Risk Alert: Navigating Corporate Transparency Act/Beneficial Ownership Reporting

Issued October 17, 2023, Updated November 30, 2023 [1], Updated January 30, 2024 [2], Updated March 1, 2024 

Learn how to mitigate the unique risks CPA firms may encounter when delivering CTA compliance/BOI reporting services. A sample engagement letter is included.


On March 1, 2024, the United States District Court for the Northern District of Alabama declared that the Corporate Transparency Act (CTA) was unconstitutional. According to the Court’s memorandum opinion, the CTA is unconstitutional because it exceeds the Constitution’s limits on Congress’ power. A copy of the Court’s decision can be found here.

So, does the decision apply to businesses in other states? The plain reading of the memorandum opinion and final judgment appear to limit the decision to the parties in that case – the named plaintiffs and the businesses that are members of the National Small Business Association. FinCEN issued a statement in response to the ruling. FinCEN advised it will abide by the order as long as it remains in effect, signaling the government’s intention to appeal the ruling. FinCEN further stated that the named plaintiffs in the action, including members of the National Small Business Association as of March 1, 2024, are not required to report beneficial ownership information to FinCEN at this time. If you have questions about the court’s decision, you should seek legal advice to determine the decision’s impact on your reporting obligations and direct your clients to do the same. We will have to wait and see what happens if/when the case is appealed to the Circuit Court, and then possibly to the US Supreme Court. You should consult with your attorney to stay informed and continue to monitor the legal developments regarding the CTA’s status.

See Journal of Accountancy article on the court's decision here.

Starting January 1, 2024[3], a significant number of businesses are required to comply with the Corporate Transparency Act (“CTA” or “the Act”). The Financial Crimes Enforcement Network (“FinCEN”) estimates that in the first year approximately 32.6 million[4] businesses will need to comply with the Act and report information related to the business’ owners, officers, and controlling persons.
The purpose of this Risk Alert is to provide information on the Act and on some of the potential professional liability ramifications to CPAs. This Alert does not provide legal analysis or legal advice, but instead general facts and risk management advice on some anticipated situations CPA firms may face. The law is new and limited interpretative guidance is currently available. All CPA firms are encouraged to read this Risk Alert to gain a general understanding of the Act and potential professional liability risks related to it, and if necessary, to engage their own attorney for tailored advice.



  • CTA is administered by FinCEN and establishes a database of companies’ beneficial ownership information to be used for law enforcement purposes.
  • Professional liability claims related to CTA may be severe as the statutory penalties for noncompliance with CTA can be significant.
  • Even if a CPA is not engaged or has affirmatively declined to provide services related to CTA, CPAs should be careful not to provide off-the-cuff advice on which the client may rely to their detriment.
  • Unless specifically engaged to provide CTA assistance under a separate engagement letter, include a provision in all engagement letters, regardless of service, disclaiming a responsibility to do so. A sample provision is provided in this Risk Alert.
  • CPAs should evaluate what, if any, assistance their firm may provide related to a client’s CTA compliance and understand the related risks, including how the firm’s professional liability policy may respond to claims stemming from CTA services.
  • Caution should be exercised before agreeing to provide any services related to CTA. If a CPA decides to provide CTA services, professional liability risks associated with assisting a client with their CTA reporting requirements may depend on the nature or depth of the assistance provided.
  • Managing your professional liability risk should include a combination of technical competence, thorough client vetting and acceptance, a strong, concise engagement letter, documenting client discussions, and consultation with knowledgeable professionals.

Enacted as part of the 2021 National Defense Authorization Act and amending the Bank Secrecy Act, CTA (31 U.S.C. 5336), the CTA is intended to close a perceived information gap related to money laundering and other illicit acts. Specifically, CTA establishes “a database of beneficial ownership information (“BOI”) that will be highly useful in combatting illicit finance and the abuse of shell and front companies by criminals, corrupt officials, and other bad actors”,[5] and aids efforts “to protect U.S. national security and safeguard the U.S. financial system from such illicit use.”[6] Although passed in 2020, reporting under CTA was initially delayed. A “Final Rule” was issued in September 2022, making compliance with the Act mandatory for reporting companies as of January 1, 2024.
The definition of a “reporting company” under the Act is complex and may include many small businesses, middle-market businesses, and sole practitioners. There are several categories of exemptions, and most exemptions are for entities that are already subject to substantial federal or state regulation. 
In general, reporting companies created before or registered to do business as of December 31, 2023, have until January 1, 2025 to file an initial BOI report with FinCEN. Reporting companies created or registered to do business on or after January 1, 2024, have ninety (90) days from the date of their registration to file an initial BOI report. Reporting companies created or registered on or after January 1, 2025 have thirty (30) days from the date of their registration to file an initial BOI report. After filing an initial BOI report, reporting companies have thirty (30) days to file updated reports detailing statutorily-required changes about the reporting company and/or its beneficial owners.

