US Corporate Transparency Act rollbacks create customer ID verification needs

U.S. companies will no longer have to comply with beneficial ownership reporting, thus pressuring banks to uphold KYC compliance and meet anti-money laundering (AML) regulations independently, due to a recent ruling from FinCEN. America’s financial crime watchdog announced its ruling on the Corporate Transparency Act in March and revised key definitions under the law. In 2025, financial institutions will increase their dependence on biometric technologies and have new complexities to navigate as a result.

The rollback’s consequences for financial institutions

The Corporate Transparency Act was enacted in January 2024, but the new presidential administration has ceased its enforcement. On March 2, the Treasury Department’s interim final ruling said only entities formed in foreign countries are considered reporting companies by the federal government. Therefore, domestic enterprises are exempt from FinCEN’s BOI (beneficial ownership information) requirements.

This decision will likely increase banks’ responsibilities through higher compliance costs and more resources needed for AML investigations. Previously, American companies had to publish their beneficial owners and reveal who owned a legal entity. However, the reversal means they will not face fines or penalties if they do not comply with the law.

FinCEN announced the interim final ruling in early March and said enforcement will no longer apply to American companies. On March 21, the Treasury Department clarified further by saying compliance was not required for domestic enterprises. While the decision is temporary, the federal government will take comments and issue a final ruling later in 2025.

The rollbacks have made the future uncertain for the financial industry, as outsiders may take advantage. Thieves could exploit the lack of BOI reporting and corporate transparency and hide funds in shell companies. Shielding your identity is now more manageable for domestic groups that want to move money without outside scrutiny.

Banks are still responsible for KYC compliance and other obligations. However, they will not benefit from a centralized information source that opponents have disputed since winter 2024. Experts say CTA penalties are on hold nationwide until further litigation concludes in federal courts. The confusion means financial institutions must implement biometric processes to verify customer identities and monitor suspicious transactions.

The future of banking and biometrics

Rolling back the CTA accelerates a trend across the finance industry — biometric adoption. A March 2025 report from PYMNTS Intelligence and Velera said 64 percent of credit unions will offer biometric authentication or digital identities by 2028. While 36 percent of these institutions have not announced such plans, they will likely feel pressure in the coming months and years.

The PYMNTS Intelligence report revealed that security features are the most important investment for 24 percent of consumers. Therefore, financial institutions are also facing pressure from some clients to implement biometrics for information protection. About 24 percent of small businesses said that security features and digital solutions are their top priorities for the future.

Biometrics will likely be a factor in financial security, as it can independently verify identities through liveness detection and continuous authentication. Banks have already begun using these features, and their implementation will be critical without a centralized information source.

For example, JP Morgan Payments recently added proprietary biometric systems with facial recognition technology and an infrared palm vein reader. While chip and contactless payment are available in the pin pad, it leverages a camera to detect faces and palms. This software is already underway in test trials and will likely expand throughout 2025.

Biometrics will be critical for banks because they must still comply with other FinCEN regulations, such as the CDD rule. This policy requires financial institutions to identify and verify customers, even the beneficial owners of companies owning accounts. Besides identification, the CDD rule also requires understanding the customer relationship and ongoing monitoring.

While biometric technologies can benefit banks, they could introduce critical security pitfalls. Fraudsters could leverage AI and its subsets to create deepfakes and circumvent verification layers. Last year, an Indonesian financial institution said it endured a deepfake attack despite implementing protections against hooking and emulation and leveraging secondary verification layers.

In late 2024, the Indonesian bank found over 1,000 fraudulent accounts linked to 45 mobile devices in the attack. These Android and iOS users surpassed the KYC and biometric verification systems with injection attacks, undermining attempts to boost security. The institution’s report said the hackers used malware, social media and the dark web to manipulate their appearance and bypass the software.

As the threat landscape changes, banks must adapt by implementing advanced liveness detection and injection attack detection technologies and other anti-spoofing measures. Companies should also prepare for evolving biometric systems and their mishaps, such as false positives. Smaller financial institutions may need help with the associated infrastructure costs, which will be crucial due to the data’s irreversibility.

Article Topics

AML  |  banking  |  biometric authentication  |  biometrics  |  digital identity  |  financial crime  |  financial services  |  FinCEN  |  KYB  |  KYC  |  regulation