You don't have the whole story - every bank is required to certify that they either:
1. have no us account holders, or
2. any accounts of a us person, or where a us person has control, are reported and are not used to avoid taxation.
The "Shell" bank would be required to cease transacting with the actual bank.
To avoid the additional compliance problems - many smaller banks just outright refuse US Customers, in that way they can certify under rule 1. Most others force US Customers to sign draconian release documents which basically allow them to give my account information to any one they desire, at any time, for any reason AND, if any damages occur due to that release, I am the one that is responsible!
"The Client understands that the IRS and the Bank's US Custodian bank, if applicable, may further share the Data with third parties wherever located and whom they deem appropriate, releases the Bank from all liability in connection with the provision of the Data to the IRS and the Bank's custodian bank and assumes responsibility for all consequences and any damages that may arise at any time due to use of the Data by any such third party."