The Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. The FATF Recommendations are recognised as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard.
This document and/or any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area.
Acknowledgements
This updated Guidance document is based on the work of the following Drafting Group members and benefited from consultation with a range of private sector stakeholders.
The Drafting Group received significant contributions from Alexander Peschetz and Christian Reisenhofer (Austria), Michela Maggi, Chiara Bacci and Bernadette Rapp (European Commission), Violaine Biafora and Thibaut Herrero (France), Richard Berkhout, Francisca Fernando and Jonathan Pampolina (IMF), Karan Choudhary and Nikhil Varma (India), George Pearmain and Helen De La Cour (Jersey), Hans Avinder and Mark Lai (Singapore), Patricia Matthews-Steck and Ariane Ernst (Switzerland), Dylan Bage and Stephen Webster (UK), Young Lee and Zaib Rasool (US), Melissa Tullis and Sol Krause (UNODC), and Emile Van Der Does De Willebois (World Bank). Tanna Chong, Ashish Kumar and Inês Oliveira from the FATF Secretariat supported the work.
1. INTRODUCTION
1. Corporate vehicles such as companies, trusts, foundations, partnerships, and other types of legal persons and arrangements conduct a wide variety of commercial and entrepreneurial activities. Despite the essential and legitimate role that corporate vehicles play in the global economy, their unique legal status also lends them to be used in complex schemes designed to conceal the true beneficial owners and, in many respects, the real reason for holding assets and conducting transactions. Corporate vehicles can be misused for various illicit purposes, including money laundering (ML), bribery and corruption, insider dealings, tax fraud, terrorist financing (TF), sanctions evasion and other illegal activities. For criminals trying to circumvent anti-money laundering (AML) and counter-terrorist financing (CFT) measures, corporate vehicles are an attractive way to disguise their identity and conceal the origin and/or destination or ultimate purpose of funds through manipulation of the financial system.
2. The misuse of corporate vehicles can be significantly reduced if information regarding both the legal owner and the beneficial owner, the source of the corporate vehicle’s assets, and its activities becomes available to the authorities in a timely manner. In general, the lack of adequate, accurate and up-to-date beneficial ownership information facilitates ML/TF by disguising:
the identity of known or suspected criminals,
the true purpose of an account or property held by a corporate vehicle, and/or
the source or use of funds or property associated with a corporate vehicle.
3. Beneficial ownership information can be obscured through, for example, shell companies, complex ownership and control structures involving many layers of shares registered in the name of other legal persons, bearer shares and bearer share warrants, unrestricted use of legal persons as directors, formal nominee shareholders and directors where the identity of the nominator is undisclosed, informal nominee shareholders and directors, such as close associates and family.
4. Legal and beneficial ownership information can assist competent authorities, in particular law enforcement authorities and financial intelligence units (FIUs), by identifying those natural persons who may be responsible for the underlying activity of concern, or who may have relevant information to further an investigation. This allows the authorities to “follow the money” in financial investigations and financial intelligence involving suspect or potentially suspect accounts/assets held by corporate vehicles. In particular, beneficial ownership information can also help locate a given person’s assets within a jurisdiction. Enhancing the transparency of legal persons makes them less attractive for criminals. The legal persons themselves, financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) also play an important role in enhancing transparency by obtaining beneficial ownership information, which helps prevent their misuse in the financial system. However, it could be challenging to ensure that the beneficial owner information is adequate, accurate and up-to-date, particularly when the ownership chain involves legal persons and legal arrangements spread across multiple jurisdictions, or complex networks comprising multiple layers of corporate vehicles. The lack of such information of legal persons by law enforcement, FIUs and other competent authorities is a significant impediment to investigation and the production of financial intelligence.
Revisions to Recommendation 24
5. To tackle these issues, the Financial Action Task Force (FATF) established the first international beneficial ownership transparency standard in 2003 and strengthened it in 2012. To respond to the significant misuse of legal persons for money laundering, terrorist financing, and also for proliferation financing in a number of jurisdictions, the FATF has recently strengthened the international standards on beneficial ownership of legal persons, to better prevent and deter the misuse of legal persons. The changes also respond to the outcomes of FATF Mutual Evaluations which show a generally insufficient level of effectiveness in combating the misuse of legal persons for ML/TF globally.
6. The revised Recommendation 24 explicitly requires countries to use a multi-pronged approach, i.e., to use a combination of different mechanisms, for collection of beneficial ownership information to ensure that adequate, accurate and up-to-date information on the beneficial ownership of legal persons is available and can be accessed by the competent authorities in a timely manner. To the extent that such information is made available to FIs and DNFBPs, it may help them to implement the customer due diligence (CDD) requirements on corporate vehicles including in relation to the requirement to identify the beneficial owner, identify and manage ML/TF risks, and implement AML/CFT controls and measures based on those risks (including suspicious transaction reporting and sanctions implementation requirements).
7. The revisions to Recommendation 24 also require countries to follow a risk-based approach and consider the risks of legal persons in their countries, not only those posed by legal persons created in their countries, but also by foreign-created legal persons with sufficient links with their country. The changes also specify that access to information by competent authorities should be timely, and information should be adequate for identifying the beneficial owner, accurate – based on verification, and up-to-date. The changes also include stronger controls to prevent the misuse of bearer shares and nominee arrangements.
8. Other international bodies are also taking concrete action to promote the transparency of corporate vehicles. G20 Leaders made their commitments to effectively implement the FATF standards on beneficial ownership. G7 countries also committed to implementing and strengthening registries of company beneficial ownership information in their respective jurisdictions. In addition, the OECD and the World Bank both developed resources in assisting countries to assess risks related to beneficial ownership transparency and implement beneficial ownership framework for meeting international standards. Finally, IMF lending, including IMF emergency financing related to COVID-19 routinely includes measures or commitments related to transparency of beneficial ownership in relation to procurement contracts.
9. The purpose of the FATF standards on transparency and beneficial ownership is to prevent the misuse of corporate vehicles for money laundering or terrorist financing. However, it is recognised that these FATF standards support the efforts to prevent and detect other designated categories of offences such as tax crimes and corruption. In this respect, the measures that countries implement to enhance transparency in line with the FATF Recommendations may provide a platform to more effectively address serious crimes such as corruption, as well as to meet obligations under other international conventions.
10. Beyond the Recommendations, in response to the challenges faced by countries in achieving beneficial ownership transparency of legal persons, the FATF earlier developed a guidance in 2014, as well as a best practice paper to assist countries in their implementation of Recommendation 24, and also Recommendation 1 as it relates to understanding the ML/TF risks of legal persons and legal arrangements. This is an updated version of the guidance in respect of legal persons, following the adoption of amendments to Recommendation 24 and its Interpretive Note in March 2022; FATF is addressing the transparency of legal arrangements separately.
Target Audience and Purpose
11. The audience of this guidance is primarily policy makers and practitioners in national authorities, as well as private sector stakeholders, such as financial institutions, DNFBPs and companies, which are required to comply with national AML/CFT requirements based on the FATF standards. The purpose of this guidance is to assist policy makers and practitioners to identify, design and implement appropriate measures to prevent the misuse of legal persons in line with the FATF standards. As for the private sector stakeholders, the guidance explains the connection between specific transparency measures and CDD measures, and it may be useful to companies, FIs and DNFBPs in their implementation of AML/CFT preventive measures.
12. The updated guidance focuses primarily on Recommendation 24, i.e., beneficial ownership transparency of legal persons. As regards legal arrangements as covered under Recommendation 25, the 2014 guidance should be referred to until the subsequent update of guidance.
13. This guidance is non-binding and does not override the purview of national authorities. It is intended to complement existing FATF guidance and other ongoing work by building upon the available research, including relevant FATF typologies reports, and the experiences of countries. It also takes into account work being undertaken by other international bodies, which are focusing on ensuring the transparency of corporate vehicles.
14. In addition, the following guidance documents published by the FATF should continue to apply. Countries, FIs and DNFBPs should also refer to these guidance documents when considering measures to comply with the requirements under Recommendation 24.
2. UNDERSTANDING AND ASSESSING THE RISKS ASSOCIATED WITH LEGAL PERSONS
Domestic legal persons
15. As a starting point, countries must understand the legal persons that can be incorporated under the laws of their jurisdiction and the associated ML/TF risks. Specifically, countries should have mechanisms to:
identify and describe the different types, forms and basic features of legal persons in the country;
identify and describe the processes for:
creating those legal persons; and
obtaining and recording basic and beneficial ownership information on those legal persons;
make the above information publicly available; and
assess the ML/TF risks associated with the different types of legal persons, and to manage and mitigate risks that are so identified.
Foreign legal persons
16. Moreover, countries should identify and assess the ML/TF risks to which they are exposed in relation to foreign legal persons, which have sufficient links to the country, and take appropriate steps to manage and mitigate the risks they identify. Countries may determine what constitutes a sufficient link for a legal person not created in the country on the basis of risk, but indicatively such a sufficient link could, for instance, be said to exist when the legal person:
Has a permanent establishment or branch or agency in the country;
Has significant business activity in the country. Significant business activity may be defined either in terms of a monetary threshold, or by such other parameters as may be suitable to the particular situation of the country. Has significant, ongoing business relations with financial institutions or DNFBPs subject to AML/CFT regulation in the country. Significant here could be in relation to the size of the relevant market and/or the impact of the business activity in the relevant market or the areas/sectors in which a legal person operates;
Has significant real estate or other investment in the country, including any asset subject to registration, such as ownership of high value commercial or residential real estate, securities market investment or other assets. Significant here could be determined with reference to the average price of the real estate/corresponding asset market in the country, or the quantity of real estate held;
Employs staff, or is a tax resident (e.g., by reason of having its place of effective management or administration there) in the country.
Risk assessment
17. Countries should conduct a comprehensive risk assessment of all types of legal persons, taking into consideration the relevant legal and regulatory contextual issues specific to the country, and the particular international threats and vulnerabilities that the country faces. This may be a standalone assessment or form part of the broader assessment of the ML/TF risks in the country.
18. As part of the risk assessment, steps which countries can consider include, but are not limited to:
Collect and analyse registration statistics (e.g., incorporation volumes and trends) on all types of legal persons that can be created under their national laws.
Review and analyse suspicious transaction reports, and national law enforcement and prosecutorial cases in which domestic or foreign legal persons have been misused for criminal purposes, and record details on the nature of abuse, type of legal structure (e.g., with regard to nominee shareholders or directors and shell companies), jurisdiction of incorporation, concealment techniques in ownership/control arrangements, involvement of intermediaries (e.g., lawyers, accountants, TCSPs), and other details;
Identify the most common typologies of abuse of domestic or foreign legal structures that have a nexus to their jurisdictions and assess the level of incidence;
Investigate advertising practices by TCSPs promoting the jurisdiction as an international centre for incorporation/entity formation to non-residents (which attributes (e.g., anonymity, asset protection) are they advertising to non-residents to attract incorporation business?);
Conduct expert consultations with external experts from the private sector, civil society, and academia, who hold significant expertise on setting up legal structures, on their benefits and risks.
19. When assessing the risks associated with different types of legal persons, countries should also consider the exposure to risks stemming from legal persons created in foreign jurisdictions (e.g., high-risk jurisdictions subject to a call for action or under increased monitoring of the FATF, or jurisdictions subject to economic or financial sanctions, embargoes or similar measures that are related to terrorist financing and issued by organisations such as the UN), and types of service providers involved.
20. Such an assessment of risks may be undertaken at the national, supra-national or sub- national levels, with the ultimate aim of informing the risk assessment at the national level.
Risk mitigation
21. Countries should take appropriate steps to manage and mitigate the risks identified in the risk assessment. To enable this, it is advisable that the risk assessment involves sufficient analysis of the sources, nature, and the extent of risk involved.
22. The following illustrates some preventive measures that may be taken by countries to mitigate risks:
Applying disclosure requirements to legal persons that wish to operate in, own significant assets, or apply for licenses in a country;
Investigate violations of beneficial ownership reporting rules, with specialised expertise in corporate structures and the threat posed by relevant higher risk entities;
Increase investigative and enforcement capacities and powers of the corporate registry, beneficial ownership registry (if it exists), or other relevant public body;
Introduce a requirement for the legal person to have at least one natural person resident director within the jurisdiction so that it could be traceable by the competent authorities, and if necessary sanctioned;
Setting an appropriate beneficial ownership threshold (see section 4 on beneficial ownership information);
Introduce arrangements where actors in specific sectors, particularly those deemed to be at higher risk, can detect and report activity of concern.
Understanding and addressing cross-border risks
23. Complex company structures that span across multiple jurisdictions can be associated with higher risks. In the context of criminal misuse of such structures, it is commonly observed that such corporate networks deliberately split company formation, asset ownership/administration, location of professional intermediaries, and location of bank accounts across different countries in order to evade regulations. Such cross- border nature of corporate network makes it more difficult for authorities in any single jurisdiction to understand the full picture of abuse of their domestic legal structures for money laundering, terrorist financing, and predicate crimes. It is therefore important for countries to include consideration and analysis of different types of cross-border risks in their risk assessment.
Sharing and disseminating results of the risk assessment
24. The results of the risk assessment should be shared widely among competent authorities. With necessary redactions for any sensitive information taking into account their information sharing/disclosure laws, countries should also share results with key private sector partners to strengthen enforcement, and with key civil society and academic partners to advance knowledge about risks, consistent with Recommendation 1. Countries can also consider maintaining periodic/ongoing dialogue between public and private sector stakeholder on risk assessments and sharing of typologies.
25. To advance international exchange and increase understanding of common risk factors related to abuse of legal persons, countries may consider making results of their assessment (in full or in part) publicly available, with any necessary redactions.
3. BASIC INFORMATION
Company registries
26. All companies created in a country should be registered in a company registry. Countries should ensure, as a necessary prerequisite for the identification of beneficial ownership, that basic information on companies is obtained and recorded by the company registry. This should include the following:
the company name, proof of incorporation, legal form and status, the address of the registered office, basic regulating powers (for example, memorandum and articles of association), a list of directors, and unique identifier such as a tax identification number or equivalent (where this exists).
27. This information held by the company registry should be made publicly available. With respect to tax identification number (or equivalent), in countries where this information is obtained and recorded by another public body instead of a company register, there may be certain legal limitations to whether this information can be made publicly available.
28. The role of company registries varies greatly between countries, as does the level and quality of information obtained on companies. Countries should be aware of any issues that could negatively impact the reliability of the information contained in the company registry. For example, a number of company registries play a passive role, acting as repositories of information or documents, rather than undertaking checks or other measures to ensure that the information they receive is accurate. Additionally, in many countries, company registry information is not always reliably kept up to date. Where these issues exist, countries should consider taking measures to enhance the reliability of information contained in their company registry.
Companies
29. Companies should be required to obtain and record basic information as set out in the following, some of which is the same as that recorded by the company registry as discussed above:
the company name, proof of incorporation, legal form and status, the address of the registered office, basic regulating powers (for example, memorandum and articles of association), a list of directors, and unique identifier such as a tax identification number or equivalent (where this exists); and
a register of their shareholders or members, containing the names of the shareholders and members and number of shares held by each shareholder and categories of shares (including the nature of the associated voting rights).
30. This information can be recorded by the company itself or by a third person under the company’s responsibility. The information should be maintained by the company within the country, either at its registered office or at another location notified to the company registry. However, if the company or company registry holds beneficial ownership information within the country, then the register of shareholders need not be in the country, provided that the company can provide this information promptly on request.
4. BENEFICIAL OWNERSHIP INFORMATION
31. Countries should ensure that there is adequate, accurate and up-to-date information available on the beneficial ownership and control of legal persons. A beneficial owner is defined as follows:
32. Beneficial ownership information of legal persons is the information on the identities and extent of the control exercised over a legal person of:
The natural person(s) who ultimately have a controlling ownership interest in a legal person, if any; and
The natural person(s) exercising ultimate effective control over the legal person through other means than ownership interests, if any.
33. In situations where a beneficial owner cannot be identified, the Glossary sets out that reporting entities identify a natural person who holds the position of senior managing official and record him/her as holding this position (as per R.10). As clarified in the Glossary, this provision of R.10 does not amend or supersede the definition of who the beneficial owner is but sets out how CDD should be conducted in situations where no beneficial owner can be identified. This should apply to all applicable approaches in collecting beneficial ownership information (see section 5 on multi-pronged approach).
34. When collecting beneficial ownership information, reasonable measures should be taken to verify the identity(ies) of such persons, and their status as a beneficial owner (see section 7 on accurate information). A risk-based approach should be adopted in determining the reasonableness of the verification measures (see section 7 on verification measures).
Distinction between legal ownership and beneficial ownership
35. Legal ownership and beneficial ownership over a legal person are two separate concepts. A natural person may be considered a beneficial owner on the basis that he/she is the ultimate owner/controller of a legal person, either through his/her ownership interests or through exercising ultimate effective control through other means. While legal ownership and beneficial ownership can overlap, the legal title or controlling shareholding of a company may be in the name of an individual or a legal person other than the beneficial owner who ultimately controls the entity, directly or indirectly. Accordingly, individuals who exercise ultimate control over a legal person should be identified as beneficial owners, regardless of whether they own shares above any specified minimum ownership threshold.
36. Countries should consider various types of ownership interests and ways to exercise control over a legal person that exists within their jurisdiction, pursuant to commercial and administrative law, including voting rights, economic rights, convertible stock or outstanding debt that is convertible into voting equity. They should also consider ownership interests and ways to exercise control as the two aspects may have evolved in practice.
Beneficial ownership through ownership interests
37. Countries may use an ownership threshold to determine beneficial ownership based on ownership interests, e.g., any natural persons whose direct or indirect ownership reaches a certain percentage of shares in a company. Such a threshold should not exceed a maximum of 25%. Countries may consider combined ownership interests (e.g., shareholders working together).
38. Considerations for determining an appropriate minimum threshold for reporting requirements may include the level of ML/TF risk posed by the relevant type of legal person, sector of operation, complexity of ownership/control structure, among other possible risk factors. A risk assessment would not be needed for each application of a threshold on a case-by-case basis. A higher ML/TF risk could signal the need for a lower ownership threshold as one possible measure to mitigate such risks (see section 2 on risk assessment). In order to avoid leaving a disclosure regime vulnerable to loopholes, low thresholds could enable authorities to capture more information on those with ownership or control over corporate vehicles, while also increasing identification efforts.
39. Risk factors should be identified through a risk assessment of legal persons, based on the ML/TF threats and vulnerabilities to which that jurisdiction is exposed (see section 2 on risk assessment). Specific risk factors vary based on a jurisdiction’s legal framework, the quality of enforcement of AML/CFT regulations, the quality of supervision of FIs and DNFBPs (especially, TCSPs), and sectoral and geographical risks, among others. Under some circumstances, the results of the risk assessment may lead countries to apply different thresholds e.g., across different sectors of the economy or for different types of legal persons.
40. The following are examples of considerations that countries may consider when setting domestic regulation regarding threshold:
Known trends of opaque ownership/control structures: e.g., through use of nominee directors and/or nominee shareholders, including foreign corporate shareholders, especially when part of a longer chain of opaque corporate entities.
Known trends of complex multi-jurisdictional structures: e.g., structures involving corporate shareholders, assets, and/or nominees which are all split across different jurisdictions can be high risk because they can ‘slip through the cracks’ of national-level regulation, supervision, and law enforcement. Such structures are sometimes designed precisely with the aim of evading regulations and obscuring the beneficial owner.
Sectoral risk factors: ML/TF risks factors can be concentrated in specific sectors given the prevalence of predicate offences, e.g., extractive activities (such as oil and gas), public procurement, real estate, and wildlife trade.
Known trends in relation to misuse of legal entities e.g., pass-through entities (of which the business income is treated as personal income of the owners); operational or non-operational (domiciliary) companies; shell companies with no independent operations, significant assets, ongoing business activities, or employees.
Known risks of entities owned or controlled by domestic or foreign politically exposed persons (PEPs).
Known risks of entities subject to opening and closure within short periods of time.
Known risks of entities used to access public tenders or obtain interest in public assets.
41. Ownership interests may be held directly or indirectly, for example through a chain of corporate vehicles or through nominee shareholders. More than one natural person can be a beneficial owner of a given legal person, based on ownership interests above a minimum threshold. For example, if a 20% threshold is adopted, five individuals each owning 20% of shares would all be considered beneficial owners.
42. Sometimes, ownership interests can be so diversified that there is no single shareholder, whether acting alone or together with other shareholders, who exercises control of the legal person through ownership. For example, if a threshold of 20% is adopted (based on the jurisdiction’s assessment of risk), a company with as few as six shareholders can have no shareholder owning a share above the minimum threshold, then no shareholder would fall under the reporting requirements based only on the application of an ownership threshold.
43. Shareholders may exercise control on the company based on their ownership alone or together with other shareholders, including through any contract, understanding, relationship, intermediary or tiered entity. Shareholders may collaborate to increase the level of control through formal or informal agreements, or through the use of nominee shareholders. Control structures may be identified through relevant company documents.
44. Countries should prioritise clarity and practicality in the implementation of the concept of ownership interest to determine beneficial ownership and apply rules that are workable and enforceable for companies and other legal persons administered in a country.
Beneficial Ownership through Control/Other Means (“beyond the threshold”)
45. The application of an ownership threshold is not the only way that beneficial ownership should be determined under the FATF definition, which encompasses both concepts of ownership and control over a legal person. The following considerations may also be relevant:
Differential voting rights: Different classes of shares may give certain shareholders more control than others, for example through differential voting rights. Thus, even a shareholding that falls well below a specified threshold may in fact give a minority shareholder control over the company. Recent reforms in some jurisdictions (UK; Singapore; Hong Kong, China) have made such dual class share arrangements more common.
Power to appoint the majority of senior management: Control over a legal person may be exercised if an individual has the power to appoint the majority of senior management directly or indirectly (e.g., if the power is vested in a company which in turn is wholly owned by an individual). However, the right of minority shareholders or certain stakeholders to appoint one representative to senior management does not by itself confer control over a legal person.
Control through debt instruments: Control can also be exercised through debt instruments or other financing arrangements, for example where a lender or creditor can control a legal person via the provisions of the lending agreement (such as debt that is convertible into voting equity), or by a third party who can otherwise influence a shareholder by means of a financial or other relationship. However, a bank providing financing to a legal person will rarely be considered as exercising control over the legal person by the act per se.
Control through positions held within a legal person: Natural persons who exercise substantial control over a legal person and are responsible for strategic decisions that fundamentally affect the business practices or general direction of the legal person may be considered a beneficial owner under some circumstances. Depending on the legal person and the country’s laws, directors may or may not take an active role in exercising control over the affairs of the entity.
