Fraud Auditing, Detection, and Prevention Blog

Fraud Audit Lessons from the Corporate Transparency Act

Feb 13, 2023 7:45:00 AM / by Leonard W. Vona

Throughout my blogs, I have stressed the importance of knowledge. For this month’s blog, I am sharing what I believe to be valuable information as you think through your company's fraud prevention and detection policies. We will be taking a look at the recently approved Corporate Transparency Act.  I would strongly suggest that you educate yourself and then determine if your company’s policies and internal controls need to be updated.

But first, the answers to last month’s trivia:

What was the first shape used to describe the COSO Control Model? A pyramid.

In what year was COSO created? The COSO was established in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, which is an independent private-sector initiative that studied the underlying factors that can cause fraudulent financial reporting.

Why was COSO created? It was initially established by five major accounting associations and institutes in the U.S. in the mid-1980s as part of the National Commission on Fraudulent Financial Reporting.

Before COSO how were internal controls referred to? The first provision of the FCPA illustrates the concept “an accounting provision which requires companies with securities listed on stock exchanges in the United States to make and keep books and records that accurately and fairly reflect the transactions of the corporation and to devise and maintain an adequate system of internal accounting controls” rather than internal controls.

Have you visited the SEC Historical Society? “Welcome to the virtual museum and archive of the history of financial regulation, providing access to primary materials on the creation and growth of the regulation of the capital markets from the 20th century to the present.” 

Are you aware of the Corporate Transparency Act?

The Corporate Transparency Act (CTA) requires a wide range of businesses to disclose who really owns them. The act, which applies to corporations, limited liability companies, and other business entities, defines this as a “beneficial owner.” Congress enacted the CTA enacted as part of the Anti-Money Laundering Act (AMLA) with the intent of weeding out bad players. The stated purpose is to discourage the use of shell corporations as a tool to disguise and move illicit funds. In short, the intent is to put an end to anonymous shell companies.

The lesson here is that you need to know who is behind the name.

Does your company have a due diligence program for vendors? Bankers are required to have a “know your customer” or “know your client” due diligence program, known as KYC to ensure that clients are who they say they are. Companies will benefit from having something similar for vendors.

The question you need to ask is: Are the vendors in your accounts payable file real suppliers or simply a pass-through for other illicit acts? Typical new vendor procedures do not focus on these types of issues.

In thinking through fraud auditing, it’s helpful to look at these types of laws and understand how they work as a guide. This information is 

Through the CTA, Congress directed the United States Treasury Department’s Financial Crimes Enforcement Network (FinCEN) to establish and maintain a national registry of beneficial owners of entities that are deemed “reporting companies.” 

What are Reporting Companies?

The CTA broadly defines a reporting company as any corporation, limited liability company, or other similar entity created by filing a document with the secretary of state or similar office in any state or territory or with a federally recognized Indian Tribe or formed under the laws of a foreign country and registered to do business in the United States. While that may seem straightforward, it is not clear whether it covers limited partnerships.

The CTA is focused on shell companies, which by their nature, would have limited or no operations. There are numerous exceptions to the reporting requirement such as those in a regulated industry. In those cases, entities are already required to report beneficial ownership. This includes publicly traded companies, investment vehicles operated by investment advisors, and government entities.

Companies that are legitimate operating entities will apparently not be subject to the new requirements. There are exceptions for entities that employ more than twenty employees; filed in the previous year a tax return demonstrating more than $5 million in gross receipts or sales; and have an operating presence at a physical office within the United States. Subsidiaries of excluded companies won’t have to report either.

Who are Beneficial Owners?

The CTA defines a beneficial owner as an individual who, directly or indirectly exercises substantial control over the entity or owns or controls not less than 25 percent equity in the entity. 

The CTA doesn’t define “substantial control.” That likely will be worked out in the regulations.

  • Those excluded from the definition of “beneficial ownership” include:
  • a minor child (as long as the child’s parent’s or guardian’s information is reported)
  • An individual acting as an intermediary or agent on behalf of another person
  • a person whose control over a reporting company derives solely from their employment
  • An individual whose only interest in a reporting company is through a right of inheritance
  • a creditor of a reporting company (unless they qualify as a “beneficial owner” through substantial control or equity ownership).

Final Rules Released in September 2022

Several months after the passage of the act, FinCEN issued final rules to enact the legislation.

“For too long, it has been far too easy for criminals, Russian oligarchs, and other bad actors to fund their illicit activity by hiding and moving money through anonymous shell companies and other corporate structures right here in the United States,” said Acting FinCEN Director Himamauli Das in a news release. “This final rule is a significant step forward in our efforts to support national security, intelligence, and law enforcement agencies in their work to curb illicit activities. The final rule will also play an important role in protecting American taxpayers and businesses who play by the rules, but are repeatedly hurt by criminals that use companies for illegal reasons.”

The rules go into effect on January 1, 2024. Companies created before then will have one year to file their report. Those created or registered after will have 30 days from the time they are created or registered.

What are The Reporting Requirements?

Companies must disclose basic identifiers that demonstrate that the beneficial owner is a real person. This includes the individual’s full legal name, date of birth, current address, and a unique identifying number from an unexpired passport, state identification document, or driver’s license.

Notice the similarities to what a company would want to know about its vendors? In a fraud audit, the auditor would look for missing information that indicates that the vendor doesn’t exist or is not a legitimate entity.  

For more information about the CTA, see Wolters Kluwer’s podcast “CT Expert Insights: Understanding the Corporate Transparency ACT CTA, with Sandra Feldman.”

Fraud Trivia*

1. What does a forensic person do for a living?

2. What is the difference between a forensic accountant and a forensic anthropologist?

3. Which organization was the first broad-based forensic accounting board and credentialing organization established in the United States?

4. Per the Tax Justice Network’s Financial Secrecy Index 2020, what are the top ten countries that enable financial secrecy in the world?

5. What is Kleptocracy?

*Answers will be released in the next blog

Demystifying Fraud eBook CTA

Topics: Fraud Auditing, Fraud Triangle

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.