to protect BOI data and uses “rigorous information security methods and controls.” The official also said that FinCEN is “working closely” with law enforcement and national security agencies to ensure they “fully protect confidentiality” when they need to access the database.
The BOI rule is designed to help the government prevent sanctioned parties and others from hiding money or property in the U.S. (see 2312210017). FinCEN began accepting BOI reports Jan. 1 (see 2401050023), and most companies are supposed to comply with the new rule by Jan. 1, 2025. Republicans on McHenry’s committee have criticized the rule as overly complicated and burdensome for small businesses (see 2402140044).