Control through informal means: Furthermore, control over a legal person may be exercised through informal means, such as through close personal connections to relatives or associates. Further, when an individual is using, enjoying or benefiting from the assets owned by the legal person, it could be grounds for further investigation if such individual is in the condition to exercise control over the legal person.
However, these cases are harder to detect and will in practice be less relevant with routine collection of beneficial ownership information by a registry, agency, or other body.
Beneficial ownership in respect of different types of legal persons
Companies without shares: Beneficial owners of companies that do not issue shares will not be captured by any ownership threshold expressed in share ownership. This includes for example non-stock companies in the United States, or companies limited by guarantee in Britain. These types of companies are commonly used by not-for-profit entities, but they can also be used by for- profit entities. Furthermore, companies may be able to switch from stock to non-stock, or vice versa. In some cases, companies without shares have been marketed by TCSPs as a means to defeat beneficial ownership disclosure and tax rules applicable to a foreign company that is either directly or indirectly controlled by a resident taxpayer (generally known as Controlled Foreign Company). These entities would require an alternative approach (in looking into control of the entity) for determination of beneficial ownership through ownership.
Partnerships: Limited and unlimited liability partnerships have legal personality distinct from their partners, but in some countries, they do not have shares and are thus not captured by any share threshold. In some countries (e.g., British Virgin Islands) those forming a partnership can choose whether or not the partnership will have legal personality. In the absence of a share threshold, an individual can have control over a partnership if he/she has the right to exercise (or actually exercises), significant influence over the running of the activities of the partnership. This could include, for example, the right to appoint or remove any partner, to direct or veto the investment decisions, profit share or capital returns of the partnership’s funds or assets, to direct amendments to the partnership’s constitutional documents (e.g., the partnership agreement) or to dissolve or convert the partnership.
Foundations: A variety of other legal persons have legal personality but are not companies and do not have shares, and hence will not be captured by any share threshold. This requires an alternative approach (in looking into control of the entity) for determination of beneficial ownership. For example, foundations have no owners and are controlled by a board. Where foundations are similar to trusts, individuals holding the positions of founders, beneficiaries and members of the management may be considered to exercise control over the foundation. Furthermore, an individual can have control if he/she has the right to exercise (or actually exercises) significant influence over the running of the activities of the foundation. This could include, for example, the right to appoint or remove any of the board members, to direct or veto the distribution of the foundation funds or assets or its investment decisions, to wind up or convert the foundation.
5. A MULTI-PRONGED APPROACH TO BENEFICIAL OWNERSHIP INFORMATION
46. Countries’ experience shown in FATF mutual evaluations suggested that a multi-pronged approach using several sources of information is more effective than using a single approach in preventing the misuse of legal persons for criminal purposes and implementing beneficial ownership transparency measures, as the different approaches supplement each other and lead ultimately to better quality information. A variety and availability of sources enhances access to information and helps mitigate accuracy problems with individual sources (this could include technology-based solutions).
47. The core of a multi-pronged approach combines information held and/or supplied by companies themselves and information held by, or on behalf of, public authorities in a registry, or alternative mechanism if it ensures rapid and efficient access to beneficial ownership information for competent authorities, and any additional measure as necessary. The three pillars of ensuring that beneficial ownership information is adequate, accurate and up-to-date are equally important, and none should be prioritised at the expense of the other. To effectively implement the multi-pronged approach, it is important to ensure that the responsibilities of various parties are clear.
48. Following the revision to Recommendation 24 in March 2022, the standards provide for a multi-pronged approach including as a minimum (1) a company approach and (2) a registry or alternative mechanism, and 3) any other supplementary sources of information, as necessary, commensurate to the risks faced by the jurisdiction. Under the multi-pronged approach, the use of CDD information obtained and maintained by FIs/DNFBPs pursuant to Recommendations 10 and 22, as an alternative mechanism or additional supplementary measure is further described in sections 11 and 12. Supplementary information could also include basic and beneficial ownership information held by regulators or stock exchanges. Countries may decide the precise measures in their national systems based on their own context, materiality and risks.
49. Countries could consider enabling competent authorities involved in collecting beneficial ownership information to be able to access and exchange information on beneficial ownership. Countries are also encouraged to extend this access and exchange of information to other sources of beneficial ownership information to further strengthen cross-checking and verification. Countries may consider extending these responsibilities further beyond simply identifying errors in and improving the quality of basic and beneficial ownership information and be used to help inform the national understanding of current and emerging risks.
50. In addition, countries should also ensure adequate powers to compel the production of financial records and obtain evidence in the context of an investigation, which enables authorities to determine in a timely manner whether a company has or controls accounts with a financial institution within the country.
6. ADEQUATE BENEFICIAL OWNERSHIP INFORMATION
51. The Interpretive Note to Recommendation 24 requires countries to have mechanisms in place that ensure that basic information and beneficial ownership information is adequate, including information provided to the company registry and any available information referred to in paragraph 7 of the Interpretive Note to Recommendation 24.
52. With regard to the identity of the natural person who is the beneficial owner, the Interpretive Note provides examples of information, which countries should consider recording. While the Interpretive Note to Recommendation 24 does not provide any qualification or ranking of the above mentioned information, some information may be considered as necessary in order to identify a person (e.g., first and last name, nationality(ies) and date of birth), while other information may be useful to further confirm the identity of a person, such as a unique national identification number (e.g., an internal administration number, a tax registration number, an identity number or a social security number), passport number and document type, place of birth and residential address, and the tax identification number or equivalent in the country of residence.
53. Similarly, with regard to the means and mechanisms through which the natural person(s) exercises beneficial ownership (whether through ownership or control), some information may be considered as necessary in order to identify such means and mechanisms (e.g., type of participation, voting rights or control through other means) and the scope (e.g., an indication of percentage of shares, voting rights or other form of control) of the beneficial interest. Other information that may be useful to further confirm such means and mechanisms could include information on more than one form of beneficial ownership (e.g., through both ownership and control, if applicable), information on legal intermediaries or legal entities involved in the chain (i.e., those controlled directly by the beneficial owners); information on whether the beneficial owner is involved in any nominee relationship (see section 15 on nominees); and information on whether the beneficial owner’s interest in the legal person is held
directly or indirectly.
54. In relation to foundations and comparable legal persons, countries may consider recording the relevant position/role (e.g., founder, beneficiary and member of the management) of the natural person(s).
7. ACCURATE INFORMATION – MEANS OF VERIFICATION OF BENEFICIAL OWNERSHIP INFORMATION
55. Following the identification of the beneficial owners, this information should be verified. Verification is a combination of checks and other processes that a country should adopt at the various stages to ensure that the beneficial ownership data is accurate (Interpretive Note to Recommendation 24 paragraph 9). Verification applies to all prongs of the multi-pronged approach, and there are some principles that would apply to all prongs, which are described below. Verification may require professional expertise and the means of verification would depend on the approach in holding beneficial ownership information. The objective should be that the overall mechanisms established by a country ensure accuracy of beneficial ownership information and provide a degree in consistency of information across different sources.
56. Verification of the beneficial ownership information could typically involve a review of documents submitted (e.g., share certificates, shareholder register, board meeting resolutions, and power of attorney documents). Verifying beneficial ownership information could also include, depending on the level of risk, manual or automated cross-checks with relevant government and other available databases (e.g., population or national identity registers, taxpayers identification register, vehicles and land registries).
57. Verification of beneficial owners may take place during various processes, depending on the approach to holding beneficial ownership information, although each approach that countries choose as part of the multi-pronged approach should include verification:
a) By companies under the companies approach (see section 9).
b) By authority(ies) or body(ies) responsible for the beneficial owner register under the registry approach (see section 10).
c) By entities responsible for providing beneficial ownership information under the alternative mechanism (see section 11).
d) By entities involved in any additional supplementary measures that are necessary to ensure that the beneficial ownership of a company can be determined, including e.g., information held by regulators or stock exchanges; or obtained by FIs and DNFBPs in accordance with Recommendations 10 and 22 (see section 12).
58. Whereas the means of verification may vary for each prong, it is important that the criteria for identifying a beneficial owner applied to the different prongs are consistent with relevant applicable requirements (in particular those applied to CDD pursuant to Recommendation 10 or 22). Depending on the countries’ specific level of risks, verification measures may comprise the following two components:
a) Verification of identity: Appropriate steps should be taken to verify the identity of any natural person(s) recorded as a beneficial owner.
b) Verification of status: Appropriate steps should be taken to verify the basis of identification of a person as a beneficial owner.
59. The goal of putting in place a clear mechanism for verification of beneficial ownership information is to reduce risks of inaccurate information and allow enforcement of beneficial ownership reporting rules. However, this does not imply a zero-failure approach. It is a process aimed at increasing confidence that information on ultimate ownership and control is reliable and that obvious errors, falsehoods or inconsistencies are spotted and corrected in a systematic manner. Countries may consider automated checks where possible to minimise the burden of verification and increase timeliness of processing.
60. Countries should adopt a risk-based approach to verification. In cases of higher risk (e.g., companies with complex structures across multiple jurisdictions, the existence of nominee directors or shareholders, entities identified as high-risk in a risk assessment, entities with a history of reporting inaccurate beneficial ownership information or where sufficient documentation may not be obtained), the extent and/or frequency of verification measures should be enhanced. In other cases, such as a micro company whose legal owner, director and beneficial owner are all the same person, countries may decide, based on risk, that verification measures may be adjusted (e.g., only request verifying identity).
61. Enhanced verification mechanisms can also be used to detect inaccuracies in reported beneficial ownership information and/or deliberate concealment, such as undisclosed nominee relationships. Such checks of a more investigative nature may be conducted by law enforcement authorities. In countries which require engagement of a professional intermediary for formation of legal persons, regulated professional intermediaries may be required to perform such enhanced checks.
62. Regardless of the mechanisms used upfront, countries may also require a declaration that the information disclosed at the time of submission is truthful and complete. While the declaration would put the primary burden of providing truthful information on the party making the submission, this should not replace the various verification efforts by the receiving end of information.
Verification of Identity of the Beneficial Owner
63. In the identity verification processes appropriate steps should be taken to prove that a natural person, who has been identified as a beneficial owner, actually exists and is who they claim to be, e.g., through a review of government-issued identity documents. An identity is a combination of “attributes” that belong to a person, e.g., name, date of birth and nationality. In order to verify the identity, in cases where there is a suspicion that the evidence of identity has been falsified or stolen, or of presence of any other related risks, steps should be taken to check whether the claimed identity belongs to the person presenting the evidence. This may entail asking a person to present government-issued evidence of their identity (such as a passport or driver’s licence). Such verification could also be done by an automated exchange of data with a reliable national system such as a residence register, tax register, passport database or electoral information. The verifying party may rely on such an exchange, if it provides the same level of assurance.
64.When verifying a person’s identity, the robustness of the evidence must be considered. This relates to the amount and reliability of independent source data, document or information provided, and a risk-based approach should apply. For verifying the identity of a beneficial owner located abroad, the receiving end of beneficial ownership information should take steps to verify the authenticity of legal documentation provided from abroad.
65. While a person’s identity would not normally vary over their lifetime, the information may require updating upon expiry of identity documents or change of nationality (see section 7 on up-to-date information). In that event, the person has the onus to update the information which should be subject to verification. There should also be sufficient safeguards and data security to ensure that the verified identity could not be stolen or impersonated (e.g., secured portal).
Verification of Status of the Beneficial Owner
66. Depending on the level of risk, verification of the status of the beneficial owner can include but is not limited to the following elements:
i. Does the person identified as the beneficial owner have ownership, voting rights or control rights in the legal person, such that they meet the definition of a beneficial owner?
ii. Is the person identified as the beneficial owner actually exercising the rights associated with the level of ownership and/or control in practice, in his/her own name or is the person exercising those rights under instruction from, or by agreement with, an undisclosed third party?
iii. Whether the identified beneficial owners are consistent with the structure and risk profile of the legal person?
67. As the status of a beneficial owner may change over time, even down to the nature of control, the information should continue to be verified (instead of simply relying on the checks carried out at the point of incorporation), in line with the requirements for this information to be up-to-date as discussed in section 8 of this guidance. The historical information collected over time would also be useful to national authorities, FIs or DNFBPs (see section below on discrepancy reporting).
Discrepancy Reporting Mechanisms
68. To support the accuracy of beneficial ownership information, countries may consider putting in place discrepancy reporting mechanisms as a complementary measure on the basis of risk, materiality, and context of the countries. Discrepancy reporting, if applied (most likely in respect of a register/alternative mechanism), should serve to complement the verification measures to various mechanisms outlined above; it should not replace them.
69. Discrepancy reporting generally allows authorities and entities with access to beneficial ownership data to report to the body holding beneficial ownership information of legal entities if the information the former hold is different from that held by the latter. While discrepancy reporting can help enhance the accuracy and completeness of information on beneficial ownership of legal entities, any of these obligations imposed on the reporting end will give rise to resource implications. Countries can develop processes or procedures to minimise administrative burden in discrepancy reporting to particular situations where there is a potential for reporting by both FIs/DNFBPs and the customer/client.
70. As such, when putting in place a discrepancy reporting mechanism, countries may consider the below relevant factors.
a) Access by reporting entities to information: Parties required to report discrepancies (FIs/DNFBPs or other obliged entities as defined by the country) would need access to the beneficial ownership information held in a registry/alternative mechanism, so that they can report differences (accuracy and completeness) between the registry/alternative mechanism and their client information collected as part of CDD obligations.
b) Materiality of discrepancy: As volume of reported discrepancies may be very high, to optimise the amount of resources used by both reporting entities in filing reports and by receiving end in handling them, countries should clearly define the material threshold for discrepancies which should be reported. For instance, focus is usually put on factual errors, not typing mistakes or spelling errors.
c) Adjudicating discrepancy reports and feedback system: Countries should consider implementing a system to review and adjudicate discrepancy reports in a fair and efficient manner, with emphasis on due process and risk-based approach. Companies and other legal entities should be informed at the appropriate time of the reported discrepancies (with reasons) so that data can be rectified in a timely manner. Upon resolving a difference, countries should consider notifying the reporting entity so that all information would be aligned.
d) Record-keeping: Countries should consider properly recording discrepancy reports made (e.g., shown in excerpts of the register/alternative mechanism), so that potential users of this information are aware that this data might not be adequate, accurate or up-to-date. In particular, this information, if made accessible to the competent authorities, could be helpful. From a broader management perspective, countries may consider monitoring the number of discrepancy reports and the reasons for them.
e) Privacy considerations: Discrepancy reports very likely would contain personal data. Countries should take into account data privacy laws, client confidentiality, and other relevant concerns when seeking to implement discrepancy reporting mechanisms. For instance, safeguards should be made to prevent data leakage.
8. UP-TO-DATE BASIC AND BENEFICIAL OWNERSHIP INFORMATION
71. The Interpretive Note to Recommendation 24 states that countries should have mechanisms to ensure that basic and beneficial ownership information is as current as possible, and is updated within a reasonable period (e.g., within one month), following any change or the identification of outdated information. To avoid ambiguity, countries should establish a clear and practical framework that supports the updating of beneficial ownership information within a reasonable period. The framework should specify the meaning of “a reasonable period” and how the framework will be enforced for each approach used by the country to keep up-to-date beneficial ownership information.
72. The Standards provide a degree of flexibility to enable countries to determine the appropriate “reasonable period” for updating beneficial ownership information, in accordance with their risk and context, and taking into account their institutional setup and other domestic circumstances.
73. Countries may face practical hurdles in implementing this requirement, and these may warrant the need for more time to ensure that beneficial ownership information is kept up-to-date. These may include specific situations where the BO cannot be clearly identified or contacted quickly (e.g., cases of force majeure, or when the records become unavailable due to IT failures) or where the BO fails to respond to reminders or can no longer be reached at the known address.
74. Countries should consider identifying these practical hurdles and/or specific situations and how they may hinder beneficial ownership information from being kept up-to-date for each mechanism used by the country to maintain beneficial ownership information. Where relevant, countries should also consider specifying a period which is as short as practicable, with appropriate and justifiable measures that have the effect of adequately mitigating or overcoming these practical hurdles.
75. As a best practice to ensure that information is kept up-to-date, countries may consider requiring companies, as well as the other mechanisms used to ensure that competent authorities have timely access to adequate, accurate and up-to-date information, to periodically validate their beneficial ownership information on a risk-based approach, such as by reviewing or verifying the information that they hold. Such regular validation could contribute to uncovering changes in the beneficial ownership of corporate structures and would be useful if a company inadvertently fails to identify and report these changes.
9. OBLIGATIONS OF COMPANIES UNDER THE COMPANY APPROACH
76. Under the company approach, countries should require companies to undertake the following measures:
a) To obtain and hold adequate, accurate and up-to-date information on the company’s own beneficial ownership;
b) To co-operate with competent authorities to the fullest extent possible in determining the beneficial owner, including making the information available to competent authorities in a timely manner; and
c) To co-operate with financial institutions/DNFBPs to provide adequate, accurate and up-to-date information on the company’s beneficial ownership information.
77. As a starting point, countries should require companies to maintain a list of their shareholders or members, that competent authorities can access upon request. However, this alone will not be sufficient, as shareholder registers contain information on legal ownership but not necessarily on beneficial ownership (see section 4 on beneficial ownership information). Countries should consider the following in implementing this approach:
a) Are there mechanisms (e.g., established procedures/protocols) in place to ensure that the beneficial ownership information collected by companies is adequate, accurate and up-to-date, and that such information is accessible in a timely manner by the competent authorities? Do companies have powers to require updated information from their shareholders (including the power to request beneficial ownership information at any time)?
b) Are shareholders required to disclose the names of person(s) on whose behalf shares are held (i.e., nominators)? When there are any changes in ownership or control, are shareholders and beneficial owners required to notify the company within a set time period? Are companies required to validate, review and verify information on beneficial owners periodically?
c) Are there effective, proportionate and dissuasive sanctions against the company and its representatives for failing to carry out their obligations (e.g., to collect beneficial ownership information and keep it adequate, accurate and up-to-date)?
d) Do competent authorities have powers to require the cooperation of companies, and are there effective, proportionate and dissuasive sanctions for non-cooperation? Is beneficial ownership information required to be accessible within the country of incorporation? How are companies that have no physical presence in the country of incorporation dealt with?
e) Have authorities provided financial institutions/DNFBPs with clear guidance on what measures they expect them to take if companies do not cooperate with them (e.g., reporting the non-cooperation to the relevant authorities, not engage with or continue the business relationship).
f) How will companies become aware of their obligations and the necessary resources required to fulfil these obligations? Is there adequate guidance explaining their obligations, and is this guidance publicly available? Are there adequate avenues for companies to be engaged and educated on their obligations?
10. THE REGISTRY APPROACH
78. One of the ways to ensure that competent authorities have access to adequate, accurate and up-to-date information on the beneficial ownership of legal persons under Recommendation 24 is for a public authority or body to hold this information (for example a tax authority, FIU, companies registry, or beneficial ownership registry).
79. A register holding beneficial ownership information can be an effective mechanism because it allows competent authorities to access such information from a direct source in a rapid and efficient manner (often in real time). Such effectiveness is generally conditional upon the registrar having sufficient resources to perform its tasks and, on its ability, to request additional information when it has doubts on the information it receives.
80. Beneficial ownership registers can take different shapes and forms, and countries have significant flexibility to adjust their set-up to match the institutional context in which the registers operate, as well as the variety of legal persons whose beneficial ownership is recorded in the register(s). This means, for example, that countries that operate on a decentralised basis (and particularly in the case of federal states with competences at the sub-national level) may have several registers that operate independently but are interconnected. In such cases, it is important to ensure consistency of approaches and interoperability of the systems to ensure that competent authorities have seamless access to the beneficial ownership information, regardless of which sub-national authorities holds it. It is also possible that different registers are set up for different legal persons (e.g., for companies, associations or foundations), reflecting the different nature of these types of legal persons. Also in this case, countries should ensure that the different registers function coherently and that rapid and efficient access by competent authorities is ensured in all cases, regardless of the chosen set-up for the registers. In any case, countries should ensure that their registers have a scope sufficiently wide to cover all relevant legal persons, including relevant foreign legal persons (instead of a particular group of legal persons). The onus is on the countries to ensure that the registry provides efficient access to reliable information.
81. Most of the challenges in implementing beneficial ownership registers originate from the institutional level – i.e., whether the registry is established to collect adequate, accurate and up-to-date information on beneficial information, whether the register is empowered to do so and whether proportionate and dissuasive sanctions for any legal or natural person that fails to comply with the requirements are applied, and whether the register is equipped with sufficient resources to perform its role.
82. Some countries have integrated beneficial ownership information into already existing databases, such as company registers. Other countries have set up beneficial owner registries, which are populated by legal persons, FIs/DNFBPs, competent authorities or to some extent by automated reports via interconnected registries. Competent authorities, and in some countries obliged parties can access these beneficial ownership registries, and crosscheck beneficial ownership information against other sources (e.g., FIs and DNFBPs, notary profession, tax or stock market authorities or documentation requested from the legal persons).
83. In some countries, the notary profession keeps a centralised database on the beneficial ownership of legal persons (e.g., a database kept by a private body entrusted with the task by a public authority). This includes adequate, accurate and up-to-date information obtained and recorded by notaries when incorporating entities or conducting certain other acts or transactions by persons and entities, and information on the transfer of persons and entities. This creates a repository of corporate information, which may be used to validate the information in the company registry.
84. Some countries may also have their tax authorities maintain beneficial ownership information for certain legal persons. The tax authorities may hold adequate, accurate and up-to-date basic and beneficial ownership information on legal persons who have an income, have ownership, engage in real estate transaction or hire employees. Some even require that all legal persons making disclosures to the tax authorities have a bank account and be subject to banks’ CDD requirements. If such database is used, the information contained therein should be adequate, accurate and up-to-date.
85. Countries that make use of a public authority or body holding beneficial ownership information should consider the resources and expertise that will be required in order to maintain the register, and to ensure that the information recorded in the register is adequate, accurate and up-to date, and can be accessed in a rapid and efficient manner. The considerations also apply for the management, maintenance, as well as risk-based mechanisms in place in the registry(ies) to verify the information. Without sufficient resources, the effectiveness of the public authority or body holding beneficial ownership information will also be compromised.
86. Moreover, if the tasks and duties of the public authority or body holding beneficial ownership information are not well defined and the power and responsibilities of the registry are not sufficiently clear, the public authority or body will not be able to ensure that the data in the register is adequate, accurate and up-to-date.
87. Recommendation 24 allows countries to consider facilitating public access to beneficial ownership information. Countries should seek to strike a balance between the general public interest in disclosing the data to prevent money laundering and terrorist financing, and the beneficial owners’ fundamental rights (such as personal data protection concerns and relevant legal requirements). To that end, countries may consider a tiered approach to disclosure of the information. For example, countries that have provided public access may consider clearly and exhaustively defining the types of information to be made available to the public, which could be of a more general nature (such as name and reason why the person is identified as beneficial owner, company name and registered address), so as to minimise the potential prejudice to the beneficial owners (see section 13 on access to information).