As specified in the Corporate Transparency Act, a person who willfully violates the BOI reporting requirements may be subject to civil penalties of not more than $500 (adjusted for inflation to $591 as of January 25, 2024) for each day that the violation continues. That person may also be subject to criminal penalties of up to two years imprisonment and a fine of up to $10,000. Potential violations include willfully failing to file a beneficial ownership information report, willfully filing false beneficial ownership information, or willfully failing to correct or update previously reported beneficial ownership information.
Additionally, any person who, without authorization, knowingly discloses or uses BOI may be fined up to $250,000, or imprisoned up to five years, or both.

Mitigating a CPA firm’s professional liability risk related to the CTA
Due to the nature of the CPA-client relationship, a client’s first inclination may be to turn to their CPA for advice on CTA rather than their attorney. Even CPAs who decide not to provide services related to CTA may still face professional liability risk for a client’s non-compliance in certain situations – failing to advise the client of CTA filing requirements and providing answers to “quick questions” about CTA compliance requirements. If a client incurs damages related to their noncompliance with the Act, they may blame the CPA and such claims may be significant. 

Addressing allegations of a failure to advise
To help reduce the likelihood of claims asserting a failure to advise a client of CTA, consider sending a newsletter or other general client notification letter to all clients informing them of CTA and its reporting requirements. Retain a copy of the newsletter as well as the distribution list. The AICPA has a Beneficial Ownership Information FAQ for Clients available to its members and FinCEN has a Frequently Asked Questions page, both of which can be used as a starting point.

In addition, unless specifically engaged via a separate engagement letter to provide CTA assistance, for the avoidance of doubt, include a provision in all engagement letters for other services disclaiming a responsibility to do so. Including this provision helps defend against a client’s “you didn’t tell me” assertion. A sample provision follows:

Corporate Transparency Act/Beneficial Ownership Reporting
Assisting you with your compliance with the Corporate Transparency Act (“CTA”), including beneficial ownership information (“BOI”) reporting, is not within the scope of this engagement. You have sole responsibility for your compliance with the CTA, including its BOI reporting requirements and the collection of relevant ownership information. We shall have no liability resulting from your failure to comply with CTA. Information regarding the BOI reporting requirements can be found at https://www.fincen.gov/boi. Consider consulting with legal counsel if you have questions regarding the applicability of the CTA’s reporting requirements and issues surrounding the collection of relevant ownership information.
Why is this provision important to include in all engagement letters? A client may face many risks arising from their noncompliance with CTA beyond fines and penalties, some of which may be unforeseeable, and the client may blame the CPA for not advising them of these risks. Including a disclaimer such as this can help make it clear to the client that they should not expect advice on this topic from the CPA.

Addressing the risk of providing off-the-cuff advice
Clients may ask a “quick question” about CTA and their filing obligations. However, providing ad hoc advice is fraught with risk. Answering one-off questions related to CTA not only may lead to bad or incomplete advice, but may also cross the line into the practice of law.
Even if not formally engaged to provide services related to CTA, you may find yourself in the middle of a dispute if the client relies upon your off-the-cuff advice. While directing the client to their attorney to help advise them may be the right answer, it may not always be the most popular. If compelled to provide a high-level response of a general nature in response to a client question, be sure to follow up the advice with written documentation to the client advising them of the limitations of your advice and direct the client to retain a qualified professional for a more detailed response. For more, please read Do I Really Need a New Engagement Letter for That?
If I choose to assist clients with CTA reporting, what are some additional risks of which I need to be aware?
CTA and the unauthorized practice of law (“UPL”)
Like the Report of Foreign Bank and Financial Accounts (“FBAR”), CTA is administered by FinCEN. However, unlike FBAR, to date no grant of authority designating the IRS as an enforcement agent for CTA has been conferred. Accountants have a limited grant to “interpret” tax law under Title 26 of the U.S. Code (Internal Revenue Code) via Treasury Circular 230 and state accountancy statutes. It is unclear whether interpretation of CTA statutes, which are under Title 31 of the U.S. Code (Money and Finance), is similarly permissible.
Providing technical or interpretive advice on CTA may rise to the practice of law. The “practice of law” is defined by the states (not federally). The unauthorized practice of law is generally considered to be the practice of law by an individual who is either not licensed to practice law at all, or who is licensed to practice law but has not received permission to practice in the state where acts which equate to “practice” occur. Many states have an express prohibition against UPL. Depending on the state, a UPL violation may be treated as a criminal matter. In some cases, only licensed attorneys may be able to provide advice related to CTA.
Insurance considerations
For coverage information related to accountant professional liability policies underwritten by CNA, please see: 

