Business group asks Treasury to destroy CTA data 

Andrew Harrer/Bloomberg

The National Federation of Independent Business — an advocacy group for small businesses — is pressing the Treasury Department to permanently delete ownership data collected under the now-suspended beneficial ownership rule, ramping up its campaign against federal reporting requirements it has called invasive and burdensome for small businesses.

In a Friday letter to Treasury Secretary Scott Bessent, NFIB urged the department to erase all data collected pursuant to the agency's regulations implementing the Corporate Transparency Act, a 2021 law that requires most U.S. businesses to report their legal owners to Treasury's Financial Crimes Enforcement Network. NFIB's request comes after the Trump administration announced plans to narrow the rule to require only foreign entities operating in the U.S. to disclose their legal owners.

"America's small businesses are very appreciative of President Trump and Secretary Bessent for standing up for Main Street and relieving them of these harmful Beneficial Ownership Information reporting requirements, but more work remains," said Jeff Brabant, NFIB vice president of Federal Government Relations. "We ask the Treasury to destroy the personal and private information that many small businesses had already provided, to ensure it does not fall into the wrong hands for nefarious use."

The NFIB also asked Congress to pass legislation to prevent small businesses from being asked to identify their true owners to the federal government in the future. 

The Corporate Transparency Act passed in 2021 with bipartisan support and was designed to combat financial crimes such as money laundering and tax evasion by requiring most U.S. businesses to report their beneficial owners — defined as individuals who control at least 25% of a company or wield significant influence over it. Fincen launched the beneficial ownership database in January 2024, initially giving companies a year to submit their information.

But legal and political resistance, particularly from business allies in Congress and small-business groups, grew as reporting deadlines approached. Critics argued the rule imposed excessive compliance costs and threatened the privacy of small-business owners. In response to those concerns and a series of legal challenges, the Treasury recently announced that it would suspend enforcement of the rule for U.S.-based entities and revise it to apply only to foreign businesses.

Despite the rollback, advocacy groups like NFIB are pushing the envelope. The organization, which filed a lawsuit in Texas to overturn the BOI rule, continues to challenge the CTA in court. It also seeks legislative action to ensure the rule's permanent repeal.

The rollback has alarmed transparency advocates and anti-corruption groups, who argue the database is a vital tool in the fight against illicit finance. They point out that the CTA was the product of more than a decade of bipartisan efforts to close loopholes exploited by criminals and foreign adversaries. Critics of the Treasury's decision warn that narrowing the rule to exclude domestic companies creates a dangerous gap in financial oversight.

Regulation and compliance

Treasury halts beneficial owner reporting for US entities

March 3, 2025 12:09 PM

Concerns about data privacy comes as the Treasury has been the victim of at least two cyber hacks under the Trump administration.

Earlier this week, the Office of the Comptroller of the Currency informed Congress it experienced a significant email system security breach in February in which high-level user accounts were breached for over a year, revealing highly sensitive information related to U.S. banks. The OCC regulates nationally chartered banks, which include some of the largest and most systemically important firms in the country.

In January, hackers allegedly linked to the Chinese government infiltrated the Treasury Department's systems via a third-party vendor's cloud-based remote support service. 

The January breach was significant for the hackers' use of an advanced persistent threat method of attack, allowing them to remain undetected within a system for an extended period, gradually transferring sensitive information from the system.