88. Below are some examples of considerations for countries seeking to establish a registry of beneficial ownership or to integrate beneficial ownership information into an already existing database:
a) Are there jurisdictional or constitutional impediments to implementing an effective beneficial ownership register? For example, in some countries, state/provincial level authorities have responsibility for registering and regulating legal persons, and there are constitutional impediments that limit the national authorities’ jurisdiction to impose beneficial ownership requirements on those authorities.
b) Are the registry’s statutory powers and objectives sufficiently broad to cover the role of collecting, verifying and maintaining beneficial ownership information?
c) Does the authority or body responsible for the register have sufficient human and capital resources to collect, verify, and maintain beneficial ownership information? A good understanding and knowledge of corporate law may be necessary to determine the beneficial owner of a complex legal structure. Similarly, an understanding of the economic context in which the company operates might be instrumental in understanding how control may be exercised through other means (also see section 4 on beneficial ownership information). In some countries, the registry is able to run thematic/horizontal analyses of the legal persons for which it holds beneficial ownership information, which enable detection of outliers or incorrect information. In designing the register, countries might wish to consider whether its technical set-up would enable or prevent this type of analysis.
d) Are there mechanisms for ensuring that the beneficial ownership information provided to the register is adequate, accurate and up-to-date? Are individual applicants who form legal persons required to submit accurate beneficial ownership information to the register when the legal person is created (e.g., by prohibiting incorporation if such information is not provided)? Are there risk-based mechanisms to monitor beneficial ownership information from time to time after incorporation? Does the registry verify the accuracy of the information it receives following a risk-based approach and using reliable, independent source documents, data or information? Is there a process that allows authorities and FIs and DNFBPs to report any discrepancies to the registry?Are reasonable steps taken to remedy reported discrepancies within an appropriate timeframe (see section 7 on accurate information)?e) How are changes in beneficial ownership information monitored and recorded over time? Are legal persons and/or beneficial owners required to provide information to the register within a reasonable timeframe (see section 8 on up-to-date information) once any changes are made or corrections are needed? In addition, are there any periodic requirements for updating/confirming/correctly beneficial owner information?
f) Is there a competent authority with responsibility for enforcing the requirement to report to the register? Are there effective, appropriate and dissuasive sanctions that apply to breaches (for example, by failing to disclose, or submitting inaccurate or incomplete information) based on the legal framework in place in the country? For example, where legal persons have a duty to report their beneficial owner(s), are sanctions laid down in relation to all relevant aspects (e.g., for submission of incomplete/inaccurate information)? Do sanctions cover the appropriate persons?
g) Is the information held by the registry available to competent authorities in a rapid and efficient manner? Is the existence of the register sufficiently publicised? Is information available on how to use it? Does the system allow competent authorities to search for beneficial ownership information held in the register in a way that serves their needs adequately (e.g., it allows searches by the name of the legal person and the name of the beneficial owner, it has tools for distinguishing among legal persons and beneficial owners with the same names, it has tools for aggregation of information, etc.)? Does the register provide direct access through remote login or similar mechanisms, or does information have to be requested from the register? If the latter, does the process still allow competent authorities to obtain information in a rapid and efficient manner? Are there clear disclosure requirements on the authority or body responsible for the registry to protect against the improper disclosure of the information?
Example features – Public authority or body holding beneficial ownership information
89. A mechanism that provides for a public authority or body holding beneficial ownership (BO) information could include some or all of the following features:
i. Companies are required to provide basic and beneficial ownership information to the company register upon registration.
ii. Companies are required to provide basic and beneficial ownership information regularly and within a reasonable period (e.g., within one month) following any change.
iii. Companies are required to make a declaration (e.g., sworn statement) regarding the beneficial owner and the ownership structure. This could include the provision of copies of documentation for the verification of identity.
iv. The public authority or body holding beneficial ownership information is required, on a risk-based approach, to verify the identity of the beneficial owners and that they indeed satisfy the criteria for being regarded as beneficial owners. (Cross-reference to section on verification)
v. Companies that fail to provide beneficial ownership information are subject to proportionate and dissuasive sanctions, such as restrictions on incorporation, and such sanctions are applied. (see section 16 on sanctions).
vi. The provision of incorrect information is subject to proportionate and dissuasive administrative and/or criminal sanctions for the company. The company’s representative could also be held personally liable. (see section 16 on sanctions).
vii. The public authority or body holding beneficial ownership information regularly applies such sanctions when obligations are breached or reports breaches to the appropriate authority.
viii. The public authority or body holding beneficial ownership information takes a proactive role, including checking information against other sources (such as shareholder, population or national identity registries) through risk-based verification, use of technologies etc., to identify anomalies or inconsistencies and reduce the risk of fraud on supporting documents or improper disclosure.
ix. Beneficial ownership information held by a public authority or body is recorded digitally and is searchable. The search function supports searches by multiple fields.
x. Competent authorities have rapid and efficient access to all the beneficial ownership information held by a public authority or body online, including full search capability.
xi. The public authority or body that holds beneficial ownership information has the capability to identify indicators of misuse or unusual activity (red flags) in the database.
xii. Basic information on the company is publicly available; some or all beneficial ownership information could also be made publicly available or be made available to FIs and DNFBPs at a minimum.
xiii. FIs and DNFBPs and, if appropriate competent authorities report any discrepancies (cross-reference to section on accuracy) they find between the beneficial ownership information held by the public authority or body and the beneficial ownership information available to them. The public authority or body holding beneficial ownership information and/or other relevant authority takes appropriate actions to correct the information within a reasonable timeframe.
xiv. The public authority or body holding beneficial ownership information may also obtain and hold shareholder information on companies in addition to beneficial ownership information.
xv. The public authority or body holding beneficial ownership information collects information on the board of directors, senior management and any other natural person authorised to act on behalf of the company.
xvi. The mechanism is complemented by other approaches to ensure that the beneficial ownership information of a company can be determined in a timely manner by a competent authority.
xvii. Data protection and privacy safeguards are in place, including restrictions on the information available to the different users of the register and other beneficial ownership information, sources to prevent the improper disclosure of this information.
11. MECHANISMS AND SOURCES FOR OBTAINING BENEFICIAL OWNERSHIP INFORMATION OF LEGAL PERSONS: CHARACTERISTICS OF ALTERNATIVE MECHANISMS
90. Countries may decide to implement the multi-pronged approach set out in Recommendation 24 by using an alternative mechanism instead of a beneficial ownership registry if the mechanism also provides competent authorities with efficient access to adequate, accurate, and up-to-date beneficial ownership information. Efficient in this context refers to access that is rapid and reliable – i.e., through a trusted source, without undue delay that enables competent authorities, particularly law enforcement and the FIU, to conduct their investigations and analyses quickly.
91. Countries have the flexibility to develop an alternative mechanism that is in line with their specific risks, materiality and context, provided that the approach ensures that competent authorities have efficient access to adequate, accurate, and up-to-date beneficial ownership information. In taking the alternative mechanism approach, countries may rely on an existing source(s) of information. The onus is on the countries to ensure that there is a specific mechanism(s) that provides efficient access to reliable information. The mechanism(s) should comprise a clear and comprehensive process or system (or multiple processes or systems) through which competent authorities are able to access adequate, accurate, and up-to-date beneficial ownership information.
92. Countries taking the alternative mechanism approach, should take into account the below considerations in designing their alternative mechanisms.
i. Legal/Operational Framework: Is there a clear legal framework that enables competent authorities’ access to this information, and/or authorises the source to disclose this information to other relevant authorities? Is there a legal framework to protect the source of information from liability for authorised disclosures? Is there a legal framework to require the source of information to disclose this information to authorities in a timely fashion? Absent a specific legal framework, do competent authorities have sufficient existing powers to seek information using the alternative mechanism?
ii. Scope: Is the scope of the alternative mechanism sufficiently wide to cover all relevant legal persons, including relevant foreign legal persons (instead of a particular group of legal persons)? Does it cover domestic legal persons that may pose ML/TF risks but may not be clients of specific FIs or DNFBPs?
iii. Resource: Does the entity(ies) responsible for the alternative mechanism have sufficient human and capital resources to ensure adequate, accurate and up-to-date beneficial ownership information?
iv. Awareness: Are there clear guidelines to make the competent authorities (particularly law enforcement authorities and FIUs) aware of the alternative mechanism through which they can access adequate, accurate, and up-to-date beneficial ownership information? Do they have a clear understanding of how to gain access to beneficial ownership information through the alternative mechanism? Do sources of beneficial ownership information have a clear understanding of their disclosure obligations under the alternative
mechanism?
v. Responsiveness: When competent authorities seek beneficial ownership information through the alternative mechanism, is access to the information rapid and efficient? Is there a specific process or system in place to facilitate quick access? For example, if beneficial ownership information is held by different entities, have competent authorities established a process to obtain access to the beneficial ownership information with the single point of contact or with the parties that hold beneficial ownership information to avoid undue delays in receiving information from different entities?
vi. Quality: Does the alternative mechanism provide complete and reliable information? Are there measures in place to ensure that the information is adequate, accurate, and up-to-date? If the alternative mechanism is not in itself a source of information, does the underlying source(s) meet(s) the objective of having adequate, accurate and up-to-date information (i.e., does the source that holds the information perform quality control and verification measures on the beneficial ownership information)? Does the source that holds the beneficial ownership information have a good understanding and knowledge of corporate law and/or complicated legal structures, and other relevant expertise to assist in identifying appropriate beneficial owners? If competent authorities rely on multiple sources to identify the beneficial owners, is the data consistent across sources? Is there a process by which differences in data are resolved?
vii. Oversight and data protection: Are appropriate oversight, supervisory measures, or equivalent mechanisms (e.g., appropriate sanctions) in place to ensure that the alternative mechanism provides for efficient access to beneficial ownership information, while taking into account data protection and confidentiality concerns? Do the parties that hold beneficial ownership information have appropriate access protocols and safeguards in place to ensure data protection? Do the competent authorities that seek beneficial ownership information have appropriate access protocols and safeguards in place to ensure data protection?
93. Countries would have to develop specific mechanism(s) to ensure efficient access to beneficial ownership information under the alternative mechanism, for example, a secure communication electronic portal/website that enables competent authorities to reach out to multiple sources at once and ensure that a rapid response is received on the relevant beneficial ownership information. Countries should implement specific measures, including verification and supervision, to ensure that the underlying beneficial ownership information, is adequate, accurate, and up-to-date. These two elements (high-quality source information plus mechanism for efficient access) may constitute an alternative mechanism.
94. Below are examples of sources of information (which may be based on CDD information) that can be leveraged by countries to develop alternative mechanisms.
a) a bank account register that identifies legal persons holding bank accounts, payment accounts and other financial services (e.g., custodial or investment accounts)
b) a public authority holding information on the FIs/DNFBPs with which a legal person has a continuous business relationship
c) a system with credit bureau information which collects and maintains updated information of legal persons having borrowing relationships with FIs.
95. Beneficial ownership information obtained and held by FIs/DNFBPs (pursuant to Recommendation 10/22) alone is not sufficient to qualify as an alternative mechanism. However, countries may consider utilising this information to develop an alternative mechanism, to ensure efficient access to adequate, accurate and up-to-date beneficial ownership information by competent authorities. Emerging digital solutions may give rise to further possibilities for countries to develop their alternative mechanisms.
12. ADDITIONAL SUPPLEMENTARY MEASURES
96. In applying a multi-pronged approach to ensuring that the beneficial ownership of a company can be determined in a timely manner by competent authorities (see section 5 on multi-pronged approach), countries should use additional supplementary information as necessary, including for example:
a) Information held by other regulators/supervisors;
b) Information held by stock exchanges;
c) Information obtained by FIs in accordance with Recommendation 10;
d) Information obtained by DNFBPs in accordance with Recommendation 22.
97. With respect to (a), countries may rely on existing information sharing arrangements with financial regulators and/or other supervisory bodies to assess and enhance their own beneficial ownership information. Such agreements present countries with further opportunity to review and challenge the information they hold on beneficial ownership. This may assist competent authorities in locating information that is not accurate or up-to-date. This could be achieved by liaising with other regulators/supervisors to check that the beneficial ownership information provided is accurate on the basis of the information held by the other regulator, or other bodies that operate under the delegated authority of the supervisor.
98. Open sources of information, such as (b), may provide competent authorities with additional means of obtaining and verifying information. Where a company is listed on a stock exchange and subject to requirements on adequate transparency of beneficial ownership, countries may consider allowing the use of that information to validate the beneficial ownership information (see section 18 on the applicability of relevant regulatory regimes).
99. Additional supplementary measures can also be information obtained by FIs and DNFBPs in accordance with Recommendations 10 and 22. Countries may rely on an effectively regulated FI sector, which can provide beneficial ownership information obtained in accordance with Recommendation 10, as noted in (c). Under the Recommendation, countries should require FIs to identify and take reasonable measures to verify the identity of the beneficial owner such that the FI is satisfied that it knows who the beneficial owner is. In addition, countries should require FIs to understand the ownership and control structure of the customer and the customer’s business and risk profile. The obligation on understanding ownership and control structure and risk profile should be ongoing.
100. Where a country relies heavily on an effectively regulated DNFBP sector which is involved in company formation (notably TCSPs, lawyers, notaries, and accountants), as
noted in (d), additional supplementary measures can also be information held by those
DNFBPs in accordance with Recommendation 22.
101. To use information held by FIs and DNFBPs as an additional supplementary measure, it is also essential to have effective monitoring and supervision of FIs and DNFBPs to ensure that they are complying with CDD requirements. Implementation of the CDD requirements should form part of any comprehensive mechanism to increase transparency of corporate vehicles. It is particularly important to extend these requirements to businesses and professions which are often involved in the creation and management of corporate vehicles (including TCSPs, lawyers, notaries, and accountants). A regulated FI/DNFBP regime would include an effective sanctioning regime for offences such as failing to update information in a timely manner, failing to supply information and submitting inaccurate information to authorities, which is effectively enforced.
102. While beneficial ownership information will be made available by other approaches (see section 5 on multi-pronged approach), the availability of such information, however, does not exempt FIs and DNFBPs from their obligations under Recommendations 10 and 22 respectively. They should, in any case, not rely exclusively on such information when conducting CDD.
13. ACCESS TO INFORMATION
Access by competent authorities
103. Competent authorities, particularly LEAs and FIUs, should have all the powers necessary for obtaining timely access to basic and beneficial ownership information held by relevant parties, although the characteristics of such access may vary depending on the party holding the information and the national legal framework.
104. In the case of basic and beneficial ownership information held or obtained by a public authority or body, or through an alternative mechanism, access should be rapid and efficient, which means that it should be quick and reliable, without undue delay or impediment. Competent authorities should have sufficient knowledge of which public authority or body or alternative mechanism holds adequate, accurate, and up-to-date basic and beneficial ownership information, and how to access that information. In the case of basic and beneficial ownership information held by companies, it should be possible for law enforcement authorities and, where the national framework allows it, other competent authorities to timely access it, with the full cooperation of the company itself. It is recognised that such access would be most common in the context of investigations, and generally subject to the issuance of a production order or equivalent imposing the disclosure of the information to the competent authority. Lastly, competent authorities should have sufficient knowledge of which additional supplementary measures (as discussed in section 12 above) are available to them for access to basic and beneficial ownership information as needed.
105. The parties that hold relevant information should understand their disclosure obligations, fully cooperate with competent authorities, and provide the information as quickly as possible and within a timeframe which allows authorities to duly carry out their functions. In implementing this requirement, countries should ensure that there is a clear legal or regulatory framework that authorises such access and disclosure and protects, where necessary, the source(s) of information from liability for authorised disclosures.
Access in the course of public procurement
106. In addition, countries should ensure that public authorities at the national level and others as appropriate have the powers necessary to be able to obtain timely access to basic and beneficial ownership information on legal persons in the course of public procurement. Below are some considerations when implementing this requirement:
a) Framework: Countries should ensure that there is a framework that enables/authorises public authorities at the national level and others as appropriate to have timely access to basic and beneficial ownership information on legal persons bidding on contracts (i.e., contract bidders) and those awarded contracts (i.e., contract recipients). There are several ways in which such a requirement can be implemented.
i. Make it a requirement for participation in public procurement that contract bidders and recipients provide basic and beneficial ownership information directly or indirectly (e.g., through an extract of the relevant registry) to relevant public procurement authorities. Where contract bidders and recipients provide basic and beneficial ownership information directly to relevant public procurement authorities, countries may provide relevant public authorities with access to information held in a registry (or registries) or an alternative mechanism as well as through any additional supplementary measures (see sections 10-12), including for any verification needs as appropriate, in the course of public procurement.
ii. Provide relevant public procurement authorities with access to basic and beneficial ownership information in respect of contract bidders and recipients held by a public authority or body (including by accessing beneficial ownership information held by public registry or registries) or an alternative mechanism, as well as through any additional supplementary measures (see sections 10-12), including for any verification needs as appropriate, in the course of public procurement.
iii. Permit relevant public authorities to rely upon other publicly-available basic and beneficial ownership information on contract bidders and recipients, e.g., information held in a database on procurement contractors. Such information needs to be adequate, accurate and up-todate. Regardless of the measure(s) used to fulfil this requirement, countries should ensure that the legal framework protects, where necessary, the source(s) of information from liability for authorized disclosures.
b) Operational considerations: Operationally, countries should ensure that the relevant public authorities have sufficient knowledge of which source(s) of basic and beneficial ownership information is available to them in the course of public procurement, and how to access that information. Irrespective of the source of the information (whether it is the contract bidder(s), register(s), etc.), countries should ensure that the parties understand their disclosure obligations and facilitate timely access to adequate, accurate, and up-to-date information. With respect to specific scoping questions (e.g., whether the requirement should only apply to contracts over a certain value threshold), countries should rely upon existing public procurement and any other relevant frameworks and processes and decide on these questions on the basis of risk, context and materiality. Countries may consider making beneficial ownership information of contract recipients publicly available, especially if their public procurement framework already provides public access to awarded procurement contracts.
Access by FIs, DNFBPs, other countries’ competent authorities, and general public
107. Countries should require that their company registry(ies) provides or facilitates timely access by FIs, DNFBPs and other countries’ competent authorities to the public information they hold, and, at a minimum, to the following basic information on legal persons (see section 3 on basic information): company name, proof of incorporation, legal form and status, the address of the registered office, basic regulating powers (e.g.,
memorandum and articles of association), a list of directors, and a unique identifier such as a tax identification number or equivalent (where this exists).
108. Countries should also consider, facilitating timely access by FIs and DNFBPs to the following additional information on legal persons to facilitate compliance with CDD obligations, and support supplementary verification efforts, such as discrepancy reporting, subject to adequate data protection and privacy safeguards (see section 7 on accurate information):
i. a register of the shareholders or members, containing the names of the shareholders and members, the number of shares held by each shareholder and the categories of shares (including the nature of the associated voting rights); and
ii. beneficial ownership information held in a registry(ies) or through an alternative mechanism, as well as through any additional supplementary measures (discussed in sections 10-12 above).
109. Finally, countries may consider facilitating public access to basic and beneficial ownership information. Public access to this information can enable civil society, other organisations and individuals to cross check the information, which may in turn help to; ensure that information is accurate, adequate, and up-to-date and to identify potential misuse of legal persons (e.g., in tax evasion, fraud, or corruption schemes). However, public access alone is not a sufficient mechanism to ensure accuracy of information. In contemplating the extent and arrangement of public access, countries should take into account data protection rules and other privacy, security, and confidentiality concerns, and consider limiting what basic and beneficial ownership information is made publicly available or applying a tiered approach to information disclosure (basic to detailed information), e.g., based on legitimate interest.
Cost of access
110. If contemplating a fee structure for access to basic and beneficial ownership information, countries should ensure that such a system, as a general matter, would not create unnecessary delays or obstacles to the efficient and rapid access to basic and beneficial ownership information that competent authorities should have. In the absence of a compelling case, it would be good practice to ensure that competent authorities and public authorities at the national level and others as appropriate in the course of public procurement can access this information free of charge. For others, to help foster the objective of making information sufficiently available, it would be good practice that a fee structure is proportionate to or does not exceed the administrative costs of making the information available, including costs of maintenance and future developments of the register or alternative mechanism.
14. MECHANISMS FOR PREVENTING AND MITIGATING RISK OF THE MISUSE OF BEARER SHARES AND BEARER SHARE WARRANTS
111. Recommendation 24 and its Interpretative Note specify that countries should not permit legal persons to issue new bearer shares or bearer share warrants and take measures to prevent the misuse of existing bearer shares and bearer share warrants. Any existing bearer shares or bearer share warrant should be converted into a registered form or for them to be immobilised.
Definitions
112. Bearer shares and bearer share warrants are described in the FATF Glossary as follows:
113. The key features of bearer shares and bearer share warrants are as follows:
i. Physical bearer share certificate or physical bearer share warrant certificate;and
ii. Untraceable ownership.
114. The term also covers other similar instruments or warrants without traceability. Bearer shares and bearer warrants present increased risk of money laundering and terrorist financing due to the concealment of the ownership of the certificates. However, it does not cover newly issued and existing bearer shares or bearer share warrants of a company listed on a stock exchange and subject to disclosure requirement (either by stock exchange rules or through law or enforceable means) which impose requirements to ensure adequate transparency of beneficial ownership.
Variations of bearer shares and bearer share warrants
115. Legal persons and arrangements in certain jurisdictions may have features similar to those of bearer share warrants but may not fall into the description for the following reasons:
i. Firstly, a physical bearer negotiable instrument which is dematerialised (change of the form of shares from physical certificates to electronic records) and/or registered, would not fall within the scope of Recommendation 24 where an identification of the owner of the instrument is possible, should the instrument be evidenced in the name of the owner or of a nominee. For instance, if all financial securities are de lege dematerialised securities (i.e., no physical certificate is issued), bearer securities are, in principle, evidenced by a book entry in the name of their owner in a register held by an authorised financial intermediary called the custodian. This is in contrast to registered securities which are recorded directly in the books of the issuer;
ii. Secondly, when a physical bearer negotiable instrument certificate does exist, it may fall within the scope of Recommendation 24 only when no mechanism exists under applicable law to ensure the traceability of such bearer share. It may not fall within the scope of this recommendation if the identity of the owner of the share or the share warrant must be registered with an intermediary under applicable law, which gives the right to the latter to reveal the identity of the bearer share or bearer share warrant to an issuer. This happens in very limited circumstances, including when shares are listed on the stock exchange or the claim to individual certification of the ownership interest is precluded, and the shares are in all instances immobilised either in a securities’ clearing and deposit bank or a depository, in particular an accredited central securities depository or a recognised third-country central securities depository. Therefore, the issuer will then be able to trace the relevant shareholdings through the chain down to the individual shareholder by rules for capital market disclosure or provisions that establish a right to obtain such information from intermediaries. In other examples, materialised certificates may be created and held by a central securities depository only in relation to depositary receipts representing securities that are meant to be held exclusively outside a national territory. The traceability of these certificates is ensured by the central securities depository.