In general, an accountant professional liability policy covers errors and omissions arising from the delivery of professional services. “Professional services” is typically defined in policy language and generally includes services performed in the practice of public accountancy.

In addition, professional liability policies, including those for accountants, typically exclude coverage for actual or alleged dishonest, fraudulent, criminal and/or illegal acts – partly because of moral risk and partly because many states impose strict limits which preclude insurance companies from insuring parties for their criminal acts.

CPAs not insured by CNA should consult their professional liability insurance carrier or broker to understand the coverage implications of providing services related to the CTA.

Professional liability risk related to assisting clients with CTA reporting
A CPA has professional liability risk whenever services are provided to clients. Even “simple” client fact patterns can result in a professional liability claim if it is later determined that the client is not in compliance with the Act and a loss can be traced back to the CPA’s advice or failure to advise.

Professional liability risk associated with assisting a client with their CTA reporting obligations depends on many factors, including:  (1) the development of regulatory guidance and case law related to the CTA; (2) details of a specific client’s situation, organization, and ownership; (3) and the nature and extent of assistance rendered. Depending on a client’s fact pattern, CTA compliance may require affected entities to obtain legal advice and analysis.

On one end of the spectrum, a CPA may choose to provide strictly administrative assistance to the client. The CPA does not provide advice or interpretation, and acts solely as a conduit to help the client get its data from point A to point B.

On the other end of the spectrum, a CPA may choose to provide on-going compliance advice and interpretation of the CTA and its application to the client’s facts and circumstances, as well as proactively alert the client if future changes to law or facts require action.
There could be multiple varieties of service offerings between these two extremes. The extent of those service offerings may be driven by the CPA’s risk tolerance and needs and characteristics of their client base. Any service, however formulated, carries its own risk profile, and CPAs should understand the associated downside.
Other risks that may arise if the CPA provides CTA assistance to clients include:

  • Bank scrutiny

As CTA is part of the Bank Secrecy Act, bank underwriters may ask CPAs to confirm a client’s CTA compliance in the form of a “comfort letter” or other documentation. While CPAs should always scrutinize comfort letter requests, because CTA contains criminal as well as civil penalties, additional care should be taken.
  • Added PII and data concerns

CTA compliance may require gathering data which is not ordinarily requested or retained by the CPA. This added data may be personally identifiable information, requiring protection under applicable laws and regulations. Data security is already a key concern for CPAs, and CTA may increase the amount of data requiring protection, thus increasing a CPA’s data security liability exposure.
  • Aiding and abetting claims

If the CPA provides CTA services to a client who is found to have intentionally filed false reports, the CPA may be accused of aiding and abetting the client – civilly by a wronged party, or criminally by an enforcement agency.
Caution should be exercised before agreeing to provide any assistance related to CTA. Consultation with your legal counsel is strongly recommended to help you understand your risks.
Managing professional liability risks related to CTA assistance services


Despite the stated risks, if a CPA decides to provide assistance to clients related to their CTA compliance, understanding the risks presented by the service is a key step in understanding how to manage them. Providing tailored advice in this alert for every specific situation a CPA may face is not possible. However, careful planning and consistent application of risk management techniques may help mitigate potential downsides.

  • Perform thorough acceptance procedures

Be selective of the clients to which the firm chooses to provide CTA assistance and what level of assistance to provide to those clients. Clients with more complex fact patterns and ownership/management structures will introduce added risk commensurate with the added complexity. Consequently, a thorough acceptance evaluation of new and existing clients should be conducted before agreeing to provide any services related to CTA. An adjustment to your typical acceptance process and risk tolerance may be needed. For example, the presence of foreign ownership may have greater influence on the acceptance evaluation, or a criminal background check on management and key individuals may be appropriate.
  • Draft a concise engagement letter

