BOI reporting dashboard setup

Regulatory status (as of 2026-01-03) - FinCEN issued an interim final rule (March 26, 2025) that: exempts entities created in the United States (previously “domestic reporting companies”) and U.S. persons from BOI reporting under the Corporate Transparency Act; narrows the set of "reporting companies" to certain foreign entities registered to do business in U.S. jurisdictions; and sets specific deadlines for those foreign reporting companies (e.g., entities registered before March 26, 2025 must file by April 25, 2025; those registered after have 30 days to file). (See FinCEN alerts and BOI FAQs.) - Despite state filings or disclosures to financial institutions/IRS, companies must file BOI directly to FinCEN where required; state filings are not a substitute.

State legislatures and SOS offices may publish separate guidance or propose state-level BOI rules—track state developments (e.g., California proposed measures) because they can impose additional or different obligations. 2) Who must file / exemptions - "Reporting companies" under current rule = foreign entities formed under foreign law that have registered to do business in a U.S. state/tribal jurisdiction (subject to exemptions). 23 statutory exemptions exist (e.g., many regulated financial institutions, large operating companies, public issuers, governmental authorities, etc.).

Use an exemption checker in the dashboard. 3) Timelines and filing types - FinCEN accepts BOIRs via e‑Filing since Jan 1, 2024; but deadlines depend on when an entity was created/registered and on the March 2025 rule changes.

Updated reports must be filed within 30 days of any change to required information; corrected reports are allowed and late updates can be submitted but may risk penalties if willful. - Filing types to support: Initial, Updated (within 30 days), Corrected. 4) Required data fields (must support these exact items) - Reporting company: legal name, any trade names/DBAs, current U.S. street address for principal place of business (no P.O. boxes), jurisdiction of formation/registration, Taxpayer Identification Number (or foreign tax ID if no TIN), indication of filing type (initial/update/correction). - Beneficial owner(s): full legal name; date of birth; residential address (U.S. street address — no P.O. box); identifying document info (document type, issuing jurisdiction, ID number); ownership/control basis (25%+ ownership or substantial control). - Company applicant(s) (for companies formed/registered on or after Jan 1, 2024): name and ID information for the person who filed formation/registration documents. - Dashboard must enforce mandatory fields (FinCEN marks required fields with a red asterisk and will reject incomplete filings).

Regulatory status (as of 2026-01-03) - FinCEN issued an interim final rule (March 26, 2025) that: exempts entities created in the United States (previously “domestic reporting companies”) and U.S. persons from BOI reporting under the Corporate Transparency Act; narrows the set of "reporting companies" to certain foreign entities registered to do business in U.S. jurisdictions; and sets specific deadlines for those foreign reporting companies (e.g., entities registered before March 26, 2025 must file by April 25, 2025; those registered after have 30 days to file). (See FinCEN alerts and BOI FAQs.)

2) Who must file / exemptions - "Reporting companies" under current rule = foreign entities formed under foreign law that have registered to do business in a U.S. state/tribal jurisdiction (subject to exemptions). 23 statutory exemptions exist (e.g., many regulated financial institutions, large operating companies, public issuers, governmental authorities, etc.).

Use an exemption checker in the dashboard. 3) Timelines and filing types - FinCEN accepts BOIRs via e‑Filing since Jan 1, 2024; but deadlines depend on when an entity was created/registered and on the March 2025 rule changes.

Updated reports must be filed within 30 days of any change to required information; corrected reports are allowed and late updates can be submitted but may risk penalties if willful. - Filing types to support: Initial, Updated (within 30 days), Corrected. 4) Required data fields (must support these exact items)

- Beneficial owner(s): full legal name; date of birth; residential address (U.S. street address — no P.O. box); identifying document info (document type, issuing jurisdiction, ID number); ownership/control basis (25%+ ownership or substantial control). - Company applicant(s) (for companies formed/registered on or after Jan 1, 2024): name and ID information for the person who filed formation/registration documents.

• Despite state filings or disclosures to financial institutions/IRS, companies must file BOI directly to FinCEN where required; state filings are not a substitute. State legislatures and SOS offices may publish separate guidance or propose state-level BOI rules—track state developments (e.g., California proposed measures) because they can impose additional or different obligations.
• Reporting company: legal name, any trade names/DBAs, current U.S. street address for principal place of business (no P.O. boxes), jurisdiction of formation/registration, Taxpayer Identification Number (or foreign tax ID if no TIN), indication of filing type (initial/update/correction).
• Dashboard must enforce mandatory fields (FinCEN marks required fields with a red asterisk and will reject incomplete filings).

Technical integration & filing - FinCEN provides the BOI E‑Filing web application and supports system-to-system BOIR transmission via a secure API for bulk/automated filing; third-party service providers may file multiple BOIRs via API. There is no fee for filing and the filer receives a confirmation and transcript for accepted filings. - Third-party filers

FinCEN does not require them to maintain specific proof of authority to file on behalf of a reporting company, but best practice is to keep written authorization records.