Range of conversion/immobilisation measures
116. In respect of existing bearer share, the standard requires countries to take measures to prevent and mitigate the risks by a range of conversion/immobilisation measures within a reasonable timeframe.
117. In terms of conversion, the following types of measures could be considered depending on whether the bearer shares are held by a supervised intermediary or not:
a) In the case of shares not held by an intermediary:
i. an obligation for the holder of the shares to have its shares intermediated with a supervised intermediary with a duty for the latter to identify the beneficial owner of the bearer shares; or
ii. an obligation for the issuer of the bearer shares to change its by laws t allow only registered shares;
b) In the case of shares held by an intermediary, one of the following measures could be envisaged:
i. the intermediary would be under the duty to identify the beneficial owner of the bearer shares; or
ii. the intermediary would be in charge of the conversion of the bearer shares into another format: dematerialised shares of registered shares.
118. As regards immobilisation, bearer share certificates and bearer share warrants may be immobilised by requiring them to be held with a regulated financial institution or professional intermediary, with timely access to the information by the competent authorities. A professional intermediary could be an appropriate custodian of bearer share certificates and bearer share warrants where it is subject to supervision.
119. Regulated FIs and professional intermediaries should, upon becoming custodian of bearer share certificates and bearer share warrants undertake full identification of the bearer to be able to record the relevant information for competent authorities. Appropriate procedures should be in place to ensure that competent authorities are provided with timely access to the information held by the financial institution or professional intermediary.
Timeframes for immobilisation/conversion of bearer share certificates and bearer share warrants
120. The standard requires countries to take the above measures within a reasonable timeframe. Taking into account the lead time which may be required for making the necessary legislative/administrative changes, this period could be about two years. Based on some jurisdictions’ experience in applying such measures. The following illustrates some measures taken by countries:
121. Another possibility would be to have the bearer shares converted into registered shares after a certain period of time (which could be two years). The following illustrates some measures taken by countries:
122. Before immobilisation/conversion is completed, in line with the standards, countries should require holders of bearer instruments to notify the company, and the company to record their identity before any rights associated therewith can be exercised. Moreover, to streamline the conversion of existing bearer shares and bearer share
warrants into registered shares, countries may consider setting up an interim limited period of time at the end of which existing bearer shares and bearer share warrants would be either converted or immobilised or, eventually cancelled.
123. In determining the reasonableness of the timeframe for the implementation of conversion or immobilisation measures, countries should have regard to the money laundering and terrorist financing risks raised by the concerned bearer shares and bearer shares warrants or their holders. In each case, at the end of a determined period of time, in the absence of the required changes, the holder of bearer shares would lose all or part of its rights as a shareholder. The following illustrates some measures taken
by countries.
15. MECHANISMS FOR PREVENTING AND MITIGATING RISK OF THE MISUSE OF NOMINEE ARRANGEMENTS
124. Recommendation 24 and its Interpretive Note require countries to take measures to prevent and mitigate the risk of the misuse of nominee shareholding and nominee directors.
Definitions
125. A nominee, as defined in the FATF Glossary, is a natural or legal person holding a role in a company as an agent acting upon instructions of a nominator who has a more substantive claim to control and/or ownership of the company. In many cases, the nominator is the beneficial owner of the company.
126. While many types of nominee arrangements have legitimate business purposes and pose minimal or no money laundering or terrorism financing risks at all, nominees can also be used as a deliberate device to evade beneficial ownership transparency rules by posing an obstacle to transparency, and thereby facilitating the misuse of companies and other corporate vehicles for money laundering and related crimes.
127. The most common types of nominees are nominee directors and nominee shareholders (see box below).
128. Whereas these terms are defined in the Glossary, the underlying legal or factual relationship between the nominator and the nominee shareholder or director may have various forms and a variety of different terminologies can be used to describe such arrangements in different jurisdictions.
129. Nominee arrangements describe a spectrum of related legal and informal devices, where a nominee is registered as a director or shareholder, ranging from situations in which the nominee is simply a “front” with no real connection with or knowledge or control of the company (a “signature for sale”), to circumstances in which the nominee plays a substantive and genuinely independent role in the company, e.g., when representing the interests of particular shareholders in a large composite publicly listed company, or providing specific expertise on the board of a company.
130. The following legal contracts could be relevant in the context of the measures on nominees under Recommendation 24:
a) Professional nominee arrangements offered by corporate service providers
b) Professional nominee director and nominee shareholder services offered by corporate service providers
c) Power of attorney arrangements used in concert with nominee arrangements
d) “Signature for sale” agreements, e.g., a “nominee director declaration,” in which the nominee is simply a front with no substantive connection with the company.
131. Countries should examine specific types of arrangements that exist in their jurisdiction and assess the relevance and applicability of measures to mitigate ML/TF risks of misuse of nominees under the INR of Recommendation 24, paragraph 13 and measures under Recommendation 25. This may include, for example, arrangements mandating acting on behalf of another person.
132. In addition, the following examples may be relevant for applications of the terms “nominator” and “nominee shareholder or director”:
a) Nominator: Principal, silent partner, shadow director;
b) Nominee shareholder: may be a licensed service provider, a professional party representative, or any other person;
c) Nominee director: may be a legal professional, a corporate service provider, or any other person; a resident director or local director may be a nominee;
133. Nominees may be de jure, often the product of a formal legal agreement with a TCSP, notary, lawyer or tax advisor, or they may be de facto, for example where the behaviour or conduct of a person makes them a nominee director in the eyes of the law. Nominee arrangements may also exist informally, without any form of (written) legal contract, e.g., based on loose forms of control where a family member, friend, employee or associate stands in for the nominator, who can be the beneficial owner.
134. The existence of de facto (or “shadow”) directors and informal nominees means that nominee arrangements may exist, be common, and may present ML/TF risks also in jurisdictions that have no specific legislative provisions for nominee directors and nominee shareholders, because they simply exist in practice.
135. Under the FATF Glossary definition, the nominee shareholder or director exercises the functions in the company routinely, subject to the direct or indirect instructions of the nominator; conversely, a delegation whereby the nominee exercises certain powers of the nominator (e.g., “in the name of” the nominator) on a one-off or non-routine basis, would under most circumstances, not qualify as a nominee relationship.
Mechanisms to prevent and mitigate the risk of the misuse of nominee arrangements
136. Under the Interpretive Note to Recommendation 24, countries are required to apply one or more of the following mechanisms to prevent and mitigate the risk of the misuse of nominees: transparency requirements, focused on company or beneficial ownership registries; licensing requirements for those acting as nominees (combined with disclosure requirements for their nominators); or prohibition of nominee arrangements. These measures are applicable irrespective of whether the nominator, nominee shareholder and/or nominee director are legal or natural persons. The features of each mechanism are outlined below:
a)Transparency Requirement:
i. Nominee shareholders and directors must disclose that they are acting as a nominee (i.e., their nominee status) and the identity of the nominator upon whose instructions they are acting to the company.
ii. The aforementioned information should be reported by the company or by the nominee to the relevant register or alternative mechanism as designated by the country (e.g., the shareholder register of the company, the company register or if a beneficial ownership register exists, to this register), regardless of whether the nominee arrangements are formal or informal.
iii. The information should be obtained, held or recorded by the beneficial ownership registry or alternative mechanism, as applicable in the country.
iv. The country should include the nominee status of nominee directors and nominee shareholders in information that is public, e.g., by adding a label or an asterisk to the names of directors and shareholders who are nominee directors and shareholders, on the relevant registry.
b)Licensing Requirement:
i. Nominee shareholders and directors must be licensed in order to offer nominee services or belong to a licensed and regulated profession under AML regulations.
ii. Countries may create a dedicated licensing system for nominees or may instead rely upon existing systems of licensing and regulation of FIs and DNFBPs, including trust and company service providers, regulated under Recommendations 10, 22, 23, 26, and 28 (see below).
iii. Information on their nominee status and identity of their nominator must be obtained, held or recorded by the relevant public authority, body or alternative mechanism as designated by the country (e.g., if a beneficial ownership register exists, to this register). In addition, nominee shareholders and directors must maintain information identifying their nominator and the natural person on whose behalf they are ultimately acting and make this information to competent authorities available upon request.
c) Prohibition:
i. Nominee arrangements are explicitly prohibited and this prohibition is enforced.
ii. Given the possibilities of de facto and informal nominees, the absence or removal of legislative provisions for nominees will usually not be sufficient to ensure that nominee directors or shareholders are unavailable in practice.
iii. Measures to detect undisclosed nominees and enforce a prohibition, e.g., by proportionate and dissuasive sanctions, would be required.
iv. A prohibition may be combined with other measures listed under a) and b) above, e.g., a prohibition of corporate directors in combination with licensing or transparency requirements for other types of nominee arrangements.
137. Due to the private and often covert nature of informal nominees, where no written contract exists between the nominee and the nominator, there are inherent challenges in applying preventive measures, e.g., transparency or licensing requirements, to mitigate risks of such relationships. While the measures outlined above are generally applicable to formal and informal types of nominees, a greater emphasis on applying sanctions for false declarations of beneficial ownership (vis-à-vis preventive
measures) is required to adequately address risks related to the misuse of informal nominees. False declarations of beneficial ownership by undisclosed (formal or informal) nominees can be used as evidence in investigations and provide grounds for sanctions (see section 16 on sanctions). Countries may also consider other preventive measures (e.g., regulations/statutes providing for director’s duties) set out in their frameworks.
138. For informal nominee relationships, FIs/DNFBPs could request information on the main elements of the relationship and record this for documentation purposes. Further, depending on the level of risk, the relevant registry or alternative mechanism, FIs and DNFBPs may need to be sensitised to the risk of undisclosed nominee arrangements in the context of obtaining beneficial ownership information.
139. The provisions regarding nominees under Recommendation 24 should be implemented in conjunction with other FATF Recommendations on nominees and relevant sectoral guidance. Notably, under Recommendations 22 and 23, TCSPs offering nominee director services (there defined as “acting as a director for a client”) or nominee shareholder services, are already subject to preventive measures, including identifying the beneficial owner. Besides, Recommendation 28 obliges countries to monitor such service provision to ensure compliance. Some countries have therefore opted to license and regulate TCSPs, which entitles these professionals to act as nominee directors and shareholders. While Recommendations 22, 23, and 28 set out provisions for TCSPs, Recommendation 24 provides for more specific transparency requirements in respect of the provision of nominee services: it requires that nominees disclose information on the nominator upon whose instructions they are acting (i.e., in the context of nominee service provision by a TCSP, on their “client”) upfront to the relevant registry, and to have their status as nominee director publicly recorded, and/or to ensure the country licenses such nominee service provision, as opposed to only monitoring it.
Risks of misuse of nominee arrangements
140. Nominee arrangements may fulfil a wide range of entirely legitimate business purposes; nevertheless, nominee arrangements may also be deliberately used to obscure the beneficial owner by keeping the owner’s name off public records, or not disclosing them to the counterparty in a transaction.
“Signature for Sale” arrangements
141. It is relatively common for nominee arrangements to be explicitly marketed by TCSPs under “signature for sale” arrangements in which the nominee plays no substantive role beyond obscuring the identity of the beneficial owner. Here, a separate private legal agreement with the nominee (power of attorney is a commonly seen form) enables the beneficial owner to retain control over the company from behind the scenes. In some documented cases, nominees pre-sign undated resignation letters to
allow the beneficial owner to fire the nominee unilaterally, and if necessary, retroactively. Such arrangements do not only possibly violate the spirit and the law on beneficial ownership transparency, but to the extent that nominees have no real knowledge of or control over the company, they may also often violate directors’
standard responsibilities to the company. The measures under a), b), and c) are therefore mainly intended to strengthen enforcement of the obligation to identify the beneficial owner of a legal person in situations with nominees; but they may also help mitigate abuse by ensuring that nominee directors are substantively fulfilling their duties as director to the company, rather than merely acting as “signatures for sale”.
Situations where risks of misuse of nominee arrangements may be low
142. The spectrum of nominee services also includes those where the nominee plays a substantive role in the company, that are routinely used for legal business purposes, and where adequate, accurate and up-to-date information on the beneficial owner of the legal person in question is already available to competent authorities. Therefore, the extent of the measures that countries should take in accordance with Recommendation 24 should take into account the ML/TF risks present in the country. Based on a risk assessment, countries may decide to distinguish between different situations in the extent of the measures applied, according to the ML/TF risks they present. This may include distinguishing between legal entities based on their nature and purpose (listed companies and their subsidiaries, public entity, holding company, operating entity, domiciliary entity whose purpose is exclusively to hold and manage someone’s wealth, organisation, etc.), business sector, risk profile of officers, and other factors.
143. Examples of circumstances, where countries could decide to exempt nominees from the scope of the mitigation measures under the INR – if risks of abuse are found to be low and adequate, accurate, and up-to-date information on beneficial ownership of the legal person is available to competent authorities, include:
i. The typical corporate practice for a (group of) shareholders to appoint a director to represent their interests at the management level, e.g., in a large composite publicly-listed company;
ii. Directors delegated to the board of companies in the context of a group of companies or commercial or financial collaboration for example to provide specific expertise on the board of a company, or to coordinate business decisions, or to take into account shareholders’ interests;
iii. Directors delegated to represent the interest of a specific (group of) shareholder(s) or stakeholder(s) as required by law (e.g., director representing employees in the board of pension schemes, director representing the State / Government / public body or similar in case of (partially) state-owned entities, director representing employees on the board of companies such as the German “Arbeitnehmervertreter im Aufsichtsrat”, director appointed by a multilateral development bank to subsidiaries and investee companies);
iv. Certain types of AML regulated investment funds acting on behalf of their investors, or pension funds acting in the interest of their future pensioners that pose low risks;
v. Situations where the delegation of power to exercise shareholder’s rights is only incidental to an existing banking relationship (e.g., Depository Bank);
vi. Voting representation by an independent representative in case shareholders cannot participate in a general assembly (Voting proxy, such as the Swiss “unabhängiger Stimmrechtsvertreter” and “Depotvertreter”);
vii. FI acting as nominee shareholder when carrying out transactions in their own name but on account of the client in the course e.g., of banking or brokerage activity.
16. SANCTIONS
144. Establishing clear liability and effective, proportionate and dissuasive sanctions is a key feature of national systems’ efforts to ensure the implementation of Recommendation 24’s requirements. Measures implementing this recommendation can apply to both natural and legal persons. For legal certainty, it is important to set out clear rules on the obligations of legal persons (e.g., reporting of information to registers or other mechanisms) and natural persons (e.g., provisions by shareholders of information to the person authorised to act on behalf of the legal person) with respect to each requirement of the recommendation. Equally, depending on the legal traditions of countries, situations where breaches by the legal person are caused by intentional or negligent behaviour of its senior management with a leading position or persons authorised to act on its behalf within the exercise of their professional functions could be treated specifically with a view to attributing liabilities in such cases. This could be the case, for example, when breaches are committed by the natural person with the intention to benefit the legal person itself. Liability could also be attributed to the senior management for breaches of requirements by employees under their responsibility.
145. Countries may apply appropriate sanctions or hold persons liable for breaches of responsibilities. Such sanctions or additional measures can be of either administrative, civil or criminal nature and can be both financial or non-financial (e.g., deprivation of rights with respect to participating in companies, striking off the register). When deciding on the most appropriate enforcement measure, countries should ensure consistency with their overall legal framework.
146. Countries may also apply criminal and/or administrative sanctions on the legal person or their representatives, including, e.g., resident agents in certain circumstances.
147. In order to ensure that sanctions are effective, proportionate and dissuasive, countries should take into account the following elements:
a) Is there an authority empowered to impose such sanctions?
b) Is the range of sanctions sufficiently broad to capture all responsibilities and possible case scenarios (e.g., minor sanctions for late filing, personal liability for false declaration to restriction on incorporation or penalties for failure to report information, warning letters, and strike-off procedures for subsequent breaches)?
c) Is this range of sanctions suitably dissuasive for even the largest legal entities in the jurisdiction?
d) Are sanctions consistent with the gravity (including the repeated nature) of the breaches? Should other factors be taken into account (e.g., overall business turnover of the legal person)?
e) Are breaches systematically detected and sanctioned?
17. RELATIONSHIP BETWEEN BENEFICIAL OWNERSHIP OBLIGATIONS AND OTHER RECOMMENDATIONS (WIRE TRANSFERS AND VIRTUAL ASSETS REQUIREMENTS)
Wire transfers and beneficial ownership as part of CDD
148. In relation to wire transfers, FIs should be required to undertake CDD measures as set out in Recommendations 10 when carrying out occasional transactions. This includes the requirement to identify and take reasonable measures to verify the identity of the beneficial owner of the originator or beneficiary, as outlined above. In addition, Recommendation 16 requires financial institutions to take further measures such as collecting certain originator information and ensuring that this information accompanies a wire transfer.
Virtual assets
149. The FATF Glossary defines VASPs as any natural or legal person that conducts as a business the activities or operations specified in the VASP definition. Recommendations 24 and 25 explicitly note that countries should take measures to prevent the misuse of legal persons and arrangements for ML/TF. As with FIs and
DNFBPs, countries should therefore take measures to prevent the misuse of VASPs and consider measures to facilitate access to beneficial ownership and control information by VASPs undertaking the requirements set out in Recommendations 10 and 22.
150. As an initial matter, in the licensing or registration process for VASPs, competent authorities should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in a VASP. Countries, including those that have decided to prohibit virtual assets, should take action to identify natural or legal persons that carry out VASP activities without the requisite license or registration, and apply appropriate sanctions.
151. In the context of VA and VASP activities, countries should ensure that VASPs licensed by or operating in their jurisdiction can manage and mitigate the risks of engaging in activities that involve the use of anonymity-enhancing technologies or mechanisms so that they are not abused to obscure legal or beneficial ownership of VA. Such technologies or mechanisms may include, but are not limited to, anonymity-enhanced cryptocurrencies (AECs), mixers, tumblers, privacy wallets and other technologies that obfuscate the identity of the sender, recipient or holder of a VA. If the VASP cannot manage and mitigate the risks posed by engaging in such activities, then the VASP should not be permitted to engage in such activities.
152. In conducting CDD to fulfil obligations under Recommendation 10, VASPs should obtain and verify the customer identification information required under national law. For covered VA activities (e.g., VA payments, VA transfers, VA issuance, etc.), the verification of customer and beneficial ownership information by VASPs should be completed before or during the course of establishing the relationship.
153. Counterparty VASP due diligence should be completed when engaging in cross-border correspondent relationship or prior to transmitting required travel rule information and refreshed periodically or when a new risk emerges from the relationship. When conducting this counterparty due diligence, a VASP may obtain information set out by Recommendations 10 and 13 directly from the counterparty VASP. This information should be verified with reliable, independent sources of information for the verification of the identity and beneficial ownership of legal persons. For example, this may include: corporate registries, registries maintained by competent authorities on
the regulated institutions list (e.g., VASP lists maintained by each jurisdiction where available), beneficial ownership registers and other examples mentioned in the BCBS
General Guide on Account Opening.
154. Note that the FATF does not intend for an asset to be both a VA and a financial asset at the same time. There may, however, be instances where the same asset will be classified differently under different national frameworks or the same asset might be regulated under multiple categories. When determining if a new digital asset should qualify as a financial asset or a VA, authorities should consider whether their existing regime governing financial assets or their regime for VAs can be appropriately applied to the new digital assets in question. For example, if the asset in question is the functional digital equivalent of a bearer share (e.g., in the case of transferable tokens), authorities should consider how the mitigation measures in the relevant regime would apply to it. One option for countries in this regard would be to apply the mitigating measures regarding bearer shares in Recommendation 24.
18. APPLICABILITY OF RELEVANT REGULATORY REGIMES
155. Where information on basic and beneficial ownership exists within a regulated institution or a recognised stock exchange countries may permit these entities to utilise such information for the purpose of complying with obligations to ensure that the beneficial ownership of a company is adequate, accurate and up-to-date and can be determined in a timely manner by a competent authority on basic and beneficial ownership.
156. When determining which of the aforementioned entities can utilise such information, countries must have regard to the following factors:
a) Information held by a recognised stock exchange: countries may permit entities to utilise information held on a recognised stock exchange subject to the processes in place in the exchange.
b) Information held by FIs and DNFBPs: countries should consider the extent to which entities in their jurisdiction and other jurisdictions hold reliable basic and beneficial ownership information. If this information is held by entities that are effectively supervised in line with the FATF Guidance on risk-based supervision, countries may permit entities to utilise that information.
Information held by stock exchanges
157. In considering whether information held on a stock exchange can be used for complying with obligations to ensure that the basic and beneficial ownership of a company is adequate, accurate and up-to-date and that it can be determined in a timely manner by a competent authority, countries should consider the extent to which exchanges have processes in place in order to determine the accuracy of basic and beneficial ownership information. This should involve suitable mechanisms to ensure adequate transparency of beneficial ownership (e.g., sanctions in case of violation of shareholder and BO reporting). Following are some of the considerations that countries may take into account:
a) For listed companies, beneficial ownership information may also be available as part of publicly accessible corporate information (such as annual reports). This could qualify as supplementary measures (see section 12).
b) In some jurisdictions, listed companies may be subject to comprehensive stringent disclosure requirements. Where stock exchanges have processes in place to ensure that basic/beneficial ownership information is adequate, accurate and up-to-date, publicly available current information on shareholder and beneficial ownership may be sufficient.
Trust and company service providers (TCSPs)
158. TCSPs play an important role in undertaking CDD on their clients both during the establishment of corporate vehicles and their ongoing management. In many countries, trust and company services (such as company formation and management) are offered by a range of different types of entities, including regulated professionals, such as lawyers and accountants. Although lawyers and accountants may be subject to regulation of their primary profession or business in some countries, the provision of company services is one area where criminals may seek to engage such professionals to conceal beneficial ownership, warranting specific regulatory oversight. As well, in many countries, trust and company services are also offered by other companies that specialise in providing trust and company services, but which may not be regulated in relation to their profession or business. If there is no specific AML/CFT regulation and a designated supervisor, such specialists may be left unregulated.
159. Another common challenge is that, even where legal professionals and TCSPs are subject to AML/CFT requirements, deficiencies often exist in how the CDD obligations with respect to beneficial ownership are being implemented. Supervision for compliance with these requirements is often ineffective. To address these issues, countries should ensure that all legal professionals and TCSPs are required to conduct CDD pursuant to Recommendation 22.
