When conducting business with legal entities, corporate vehicles, or legal arrangements such as companies, partnerships, and trusts, Regulated Entities are required to identify and verify the ultimate beneficial owners (UBOs) behind such entities to ensure AML compliance. This infographic discusses best practices in UBO identification and verification.
Let us first understand the necessity behind why the Financial Action Task Force (FATF), particularly through its Recommendation 24 and AML/CFT Regulations across the globe, emphasises the identification and verification of UBOs. The simple reason for the need to identify UBOs is the vulnerability of corporate vehicles and legal arrangements being misused by criminals to disguise their illicit proceeds and launder them through the seemingly legitimate business activities conducted under the garb of such corporate vehicles or legal arrangements.
To ensure alignment with FATF Recommendations and locally applicable AML/CFT laws, Regulated Entities are required to adhere to tried and tested best practices for obtaining adequate UBO identification and verification, such as follows:
The term Risk-Based Approach (RBA) is being used time and again when dealing with components of AML compliance. The concept of RBA calls for proportional or commensurate application of ML, FT, or PF risk control measures on the basis of ML, FT, or PF risk faced by the entity. When dealing with UBO identification, a Regulated Entity should not have a one-size-fits-all or tick-box approach to collecting details and verifying UBO details, as this approach is not commensurate with the different types of ML/FT and PF risks posed by each customer. In simple words, regulated entities can have in place a multi-pronged approach which ensures that UBO information collected is
Such a multi-pronged approach must be reflected in a Regulated Entity’s AML/CFT & CPF Policies and Procedures’ portion governing the Customer Due Diligence (CDD) parameters by prescribing the circumstances, timing, types of documents to be collected and verified, verification mechanisms to be used, customer risk assessment, types of due diligence measures, etc., to ensure that risk-based UBO identification and verification measures are taken at all times by the Regulated Entity (RE).
RE’s AML/CFT Policies and Procedures must be customised to identify and verify UBOs based on the types of clientele and medium of transactions it generally has. For instance, if the RE deals with clients through or into Wire Transfers or Virtual Assets, then it must strive to identify and verify the Originator and Beneficiary of the Wire Transfer/VA transaction. Additionally, the AML/CFT Policies & Procedures must reflect the same in its CDD procedures and the methodology to identify and verify such beneficiaries and the originator of such transactions. The same goes for specifying the CDD requirements when dealing with known ML/FT/ PF typologies misusing opaque arrangements such as bearer shares and nominee directors.
The process and mode of verifying the identity of UBOs and verifying their status must also be prescribed in policies and procedures, such as relying on manual or automated modes to cross-check their identities across relevant regulators and reliable databases. For instance, the Company House official website in the UK for verifying the UBOs, also known as People with Significant Control (PSCs) Register for verifying the UBOs of legal arrangements or companies based out of the UK or relying on information available on recognised stock exchange websites for verifying UBOs of listed entities.
The AML/CFT Policies and Procedures must also provide for enhanced verification mechanisms for verifying UBOs, for instance, Australia’s AML Laws provide for seeking ‘disclosure certificates’ to verify UBOs in Australia containing details of each of the UBOs of the company, such a practice can be incorporated in the regulated entity’s procedures.
The AML/CFT Policies and Procedures must also provide for discrepancy reporting mechanisms, meaning that if any material deviation or inaccuracy is found during UBO verification, then escalation workflows must be elaborated in the Governance portion of the procedures of a Regulated Entity.
As a best practice for adequate UBO identification and verification, Regulated Entities must be mindful that its relevant personnel tasked with identifying and verifying UBOs, such as KYC Analysts, must be able to look into and identify UBOs beyond the threshold prescribed by the relevant country’s laws. For instance, the KYC Analyst must be adequately trained to delve into the indicators that give control to an individual, which is beyond and separate from the typical threshold requirement test to identify a UBO. Such indicators to be considered include, but are not limited to, the following:
In simple words, training personnel to identify and verify UBOs must be well-rounded to equip staff to identify and verify UBOs in different circumstances and report material discrepancies to the AML Compliance Officer if need be.
