The Corporate Transparency Act reporting requirements amount to an unreasonable search under the Fourth Amendment. Small Bus. Ass’n of Mich. v. Yellen, 2025 U.S. Dist. LEXIS 40975 (W.D. Mich. Mar. 3, 2025):
The data the CTA compels is commercially sensitive and historically private. Like many other states, Michigan does not require the beneficial ownership information (“BOI”) as a condition of obtaining authorization to operate as a corporation or LLC. So the CTA is compelling individuals to provide information never disclosed to the states. Plus, in addition to just the raw information found in corporate papers, the CTA requires judgments about the meaning of who is exercising “substantial control” over the entity and is therefore a “beneficial owner.” And the CTA then correlates personally identifying data about individuals with these judgments, receives constant updating, and stores it all indefinitely for disclosure at the request of state and federal law enforcement who claim to need it for criminal investigation or prosecution. In the Court’s view, this massive collection of personally identifying data for law enforcement, costing providers billions of dollars, amounts to an unreasonable search in violation of the Fourth Amendment.
. . .
I. The Corporate Transparency Act
The CTA is the federal government’s response to alleged gaps in its anti-money laundering and counterterrorism regime. The premise of the CTA is that the opacity of the ownership of millions of small corporations and limited liability companies formed under the laws of the fifty states each year facilitates criminal activity. The CTA therefore establishes an expansive repository of ownership information to unmask these owners in aid of nationwide law enforcement efforts. An estimated 32.6 million existing entities and 5 million new entities formed each year from 2025 to 2034 are expected to fall within the CTA’s ambit. Beneficial Ownership Information Reporting Requirements, 87 Fed. Reg. 59498, 59549 (Jan. 1, 2024), https://www.federalregister.gov/d/2022-21020/p-639 [https://perma.cc/XY4M-FT6Z].
Passed as part of the National Defense Authorization Act for Fiscal Year 2021, the CTA is one of many provisions of the Anti-Money Laundering Act of 2020 (“AMLA”). See Pub. L. No. 116-283, 134 Stat. 3388, §§ 6401-03 (CTA codified as amended at 31 U.S.C. § 5336) (2021). One of the AMLA’s objectives is to “establish uniform beneficial ownership information reporting requirements.” Id. at Div. F, § 6002, 134 Stat. 4547 (2021). These reporting requirements aim to “improve transparency for national security, intelligence, and law enforcement agencies and financial institutions concerning corporate structures,” “discourage the use of shell corporations as a tool to disguise and move illicit funds,” “assist national security, intelligence, and law enforcement agencies with the pursuit of crimes,” and “protect the national security of the United States.” Id. To this end, the AMLA calls for the creation of “a secure, nonpublic database at FinCEN.” Id.
. . .
I. The CTA’s Compelled Disclosure Amounts to a “Search.”
Modern Fourth Amendment jurisprudence recognizes two approaches to determine whether a “search” has occurred. The first is the property-based approach of Jones, which asks whether the government physically intrudes upon a constitutionally protected area with the intent to obtain information. Jones, 565 U.S. at 406 n.3. The second, privacy-based approach articulated in Katz asks whether the government invades a constitutionally protected privacy interest to gather information. Katz, 389 U.S. at 360-61. This means that the plaintiff must have a subjective expectation of privacy that “society is prepared to recognize as reasonable.” Smith v. Maryland, 442 U.S. 735, 740 (1979).
The Court finds both the property and privacy interests here sufficient to implicate the Fourth Amendment. The property, Plaintiffs’ BOI, is among the Amendment’s enumerated “papers” and “effects.” See Hale v. Henkel, 201 U.S. 43, 76-77 (1906). The compelled production of corporate papers, or compilations of information in those papers, at pain of civil or criminal penalties, is tantamount to a physical intrusion on Plaintiffs’ private commercial property. See Airbnb, Inc. v. City of New York, 373 F. Supp. 3d 467, 482 (S.D.N.Y. 2019) (“[I]n a series of cases, the Supreme Court has recognized that governmental demands for the production of papers in which the holder has a protected privacy interest also implicate the Fourth Amendment, with some cases deeming such compulsory legal process to work a ‘constructive search.'”) (collecting cases). The papers at issue here are not simply the publicly available certificates of formation of a corporation or LLC, but the private agreements between individuals that describe who owns or controls what within the organizations. It is from these private papers that individuals will have to form the judgment calls implicit in disclosing who is a “beneficial owner” under the definition of the CTA and its implementing regulations. Plaintiffs have a possessory and ownership interest in these records, including the right to exclude “trespassers” under Jones.