160. Countries should have regard to the abovementioned Risk-based Approach Sectoral Guidance when considering if entities can utilise information held by TCSPs as reliable information for determining basic and beneficial ownership about a legal person.
Issues relating to the legal profession
161. Because the legal profession often act as trustees, nominees, or both, practical issues relating to legal professional privilege can arise when lawyers have AML/CFT obligations. Indeed, the right of a client to obtain legal representation and advice, be candid with their legal adviser and not fear later disclosure of those discussions to their prejudice is an important feature of the legal profession.
162. The scope of legal professional privilege and legal professional secrecy is often contained in constitutional law or is recognised by common law and is tied to fundamental rights laid down in treaty or other international obligations.
163. The scope of legal professional privilege and legal professional secrecy depends on the constitutional and legal framework of each country, and in some federal systems, of each state or province within the country. In addition, the scope of legal professional privilege and legal professional secrecy, and the associated obligations, may also vary across different types of legal professionals within a country and the types of services being offered.
164. However, investigators have found that a frequent obstacle to accessing information about corporate vehicles is the use of legal professional privilege and professional secrecy to refuse to divulge information relevant to the ownership and control of a corporate vehicle.
165. This is appropriate when such claims are made correctly and in accordance with the law. However, some of the case studies show that occasionally extremely wide claims of privilege are made that exceed the generally understood provisions of the protections within the relevant country. To help address these issues, competent authorities and professional bodies should work to ensure that there is a clear and shared understanding of the scope of legal professional privilege and legal professional secrecy in their own country.
166. In particular, countries should ensure that there is a clear understanding of what is, and what is not covered to ensure that investigations involving suspected corporate vehicles are not inappropriately impeded.
Issues relating to fit and proper tests for FIs/DNFBPs/VASPs
167. Licensing authorities and/or supervisors should take necessary measures to ensure that criminals or their associates are prevented from holding or being the beneficial owner of a significant or controlling interest, or from holding a management function of FIs, DNFBPs and VASPs. This can be achieved, for example, through fit and proper tests, which should be carried out both at the licensing/registration stage and on an ongoing basis thereafter, including, if there are any changes to the ownership/control structure. FIs, DNFBPs and VASPs should provide adequate, accurate and up-to-date information on their beneficial owners to relevant authorities, including at the licensing or registration stage. Supervisory measures to ensure compliance with fit and proper tests may include, as appropriate, suspension of voting rights, requesting the selling of shares, and other actions against shareholders that are not fit and proper, or refuse to provide information upon request.
19. INTERNATIONAL CO-OPERATION
168. Corporate networks set up illicitly to hide the origin of proceeds of crime are often multi-jurisdictional. Effective international cooperation, as set out in FATF Recommendations 37 and 40, requires access, through the full cooperation of jurisdictional authorities, to accurate information on beneficial owners in the context of an international ML/TF investigation. Countries where legal persons are established should be able to obtain basic and beneficial ownership information (even on those beneficial owners residing abroad). In turn, those countries where beneficial owners reside need to respond to requests to identify the beneficial ownership of legal persons.
To ensure that there is a practical level of international cooperation, Recommendation 24 contains specific requirements to provide cooperation on identifying the beneficial ownership or legal persons, including:
a) facilitating access by foreign competent authorities to basic information held by company registries (e.g., by making this information available online, or if it is not available online, by having an efficient mechanism through which foreign authorities can request information)
b) exchanging information on shareholders (including when it is held by the company or stock exchange) to enable foreign authorities to quickly move along a chain of legal ownership
c) using their competent authorities’ powers to obtain beneficial ownership information on behalf of foreign counterparts (e.g., at the request of foreign competent authorities, not only when conducting their own investigations).
169. The exchange of information with a foreign counterpart should avoid unduly restrictive conditions for accessing information, subject to internationally agreed standards. What could be considered as “an unduly restrictive conditions on the exchange of information or assistance” may include, inter alia, the refusal of requests for assistance on the grounds that they involve a fiscal, including tax, matters, or on the grounds of bank secrecy.
170. The point(s) of contact, agency or registry information and procedure in accessing or requesting this information, should be made publicly available (e.g., online) or through specific posted guidance on procedures.
171. Countries should have mechanisms in place to identify and describe the different types, forms and basic features of legal persons in the country. In addition, basic and/or beneficial ownership information held by various registries or alternative mechanism may be publicly available and accessible online.
172. Law enforcement and other competent authorities should expect to find most of the basic information publicly available. Countries should publicise instructions on how to make a formal request for additional information, such as through mutual legal assistance, should that remain necessary.
173. To facilitate efficient and rapid exchange of beneficial ownership information across borders, countries should make contact information for receiving and responding to requests publicly available. Countries should designate the appropriate agency(ies) (e.g., ministries or agencies with registry jurisdiction) responsible for receiving and processing foreign requests for beneficial ownership information and provide clear guidance to foreign counterparts on the process for requesting information with clear requirements, as well as any restrictions, for the requested information. Countries need to have in place an adequate internal procedure for interagency cooperation amongst relevant competent authorities in processing such requests. A defined, reasonable response time should be transparently reflected in the procedure.
174. Countries should monitor the quality of the assistance which they receive from other countries.
Derren works with International Entrepreneurs, Expats and Investors who are exposed to multiple jurisdictions. Tax optimization. Asset Protection. Compliance Obligations. Strategies include second citizenships, second residencies, trusts, foundations, insurance wrappers and other offshore structures.
Skip to content 
BENEFICIAL OWNERSHIP OF LEGAL PERSONS
The Financial Action Task Force (FATF) is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and the financing of proliferation of weapons of mass destruction. The FATF Recommendations are recognised as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard.
For more information about the FATF, please visit www.fatf-gafi.org
This document and/or any map included herein are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area.
Acknowledgements
This updated Guidance document is based on the work of the following Drafting Group members and benefited from consultation with a range of private sector stakeholders.
The Drafting Group received significant contributions from Alexander Peschetz and Christian Reisenhofer (Austria), Michela Maggi, Chiara Bacci and Bernadette Rapp (European Commission), Violaine Biafora and Thibaut Herrero (France), Richard Berkhout, Francisca Fernando and Jonathan Pampolina (IMF), Karan Choudhary and Nikhil Varma (India), George Pearmain and Helen De La Cour (Jersey), Hans Avinder and Mark Lai (Singapore), Patricia Matthews-Steck and Ariane Ernst (Switzerland), Dylan Bage and Stephen Webster (UK), Young Lee and Zaib Rasool (US), Melissa Tullis and Sol Krause (UNODC), and Emile Van Der Does De Willebois (World Bank). Tanna Chong, Ashish Kumar and Inês Oliveira from the FATF Secretariat supported the work.
1. INTRODUCTION
1. Corporate vehicles such as companies, trusts, foundations, partnerships, and other types of legal persons and arrangements conduct a wide variety of commercial and entrepreneurial activities. Despite the essential and legitimate role that corporate vehicles play in the global economy, their unique legal status also lends them to be used in complex schemes designed to conceal the true beneficial owners and, in many respects, the real reason for holding assets and conducting transactions. Corporate vehicles can be misused for various illicit purposes, including money laundering (ML), bribery and corruption, insider dealings, tax fraud, terrorist financing (TF), sanctions evasion and other illegal activities. For criminals trying to circumvent anti-money laundering (AML) and counter-terrorist financing (CFT) measures, corporate vehicles are an attractive way to disguise their identity and conceal the origin and/or destination or ultimate purpose of funds through manipulation of the financial system.
2. The misuse of corporate vehicles can be significantly reduced if information regarding both the legal owner and the beneficial owner, the source of the corporate vehicle’s assets, and its activities becomes available to the authorities in a timely manner. In general, the lack of adequate, accurate and up-to-date beneficial ownership information facilitates ML/TF by disguising:
3. Beneficial ownership information can be obscured through, for example, shell companies, complex ownership and control structures involving many layers of shares registered in the name of other legal persons, bearer shares and bearer share warrants, unrestricted use of legal persons as directors, formal nominee shareholders and directors where the identity of the nominator is undisclosed, informal nominee shareholders and directors, such as close associates and family.
4. Legal and beneficial ownership information can assist competent authorities, in particular law enforcement authorities and financial intelligence units (FIUs), by identifying those natural persons who may be responsible for the underlying activity of concern, or who may have relevant information to further an investigation. This allows the authorities to “follow the money” in financial investigations and financial intelligence involving suspect or potentially suspect accounts/assets held by corporate vehicles. In particular, beneficial ownership information can also help locate a given person’s assets within a jurisdiction. Enhancing the transparency of legal persons makes them less attractive for criminals. The legal persons themselves, financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs) also play an important role in enhancing transparency by obtaining beneficial ownership information, which helps prevent their misuse in the financial system. However, it could be challenging to ensure that the beneficial owner information is adequate, accurate and up-to-date, particularly when the ownership chain involves legal persons and legal arrangements spread across multiple jurisdictions, or complex networks comprising multiple layers of corporate vehicles. The lack of such information of legal persons by law enforcement, FIUs and other competent authorities is a significant impediment to investigation and the production of financial intelligence.
Revisions to Recommendation 24
5. To tackle these issues, the Financial Action Task Force (FATF) established the first international beneficial ownership transparency standard in 2003 and strengthened it in 2012. To respond to the significant misuse of legal persons for money laundering, terrorist financing, and also for proliferation financing in a number of jurisdictions, the FATF has recently strengthened the international standards on beneficial ownership of legal persons, to better prevent and deter the misuse of legal persons. The changes also respond to the outcomes of FATF Mutual Evaluations which show a generally insufficient level of effectiveness in combating the misuse of legal persons for ML/TF globally.
6. The revised Recommendation 24 explicitly requires countries to use a multi-pronged approach, i.e., to use a combination of different mechanisms, for collection of beneficial ownership information to ensure that adequate, accurate and up-to-date information on the beneficial ownership of legal persons is available and can be accessed by the competent authorities in a timely manner. To the extent that such information is made available to FIs and DNFBPs, it may help them to implement the customer due diligence (CDD) requirements on corporate vehicles including in relation to the requirement to identify the beneficial owner, identify and manage ML/TF risks, and implement AML/CFT controls and measures based on those risks (including suspicious transaction reporting and sanctions implementation requirements).
7. The revisions to Recommendation 24 also require countries to follow a risk-based approach and consider the risks of legal persons in their countries, not only those posed by legal persons created in their countries, but also by foreign-created legal persons with sufficient links with their country. The changes also specify that access to information by competent authorities should be timely, and information should be adequate for identifying the beneficial owner, accurate – based on verification, and up-to-date. The changes also include stronger controls to prevent the misuse of bearer shares and nominee arrangements.
8. Other international bodies are also taking concrete action to promote the transparency of corporate vehicles. G20 Leaders made their commitments to effectively implement the FATF standards on beneficial ownership. G7 countries also committed to implementing and strengthening registries of company beneficial ownership information in their respective jurisdictions. In addition, the OECD and the World Bank both developed resources in assisting countries to assess risks related to beneficial ownership transparency and implement beneficial ownership framework for meeting international standards. Finally, IMF lending, including IMF emergency financing related to COVID-19 routinely includes measures or commitments related to transparency of beneficial ownership in relation to procurement contracts.
9. The purpose of the FATF standards on transparency and beneficial ownership is to prevent the misuse of corporate vehicles for money laundering or terrorist financing. However, it is recognised that these FATF standards support the efforts to prevent and detect other designated categories of offences such as tax crimes and corruption. In this respect, the measures that countries implement to enhance transparency in line with the FATF Recommendations may provide a platform to more effectively address serious crimes such as corruption, as well as to meet obligations under other international conventions.
10. Beyond the Recommendations, in response to the challenges faced by countries in achieving beneficial ownership transparency of legal persons, the FATF earlier developed a guidance in 2014, as well as a best practice paper to assist countries in their implementation of Recommendation 24, and also Recommendation 1 as it relates to understanding the ML/TF risks of legal persons and legal arrangements. This is an updated version of the guidance in respect of legal persons, following the adoption of amendments to Recommendation 24 and its Interpretive Note in March 2022; FATF is addressing the transparency of legal arrangements separately.
Target Audience and Purpose
11. The audience of this guidance is primarily policy makers and practitioners in national authorities, as well as private sector stakeholders, such as financial institutions, DNFBPs and companies, which are required to comply with national AML/CFT requirements based on the FATF standards. The purpose of this guidance is to assist policy makers and practitioners to identify, design and implement appropriate measures to prevent the misuse of legal persons in line with the FATF standards. As for the private sector stakeholders, the guidance explains the connection between specific transparency measures and CDD measures, and it may be useful to companies, FIs and DNFBPs in their implementation of AML/CFT preventive measures.
12. The updated guidance focuses primarily on Recommendation 24, i.e., beneficial ownership transparency of legal persons. As regards legal arrangements as covered under Recommendation 25, the 2014 guidance should be referred to until the subsequent update of guidance.
13. This guidance is non-binding and does not override the purview of national authorities. It is intended to complement existing FATF guidance and other ongoing work by building upon the available research, including relevant FATF typologies reports, and the experiences of countries. It also takes into account work being undertaken by other international bodies, which are focusing on ensuring the transparency of corporate vehicles.
14. In addition, the following guidance documents published by the FATF should continue to apply. Countries, FIs and DNFBPs should also refer to these guidance documents when considering measures to comply with the requirements under Recommendation 24.
2. UNDERSTANDING AND ASSESSING THE RISKS ASSOCIATED WITH LEGAL PERSONS
Domestic legal persons
15. As a starting point, countries must understand the legal persons that can be incorporated under the laws of their jurisdiction and the associated ML/TF risks. Specifically, countries should have mechanisms to:
Foreign legal persons
16. Moreover, countries should identify and assess the ML/TF risks to which they are exposed in relation to foreign legal persons, which have sufficient links to the country, and take appropriate steps to manage and mitigate the risks they identify. Countries may determine what constitutes a sufficient link for a legal person not created in the country on the basis of risk, but indicatively such a sufficient link could, for instance, be said to exist when the legal person:
Risk assessment
17. Countries should conduct a comprehensive risk assessment of all types of legal persons, taking into consideration the relevant legal and regulatory contextual issues specific to the country, and the particular international threats and vulnerabilities that the country faces. This may be a standalone assessment or form part of the broader assessment of the ML/TF risks in the country.
18. As part of the risk assessment, steps which countries can consider include, but are not limited to:
19. When assessing the risks associated with different types of legal persons, countries should also consider the exposure to risks stemming from legal persons created in foreign jurisdictions (e.g., high-risk jurisdictions subject to a call for action or under increased monitoring of the FATF, or jurisdictions subject to economic or financial sanctions, embargoes or similar measures that are related to terrorist financing and issued by organisations such as the UN), and types of service providers involved.
20. Such an assessment of risks may be undertaken at the national, supra-national or sub- national levels, with the ultimate aim of informing the risk assessment at the national level.
Risk mitigation
21. Countries should take appropriate steps to manage and mitigate the risks identified in the risk assessment. To enable this, it is advisable that the risk assessment involves sufficient analysis of the sources, nature, and the extent of risk involved.
22. The following illustrates some preventive measures that may be taken by countries to mitigate risks:
Understanding and addressing cross-border risks
23. Complex company structures that span across multiple jurisdictions can be associated with higher risks. In the context of criminal misuse of such structures, it is commonly observed that such corporate networks deliberately split company formation, asset ownership/administration, location of professional intermediaries, and location of bank accounts across different countries in order to evade regulations. Such cross- border nature of corporate network makes it more difficult for authorities in any single jurisdiction to understand the full picture of abuse of their domestic legal structures for money laundering, terrorist financing, and predicate crimes. It is therefore important for countries to include consideration and analysis of different types of cross-border risks in their risk assessment.
Sharing and disseminating results of the risk assessment
24. The results of the risk assessment should be shared widely among competent authorities. With necessary redactions for any sensitive information taking into account their information sharing/disclosure laws, countries should also share results with key private sector partners to strengthen enforcement, and with key civil society and academic partners to advance knowledge about risks, consistent with Recommendation 1. Countries can also consider maintaining periodic/ongoing dialogue between public and private sector stakeholder on risk assessments and sharing of typologies.
25. To advance international exchange and increase understanding of common risk factors related to abuse of legal persons, countries may consider making results of their assessment (in full or in part) publicly available, with any necessary redactions.
3. BASIC INFORMATION
Company registries
26. All companies created in a country should be registered in a company registry. Countries should ensure, as a necessary prerequisite for the identification of beneficial ownership, that basic information on companies is obtained and recorded by the company registry. This should include the following:
27. This information held by the company registry should be made publicly available. With respect to tax identification number (or equivalent), in countries where this information is obtained and recorded by another public body instead of a company register, there may be certain legal limitations to whether this information can be made publicly available.
28. The role of company registries varies greatly between countries, as does the level and quality of information obtained on companies. Countries should be aware of any issues that could negatively impact the reliability of the information contained in the company registry. For example, a number of company registries play a passive role, acting as repositories of information or documents, rather than undertaking checks or other measures to ensure that the information they receive is accurate. Additionally, in many countries, company registry information is not always reliably kept up to date. Where these issues exist, countries should consider taking measures to enhance the reliability of information contained in their company registry.
Companies
29. Companies should be required to obtain and record basic information as set out in the following, some of which is the same as that recorded by the company registry as discussed above:
30. This information can be recorded by the company itself or by a third person under the company’s responsibility. The information should be maintained by the company within the country, either at its registered office or at another location notified to the company registry. However, if the company or company registry holds beneficial ownership information within the country, then the register of shareholders need not be in the country, provided that the company can provide this information promptly on request.
4. BENEFICIAL OWNERSHIP INFORMATION
31. Countries should ensure that there is adequate, accurate and up-to-date information available on the beneficial ownership and control of legal persons. A beneficial owner is defined as follows:
32. Beneficial ownership information of legal persons is the information on the identities and extent of the control exercised over a legal person of:
33. In situations where a beneficial owner cannot be identified, the Glossary sets out that reporting entities identify a natural person who holds the position of senior managing official and record him/her as holding this position (as per R.10). As clarified in the Glossary, this provision of R.10 does not amend or supersede the definition of who the beneficial owner is but sets out how CDD should be conducted in situations where no beneficial owner can be identified. This should apply to all applicable approaches in collecting beneficial ownership information (see section 5 on multi-pronged approach).
34. When collecting beneficial ownership information, reasonable measures should be taken to verify the identity(ies) of such persons, and their status as a beneficial owner (see section 7 on accurate information). A risk-based approach should be adopted in determining the reasonableness of the verification measures (see section 7 on verification measures).
Distinction between legal ownership and beneficial ownership
35. Legal ownership and beneficial ownership over a legal person are two separate concepts. A natural person may be considered a beneficial owner on the basis that he/she is the ultimate owner/controller of a legal person, either through his/her ownership interests or through exercising ultimate effective control through other means. While legal ownership and beneficial ownership can overlap, the legal title or controlling shareholding of a company may be in the name of an individual or a legal person other than the beneficial owner who ultimately controls the entity, directly or indirectly. Accordingly, individuals who exercise ultimate control over a legal person should be identified as beneficial owners, regardless of whether they own shares above any specified minimum ownership threshold.
36. Countries should consider various types of ownership interests and ways to exercise control over a legal person that exists within their jurisdiction, pursuant to commercial and administrative law, including voting rights, economic rights, convertible stock or outstanding debt that is convertible into voting equity. They should also consider ownership interests and ways to exercise control as the two aspects may have evolved in practice.
Beneficial ownership through ownership interests
37. Countries may use an ownership threshold to determine beneficial ownership based on ownership interests, e.g., any natural persons whose direct or indirect ownership reaches a certain percentage of shares in a company. Such a threshold should not exceed a maximum of 25%. Countries may consider combined ownership interests (e.g., shareholders working together).
38. Considerations for determining an appropriate minimum threshold for reporting requirements may include the level of ML/TF risk posed by the relevant type of legal person, sector of operation, complexity of ownership/control structure, among other possible risk factors. A risk assessment would not be needed for each application of a threshold on a case-by-case basis. A higher ML/TF risk could signal the need for a lower ownership threshold as one possible measure to mitigate such risks (see section 2 on risk assessment). In order to avoid leaving a disclosure regime vulnerable to loopholes, low thresholds could enable authorities to capture more information on those with ownership or control over corporate vehicles, while also increasing identification efforts.
39. Risk factors should be identified through a risk assessment of legal persons, based on the ML/TF threats and vulnerabilities to which that jurisdiction is exposed (see section 2 on risk assessment). Specific risk factors vary based on a jurisdiction’s legal framework, the quality of enforcement of AML/CFT regulations, the quality of supervision of FIs and DNFBPs (especially, TCSPs), and sectoral and geographical risks, among others. Under some circumstances, the results of the risk assessment may lead countries to apply different thresholds e.g., across different sectors of the economy or for different types of legal persons.
40. The following are examples of considerations that countries may consider when setting domestic regulation regarding threshold:
41. Ownership interests may be held directly or indirectly, for example through a chain of corporate vehicles or through nominee shareholders. More than one natural person can be a beneficial owner of a given legal person, based on ownership interests above a minimum threshold. For example, if a 20% threshold is adopted, five individuals each owning 20% of shares would all be considered beneficial owners.
42. Sometimes, ownership interests can be so diversified that there is no single shareholder, whether acting alone or together with other shareholders, who exercises control of the legal person through ownership. For example, if a threshold of 20% is adopted (based on the jurisdiction’s assessment of risk), a company with as few as six shareholders can have no shareholder owning a share above the minimum threshold, then no shareholder would fall under the reporting requirements based only on the application of an ownership threshold.
43. Shareholders may exercise control on the company based on their ownership alone or together with other shareholders, including through any contract, understanding, relationship, intermediary or tiered entity. Shareholders may collaborate to increase the level of control through formal or informal agreements, or through the use of nominee shareholders. Control structures may be identified through relevant company documents.
44. Countries should prioritise clarity and practicality in the implementation of the concept of ownership interest to determine beneficial ownership and apply rules that are workable and enforceable for companies and other legal persons administered in a country.
Beneficial Ownership through Control/Other Means (“beyond the threshold”)
45. The application of an ownership threshold is not the only way that beneficial ownership should be determined under the FATF definition, which encompasses both concepts of ownership and control over a legal person. The following considerations may also be relevant:
Beneficial ownership in respect of different types of legal persons
5. A MULTI-PRONGED APPROACH TO BENEFICIAL OWNERSHIP INFORMATION
46. Countries’ experience shown in FATF mutual evaluations suggested that a multi-pronged approach using several sources of information is more effective than using a single approach in preventing the misuse of legal persons for criminal purposes and implementing beneficial ownership transparency measures, as the different approaches supplement each other and lead ultimately to better quality information. A variety and availability of sources enhances access to information and helps mitigate accuracy problems with individual sources (this could include technology-based solutions).
