The requirement to discover the beneficial ownership of business customers, partners, suppliers and other business relationships is growing. Regulations, such as the 6th AML Directive in Europe and the Corporate Transparency Act in the U.S., require understanding who you’re doing business with and the risks they pose. But compliance staff and senior executives often have many questions around regulatory requirements for onboarding business customers, so we’ve rounded them up here.
What is an Ultimate Beneficial Owner (UBO)?
A beneficial owner is a real person that owns or controls the business (or legal entity). To ensure Anti-Money Laundering (AML) compliance and deter financial crimes, it’s essential to understand the actual person who you’re doing business with, regardless of the business structure. The only way to truly assess business risk is to understand who profits from and actually operates the business.
According to the Financial Action Task Force (FATF),
beneficial owner refers to the natural person(s) who ultimately own(s) or control(s) a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.
What is Customer Due Diligence (CDD)?
Customer Due Diligence (CDD) is a critical element of effectively managing your organization’s risks and protecting it against potential financial crimes and nefarious activities. There are two steps in CDD: understanding the customer activities and assessing the money laundering risk.
When onboarding a new customer (or if the customer’s activities substantially change), an analysis of the source of funds and risk associated with those funds is prudent and, in most countries, a legal requirement.
If, during the initial risk assessment, the customer is determined to be a higher risk, Enhanced Due Diligence (EDD) procedures and the collection of additional information to provide a deeper understanding of customer activity might be required. In many cases, there are explicit legal specifications that automatically call for EDD (for example, the business is located on the High-Risk Third Countries list, or it’s associated with politically exposed persons).
Industries like gambling, which often have a higher money-laundering risk, usually have EDD requirements. Many jurisdictions have threshold limits for transaction amounts that, if exceeded, trigger EDD. Certain relationships (like with shell banks) also call for EDD — and there are many other situations where local regulations for EDD come into play, so knowing the exact details of your jurisdiction is sensible.
Who is the UBO for KYC purposes?
KYC is an acronym for Know Your Customer, a legal requirement to perform identity checks and undertake Customer Due Diligence. While KYC laws differ from country to country, the general principle involves collecting enough information to properly identify an individual and ensure that their activities are legitimate.
Any individual determined to be a UBO of the account should have a KYC check performed on their identity. While the exact determination of who qualifies as a UBO varies by jurisdiction, the U.S. (as an example) considers a beneficial owner as:
“A natural person who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise:
(i) Exercises substantial control over a corporation or limited liability company;
(ii) Owns 25% or more of the equity interests of a corporation or limited liability company; or
(iii) Receives substantial economic benefits from the assets of a corporation or limited liability company.”
What is AML?
AML is an acronym for Anti-Money Laundering. AML laws are designed to prevent illegal funds (for example, funds obtained from crime, corruption, and tax evasion) from entering the financial system. Financial institutions are required to have procedures like KYC in place to discover high-risk clients, monitor transactions and report suspicious activities.
But properly assessing business accounts is just as important. Corporate KYC (or Know Your Business — KYB), which vets the business or corporate entity and any beneficial owners trying to establish a relationship with a financial institution, helps uncover shell companies and other corporate structures that enable the normalization of illicit funds.
Who do these laws apply to?
As UBO, CDD, KYC and AML processes generally refer to financial transactions, financial institutions (FIs) are the primary targets for these laws. FIs include commercial banks, investment banks, insurance companies, brokerages and investment companies. Other companies that deal with money are also generally covered (for example, credit unions, money transfer firms, payment services, marketplaces, gambling and gaming companies).
However, as money launderers have exploited various loopholes, the scope of the laws has expanded to include other types of companies. Retailers often have threshold limits, wherein any transaction above a certain amount triggers the requirements.
Each jurisdiction will have its specific requirements, so it’s necessary to check local regulations to get the full scope of the rules.
When do these rules come into effect?
While AML and KYC laws have been in effect for years, beneficial ownership laws are a more recent development. In Europe, the 4th AML Directive came into effect June 26, 2017 and contained provisions regarding beneficial ownership. Additional Directives since then have refined UBO requirements, the latest being 6AMLD, which the EU began enforcing as of June 3, 2021.
In the U.S., the FinCEN CDD Final Rule, which also covers beneficial ownership, took effect May 11, 2018. The Corporate Transparency Act comes into effect in 2022.
What does our company need to do?
Your organization needs procedures and processes to collect information about beneficial ownership. When opening business accounts, in addition to collecting the usual business information (for example, name of business, place of business, type of business, business registration number), you will need to obtain the identity of all individuals who have a significant ownership or control position. Also, if there is a significant change on the account, collect the beneficial ownership information.
The beneficial ownership information includes:
- With respect to the natural person opening the account: name and title;
- With respect to the legal entity customer: name and address;
- With respect to the beneficial owners:
- Name (and title for any controlling individuals;
- Date of birth;
- Address; and
- Social security number, or passport number and country of issuance or similar ID number.
What are the consequences if we don’t take the proper steps?
According to Compliance Lawyer Michael Volkov, in the U.S., “prosecutors and regulatory attorneys will vigorously enforce the new regulations as a means to promote careful compliance.”
Specifically, penalties in the U.S. can range up to 30 years in jail and fines of $1 million per case. In Europe, the maximum sanctions are €5 million or 10% of total annual revenue.
What other upcoming regulations should we be prepared for?
The trend toward stricter and more comprehensive AML laws across jurisdictions shows no signs of slowing down. Public awareness of the extent of money laundering brought about by high profile investigations, like the FinCEN Files, and hefty fines are driving regulators to take action.
Taking a proactive perpetual KYC approach and systematically reviewing accounts, transactions and risks is an opportunity to protect the organization further and re-engage customers. It’s not a tick-box compliance effort or a one-and-done exercise, but rather is an ongoing approach that embraces holistic data and deep analysis.
How can we contain costs, while maintaining compliance with all of these rules and regulations?
The key is to use automated, digital processes as much as possible. Handling these complex compliance procedures via slow, manual processes add up to inefficient use of valuable resources, duplication of efforts and increased errors.
Automated workflows strengthen and add value to your AML and KYC processes, improve day-to-day risk operations, and reduce costs, while simultaneously maintaining compliance.
This post was originally published on August 22, 2017. It has been updated to reflect the latest industry developments and best practices.