An Ultimate Beneficial Owner (UBO) is a “natural person” who ultimately reaps the benefits of a company or organization. According to the Anti-Money Laundering Act of 2020 a UBO is someone who owns at least 25% of a company, exercises more than 25% voting rights over a company, or otherwise exercises significant control over a company.
In most cases, a company’s UBO is straightforward. For a sole-proprietorship, the sole person working in the company is the UBO. A partnership might have two UBOs who share the business 50/50. But the identity of the UBO often becomes more complex as a company scales. Peel the layers, and you may find that a C-Corp is owned by another C-Corp based in another country that is owned by yet another corporation based in yet another country.
Sometimes this is purposeful and legal. For example, a wealthy family may put their assets in a trust with key family members as trustees. Or a celebrity might purchase their home through a shell company in order to keep their home address hidden and preserve their safety.
But other times nefarious players hide a business’s UBO for criminal reasons. One person found guilty of financial fraud in the Panama Papers scandal hid assets by listing a 100-year-old grandmother as a business’s UBO in order to avoid taxation. A business’s UBO may ultimately be on a sanctions or block list, or have links to terrorist financing. All told, there are many reasons, some less than savory, why a business might try to hide the true identity of its UBO.
Any business that handles money or facilitates financial transactions is legally obligated to perform due diligence when it comes to onboarding another business as a customer.
Why? For years, companies like banks and other financial entities have been required to perform due diligence on individual customers. This just means an entity needs to ensure that their customer is who they say they are, and not a financial criminal or other bad actor. Entities generally do this by requiring an individual to present a government issued ID, passport, Social Security Number (SSN), etc.
This type of due diligence is known as Know Your Customer (KYC). KYC as we know it today has been in place since the Bank Secrecy Act of 1970. That means that most institutions that are required to perform KYC checks have long standing policies in place to vet potential individual customers.
But until just a few years ago, potential business customers weren’t subject to the same level of regulatory scrutiny. This loophole allowed bad actors to easily hide behind layers of shell companies and continue to transact business.
In 2016, the government amended the Bank Secrecy Act by releasing the Customer Due Diligence (CDD) Final Rule. Now, not only do businesses who transact money need to vet individuals, they also need to vet businesses. This set of checks is known as Know Your Business (KYB). Identifying a company’s UBO is just one part of KYB, but a vital one.
Section 2 of the CDD Final Rule states that covered financial institutions must establish written policies “to identify and verify the identity of the beneficial owners of companies opening accounts.” According to current regulations, any beneficial owner who owns or controls 25% or more of a company needs to have their identity verified.
Performing this due diligence ensures that your business does not abet money launderers, terrorism financiers, tax dodgers, people found on sanctions lists, and other financial criminals.
The CDD Final Rule simply states that banks, fintechs and other entities that handle money must assess their risk and create a reasonable policy for identifying a business customer’s UBO.
Here are example steps to identifying a UBO:
This is where Middesk comes in. Middesk’s business identity verification solution performs both KYB and KYC due diligence checks at onboarding, taking the manual work out of verifying customer identity. Learn more about Middesk’s business identity verification solution here.