47. The core of a multi-pronged approach combines information held and/or supplied by companies themselves and information held by, or on behalf of, public authorities in a registry, or alternative mechanism if it ensures rapid and efficient access to beneficial ownership information for competent authorities, and any additional measure as necessary. The three pillars of ensuring that beneficial ownership information is adequate, accurate and up-to-date are equally important, and none should be prioritised at the expense of the other. To effectively implement the multi-pronged approach, it is important to ensure that the responsibilities of various parties are clear.
48. Following the revision to Recommendation 24 in March 2022, the standards provide for a multi-pronged approach including as a minimum (1) a company approach and (2) a registry or alternative mechanism, and 3) any other supplementary sources of information, as necessary, commensurate to the risks faced by the jurisdiction. Under the multi-pronged approach, the use of CDD information obtained and maintained by FIs/DNFBPs pursuant to Recommendations 10 and 22, as an alternative mechanism or additional supplementary measure is further described in sections 11 and 12. Supplementary information could also include basic and beneficial ownership information held by regulators or stock exchanges. Countries may decide the precise measures in their national systems based on their own context, materiality and risks.
49. Countries could consider enabling competent authorities involved in collecting beneficial ownership information to be able to access and exchange information on beneficial ownership. Countries are also encouraged to extend this access and exchange of information to other sources of beneficial ownership information to further strengthen cross-checking and verification. Countries may consider extending these responsibilities further beyond simply identifying errors in and improving the quality of basic and beneficial ownership information and be used to help inform the national understanding of current and emerging risks.
50. In addition, countries should also ensure adequate powers to compel the production of financial records and obtain evidence in the context of an investigation, which enables authorities to determine in a timely manner whether a company has or controls accounts with a financial institution within the country.
6. ADEQUATE BENEFICIAL OWNERSHIP INFORMATION
51. The Interpretive Note to Recommendation 24 requires countries to have mechanisms in place that ensure that basic information and beneficial ownership information is adequate, including information provided to the company registry and any available information referred to in paragraph 7 of the Interpretive Note to Recommendation 24.
52. With regard to the identity of the natural person who is the beneficial owner, the Interpretive Note provides examples of information, which countries should consider recording. While the Interpretive Note to Recommendation 24 does not provide any qualification or ranking of the above mentioned information, some information may be considered as necessary in order to identify a person (e.g., first and last name, nationality(ies) and date of birth), while other information may be useful to further confirm the identity of a person, such as a unique national identification number (e.g., an internal administration number, a tax registration number, an identity number or a social security number), passport number and document type, place of birth and residential address, and the tax identification number or equivalent in the country of residence.
53. Similarly, with regard to the means and mechanisms through which the natural person(s) exercises beneficial ownership (whether through ownership or control), some information may be considered as necessary in order to identify such means and mechanisms (e.g., type of participation, voting rights or control through other means) and the scope (e.g., an indication of percentage of shares, voting rights or other form of control) of the beneficial interest. Other information that may be useful to further confirm such means and mechanisms could include information on more than one form of beneficial ownership (e.g., through both ownership and control, if applicable), information on legal intermediaries or legal entities involved in the chain (i.e., those controlled directly by the beneficial owners); information on whether the beneficial owner is involved in any nominee relationship (see section 15 on nominees); and information on whether the beneficial owner’s interest in the legal person is held
directly or indirectly.
54. In relation to foundations and comparable legal persons, countries may consider recording the relevant position/role (e.g., founder, beneficiary and member of the management) of the natural person(s).
7. ACCURATE INFORMATION – MEANS OF VERIFICATION OF BENEFICIAL OWNERSHIP INFORMATION
55. Following the identification of the beneficial owners, this information should be verified. Verification is a combination of checks and other processes that a country should adopt at the various stages to ensure that the beneficial ownership data is accurate (Interpretive Note to Recommendation 24 paragraph 9). Verification applies to all prongs of the multi-pronged approach, and there are some principles that would apply to all prongs, which are described below. Verification may require professional expertise and the means of verification would depend on the approach in holding beneficial ownership information. The objective should be that the overall mechanisms established by a country ensure accuracy of beneficial ownership information and provide a degree in consistency of information across different sources.
56. Verification of the beneficial ownership information could typically involve a review of documents submitted (e.g., share certificates, shareholder register, board meeting resolutions, and power of attorney documents). Verifying beneficial ownership information could also include, depending on the level of risk, manual or automated cross-checks with relevant government and other available databases (e.g., population or national identity registers, taxpayers identification register, vehicles and land registries).
57. Verification of beneficial owners may take place during various processes, depending on the approach to holding beneficial ownership information, although each approach that countries choose as part of the multi-pronged approach should include verification:
a) By companies under the companies approach (see section 9).
b) By authority(ies) or body(ies) responsible for the beneficial owner register under the registry approach (see section 10).
c) By entities responsible for providing beneficial ownership information under the alternative mechanism (see section 11).
d) By entities involved in any additional supplementary measures that are necessary to ensure that the beneficial ownership of a company can be determined, including e.g., information held by regulators or stock exchanges; or obtained by FIs and DNFBPs in accordance with Recommendations 10 and 22 (see section 12).
58. Whereas the means of verification may vary for each prong, it is important that the criteria for identifying a beneficial owner applied to the different prongs are consistent with relevant applicable requirements (in particular those applied to CDD pursuant to Recommendation 10 or 22). Depending on the countries’ specific level of risks, verification measures may comprise the following two components:
a) Verification of identity: Appropriate steps should be taken to verify the identity of any natural person(s) recorded as a beneficial owner.
b) Verification of status: Appropriate steps should be taken to verify the basis of identification of a person as a beneficial owner.
59. The goal of putting in place a clear mechanism for verification of beneficial ownership information is to reduce risks of inaccurate information and allow enforcement of beneficial ownership reporting rules. However, this does not imply a zero-failure approach. It is a process aimed at increasing confidence that information on ultimate ownership and control is reliable and that obvious errors, falsehoods or inconsistencies are spotted and corrected in a systematic manner. Countries may consider automated checks where possible to minimise the burden of verification and increase timeliness of processing.
60. Countries should adopt a risk-based approach to verification. In cases of higher risk (e.g., companies with complex structures across multiple jurisdictions, the existence of nominee directors or shareholders, entities identified as high-risk in a risk assessment, entities with a history of reporting inaccurate beneficial ownership information or where sufficient documentation may not be obtained), the extent and/or frequency of verification measures should be enhanced. In other cases, such as a micro company whose legal owner, director and beneficial owner are all the same person, countries may decide, based on risk, that verification measures may be adjusted (e.g., only request verifying identity).
61. Enhanced verification mechanisms can also be used to detect inaccuracies in reported beneficial ownership information and/or deliberate concealment, such as undisclosed nominee relationships. Such checks of a more investigative nature may be conducted by law enforcement authorities. In countries which require engagement of a professional intermediary for formation of legal persons, regulated professional intermediaries may be required to perform such enhanced checks.
62. Regardless of the mechanisms used upfront, countries may also require a declaration that the information disclosed at the time of submission is truthful and complete. While the declaration would put the primary burden of providing truthful information on the party making the submission, this should not replace the various verification efforts by the receiving end of information.
Verification of Identity of the Beneficial Owner
63. In the identity verification processes appropriate steps should be taken to prove that a natural person, who has been identified as a beneficial owner, actually exists and is who they claim to be, e.g., through a review of government-issued identity documents. An identity is a combination of “attributes” that belong to a person, e.g., name, date of birth and nationality. In order to verify the identity, in cases where there is a suspicion that the evidence of identity has been falsified or stolen, or of presence of any other related risks, steps should be taken to check whether the claimed identity belongs to the person presenting the evidence. This may entail asking a person to present government-issued evidence of their identity (such as a passport or driver’s licence). Such verification could also be done by an automated exchange of data with a reliable national system such as a residence register, tax register, passport database or electoral information. The verifying party may rely on such an exchange, if it provides the same level of assurance.
64.When verifying a person’s identity, the robustness of the evidence must be considered. This relates to the amount and reliability of independent source data, document or information provided, and a risk-based approach should apply. For verifying the identity of a beneficial owner located abroad, the receiving end of beneficial ownership information should take steps to verify the authenticity of legal documentation provided from abroad.
65. While a person’s identity would not normally vary over their lifetime, the information may require updating upon expiry of identity documents or change of nationality (see section 7 on up-to-date information). In that event, the person has the onus to update the information which should be subject to verification. There should also be sufficient safeguards and data security to ensure that the verified identity could not be stolen or impersonated (e.g., secured portal).
Verification of Status of the Beneficial Owner
66. Depending on the level of risk, verification of the status of the beneficial owner can include but is not limited to the following elements:
i. Does the person identified as the beneficial owner have ownership, voting rights or control rights in the legal person, such that they meet the definition of a beneficial owner?
ii. Is the person identified as the beneficial owner actually exercising the rights associated with the level of ownership and/or control in practice, in his/her own name or is the person exercising those rights under instruction from, or by agreement with, an undisclosed third party?
iii. Whether the identified beneficial owners are consistent with the structure and risk profile of the legal person?
67. As the status of a beneficial owner may change over time, even down to the nature of control, the information should continue to be verified (instead of simply relying on the checks carried out at the point of incorporation), in line with the requirements for this information to be up-to-date as discussed in section 8 of this guidance. The historical information collected over time would also be useful to national authorities, FIs or DNFBPs (see section below on discrepancy reporting).
Discrepancy Reporting Mechanisms
68. To support the accuracy of beneficial ownership information, countries may consider putting in place discrepancy reporting mechanisms as a complementary measure on the basis of risk, materiality, and context of the countries. Discrepancy reporting, if applied (most likely in respect of a register/alternative mechanism), should serve to complement the verification measures to various mechanisms outlined above; it should not replace them.
69. Discrepancy reporting generally allows authorities and entities with access to beneficial ownership data to report to the body holding beneficial ownership information of legal entities if the information the former hold is different from that held by the latter. While discrepancy reporting can help enhance the accuracy and completeness of information on beneficial ownership of legal entities, any of these obligations imposed on the reporting end will give rise to resource implications. Countries can develop processes or procedures to minimise administrative burden in discrepancy reporting to particular situations where there is a potential for reporting by both FIs/DNFBPs and the customer/client.
70. As such, when putting in place a discrepancy reporting mechanism, countries may consider the below relevant factors.
a) Access by reporting entities to information: Parties required to report discrepancies (FIs/DNFBPs or other obliged entities as defined by the country) would need access to the beneficial ownership information held in a registry/alternative mechanism, so that they can report differences (accuracy and completeness) between the registry/alternative mechanism and their client information collected as part of CDD obligations.
b) Materiality of discrepancy: As volume of reported discrepancies may be very high, to optimise the amount of resources used by both reporting entities in filing reports and by receiving end in handling them, countries should clearly define the material threshold for discrepancies which should be reported. For instance, focus is usually put on factual errors, not typing mistakes or spelling errors.
c) Adjudicating discrepancy reports and feedback system: Countries should consider implementing a system to review and adjudicate discrepancy reports in a fair and efficient manner, with emphasis on due process and risk-based approach. Companies and other legal entities should be informed at the appropriate time of the reported discrepancies (with reasons) so that data can be rectified in a timely manner. Upon resolving a difference, countries should consider notifying the reporting entity so that all information would be aligned.
d) Record-keeping: Countries should consider properly recording discrepancy reports made (e.g., shown in excerpts of the register/alternative mechanism), so that potential users of this information are aware that this data might not be adequate, accurate or up-to-date. In particular, this information, if made accessible to the competent authorities, could be helpful. From a broader management perspective, countries may consider monitoring the number of discrepancy reports and the reasons for them.
e) Privacy considerations: Discrepancy reports very likely would contain personal data. Countries should take into account data privacy laws, client confidentiality, and other relevant concerns when seeking to implement discrepancy reporting mechanisms. For instance, safeguards should be made to prevent data leakage.
8. UP-TO-DATE BASIC AND BENEFICIAL OWNERSHIP INFORMATION
71. The Interpretive Note to Recommendation 24 states that countries should have mechanisms to ensure that basic and beneficial ownership information is as current as possible, and is updated within a reasonable period (e.g., within one month), following any change or the identification of outdated information. To avoid ambiguity, countries should establish a clear and practical framework that supports the updating of beneficial ownership information within a reasonable period. The framework should specify the meaning of “a reasonable period” and how the framework will be enforced for each approach used by the country to keep up-to-date beneficial ownership information.
72. The Standards provide a degree of flexibility to enable countries to determine the appropriate “reasonable period” for updating beneficial ownership information, in accordance with their risk and context, and taking into account their institutional setup and other domestic circumstances.
73. Countries may face practical hurdles in implementing this requirement, and these may warrant the need for more time to ensure that beneficial ownership information is kept up-to-date. These may include specific situations where the BO cannot be clearly identified or contacted quickly (e.g., cases of force majeure, or when the records become unavailable due to IT failures) or where the BO fails to respond to reminders or can no longer be reached at the known address.
74. Countries should consider identifying these practical hurdles and/or specific situations and how they may hinder beneficial ownership information from being kept up-to-date for each mechanism used by the country to maintain beneficial ownership information. Where relevant, countries should also consider specifying a period which is as short as practicable, with appropriate and justifiable measures that have the effect of adequately mitigating or overcoming these practical hurdles.
75. As a best practice to ensure that information is kept up-to-date, countries may consider requiring companies, as well as the other mechanisms used to ensure that competent authorities have timely access to adequate, accurate and up-to-date information, to periodically validate their beneficial ownership information on a risk-based approach, such as by reviewing or verifying the information that they hold. Such regular validation could contribute to uncovering changes in the beneficial ownership of corporate structures and would be useful if a company inadvertently fails to identify and report these changes.
9. OBLIGATIONS OF COMPANIES UNDER THE COMPANY APPROACH
76. Under the company approach, countries should require companies to undertake the following measures:
a) To obtain and hold adequate, accurate and up-to-date information on the company’s own beneficial ownership;
b) To co-operate with competent authorities to the fullest extent possible in determining the beneficial owner, including making the information available to competent authorities in a timely manner; and
c) To co-operate with financial institutions/DNFBPs to provide adequate, accurate and up-to-date information on the company’s beneficial ownership information.
77. As a starting point, countries should require companies to maintain a list of their shareholders or members, that competent authorities can access upon request. However, this alone will not be sufficient, as shareholder registers contain information on legal ownership but not necessarily on beneficial ownership (see section 4 on beneficial ownership information). Countries should consider the following in implementing this approach:
a) Are there mechanisms (e.g., established procedures/protocols) in place to ensure that the beneficial ownership information collected by companies is adequate, accurate and up-to-date, and that such information is accessible in a timely manner by the competent authorities? Do companies have powers to require updated information from their shareholders (including the power to request beneficial ownership information at any time)?
b) Are shareholders required to disclose the names of person(s) on whose behalf shares are held (i.e., nominators)? When there are any changes in ownership or control, are shareholders and beneficial owners required to notify the company within a set time period? Are companies required to validate, review and verify information on beneficial owners periodically?
c) Are there effective, proportionate and dissuasive sanctions against the company and its representatives for failing to carry out their obligations (e.g., to collect beneficial ownership information and keep it adequate, accurate and up-to-date)?
d) Do competent authorities have powers to require the cooperation of companies, and are there effective, proportionate and dissuasive sanctions for non-cooperation? Is beneficial ownership information required to be accessible within the country of incorporation? How are companies that have no physical presence in the country of incorporation dealt with?
e) Have authorities provided financial institutions/DNFBPs with clear guidance on what measures they expect them to take if companies do not cooperate with them (e.g., reporting the non-cooperation to the relevant authorities, not engage with or continue the business relationship).
f) How will companies become aware of their obligations and the necessary resources required to fulfil these obligations? Is there adequate guidance explaining their obligations, and is this guidance publicly available? Are there adequate avenues for companies to be engaged and educated on their obligations?
10. THE REGISTRY APPROACH
78. One of the ways to ensure that competent authorities have access to adequate, accurate and up-to-date information on the beneficial ownership of legal persons under Recommendation 24 is for a public authority or body to hold this information (for example a tax authority, FIU, companies registry, or beneficial ownership registry).
79. A register holding beneficial ownership information can be an effective mechanism because it allows competent authorities to access such information from a direct source in a rapid and efficient manner (often in real time). Such effectiveness is generally conditional upon the registrar having sufficient resources to perform its tasks and, on its ability, to request additional information when it has doubts on the information it receives.
80. Beneficial ownership registers can take different shapes and forms, and countries have significant flexibility to adjust their set-up to match the institutional context in which the registers operate, as well as the variety of legal persons whose beneficial ownership is recorded in the register(s). This means, for example, that countries that operate on a decentralised basis (and particularly in the case of federal states with competences at the sub-national level) may have several registers that operate independently but are interconnected. In such cases, it is important to ensure consistency of approaches and interoperability of the systems to ensure that competent authorities have seamless access to the beneficial ownership information, regardless of which sub-national authorities holds it. It is also possible that different registers are set up for different legal persons (e.g., for companies, associations or foundations), reflecting the different nature of these types of legal persons. Also in this case, countries should ensure that the different registers function coherently and that rapid and efficient access by competent authorities is ensured in all cases, regardless of the chosen set-up for the registers. In any case, countries should ensure that their registers have a scope sufficiently wide to cover all relevant legal persons, including relevant foreign legal persons (instead of a particular group of legal persons). The onus is on the countries to ensure that the registry provides efficient access to reliable information.
81. Most of the challenges in implementing beneficial ownership registers originate from the institutional level – i.e., whether the registry is established to collect adequate, accurate and up-to-date information on beneficial information, whether the register is empowered to do so and whether proportionate and dissuasive sanctions for any legal or natural person that fails to comply with the requirements are applied, and whether the register is equipped with sufficient resources to perform its role.
82. Some countries have integrated beneficial ownership information into already existing databases, such as company registers. Other countries have set up beneficial owner registries, which are populated by legal persons, FIs/DNFBPs, competent authorities or to some extent by automated reports via interconnected registries. Competent authorities, and in some countries obliged parties can access these beneficial ownership registries, and crosscheck beneficial ownership information against other sources (e.g., FIs and DNFBPs, notary profession, tax or stock market authorities or documentation requested from the legal persons).
83. In some countries, the notary profession keeps a centralised database on the beneficial ownership of legal persons (e.g., a database kept by a private body entrusted with the task by a public authority). This includes adequate, accurate and up-to-date information obtained and recorded by notaries when incorporating entities or conducting certain other acts or transactions by persons and entities, and information on the transfer of persons and entities. This creates a repository of corporate information, which may be used to validate the information in the company registry.
84. Some countries may also have their tax authorities maintain beneficial ownership information for certain legal persons. The tax authorities may hold adequate, accurate and up-to-date basic and beneficial ownership information on legal persons who have an income, have ownership, engage in real estate transaction or hire employees. Some even require that all legal persons making disclosures to the tax authorities have a bank account and be subject to banks’ CDD requirements. If such database is used, the information contained therein should be adequate, accurate and up-to-date.
85. Countries that make use of a public authority or body holding beneficial ownership information should consider the resources and expertise that will be required in order to maintain the register, and to ensure that the information recorded in the register is adequate, accurate and up-to date, and can be accessed in a rapid and efficient manner. The considerations also apply for the management, maintenance, as well as risk-based mechanisms in place in the registry(ies) to verify the information. Without sufficient resources, the effectiveness of the public authority or body holding beneficial ownership information will also be compromised.
86. Moreover, if the tasks and duties of the public authority or body holding beneficial ownership information are not well defined and the power and responsibilities of the registry are not sufficiently clear, the public authority or body will not be able to ensure that the data in the register is adequate, accurate and up-to-date.
87. Recommendation 24 allows countries to consider facilitating public access to beneficial ownership information. Countries should seek to strike a balance between the general public interest in disclosing the data to prevent money laundering and terrorist financing, and the beneficial owners’ fundamental rights (such as personal data protection concerns and relevant legal requirements). To that end, countries may consider a tiered approach to disclosure of the information. For example, countries that have provided public access may consider clearly and exhaustively defining the types of information to be made available to the public, which could be of a more general nature (such as name and reason why the person is identified as beneficial owner, company name and registered address), so as to minimise the potential prejudice to the beneficial owners (see section 13 on access to information).
88. Below are some examples of considerations for countries seeking to establish a registry of beneficial ownership or to integrate beneficial ownership information into an already existing database:
a) Are there jurisdictional or constitutional impediments to implementing an effective beneficial ownership register? For example, in some countries, state/provincial level authorities have responsibility for registering and regulating legal persons, and there are constitutional impediments that limit the national authorities’ jurisdiction to impose beneficial ownership requirements on those authorities.
b) Are the registry’s statutory powers and objectives sufficiently broad to cover the role of collecting, verifying and maintaining beneficial ownership information?
c) Does the authority or body responsible for the register have sufficient human and capital resources to collect, verify, and maintain beneficial ownership information? A good understanding and knowledge of corporate law may be necessary to determine the beneficial owner of a complex legal structure. Similarly, an understanding of the economic context in which the company operates might be instrumental in understanding how control may be exercised through other means (also see section 4 on beneficial ownership information). In some countries, the registry is able to run thematic/horizontal analyses of the legal persons for which it holds beneficial ownership information, which enable detection of outliers or incorrect information. In designing the register, countries might wish to consider whether its technical set-up would enable or prevent this type of analysis.
d) Are there mechanisms for ensuring that the beneficial ownership information provided to the register is adequate, accurate and up-to-date? Are individual applicants who form legal persons required to submit accurate beneficial ownership information to the register when the legal person is created (e.g., by prohibiting incorporation if such information is not provided)? Are there risk-based mechanisms to monitor beneficial ownership information from time to time after incorporation? Does the registry verify the accuracy of the information it receives following a risk-based approach and using reliable, independent source documents, data or information? Is there a process that allows authorities and FIs and DNFBPs to report any discrepancies to the registry?Are reasonable steps taken to remedy reported discrepancies within an appropriate timeframe (see section 7 on accurate information)?e) How are changes in beneficial ownership information monitored and recorded over time? Are legal persons and/or beneficial owners required to provide information to the register within a reasonable timeframe (see section 8 on up-to-date information) once any changes are made or corrections are needed? In addition, are there any periodic requirements for updating/confirming/correctly beneficial owner information?
f) Is there a competent authority with responsibility for enforcing the requirement to report to the register? Are there effective, appropriate and dissuasive sanctions that apply to breaches (for example, by failing to disclose, or submitting inaccurate or incomplete information) based on the legal framework in place in the country? For example, where legal persons have a duty to report their beneficial owner(s), are sanctions laid down in relation to all relevant aspects (e.g., for submission of incomplete/inaccurate information)? Do sanctions cover the appropriate persons?
g) Is the information held by the registry available to competent authorities in a rapid and efficient manner? Is the existence of the register sufficiently publicised? Is information available on how to use it? Does the system allow competent authorities to search for beneficial ownership information held in the register in a way that serves their needs adequately (e.g., it allows searches by the name of the legal person and the name of the beneficial owner, it has tools for distinguishing among legal persons and beneficial owners with the same names, it has tools for aggregation of information, etc.)? Does the register provide direct access through remote login or similar mechanisms, or does information have to be requested from the register? If the latter, does the process still allow competent authorities to obtain information in a rapid and efficient manner? Are there clear disclosure requirements on the authority or body responsible for the registry to protect against the improper disclosure of the information?