Narrowly defining the scope of services and keeping services within the agreed-to scope can help mitigate professional liability risk.
Make sure your scope of services succinctly describes the exact services to be delivered, and limit the firm’s services to those related to the specific report to be filed. Why? After the initial report, a client may go years with no changes to their BOI or experience years with multiple changes. If a deadline to report a change in BOI is missed, a client may blame the CPA, even if the change occurs long after the CPA’s services related to the initial report. Consequently, the scope of services drafted in the engagement letter should be precise and specifically address the client’s responsibility for notifying the CPA of any potential future compliance needs. If the client needs additional assistance after the initial reporting, a new engagement letter should be issued. In addition, be sure to clearly define the client’s responsibilities, including their responsibility to consult with and engage their own legal counsel, and to provide timely, complete, and accurate information to the CPA.
  • Documentation, including client representations

If there is ambiguity on how or what to report, explain to the client the risks associated with non-compliance and suggest they consult their own counsel to help them decide how to proceed. Inform the client that CTA is new and that additional guidance and interpretation may be issued in the future which may impact the client’s reporting under CTA. Document all discussions held with the client and decisions made by them, including any decisions not to file or that are contrary to your advice. Maintain documentation in your workpapers to support services rendered and aid in the defense of any future claim.
In addition, consider obtaining management’s representations regarding the completeness and accuracy of information provided by the client to the CPA firm.
  • Keep abreast of technical developments

Stay alert to new developments and guidance from reliable sources of information related to CTA compliance, such as FinCEN, the AICPA and the American Bar Association.
  • Talk to legal counsel

Remember – CTA carries a possibility of both criminal and civil enforcement. Criminal law has twists and turns not necessarily intuitive to CPAs. If you are doing work in this area, consider discussing the extent of your CTA activities and clients with an attorney who is versed in federal financial criminal laws. Ask if there is anything the CPA needs to be aware of to manage the firm’s risk, such as how to vet clients and techniques to perform diligence on the information provided by them.
In conclusion
CPAs may feel client and market pressure to take on responsibilities related to CTA despite their capabilities and risk tolerance. It is important to understand what level of service you are comfortable providing, what level of risk you are comfortable assuming, and what steps you can realistically take to help mitigate against any unwanted outcomes.

For considerations regarding coverage and services related to BOI, please see Coverage Considerations: Services Related to the Corporate Transparency Act.

For risk management advice regarding services related to BOI, please see Risk Management and the Corporate Transparency Act.

Additional resources

[1] November 29, 2023, FinCEN issued a final rule that extends the deadline for certain reporting companies to file their initial beneficial ownership information reports with FinCEN. This risk alert has been updated to reflect this change.
[2] This risk alert has been updated to refine the language in the Insurance Considerations section and include a link to CNA's statement, Coverage Considerations – Services Related to the Corporate Transparency Act.
[3] Protect Small Businesses and Prevent Illicit Financial Activity Act (H.R. 5119) introduced in the U.S. House of Representatives in August 2023 and would extend these reporting timeframes. However, as of the date of this Risk Alert, the legislation has not been passed. CPAs should operate as if compliance with these requirements will be in force as of January 1, 2024.


How Helpful Was This Article?


Related Content

Related Products

This information is produced and presented by CNA, which is solely responsible for its content. Continental Casualty Company, a member of the CNA group of insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program.

The purpose of this article is to provide information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the date of the article. The information, examples and suggestions presented in this material have been developed from sources believed to be reliable. This article should not be viewed as a substitute for the guidance and recommendations of a retained professional and should not be construed as legal or other professional advice. CNA accepts no responsibility for the accuracy or completeness of this material and recommends the consultation with competent legal counsel and/or other professional advisors before applying this material in any particular factual situation. This material is for illustrative purposes and is not intended to constitute a contract. Any references to non-CNA websites are provided solely for convenience, and CNA disclaims any responsibility with respect thereto.

To the extent this article contains any examples, please note that they are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional and purely coincidental. In addition, any examples are not intended to establish any standards of care, to serve as legal advice appropriate for any particular factual situation, or to provide an acknowledgement that any given factual situation is covered under any CNA insurance policy. Please remember that only the relevant insurance policy can provide actual terms, coverages, amounts, conditions, and exclusions for an insured. All CNA products and services may not be available in all states and may be subject to change without notice.

“CNA” is a registered trademark of CNA Financial Corporation. Certain CNA Financial Corporation subsidiaries use the “CNA” trademark in connection with insurance underwriting and claim activities. Copyright © 2024 CNA. All rights reserved.