With the Corporate Transparency Act in effect for several months now, the House Small Business Committee convened to discuss how the rollout of the new law is going. The short answer – not so good.

The hearing featured testimony from three small business stakeholders who covered everything from compliance costs to legal and cybersecurity risks posed by the reporting requirements.

The first witness was Carol Roth, whose advocacy on behalf of the Main Street business community we’ve covered previously. Asked by Congressman Dan Meuser whether Treasury had reached out to affected businesses to help them understand their new compliance obligations, she responded:

Not that I’m aware of, and certainly not with the small business owners that I’ve spoken with. For my written statement for the record I submitted almost 450 statements from small business owners across the country who are vehemently opposed to the CTA. Most of them, when I’ve raised this through the media or other ways they’ve come in contact with me, had never heard of it. They also have no idea who FinCEN is

…Your average small business owner is just trying to stay afloat, and isn’t familiar with that division of Treasury. And when they find out they ask, Why is it that the Financial Crimes Enforcement Network is asking for my information? So, the communication hasn’t been there.   

Next was Tim Opsitnick, a member of the National Small Business Association and owner of Cleveland-based Technology Concepts & Design whose practice focuses on cybersecurity and data privacy. Tim drew on his background in commenting on the various cyber risks posed by the CTA:

Let me stress – we do not know the database is secure. We further know that the information and/or access to the database will be shared. Every time an owner shares their information, the risk that it will be misused or lost to the dark web significantly increases. FinCEN’s own website opens with an alert about fraudulent solicitations under the CTA.

According to NSBA research, the average cost to remedy a small business data breach is $15,297. In my experience, this is low. I have seen small companies face costs over $100,000. Regardless, either figure could cripple many small businesses, who are cash-flow-sensitive. Small businesses cannot afford to be vulnerable: the majority of small businesses that suffer a breach will be out of business within six months.

The third hearing witness was Roger Harris, an attorney and the president of Padgett Business Services, who refuted the government’s talking point that noncompliance will not be prosecuted:

It’s going to depend on their definition of “willful.” I wish FinCEN was as good at offering definitions of what constitutes willful as Mr. Kalman, because we’ve asked for that guidance and haven’t received it. I’m not sure anyone is out to penalize small businesses just for the sake of penalizing them. But as long as that threat hangs over them, small businesses and firms like ours are going to have to be cautious in how we interpret the law.

Harris raises an important point that deserves to be amplified. The position of CTA supporters appears to be that most violations of the CTA’s requirements will be accidental and would not rise to the level of willful.  But one of our complaints of the CTA is how difficult it is to comply, even if you make a reasonable attempt.

For example, the owner of five fast-food franchises will have to report the BOI of himself and anyone that exerts “substantial control”.  Exactly what “substantial control” means is famously vague, so it is up to the owner and his advisors to make a determination. Let’s say he decides to report the BOI of the Managers of each franchise, but not the Assistant Managers.

Is that the right decision?  Who knows – it will have to be litigated — but what we do know is that it was willful and, therefore, if the owner got it wrong, he’s liable for five counts of failing to comply.

This brings us to the last highlight of the hearing — Congressman Blaine Leutkemeyer’s reflection on how the legislation he once supported has morphed into a compliance nightmare for millions of small businesses:

I’m an interesting guy to be here because I was a sponsor of the Corporate Transparency Act, and my intention was to minimize the effect this had…[The Financial Crimes Enforcement Network] doesn’t need this. They have tools in their toolbox to go to court and get the warrants they need to be able to investigate.

So lots of heartburn and little comfort over the CTA, particularly as lawmakers hear firsthand how businesses are faring under the new compliance regime. The more light we can shed on this poorly-conceived law, the more likely it is that lawmakers provide the relief their constituents badly need.