Example features – Public authority or body holding beneficial ownership information
89. A mechanism that provides for a public authority or body holding beneficial ownership (BO) information could include some or all of the following features:
i. Companies are required to provide basic and beneficial ownership information to the company register upon registration.
ii. Companies are required to provide basic and beneficial ownership information regularly and within a reasonable period (e.g., within one month) following any change.
iii. Companies are required to make a declaration (e.g., sworn statement) regarding the beneficial owner and the ownership structure. This could include the provision of copies of documentation for the verification of identity.
iv. The public authority or body holding beneficial ownership information is required, on a risk-based approach, to verify the identity of the beneficial owners and that they indeed satisfy the criteria for being regarded as beneficial owners. (Cross-reference to section on verification)
v. Companies that fail to provide beneficial ownership information are subject to proportionate and dissuasive sanctions, such as restrictions on incorporation, and such sanctions are applied. (see section 16 on sanctions).
vi. The provision of incorrect information is subject to proportionate and dissuasive administrative and/or criminal sanctions for the company. The company’s representative could also be held personally liable. (see section 16 on sanctions).
vii. The public authority or body holding beneficial ownership information regularly applies such sanctions when obligations are breached or reports breaches to the appropriate authority.
viii. The public authority or body holding beneficial ownership information takes a proactive role, including checking information against other sources (such as shareholder, population or national identity registries) through risk-based verification, use of technologies etc., to identify anomalies or inconsistencies and reduce the risk of fraud on supporting documents or improper disclosure.
ix. Beneficial ownership information held by a public authority or body is recorded digitally and is searchable. The search function supports searches by multiple fields.
x. Competent authorities have rapid and efficient access to all the beneficial ownership information held by a public authority or body online, including full search capability.
xi. The public authority or body that holds beneficial ownership information has the capability to identify indicators of misuse or unusual activity (red flags) in the database.
xii. Basic information on the company is publicly available; some or all beneficial ownership information could also be made publicly available or be made available to FIs and DNFBPs at a minimum.
xiii. FIs and DNFBPs and, if appropriate competent authorities report any discrepancies (cross-reference to section on accuracy) they find between the beneficial ownership information held by the public authority or body and the beneficial ownership information available to them. The public authority or body holding beneficial ownership information and/or other relevant authority takes appropriate actions to correct the information within a reasonable timeframe.
xiv. The public authority or body holding beneficial ownership information may also obtain and hold shareholder information on companies in addition to beneficial ownership information.
xv. The public authority or body holding beneficial ownership information collects information on the board of directors, senior management and any other natural person authorised to act on behalf of the company.
xvi. The mechanism is complemented by other approaches to ensure that the beneficial ownership information of a company can be determined in a timely manner by a competent authority.
xvii. Data protection and privacy safeguards are in place, including restrictions on the information available to the different users of the register and other beneficial ownership information, sources to prevent the improper disclosure of this information.
11. MECHANISMS AND SOURCES FOR OBTAINING BENEFICIAL OWNERSHIP INFORMATION OF LEGAL PERSONS: CHARACTERISTICS OF ALTERNATIVE MECHANISMS
90. Countries may decide to implement the multi-pronged approach set out in Recommendation 24 by using an alternative mechanism instead of a beneficial ownership registry if the mechanism also provides competent authorities with efficient access to adequate, accurate, and up-to-date beneficial ownership information. Efficient in this context refers to access that is rapid and reliable – i.e., through a trusted source, without undue delay that enables competent authorities, particularly law enforcement and the FIU, to conduct their investigations and analyses quickly.
91. Countries have the flexibility to develop an alternative mechanism that is in line with their specific risks, materiality and context, provided that the approach ensures that competent authorities have efficient access to adequate, accurate, and up-to-date beneficial ownership information. In taking the alternative mechanism approach, countries may rely on an existing source(s) of information. The onus is on the countries to ensure that there is a specific mechanism(s) that provides efficient access to reliable information. The mechanism(s) should comprise a clear and comprehensive process or system (or multiple processes or systems) through which competent authorities are able to access adequate, accurate, and up-to-date beneficial ownership information.
92. Countries taking the alternative mechanism approach, should take into account the below considerations in designing their alternative mechanisms.
i. Legal/Operational Framework: Is there a clear legal framework that enables competent authorities’ access to this information, and/or authorises the source to disclose this information to other relevant authorities? Is there a legal framework to protect the source of information from liability for authorised disclosures? Is there a legal framework to require the source of information to disclose this information to authorities in a timely fashion? Absent a specific legal framework, do competent authorities have sufficient existing powers to seek information using the alternative mechanism?
ii. Scope: Is the scope of the alternative mechanism sufficiently wide to cover all relevant legal persons, including relevant foreign legal persons (instead of a particular group of legal persons)? Does it cover domestic legal persons that may pose ML/TF risks but may not be clients of specific FIs or DNFBPs?
iii. Resource: Does the entity(ies) responsible for the alternative mechanism have sufficient human and capital resources to ensure adequate, accurate and up-to-date beneficial ownership information?
iv. Awareness: Are there clear guidelines to make the competent authorities (particularly law enforcement authorities and FIUs) aware of the alternative mechanism through which they can access adequate, accurate, and up-to-date beneficial ownership information? Do they have a clear understanding of how to gain access to beneficial ownership information through the alternative mechanism? Do sources of beneficial ownership information have a clear understanding of their disclosure obligations under the alternative
mechanism?
v. Responsiveness: When competent authorities seek beneficial ownership information through the alternative mechanism, is access to the information rapid and efficient? Is there a specific process or system in place to facilitate quick access? For example, if beneficial ownership information is held by different entities, have competent authorities established a process to obtain access to the beneficial ownership information with the single point of contact or with the parties that hold beneficial ownership information to avoid undue delays in receiving information from different entities?
vi. Quality: Does the alternative mechanism provide complete and reliable information? Are there measures in place to ensure that the information is adequate, accurate, and up-to-date? If the alternative mechanism is not in itself a source of information, does the underlying source(s) meet(s) the objective of having adequate, accurate and up-to-date information (i.e., does the source that holds the information perform quality control and verification measures on the beneficial ownership information)? Does the source that holds the beneficial ownership information have a good understanding and knowledge of corporate law and/or complicated legal structures, and other relevant expertise to assist in identifying appropriate beneficial owners? If competent authorities rely on multiple sources to identify the beneficial owners, is the data consistent across sources? Is there a process by which differences in data are resolved?
vii. Oversight and data protection: Are appropriate oversight, supervisory measures, or equivalent mechanisms (e.g., appropriate sanctions) in place to ensure that the alternative mechanism provides for efficient access to beneficial ownership information, while taking into account data protection and confidentiality concerns? Do the parties that hold beneficial ownership information have appropriate access protocols and safeguards in place to ensure data protection? Do the competent authorities that seek beneficial ownership information have appropriate access protocols and safeguards in place to ensure data protection?
93. Countries would have to develop specific mechanism(s) to ensure efficient access to beneficial ownership information under the alternative mechanism, for example, a secure communication electronic portal/website that enables competent authorities to reach out to multiple sources at once and ensure that a rapid response is received on the relevant beneficial ownership information. Countries should implement specific measures, including verification and supervision, to ensure that the underlying beneficial ownership information, is adequate, accurate, and up-to-date. These two elements (high-quality source information plus mechanism for efficient access) may constitute an alternative mechanism.
94. Below are examples of sources of information (which may be based on CDD information) that can be leveraged by countries to develop alternative mechanisms.
a) a bank account register that identifies legal persons holding bank accounts, payment accounts and other financial services (e.g., custodial or investment accounts)
b) a public authority holding information on the FIs/DNFBPs with which a legal person has a continuous business relationship
c) a system with credit bureau information which collects and maintains updated information of legal persons having borrowing relationships with FIs.
95. Beneficial ownership information obtained and held by FIs/DNFBPs (pursuant to Recommendation 10/22) alone is not sufficient to qualify as an alternative mechanism. However, countries may consider utilising this information to develop an alternative mechanism, to ensure efficient access to adequate, accurate and up-to-date beneficial ownership information by competent authorities. Emerging digital solutions may give rise to further possibilities for countries to develop their alternative mechanisms.
12. ADDITIONAL SUPPLEMENTARY MEASURES
96. In applying a multi-pronged approach to ensuring that the beneficial ownership of a company can be determined in a timely manner by competent authorities (see section 5 on multi-pronged approach), countries should use additional supplementary information as necessary, including for example:
a) Information held by other regulators/supervisors;
b) Information held by stock exchanges;
c) Information obtained by FIs in accordance with Recommendation 10;
d) Information obtained by DNFBPs in accordance with Recommendation 22.
97. With respect to (a), countries may rely on existing information sharing arrangements with financial regulators and/or other supervisory bodies to assess and enhance their own beneficial ownership information. Such agreements present countries with further opportunity to review and challenge the information they hold on beneficial ownership. This may assist competent authorities in locating information that is not accurate or up-to-date. This could be achieved by liaising with other regulators/supervisors to check that the beneficial ownership information provided is accurate on the basis of the information held by the other regulator, or other bodies that operate under the delegated authority of the supervisor.
98. Open sources of information, such as (b), may provide competent authorities with additional means of obtaining and verifying information. Where a company is listed on a stock exchange and subject to requirements on adequate transparency of beneficial ownership, countries may consider allowing the use of that information to validate the beneficial ownership information (see section 18 on the applicability of relevant regulatory regimes).
99. Additional supplementary measures can also be information obtained by FIs and DNFBPs in accordance with Recommendations 10 and 22. Countries may rely on an effectively regulated FI sector, which can provide beneficial ownership information obtained in accordance with Recommendation 10, as noted in (c). Under the Recommendation, countries should require FIs to identify and take reasonable measures to verify the identity of the beneficial owner such that the FI is satisfied that it knows who the beneficial owner is. In addition, countries should require FIs to understand the ownership and control structure of the customer and the customer’s business and risk profile. The obligation on understanding ownership and control structure and risk profile should be ongoing.
100. Where a country relies heavily on an effectively regulated DNFBP sector which is involved in company formation (notably TCSPs, lawyers, notaries, and accountants), as
noted in (d), additional supplementary measures can also be information held by those
DNFBPs in accordance with Recommendation 22.
101. To use information held by FIs and DNFBPs as an additional supplementary measure, it is also essential to have effective monitoring and supervision of FIs and DNFBPs to ensure that they are complying with CDD requirements. Implementation of the CDD requirements should form part of any comprehensive mechanism to increase transparency of corporate vehicles. It is particularly important to extend these requirements to businesses and professions which are often involved in the creation and management of corporate vehicles (including TCSPs, lawyers, notaries, and accountants). A regulated FI/DNFBP regime would include an effective sanctioning regime for offences such as failing to update information in a timely manner, failing to supply information and submitting inaccurate information to authorities, which is effectively enforced.
102. While beneficial ownership information will be made available by other approaches (see section 5 on multi-pronged approach), the availability of such information, however, does not exempt FIs and DNFBPs from their obligations under Recommendations 10 and 22 respectively. They should, in any case, not rely exclusively on such information when conducting CDD.
13. ACCESS TO INFORMATION
Access by competent authorities
103. Competent authorities, particularly LEAs and FIUs, should have all the powers necessary for obtaining timely access to basic and beneficial ownership information held by relevant parties, although the characteristics of such access may vary depending on the party holding the information and the national legal framework.
104. In the case of basic and beneficial ownership information held or obtained by a public authority or body, or through an alternative mechanism, access should be rapid and efficient, which means that it should be quick and reliable, without undue delay or impediment. Competent authorities should have sufficient knowledge of which public authority or body or alternative mechanism holds adequate, accurate, and up-to-date basic and beneficial ownership information, and how to access that information. In the case of basic and beneficial ownership information held by companies, it should be possible for law enforcement authorities and, where the national framework allows it, other competent authorities to timely access it, with the full cooperation of the company itself. It is recognised that such access would be most common in the context of investigations, and generally subject to the issuance of a production order or equivalent imposing the disclosure of the information to the competent authority. Lastly, competent authorities should have sufficient knowledge of which additional supplementary measures (as discussed in section 12 above) are available to them for access to basic and beneficial ownership information as needed.
105. The parties that hold relevant information should understand their disclosure obligations, fully cooperate with competent authorities, and provide the information as quickly as possible and within a timeframe which allows authorities to duly carry out their functions. In implementing this requirement, countries should ensure that there is a clear legal or regulatory framework that authorises such access and disclosure and protects, where necessary, the source(s) of information from liability for authorised disclosures.
Access in the course of public procurement
106. In addition, countries should ensure that public authorities at the national level and others as appropriate have the powers necessary to be able to obtain timely access to basic and beneficial ownership information on legal persons in the course of public procurement. Below are some considerations when implementing this requirement:
a) Framework: Countries should ensure that there is a framework that enables/authorises public authorities at the national level and others as appropriate to have timely access to basic and beneficial ownership information on legal persons bidding on contracts (i.e., contract bidders) and those awarded contracts (i.e., contract recipients). There are several ways in which such a requirement can be implemented.
i. Make it a requirement for participation in public procurement that contract bidders and recipients provide basic and beneficial ownership information directly or indirectly (e.g., through an extract of the relevant registry) to relevant public procurement authorities. Where contract bidders and recipients provide basic and beneficial ownership information directly to relevant public procurement authorities, countries may provide relevant public authorities with access to information held in a registry (or registries) or an alternative mechanism as well as through any additional supplementary measures (see sections 10-12), including for any verification needs as appropriate, in the course of public procurement.
ii. Provide relevant public procurement authorities with access to basic and beneficial ownership information in respect of contract bidders and recipients held by a public authority or body (including by accessing beneficial ownership information held by public registry or registries) or an alternative mechanism, as well as through any additional supplementary measures (see sections 10-12), including for any verification needs as appropriate, in the course of public procurement.
iii. Permit relevant public authorities to rely upon other publicly-available basic and beneficial ownership information on contract bidders and recipients, e.g., information held in a database on procurement contractors. Such information needs to be adequate, accurate and up-todate. Regardless of the measure(s) used to fulfil this requirement, countries should ensure that the legal framework protects, where necessary, the source(s) of information from liability for authorized disclosures.
b) Operational considerations: Operationally, countries should ensure that the relevant public authorities have sufficient knowledge of which source(s) of basic and beneficial ownership information is available to them in the course of public procurement, and how to access that information. Irrespective of the source of the information (whether it is the contract bidder(s), register(s), etc.), countries should ensure that the parties understand their disclosure obligations and facilitate timely access to adequate, accurate, and up-to-date information. With respect to specific scoping questions (e.g., whether the requirement should only apply to contracts over a certain value threshold), countries should rely upon existing public procurement and any other relevant frameworks and processes and decide on these questions on the basis of risk, context and materiality. Countries may consider making beneficial ownership information of contract recipients publicly available, especially if their public procurement framework already provides public access to awarded procurement contracts.
Access by FIs, DNFBPs, other countries’ competent authorities, and general public
107. Countries should require that their company registry(ies) provides or facilitates timely access by FIs, DNFBPs and other countries’ competent authorities to the public information they hold, and, at a minimum, to the following basic information on legal persons (see section 3 on basic information): company name, proof of incorporation, legal form and status, the address of the registered office, basic regulating powers (e.g.,
memorandum and articles of association), a list of directors, and a unique identifier such as a tax identification number or equivalent (where this exists).
108. Countries should also consider, facilitating timely access by FIs and DNFBPs to the following additional information on legal persons to facilitate compliance with CDD obligations, and support supplementary verification efforts, such as discrepancy reporting, subject to adequate data protection and privacy safeguards (see section 7 on accurate information):
i. a register of the shareholders or members, containing the names of the shareholders and members, the number of shares held by each shareholder and the categories of shares (including the nature of the associated voting rights); and
ii. beneficial ownership information held in a registry(ies) or through an alternative mechanism, as well as through any additional supplementary measures (discussed in sections 10-12 above).
109. Finally, countries may consider facilitating public access to basic and beneficial ownership information. Public access to this information can enable civil society, other organisations and individuals to cross check the information, which may in turn help to; ensure that information is accurate, adequate, and up-to-date and to identify potential misuse of legal persons (e.g., in tax evasion, fraud, or corruption schemes). However, public access alone is not a sufficient mechanism to ensure accuracy of information. In contemplating the extent and arrangement of public access, countries should take into account data protection rules and other privacy, security, and confidentiality concerns, and consider limiting what basic and beneficial ownership information is made publicly available or applying a tiered approach to information disclosure (basic to detailed information), e.g., based on legitimate interest.
Cost of access
110. If contemplating a fee structure for access to basic and beneficial ownership information, countries should ensure that such a system, as a general matter, would not create unnecessary delays or obstacles to the efficient and rapid access to basic and beneficial ownership information that competent authorities should have. In the absence of a compelling case, it would be good practice to ensure that competent authorities and public authorities at the national level and others as appropriate in the course of public procurement can access this information free of charge. For others, to help foster the objective of making information sufficiently available, it would be good practice that a fee structure is proportionate to or does not exceed the administrative costs of making the information available, including costs of maintenance and future developments of the register or alternative mechanism.
14. MECHANISMS FOR PREVENTING AND MITIGATING RISK OF THE MISUSE OF BEARER SHARES AND BEARER SHARE WARRANTS
111. Recommendation 24 and its Interpretative Note specify that countries should not permit legal persons to issue new bearer shares or bearer share warrants and take measures to prevent the misuse of existing bearer shares and bearer share warrants. Any existing bearer shares or bearer share warrant should be converted into a registered form or for them to be immobilised.
Definitions
112. Bearer shares and bearer share warrants are described in the FATF Glossary as follows:
113. The key features of bearer shares and bearer share warrants are as follows:
i. Physical bearer share certificate or physical bearer share warrant certificate;and
ii. Untraceable ownership.
114. The term also covers other similar instruments or warrants without traceability. Bearer shares and bearer warrants present increased risk of money laundering and terrorist financing due to the concealment of the ownership of the certificates. However, it does not cover newly issued and existing bearer shares or bearer share warrants of a company listed on a stock exchange and subject to disclosure requirement (either by stock exchange rules or through law or enforceable means) which impose requirements to ensure adequate transparency of beneficial ownership.
Variations of bearer shares and bearer share warrants
115. Legal persons and arrangements in certain jurisdictions may have features similar to those of bearer share warrants but may not fall into the description for the following reasons:
i. Firstly, a physical bearer negotiable instrument which is dematerialised (change of the form of shares from physical certificates to electronic records) and/or registered, would not fall within the scope of Recommendation 24 where an identification of the owner of the instrument is possible, should the instrument be evidenced in the name of the owner or of a nominee. For instance, if all financial securities are de lege dematerialised securities (i.e., no physical certificate is issued), bearer securities are, in principle, evidenced by a book entry in the name of their owner in a register held by an authorised financial intermediary called the custodian. This is in contrast to registered securities which are recorded directly in the books of the issuer;
ii. Secondly, when a physical bearer negotiable instrument certificate does exist, it may fall within the scope of Recommendation 24 only when no mechanism exists under applicable law to ensure the traceability of such bearer share. It may not fall within the scope of this recommendation if the identity of the owner of the share or the share warrant must be registered with an intermediary under applicable law, which gives the right to the latter to reveal the identity of the bearer share or bearer share warrant to an issuer. This happens in very limited circumstances, including when shares are listed on the stock exchange or the claim to individual certification of the ownership interest is precluded, and the shares are in all instances immobilised either in a securities’ clearing and deposit bank or a depository, in particular an accredited central securities depository or a recognised third-country central securities depository. Therefore, the issuer will then be able to trace the relevant shareholdings through the chain down to the individual shareholder by rules for capital market disclosure or provisions that establish a right to obtain such information from intermediaries. In other examples, materialised certificates may be created and held by a central securities depository only in relation to depositary receipts representing securities that are meant to be held exclusively outside a national territory. The traceability of these certificates is ensured by the central securities depository.
Range of conversion/immobilisation measures
116. In respect of existing bearer share, the standard requires countries to take measures to prevent and mitigate the risks by a range of conversion/immobilisation measures within a reasonable timeframe.
117. In terms of conversion, the following types of measures could be considered depending on whether the bearer shares are held by a supervised intermediary or not:
a) In the case of shares not held by an intermediary:
i. an obligation for the holder of the shares to have its shares intermediated with a supervised intermediary with a duty for the latter to identify the beneficial owner of the bearer shares; or
ii. an obligation for the issuer of the bearer shares to change its by laws t allow only registered shares;
b) In the case of shares held by an intermediary, one of the following measures could be envisaged:
i. the intermediary would be under the duty to identify the beneficial owner of the bearer shares; or
ii. the intermediary would be in charge of the conversion of the bearer shares into another format: dematerialised shares of registered shares.
118. As regards immobilisation, bearer share certificates and bearer share warrants may be immobilised by requiring them to be held with a regulated financial institution or professional intermediary, with timely access to the information by the competent authorities. A professional intermediary could be an appropriate custodian of bearer share certificates and bearer share warrants where it is subject to supervision.
119. Regulated FIs and professional intermediaries should, upon becoming custodian of bearer share certificates and bearer share warrants undertake full identification of the bearer to be able to record the relevant information for competent authorities. Appropriate procedures should be in place to ensure that competent authorities are provided with timely access to the information held by the financial institution or professional intermediary.
Timeframes for immobilisation/conversion of bearer share certificates and bearer share warrants
120. The standard requires countries to take the above measures within a reasonable timeframe. Taking into account the lead time which may be required for making the necessary legislative/administrative changes, this period could be about two years. Based on some jurisdictions’ experience in applying such measures. The following illustrates some measures taken by countries:
121. Another possibility would be to have the bearer shares converted into registered shares after a certain period of time (which could be two years). The following illustrates some measures taken by countries:
122. Before immobilisation/conversion is completed, in line with the standards, countries should require holders of bearer instruments to notify the company, and the company to record their identity before any rights associated therewith can be exercised. Moreover, to streamline the conversion of existing bearer shares and bearer share
warrants into registered shares, countries may consider setting up an interim limited period of time at the end of which existing bearer shares and bearer share warrants would be either converted or immobilised or, eventually cancelled.