Security, access controls, and safeguards - BOI is stored in a secure, non-public database. FinCEN’s Access and Safeguards rules require rigorous security and confidentiality protections for authorized recipients. Agencies authorized to receive BOI must establish procedures for secure storage, training, auditable records of requests/access, and internal audits. - Dashboard must implement

encryption in transit (TLS 1.2+/TLS 1.3), encryption at rest, role-based access control (RBAC), multi-factor authentication (MFA) for staff, fine-grained permissioning (view/edit/submit/audit), strong logging/immutable audit trails, session timeouts, IP and device controls, periodic access reviews, and SOC2-type controls if serving clients.

Recordkeeping, confirmations, and transcripts - Store FinCEN submission confirmations/transcripts and BOIR PDFs indefinitely per client policies; keep evidence of authorizations, client communications, and change logs. FinCEN provides a confirmation of submission and a downloadable transcript when a BOIR is accepted — keep those copies and make them available to clients via the dashboard.

Enforcement & penalties - Willful violations may result in civil penalties (statutory amounts adjusted for inflation — example cited ~$591/day at time of guidance) and criminal penalties up to 2 years imprisonment and fines up to $10,000. Correcting an error within 90 days of a deadline may avoid penalties; nevertheless, design the dashboard to encourage timely, accurate filing and to flag missed deadlines immediately. 9) Dashboard functional requirements (recommended feature set) - User roles

Admin (firm owner), Compliance manager, Data-entry clerk, Reviewer, Client/user, Auditor. - Client onboarding: entity intake form, automated exemption checker, document uploader (IDs, formation docs), FinCEN ID request workflow. - Data model & validation: mirror FinCEN required fields; mandatory flags; format validations (DOB formats, address checks, ID types and issuing country, TIN formats), duplicate detection, ownership calculation engine (aggregate ownership %), and business rules for "substantial control" capture. - Filing workflows: Draft → Review → Approve → Submit (with staged signoffs), with ability to attach evidence and notes; support both single filing and bulk CSV import (provide template mapping to FinCEN fields); track filing status (Draft, Submitted, Accepted, Rejected — with error messages/transcript link). - API integration: implement secure system‑to‑system calls to FinCEN API for automated filing and to retrieve submission transcripts; support integration with third-party filing partners if preferred. - Notifications & reminders: automated reminders for upcoming deadlines, 30‑day change window alerts, missed‑deadline escalation, client requests for updates, and audit reminders. - Security features: RBAC, MFA, SSO options, encrypted document storage, per-record access logs, SOC2 compliance support. - Audit & compliance reporting: immutable change history for each field, exportable audit logs, export of BOIR PDF and transcript, periodic compliance reports, and retention management. - Usability: pre-filled forms from saved company profiles, UX for adding multiple beneficial owners/company applicants, easy add/ remove owners, inline help and links to FinCEN guidance, and localized state guidance links. 10) Implementation steps & timeline (suggested roadmap) - Discovery (1–2 weeks): gather sample filings, client workflows, required security/compliance requirements. - Data model & UI design (2–3 weeks): map FinCEN fields, build intake forms and CSV templates. - Integration (2–4 weeks): implement FinCEN API client, test sandbox/web flow; implement document storage and transcript capture. - Validation & workflow (2–3 weeks): implement validations, RBAC, approval flows, notifications. - Security & compliance (ongoing): deploy encryption, MFA, SOC2 readiness, penetration tests. - Pilot & QA (2–4 weeks): pilot with small client group, handle rejections, adjust validations. - Launch & monitoring: roll out, monitor rejections, automate fixes and training materials. 11) Practical recommendations for US business owners / LLC founders using the dashboard - Start with an exemption check to confirm whether you must file to FinCEN. If required, gather beneficial owners’ full legal names, DOBs, residential addresses, and acceptable ID documents in advance. - Maintain a change log and internal notice process so that any change triggers a 30‑day update workflow. - Keep copies of submission confirmations/transcripts and the BOIR PDF; store them securely and make them easy to retrieve. - If using a third‑party filing service, require written authorization and ensure the provider uses secure APIs and maintains audit logs. - Monitor both federal FinCEN guidance and state SOS updates: state-level rules (or proposed laws) may add public filing obligations or other requirements.

Example minimal BOI dashboard data schema (fields to store) - Entity

entity_id, legal_name, dba_names[], formation_jurisdiction, formation_date, TIN/foreign_tax_id, principal_us_street_address, FinCEN_ID (if issued), exemption_status, last_filed_date, next_update_due - Beneficial owner: bo_id, entity_id, first_name, middle_name, last_name, dob, residential_address, id_type, id_number, id_issuing_country, percent_ownership, substantial_control_flags[], notes - Company applicant: applicant_id, name, dob, address, id_info - Filings: filing_id, entity_id, filing_type, submission_timestamp, submission_status, FinCEN_transcript_link, submitter_id, errors[]

State-specific considerations - State filings are not a substitute for FinCEN filings. States may pass their own BOI rules (some proposals would make BOI public); track state SOS pages and counsel on state compliance. Changes recorded at the state level (name changes, jurisdiction changes, conversions) can trigger a FinCEN updated report obligation (name/jurisdiction change examples are explicitly mentioned in FinCEN FAQs).

Key citations (primary sources used) (see citations_excerpts below for verbatim supporting excerpts and links to FinCEN guidance, BOIR filing instructions, BOI FAQs, Small Entity Compliance Guide, and a California SOS notice.)