Regulated Entities that have AML compliance excellence have one thing in common: having a compliance culture in place, which is reflected in the conduct and manner in which the governance function of the Regulated Entity operates. The ideal Compliance Culture of a Regulated Entity generally includes transparency in its operations by fostering a culture where reporting material discrepancies found during AML compliance procedures is encouraged. Some of the elements of an ideal compliance culture include:
A Regulated Entity must be able to capitalise on emerging technologies to supplement UBO identification, verification, and reporting. This forms a part of the multi-pronged approach through which information about UBO can be verified from various sources such as:
Regulated entities can implement Automated Verification Systems, database registries, and AI-powered or automated CDD processes where AI technology is used to peel layers of complex ownership structures to find the true UBOs. Rules and Scenarios can be configured by Transaction Monitoring Analysts or Risk Analysts to automate the UBO identification process while generating alerts or notifications whenever material discrepancy is found for further investigation and escalation to the AML Compliance Officer. Examples of such material discrepancy could be fake, forged, stolen or counterfeit identity documents, the appearance of UBO’s name in any of the sanctions lists, etc.,
Leveraging data and technology to identify and verify UBOs helps Regulated Entities save time and increase the accuracy of their UBO verification process, which ultimately helps with timely regulatory reporting.
The FATF’s Guidance on Beneficial Ownership discusses methods which help Regulated Entities verify UBO information by collaborating with industry players and regulators by relying on:
Regulated Entities might incur some nominal fees when accessing registries maintained by public authorities.
Also, to prevent the Regulated Entity itself from being held or controlled by beneficial owners who are criminals or their associates, the Regulated Entity must, at the registration stage, licensing stage and on an ongoing basis, undergo fit and proper tests to ensure that at all times criminals and sanctioned individuals do not get an opportunity to gain or hijack control in the ownership or operational control over any Regulated Entity.
Best practices to identify and verify UBOs are not limited to just the Regulated Entity itself; collective efforts at the regulatory and supervisory levels are needed. To illustrate the success rate of how Regulatory changes on a national level can contribute to the success of Regulated Entities operating in its jurisdiction to identify and verify UBOs more effectively can be taken from UAE’s example.
UAE was Grey Listed by the FATF in 2022 due to strategic deficiencies. One of those deficiencies was the lack of understanding of how legal persons, i.e., legal entities and legal arrangements, were misused and abused.
UAE overcame this deficiency by developing and implementing risk-based and multi-pronged mitigation of risks emerging from a lack of knowledge about legal persons’ misuse by coming up with new legislation overriding old laws by withdrawing Cabinet Decision No. (58) of 2020 concerning the regulation of Beneficial Ownership Procedures and implementing Cabinet Decision No (109) of 2023 On Regulating the Beneficial Owner Procedures, calling for the maintenance of UBO registers and databases.
Updating UBO legislation can be considered as one of the factors contributing towards the removal of UAE from the Grey List in 2024, resulting from overcoming one of its major deficiencies.
In this illustration, the decision to upgrade UBO laws itself not only led to the removal of the country’s name from FATF’s Grey List but also helped Regulated Entities within the country to understand and implement UBO identification, verification, and maintenance of database and registries for better transparency to prevent abuse and misuse of legal entities and legal arrangements.
Regulated Entities all over the world can improvise and upgrade their UBO identification and verification mechanism by implementing best practices for UBO identification and verification and understanding that Regulated Entities cannot alone achieve AML Compliance excellence by uncovering true actors hiding behind legal entities and arrangements and collective efforts are needed by regulators and supervisory bodies to ensure transparency around beneficial ownership. Regulated Entities can refer to FATF recommendations, their home country’s National Risk Assessment and Sectoral Risk Assessment to formulate a risk–based multi-pronged approach to identify and verify UBOs.
Solutions
Transaction Monitoring
Regulatory Reporting
Services
Industries
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
© RapidAML 2025
Solutions
Transaction Monitoring
Regulatory Reporting
Services
AML/CFT Health Check
Industries
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
Lorem Ipsum
© RapidAML 2025
