In brief:
- According to U.S. anti-money laundering regulations, an Ultimate Beneficial Owner (UBO) is a “natural person” who controls 25% or more of a company.
- Companies that handle or transact money must identify a company’s UBO as part of the Know Your Business (KYB) process.
- The future of UBOs is controversial, with the US government potentially requiring all businesses to register the identity of their UBO(s).
Definition
An Ultimate Beneficial Owner (UBO) is a “natural person” who ultimately reaps the benefits of a company or organization. According to the Anti-Money Laundering Act of 2020, a UBO is someone who owns at least 25% of a company, exercises more than 25% voting rights over a company, or otherwise exercises significant control over a company.
In most cases, a company’s UBO is straightforward. For a sole-proprietorship, the sole person working in the company is the UBO. A partnership might have two UBOs who share the business 50/50. But the identity of the UBO often becomes more complex as a company scales. Peel the layers, and you may find that a C-Corp is owned by another C-Corp based in another country that is owned by yet another corporation based in yet another country.
Sometimes this is purposeful and legal. For example, a wealthy family may put their assets in a trust with key family members as trustees. Or a celebrity might purchase their home through a shell company in order to keep their home address hidden and preserve their safety.
Other times nefarious players hide a business’s UBO for criminal reasons. One person found guilty of financial fraud in the Panama Papers scandal hid assets by listing a 100-year-old grandmother as a business’s UBO to avoid taxation. A business’s UBO may ultimately be on a sanctions or block list, or have links to terrorist financing. All told, there are many reasons, some less than savory, why a business might try to hide the true identity of its UBO.
When your job is to verify the businesses and identify the UBOs of businesses you plan on doing business with, it's critical you rely on accurate KYB vendor data from a trusted source.
Important
Any business that handles money or facilitates financial transactions is legally obligated to perform due diligence when it comes to onboarding another business as a customer.
The most common types of businesses that are required to find the UBO of a company and verify them include:
- Banks
- Financial institutions
- Fintechs
- Lenders
- Payments Providers
- Marketplaces
For years, companies like banks and other financial entities have been required to perform due diligence on individual customers. This just means an entity needs to ensure that their customer is who they say they are, and not a financial criminal or other bad actor. Entities generally do this by requiring an individual to present a government issued ID, passport, Social Security Number (SSN), etc.
This type of due diligence is known as Know Your Customer (KYC). KYC as we know it today has been in place since the Bank Secrecy Act of 1970. That means that most institutions that are required to perform KYC checks have long standing policies in place to vet potential individual customers.
But until just a few years ago, potential business customers weren’t subject to the same level of regulatory scrutiny. This loophole allowed bad actors to easily hide behind layers of shell companies and continue to transact business.
In 2016, the government amended the Bank Secrecy Act by releasing the Customer Due Diligence (CDD) Final Rule. Now, not only do businesses who transact money need to vet individuals, they also need to vet businesses. This set of checks is known as Know Your Business (KYB). Identifying a company’s UBO is just one part of KYB, but a vital one.
Section 2 of the CDD Final Rule states that covered financial institutions must establish written policies “to identify and verify the identity of the beneficial owners of companies opening accounts.” According to current regulations, any beneficial owner who owns or controls 25% or more of a company needs to have their identity verified.
Performing this due diligence ensures that your business does not abet money launderers, terrorism financiers, tax dodgers, people found on sanctions lists, and other financial criminals.
The CDD Final Rule simply states that all banks, fintechs and other entities that handle money must assess their risk and create a reasonable policy for identifying a business customer’s UBO.
Here are the steps you would need to perform to do a UBO check:
1. Gather basic identifying information from the business
According to government regulations, each organization is allowed to decide, based on risk, what information they ask for, but generally, this would always include:
- A business's legal name
- Other “doing business as” names or names used
- Business addresses
- Taxpayer identification number (TIN)
- Business registration status, licensing, or formation documentation
To achieve this, you would need to use a business identity verification tool that can conduct a UBO search. A tool like Middesk for example can search business EINs, and verify other information against it, like addresses, UBOs, and people associated with the business.
2. Conduct a UBO search & perform KYB checks
You must identify any natural person who controls 25% or more of the business. Once a UBO or multiple UBOs are identified, run them through your business’s KYB process. This means comparing the UBO’s identity against sanctions lists, terrorism financing watchlists, and other databases, or even running them through watchlist screening software to ensure that your customer is both who they say they are, and not attempting to use your company for financial crimes.
{{related-content-block="/blog/how-to-run-an-ofac-check"}}
3. Make a risk-based decision during onboarding
Set parameters to define who passes KYB and KYC checks. Most business customers will pass, though some might require more information, requiring you to perform Enhanced Due Diligence (EDD) on your potential customers.
For example, the listed name and title of the UBO doesn’t match the business’s articles of incorporation. In this case, additional searches are required to determine the UBO’s identity, which is then used to create a full picture of the customer’s identity and ensure they are not a bad actor.
Expert tip
We recommend businesses take a risk-based approach during onboarding, but one that can balance the high stakes of fraud compliance, without making the onboarding process too difficult and frustrating for your customers. Check out our guide to balancing friction and fraud in your onboarding program to learn how to achieve this.
This is where Middesk comes in. Middesk’s Business verification Solution performs both KYB and KYC due diligence checks at onboarding, taking the manual work out of verifying customer identity. Schedule a demo today to learn more about how we can help you identify UBOs and conduct other key business verification processes—using just one tool.