The plaintiffs’ privacy interest in these records is also legitimate and well-established. As the text of the CTA confirms, “most or all States do not require information about the beneficial owners of the corporations, limited liability companies, or other similar entities formed under the laws of the State.” Pub. L. No. 116-283, 134 Stat. 4604, § 6402 (2021). Businesses and their owners therefore do not “ordinarily disclose,” nor are they “expected to disclose,” their BOI. Patel I, 738 F.3d at 1062. The Act was conceived, of course, because these private business records cannot be found in the public domain. Nor is there any other local, state, or federal law mandating beneficial owner disclosure directly to the government. And, with one exception, the targeted information does not exist in the form requested, meaning the reporting agent needs to create it. It makes no difference that the identification documents the CTA seeks are quasi-public or government-issued. In isolation, an identifying document is just a way of confirming personal identity. Here, the CTA requires not merely an identity, but a larger story of beneficial ownership associated with that identity that has not previously been subject to forced government disclosure. The CTA may well have good reason to wish it were otherwise, but the history and tradition of unintrusive state laws has given Plaintiffs every reason to expect privacy in their BOI.
The nature of the required information also supports a reasonable expectation of privacy. Required to be disclosed under the CTA are the identities of an entity’s beneficial owners, and, by extension, the structure of its internal power dynamics. The government argues that these disclosures reveal only the “beneficial owners,” not the nature or extent of each owner’s interest. But the mere designation of “beneficial owner” reveals a closely guarded fact that private companies keep from competitors and within company walls. Katz, 389 U.S., at 351-352 (“what [one] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected”). And once disclosed, this information does not sit in a vacuum; it composes a centralized, indexable database that paints an even fuller picture. “With just the click of a button, the Government can access each [reporting company’s] deep repository of [ownership] information at practically no expense.” Carpenter v. United States, 585 U.S. 296, 311 (2018). The CTA, in other words, places in the hands of government officials and special government employees large volumes of personally identifiable information and commercially sensitive data. Privacy interests abound.
The landing page for FinCEN’s BOI website, which contains a warning to reporting companies about fraudulent attempts to solicit BOI, is further illuminating. Beneficial Ownership Information, FinCEN, https://www.fincen.gov/boi (last updated Feb. 19, 2025) [https://perma.cc/T6TH-G8KY]. The page cautions readers to “[n]ever give personal information, including regarding beneficial ownership to anyone unless you trust the other party.” Id. Implicit in this warning, in the scams themselves, and in the Act’s statutory safeguards against information sharing, is a recognition that the CTA’s compelled information is sensitive and private. The government itself, then, acknowledges the privacy interest of citizens in this data.
The government argues that the commercial entity plaintiffs have a diminished expectation of privacy in their records. Commercial entities do have weaker Fourth Amendment rights than people. United States v. Morton Salt Co., 338 U.S. 632, 652 (1950) (“corporations can claim no equality with individuals in the enjoyment of a right to privacy”). But even a diminished right to privacy still has some protections, including against “fishing expeditions into private papers on the possibility that they may disclose evidence of crime.” Fed. Trade Comm’n v. Am. Tobacco Co., 264 U.S. 298, 305-06 (1924). And here the information required is not simply about the commercial entity but about each entity’s beneficial owners, who are people after all. The personal identity required is not of an entity or robot; it is of a flesh-and-blood human being.
It bears emphasis that the CTA is a stick, not a carrot. It carries the threat of a felony conviction and steep civil and criminal penalties for noncompliance. 31 C.F.R. § 5336(h)(1)-(2). This, combined with the natural reticence to disclose private information to the government, risks chilling core associational freedoms, including ownership in a private company. As cemented in the landmark case of NAACP v. Button, 371 U.S. 415, 430 (1963), the Supreme Court has “refused to countenance compelled disclosure of a person’s political associations.” Given the CTA’s wide reach, it most certainly compels disclosure of the plaintiffs’ private associations, be they political, religious, commercial, or otherwise. Button’s antipathy for such an inhibitory statutory effect reinforces the privacy rights at issue here.
