In brief:
- According to US anti-money laundering regulations, an Ultimate Beneficial Owner (UBO) is a “natural person” who controls 25% or more of a company.
- Companies that handle or transact money must identify a company’s UBO as part of the Know Your Business (KYB) process.
- The future of UBOs is controversial, with the US government potentially requiring all businesses to register the identity of their UBO(s).
What is an Ultimate Beneficial Owner (UBO)?
An Ultimate Beneficial Owner (UBO) is a “natural person” who ultimately reaps the benefits of a company or organization. According to the Anti-Money Laundering Act of 2020 a UBO is someone who owns at least 25% of a company, exercises more than 25% voting rights over a company, or otherwise exercises significant control over a company.
In most cases, a company’s UBO is straightforward. For a sole-proprietorship, the sole person working in the company is the UBO. A partnership might have two UBOs who share the business 50/50. But the identity of the UBO often becomes more complex as a company scales. Peel the layers, and you may find that a C-Corp is owned by another C-Corp based in another country that is owned by yet another corporation based in yet another country.
Sometimes this is purposeful and legal. For example, a wealthy family may put their assets in a trust with key family members as trustees. Or a celebrity might purchase their home through a shell company in order to keep their home address hidden and preserve their safety.
But other times nefarious players hide a business’s UBO for criminal reasons. One person found guilty of financial fraud in the Panama Papers scandal hid assets by listing a 100-year-old grandmother as a business’s UBO in order to avoid taxation. A business’s UBO may ultimately be on a sanctions or block list, or have links to terrorist financing. All told, there are many reasons, some less than savory, why a business might try to hide the true identity of its UBO.
Why do you need to identify a company’s UBO?
Any business that handles money or facilitates financial transactions is legally obligated to perform due diligence when it comes to onboarding another business as a customer.
Why? For years, companies like banks and other financial entities have been required to perform due diligence on individual customers. This just means an entity needs to ensure that their customer is who they say they are, and not a financial criminal or other bad actor. Entities generally do this by requiring an individual to present a government issued ID, passport, Social Security Number (SSN), etc.
This type of due diligence is known as Know Your Customer (KYC). KYC as we know it today has been in place since the Bank Secrecy Act of 1970. That means that most institutions that are required to perform KYC checks have long standing policies in place to vet potential individual customers.
But until just a few years ago, potential business customers weren’t subject to the same level of regulatory scrutiny. This loophole allowed bad actors to easily hide behind layers of shell companies and continue to transact business.
In 2016, the government amended the Bank Secrecy Act by releasing the Customer Due Diligence (CDD) Final Rule. Now, not only do businesses who transact money need to vet individuals, they also need to vet businesses. This set of checks is known as Know Your Business (KYB). Identifying a company’s UBO is just one part of KYB, but a vital one.
Section 2 of the CDD Final Rule states that covered financial institutions must establish written policies “to identify and verify the identity of the beneficial owners of companies opening accounts.” According to current regulations, any beneficial owner who owns or controls 25% or more of a company needs to have their identity verified.
Performing this due diligence ensures that your business does not abet money launderers, terrorism financiers, tax dodgers, people found on sanctions lists, and other financial criminals.
How to identify a company’s Ultimate Beneficial Owner
The CDD Final Rule simply states that banks, fintechs and other entities that handle money must assess their risk and create a reasonable policy for identifying a business customer’s UBO.
Here are example steps to identifying a UBO:
- Perform a KYB check by gathering identifying information from the company - According to government regulations, each organization is allowed to decide, based on risk, what information they ask for. But this generally always includes a business's legal name, any fictitious names, address, and taxpayer identification number (TIN). You might also check the business registration status and licensing documentation should the business require a license. (Read more about performing KYB checks here.)
- As part of KYB, identify the business’s Ultimate Beneficial Owner (UBO) - The business must identify any natural person who controls 25% or more of the business.
- Perform a Know Your Customer (KYC) check on any UBOs - Once a UBO or multiple UBOs are identified, run them through your business’s KYC process. This means comparing the UBO’s identity against sanctions lists, terrorism financing watchlists, and other databases. This is to ensure that your customer is both who they say they are and not attempting to use your company for financial crimes.
- Make a risk decision - Set parameters to define who passes KYB and KYC checks. Most business customers will pass, though some might require more information. For example, the listed name and title of the UBO doesn’t match the business’s articles of incorporation. In this case, additional searches are required to determine the UBO’s identity, which is then used to create a full picture of the customer’s identity and ensure they are not a bad actor.
This is where Middesk comes in. Middesk’s business identity verification solution performs both KYB and KYC due diligence checks at onboarding, taking the manual work out of verifying customer identity. Learn more about Middesk’s business identity verification solution here.