Plaintiffs are a mix of Michigan non-profits, Michigan limited liability companies, and individual Michigan business owners. They sue to challenge the Corporate Transparency Act on multiple constitutional fronts, including the Fourth Amendment. They claim that the Act’s reporting requirements operate as an unreasonable search in violation of the Fourth Amendment. The Court agrees. The CTA may have good intentions but the road it chooses to pursue them paves over all reasonable limits. The CTA’s reporting requirements reach indiscriminately across the smallest players in the economy to extract and archive a trove of personal data explicitly for future law enforcement purposes at an expected cost to the reporting players of almost $22 billion in the first year alone. The Fourth Amendment prohibits such an unreasonable search.
. . .
II. The Search is Unreasonable.
. . .
The Court accepts the Shultz paradigm, but a proper application of the paradigm invalidates the CTA. Consider all the ways the CTA differs from the BSA. Start with the “sufficiently described” and “limited” transactional information the BSA seeks: specific transactions exceeding $10,000. This test draws an unambiguous bright line at $10,000, sweeping into the reporting ambit only a fraction of all bank transactions that exceed the threshold. Contrast what the CTA is after: all “beneficial owner” information, covering anyone who “exercises substantial control over the entity,” whether “directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise.” 31 U.S.C. § 5336(a)(3)(A). This applies for every “applicant,” including anyone who “files an application to form a corporation, limited liability company, or other similar entity under the laws of a State or Indian Tribe.” 31 U.S.C. § 5336(a)(2)(A). The scope is essentially unlimited and in no way tries to home in on a subset of entities that, like the subset of high-dollar transactions, are more likely to trigger legitimate concerns. Moreover, the twenty-three exemptions the CTA does have are for the biggest players in the economy, meaning the focus of the CTA, by design, is on the smallest businesses least able to afford the eye-popping estimated cost of compliance. What this amounts to is a broad, grab-everything collection of suspicionless data because some day, some way, somehow, someone in law enforcement might find it useful. In this respect, the CTA fails the government’s “sufficiently described” and “limited” test under Shultz. Cf. City of Indianapolis v. Edmond, 531 U.S. 32, 41 (2000) (checkpoint unconstitutional because “general interest in crime control” not a recognized justification for a regime of suspicionless stops).
Consider also that the BSA targets only the pervasively regulated banking industry, while the CTA makes no such distinction between the wide swath of businesses it governs. “The clear import of our cases is that the closely regulated industry … is the exception.” Marshall v. Barlow’s, Inc., 436 U.S. 307, 313 (1978). While banks do not fall under the four industries (liquor sales, firearms dealing, mining, or running an automobile junkyard) historically recognized as so heavily regulated that they enjoy no expectation of privacy, Barlow’s, Inc., 436 U.S., at 313, banks nevertheless operate under a “comprehensive scheme that puts [them] on notice that their property will be subject to periodic inspections undertaken for specific purposes.” Patel II, 576 U.S. at 425 (internal quotation marks and citations omitted). From federal regulators like the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency to state agencies in whatever form they have taken over the years, banks and other financial institutions have been under constant supervision since long before the BSA. From a privacy perspective, this places banks on materially different ground than small businesses that need only register at the state level and comply with the various tax and licensing obligations that apply generally across industries. And it distinguishes banks from the hotels in Patel II that the Supreme Court deemed outside of the “closely regulated industry” exception. Patel II, 576 U.S. at 425 (regulations requiring hotels to “maintain a license, collect taxes, conspicuously post their rates, and meet certain sanitary standards” did not “establish a comprehensive scheme of regulation”). Thus, even if the CTA’s reporting requirements were considered an administrative search, they would still contravene the Fourth Amendment.
Moreover, as discussed above, the BSA requires a bank-mediated report, while the CTA creates a direct reporting obligation. As shown in Miller, the privacy interests change with the form of disclosure. 425 U.S. at 442. A common refrain in the government’s briefing is the statement from Shultz that “reporting requirements are by no means per se violations of the Fourth Amendment,” and “a contrary holding might well fly in the face of the settled . . . history of self-assessment of individual and corporate income taxes in the United States.” Shultz, 416 U.S. at 59-60. But finding these particular reporting requirements unconstitutional on these specific facts is far from making a categorical finding against all reporting requirements, which is what Shultz quite properly proscribes. And the tax reporting example in Shultz is administrative; it’s not done for criminal investigation purposes like the CTA. As such, a Fourth Amendment ruling against the CTA is not only compatible with Shultz; it is a faithful application of its core rationale. Existing law enforcement tools represent another strike against the CTA’s reasonableness.