123. In determining the reasonableness of the timeframe for the implementation of conversion or immobilisation measures, countries should have regard to the money laundering and terrorist financing risks raised by the concerned bearer shares and bearer shares warrants or their holders. In each case, at the end of a determined period of time, in the absence of the required changes, the holder of bearer shares would lose all or part of its rights as a shareholder. The following illustrates some measures taken
by countries.
15. MECHANISMS FOR PREVENTING AND MITIGATING RISK OF THE MISUSE OF NOMINEE ARRANGEMENTS
124. Recommendation 24 and its Interpretive Note require countries to take measures to prevent and mitigate the risk of the misuse of nominee shareholding and nominee directors.
Definitions
125. A nominee, as defined in the FATF Glossary, is a natural or legal person holding a role in a company as an agent acting upon instructions of a nominator who has a more substantive claim to control and/or ownership of the company. In many cases, the nominator is the beneficial owner of the company.
126. While many types of nominee arrangements have legitimate business purposes and pose minimal or no money laundering or terrorism financing risks at all, nominees can also be used as a deliberate device to evade beneficial ownership transparency rules by posing an obstacle to transparency, and thereby facilitating the misuse of companies and other corporate vehicles for money laundering and related crimes.
127. The most common types of nominees are nominee directors and nominee shareholders (see box below).
128. Whereas these terms are defined in the Glossary, the underlying legal or factual relationship between the nominator and the nominee shareholder or director may have various forms and a variety of different terminologies can be used to describe such arrangements in different jurisdictions.
129. Nominee arrangements describe a spectrum of related legal and informal devices, where a nominee is registered as a director or shareholder, ranging from situations in which the nominee is simply a “front” with no real connection with or knowledge or control of the company (a “signature for sale”), to circumstances in which the nominee plays a substantive and genuinely independent role in the company, e.g., when representing the interests of particular shareholders in a large composite publicly listed company, or providing specific expertise on the board of a company.
130. The following legal contracts could be relevant in the context of the measures on nominees under Recommendation 24:
a) Professional nominee arrangements offered by corporate service providers
b) Professional nominee director and nominee shareholder services offered by corporate service providers
c) Power of attorney arrangements used in concert with nominee arrangements
d) “Signature for sale” agreements, e.g., a “nominee director declaration,” in which the nominee is simply a front with no substantive connection with the company.
131. Countries should examine specific types of arrangements that exist in their jurisdiction and assess the relevance and applicability of measures to mitigate ML/TF risks of misuse of nominees under the INR of Recommendation 24, paragraph 13 and measures under Recommendation 25. This may include, for example, arrangements mandating acting on behalf of another person.
132. In addition, the following examples may be relevant for applications of the terms “nominator” and “nominee shareholder or director”:
a) Nominator: Principal, silent partner, shadow director;
b) Nominee shareholder: may be a licensed service provider, a professional party representative, or any other person;
c) Nominee director: may be a legal professional, a corporate service provider, or any other person; a resident director or local director may be a nominee;
133. Nominees may be de jure, often the product of a formal legal agreement with a TCSP, notary, lawyer or tax advisor, or they may be de facto, for example where the behaviour or conduct of a person makes them a nominee director in the eyes of the law. Nominee arrangements may also exist informally, without any form of (written) legal contract, e.g., based on loose forms of control where a family member, friend, employee or associate stands in for the nominator, who can be the beneficial owner.
134. The existence of de facto (or “shadow”) directors and informal nominees means that nominee arrangements may exist, be common, and may present ML/TF risks also in jurisdictions that have no specific legislative provisions for nominee directors and nominee shareholders, because they simply exist in practice.
135. Under the FATF Glossary definition, the nominee shareholder or director exercises the functions in the company routinely, subject to the direct or indirect instructions of the nominator; conversely, a delegation whereby the nominee exercises certain powers of the nominator (e.g., “in the name of” the nominator) on a one-off or non-routine basis, would under most circumstances, not qualify as a nominee relationship.
Mechanisms to prevent and mitigate the risk of the misuse of nominee arrangements
136. Under the Interpretive Note to Recommendation 24, countries are required to apply one or more of the following mechanisms to prevent and mitigate the risk of the misuse of nominees: transparency requirements, focused on company or beneficial ownership registries; licensing requirements for those acting as nominees (combined with disclosure requirements for their nominators); or prohibition of nominee arrangements. These measures are applicable irrespective of whether the nominator, nominee shareholder and/or nominee director are legal or natural persons. The features of each mechanism are outlined below:
a) Transparency Requirement:
i. Nominee shareholders and directors must disclose that they are acting as a nominee (i.e., their nominee status) and the identity of the nominator upon whose instructions they are acting to the company.
ii. The aforementioned information should be reported by the company or by the nominee to the relevant register or alternative mechanism as designated by the country (e.g., the shareholder register of the company, the company register or if a beneficial ownership register exists, to this register), regardless of whether the nominee arrangements are formal or informal.
iii. The information should be obtained, held or recorded by the beneficial ownership registry or alternative mechanism, as applicable in the country.
iv. The country should include the nominee status of nominee directors and nominee shareholders in information that is public, e.g., by adding a label or an asterisk to the names of directors and shareholders who are nominee directors and shareholders, on the relevant registry.
b) Licensing Requirement:
i. Nominee shareholders and directors must be licensed in order to offer nominee services or belong to a licensed and regulated profession under AML regulations.
ii. Countries may create a dedicated licensing system for nominees or may instead rely upon existing systems of licensing and regulation of FIs and DNFBPs, including trust and company service providers, regulated under Recommendations 10, 22, 23, 26, and 28 (see below).
iii. Information on their nominee status and identity of their nominator must be obtained, held or recorded by the relevant public authority, body or alternative mechanism as designated by the country (e.g., if a beneficial ownership register exists, to this register). In addition, nominee shareholders and directors must maintain information identifying their nominator and the natural person on whose behalf they are ultimately acting and make this information to competent authorities available upon request.
c) Prohibition:
i. Nominee arrangements are explicitly prohibited and this prohibition is enforced.
ii. Given the possibilities of de facto and informal nominees, the absence or removal of legislative provisions for nominees will usually not be sufficient to ensure that nominee directors or shareholders are unavailable in practice.
iii. Measures to detect undisclosed nominees and enforce a prohibition, e.g., by proportionate and dissuasive sanctions, would be required.
iv. A prohibition may be combined with other measures listed under a) and b) above, e.g., a prohibition of corporate directors in combination with licensing or transparency requirements for other types of nominee arrangements.
137. Due to the private and often covert nature of informal nominees, where no written contract exists between the nominee and the nominator, there are inherent challenges in applying preventive measures, e.g., transparency or licensing requirements, to mitigate risks of such relationships. While the measures outlined above are generally applicable to formal and informal types of nominees, a greater emphasis on applying sanctions for false declarations of beneficial ownership (vis-à-vis preventive
measures) is required to adequately address risks related to the misuse of informal nominees. False declarations of beneficial ownership by undisclosed (formal or informal) nominees can be used as evidence in investigations and provide grounds for sanctions (see section 16 on sanctions). Countries may also consider other preventive measures (e.g., regulations/statutes providing for director’s duties) set out in their frameworks.
138. For informal nominee relationships, FIs/DNFBPs could request information on the main elements of the relationship and record this for documentation purposes. Further, depending on the level of risk, the relevant registry or alternative mechanism, FIs and DNFBPs may need to be sensitised to the risk of undisclosed nominee arrangements in the context of obtaining beneficial ownership information.
139. The provisions regarding nominees under Recommendation 24 should be implemented in conjunction with other FATF Recommendations on nominees and relevant sectoral guidance. Notably, under Recommendations 22 and 23, TCSPs offering nominee director services (there defined as “acting as a director for a client”) or nominee shareholder services, are already subject to preventive measures, including identifying the beneficial owner. Besides, Recommendation 28 obliges countries to monitor such service provision to ensure compliance. Some countries have therefore opted to license and regulate TCSPs, which entitles these professionals to act as nominee directors and shareholders. While Recommendations 22, 23, and 28 set out provisions for TCSPs, Recommendation 24 provides for more specific transparency requirements in respect of the provision of nominee services: it requires that nominees disclose information on the nominator upon whose instructions they are acting (i.e., in the context of nominee service provision by a TCSP, on their “client”) upfront to the relevant registry, and to have their status as nominee director publicly recorded, and/or to ensure the country licenses such nominee service provision, as opposed to only monitoring it.
Risks of misuse of nominee arrangements
140. Nominee arrangements may fulfil a wide range of entirely legitimate business purposes; nevertheless, nominee arrangements may also be deliberately used to obscure the beneficial owner by keeping the owner’s name off public records, or not disclosing them to the counterparty in a transaction.
“Signature for Sale” arrangements
141. It is relatively common for nominee arrangements to be explicitly marketed by TCSPs under “signature for sale” arrangements in which the nominee plays no substantive role beyond obscuring the identity of the beneficial owner. Here, a separate private legal agreement with the nominee (power of attorney is a commonly seen form) enables the beneficial owner to retain control over the company from behind the scenes. In some documented cases, nominees pre-sign undated resignation letters to
allow the beneficial owner to fire the nominee unilaterally, and if necessary, retroactively. Such arrangements do not only possibly violate the spirit and the law on beneficial ownership transparency, but to the extent that nominees have no real knowledge of or control over the company, they may also often violate directors’
standard responsibilities to the company. The measures under a), b), and c) are therefore mainly intended to strengthen enforcement of the obligation to identify the beneficial owner of a legal person in situations with nominees; but they may also help mitigate abuse by ensuring that nominee directors are substantively fulfilling their duties as director to the company, rather than merely acting as “signatures for sale”.
Situations where risks of misuse of nominee arrangements may be low
142. The spectrum of nominee services also includes those where the nominee plays a substantive role in the company, that are routinely used for legal business purposes, and where adequate, accurate and up-to-date information on the beneficial owner of the legal person in question is already available to competent authorities. Therefore, the extent of the measures that countries should take in accordance with Recommendation 24 should take into account the ML/TF risks present in the country. Based on a risk assessment, countries may decide to distinguish between different situations in the extent of the measures applied, according to the ML/TF risks they present. This may include distinguishing between legal entities based on their nature and purpose (listed companies and their subsidiaries, public entity, holding company, operating entity, domiciliary entity whose purpose is exclusively to hold and manage someone’s wealth, organisation, etc.), business sector, risk profile of officers, and other factors.
143. Examples of circumstances, where countries could decide to exempt nominees from the scope of the mitigation measures under the INR – if risks of abuse are found to be low and adequate, accurate, and up-to-date information on beneficial ownership of the legal person is available to competent authorities, include:
i. The typical corporate practice for a (group of) shareholders to appoint a director to represent their interests at the management level, e.g., in a large composite publicly-listed company;
ii. Directors delegated to the board of companies in the context of a group of companies or commercial or financial collaboration for example to provide specific expertise on the board of a company, or to coordinate business decisions, or to take into account shareholders’ interests;
iii. Directors delegated to represent the interest of a specific (group of) shareholder(s) or stakeholder(s) as required by law (e.g., director representing employees in the board of pension schemes, director representing the State / Government / public body or similar in case of (partially) state-owned entities, director representing employees on the board of companies such as the German “Arbeitnehmervertreter im Aufsichtsrat”, director appointed by a multilateral development bank to subsidiaries and investee companies);
iv. Certain types of AML regulated investment funds acting on behalf of their investors, or pension funds acting in the interest of their future pensioners that pose low risks;
v. Situations where the delegation of power to exercise shareholder’s rights is only incidental to an existing banking relationship (e.g., Depository Bank);
vi. Voting representation by an independent representative in case shareholders cannot participate in a general assembly (Voting proxy, such as the Swiss “unabhängiger Stimmrechtsvertreter” and “Depotvertreter”);
vii. FI acting as nominee shareholder when carrying out transactions in their own name but on account of the client in the course e.g., of banking or brokerage activity.
16. SANCTIONS
144. Establishing clear liability and effective, proportionate and dissuasive sanctions is a key feature of national systems’ efforts to ensure the implementation of Recommendation 24’s requirements. Measures implementing this recommendation can apply to both natural and legal persons. For legal certainty, it is important to set out clear rules on the obligations of legal persons (e.g., reporting of information to registers or other mechanisms) and natural persons (e.g., provisions by shareholders of information to the person authorised to act on behalf of the legal person) with respect to each requirement of the recommendation. Equally, depending on the legal traditions of countries, situations where breaches by the legal person are caused by intentional or negligent behaviour of its senior management with a leading position or persons authorised to act on its behalf within the exercise of their professional functions could be treated specifically with a view to attributing liabilities in such cases. This could be the case, for example, when breaches are committed by the natural person with the intention to benefit the legal person itself. Liability could also be attributed to the senior management for breaches of requirements by employees under their responsibility.
145. Countries may apply appropriate sanctions or hold persons liable for breaches of responsibilities. Such sanctions or additional measures can be of either administrative, civil or criminal nature and can be both financial or non-financial (e.g., deprivation of rights with respect to participating in companies, striking off the register). When deciding on the most appropriate enforcement measure, countries should ensure consistency with their overall legal framework.
146. Countries may also apply criminal and/or administrative sanctions on the legal person or their representatives, including, e.g., resident agents in certain circumstances.
147. In order to ensure that sanctions are effective, proportionate and dissuasive, countries should take into account the following elements:
a) Is there an authority empowered to impose such sanctions?
b) Is the range of sanctions sufficiently broad to capture all responsibilities and possible case scenarios (e.g., minor sanctions for late filing, personal liability for false declaration to restriction on incorporation or penalties for failure to report information, warning letters, and strike-off procedures for subsequent breaches)?
c) Is this range of sanctions suitably dissuasive for even the largest legal entities in the jurisdiction?
d) Are sanctions consistent with the gravity (including the repeated nature) of the breaches? Should other factors be taken into account (e.g., overall business turnover of the legal person)?
e) Are breaches systematically detected and sanctioned?
17. RELATIONSHIP BETWEEN BENEFICIAL OWNERSHIP OBLIGATIONS AND OTHER RECOMMENDATIONS (WIRE TRANSFERS AND VIRTUAL ASSETS REQUIREMENTS)
Wire transfers and beneficial ownership as part of CDD
148. In relation to wire transfers, FIs should be required to undertake CDD measures as set out in Recommendations 10 when carrying out occasional transactions. This includes the requirement to identify and take reasonable measures to verify the identity of the beneficial owner of the originator or beneficiary, as outlined above. In addition, Recommendation 16 requires financial institutions to take further measures such as collecting certain originator information and ensuring that this information accompanies a wire transfer.
Virtual assets
149. The FATF Glossary defines VASPs as any natural or legal person that conducts as a business the activities or operations specified in the VASP definition. Recommendations 24 and 25 explicitly note that countries should take measures to prevent the misuse of legal persons and arrangements for ML/TF. As with FIs and
DNFBPs, countries should therefore take measures to prevent the misuse of VASPs and consider measures to facilitate access to beneficial ownership and control information by VASPs undertaking the requirements set out in Recommendations 10 and 22.
150. As an initial matter, in the licensing or registration process for VASPs, competent authorities should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in a VASP. Countries, including those that have decided to prohibit virtual assets, should take action to identify natural or legal persons that carry out VASP activities without the requisite license or registration, and apply appropriate sanctions.
151. In the context of VA and VASP activities, countries should ensure that VASPs licensed by or operating in their jurisdiction can manage and mitigate the risks of engaging in activities that involve the use of anonymity-enhancing technologies or mechanisms so that they are not abused to obscure legal or beneficial ownership of VA. Such technologies or mechanisms may include, but are not limited to, anonymity-enhanced cryptocurrencies (AECs), mixers, tumblers, privacy wallets and other technologies that obfuscate the identity of the sender, recipient or holder of a VA. If the VASP cannot manage and mitigate the risks posed by engaging in such activities, then the VASP should not be permitted to engage in such activities.
152. In conducting CDD to fulfil obligations under Recommendation 10, VASPs should obtain and verify the customer identification information required under national law. For covered VA activities (e.g., VA payments, VA transfers, VA issuance, etc.), the verification of customer and beneficial ownership information by VASPs should be completed before or during the course of establishing the relationship.
153. Counterparty VASP due diligence should be completed when engaging in cross-border correspondent relationship or prior to transmitting required travel rule information and refreshed periodically or when a new risk emerges from the relationship. When conducting this counterparty due diligence, a VASP may obtain information set out by Recommendations 10 and 13 directly from the counterparty VASP. This information should be verified with reliable, independent sources of information for the verification of the identity and beneficial ownership of legal persons. For example, this may include: corporate registries, registries maintained by competent authorities on
the regulated institutions list (e.g., VASP lists maintained by each jurisdiction where available), beneficial ownership registers and other examples mentioned in the BCBS
General Guide on Account Opening.
154. Note that the FATF does not intend for an asset to be both a VA and a financial asset at the same time. There may, however, be instances where the same asset will be classified differently under different national frameworks or the same asset might be regulated under multiple categories. When determining if a new digital asset should qualify as a financial asset or a VA, authorities should consider whether their existing regime governing financial assets or their regime for VAs can be appropriately applied to the new digital assets in question. For example, if the asset in question is the functional digital equivalent of a bearer share (e.g., in the case of transferable tokens), authorities should consider how the mitigation measures in the relevant regime would apply to it. One option for countries in this regard would be to apply the mitigating measures regarding bearer shares in Recommendation 24.
18. APPLICABILITY OF RELEVANT REGULATORY REGIMES
155. Where information on basic and beneficial ownership exists within a regulated institution or a recognised stock exchange countries may permit these entities to utilise such information for the purpose of complying with obligations to ensure that the beneficial ownership of a company is adequate, accurate and up-to-date and can be determined in a timely manner by a competent authority on basic and beneficial ownership.
156. When determining which of the aforementioned entities can utilise such information, countries must have regard to the following factors:
a) Information held by a recognised stock exchange: countries may permit entities to utilise information held on a recognised stock exchange subject to the processes in place in the exchange.
b) Information held by FIs and DNFBPs: countries should consider the extent to which entities in their jurisdiction and other jurisdictions hold reliable basic and beneficial ownership information. If this information is held by entities that are effectively supervised in line with the FATF Guidance on risk-based supervision, countries may permit entities to utilise that information.
Information held by stock exchanges
157. In considering whether information held on a stock exchange can be used for complying with obligations to ensure that the basic and beneficial ownership of a company is adequate, accurate and up-to-date and that it can be determined in a timely manner by a competent authority, countries should consider the extent to which exchanges have processes in place in order to determine the accuracy of basic and beneficial ownership information. This should involve suitable mechanisms to ensure adequate transparency of beneficial ownership (e.g., sanctions in case of violation of shareholder and BO reporting). Following are some of the considerations that countries may take into account:
a) For listed companies, beneficial ownership information may also be available as part of publicly accessible corporate information (such as annual reports). This could qualify as supplementary measures (see section 12).
b) In some jurisdictions, listed companies may be subject to comprehensive stringent disclosure requirements. Where stock exchanges have processes in place to ensure that basic/beneficial ownership information is adequate, accurate and up-to-date, publicly available current information on shareholder and beneficial ownership may be sufficient.
Trust and company service providers (TCSPs)
158. TCSPs play an important role in undertaking CDD on their clients both during the establishment of corporate vehicles and their ongoing management. In many countries, trust and company services (such as company formation and management) are offered by a range of different types of entities, including regulated professionals, such as lawyers and accountants. Although lawyers and accountants may be subject to regulation of their primary profession or business in some countries, the provision of company services is one area where criminals may seek to engage such professionals to conceal beneficial ownership, warranting specific regulatory oversight. As well, in many countries, trust and company services are also offered by other companies that specialise in providing trust and company services, but which may not be regulated in relation to their profession or business. If there is no specific AML/CFT regulation and a designated supervisor, such specialists may be left unregulated.
159. Another common challenge is that, even where legal professionals and TCSPs are subject to AML/CFT requirements, deficiencies often exist in how the CDD obligations with respect to beneficial ownership are being implemented. Supervision for compliance with these requirements is often ineffective. To address these issues, countries should ensure that all legal professionals and TCSPs are required to conduct CDD pursuant to Recommendation 22.
160. Countries should have regard to the abovementioned Risk-based Approach Sectoral Guidance when considering if entities can utilise information held by TCSPs as reliable information for determining basic and beneficial ownership about a legal person.
Issues relating to the legal profession
161. Because the legal profession often act as trustees, nominees, or both, practical issues relating to legal professional privilege can arise when lawyers have AML/CFT obligations. Indeed, the right of a client to obtain legal representation and advice, be candid with their legal adviser and not fear later disclosure of those discussions to their prejudice is an important feature of the legal profession.
162. The scope of legal professional privilege and legal professional secrecy is often contained in constitutional law or is recognised by common law and is tied to fundamental rights laid down in treaty or other international obligations.
163. The scope of legal professional privilege and legal professional secrecy depends on the constitutional and legal framework of each country, and in some federal systems, of each state or province within the country. In addition, the scope of legal professional privilege and legal professional secrecy, and the associated obligations, may also vary across different types of legal professionals within a country and the types of services being offered.
164. However, investigators have found that a frequent obstacle to accessing information about corporate vehicles is the use of legal professional privilege and professional secrecy to refuse to divulge information relevant to the ownership and control of a corporate vehicle.
165. This is appropriate when such claims are made correctly and in accordance with the law. However, some of the case studies show that occasionally extremely wide claims of privilege are made that exceed the generally understood provisions of the protections within the relevant country. To help address these issues, competent authorities and professional bodies should work to ensure that there is a clear and shared understanding of the scope of legal professional privilege and legal professional secrecy in their own country.
166. In particular, countries should ensure that there is a clear understanding of what is, and what is not covered to ensure that investigations involving suspected corporate vehicles are not inappropriately impeded.
Issues relating to fit and proper tests for FIs/DNFBPs/VASPs
167. Licensing authorities and/or supervisors should take necessary measures to ensure that criminals or their associates are prevented from holding or being the beneficial owner of a significant or controlling interest, or from holding a management function of FIs, DNFBPs and VASPs. This can be achieved, for example, through fit and proper tests, which should be carried out both at the licensing/registration stage and on an ongoing basis thereafter, including, if there are any changes to the ownership/control structure. FIs, DNFBPs and VASPs should provide adequate, accurate and up-to-date information on their beneficial owners to relevant authorities, including at the licensing or registration stage. Supervisory measures to ensure compliance with fit and proper tests may include, as appropriate, suspension of voting rights, requesting the selling of shares, and other actions against shareholders that are not fit and proper, or refuse to provide information upon request.
19. INTERNATIONAL CO-OPERATION
168. Corporate networks set up illicitly to hide the origin of proceeds of crime are often multi-jurisdictional. Effective international cooperation, as set out in FATF Recommendations 37 and 40, requires access, through the full cooperation of jurisdictional authorities, to accurate information on beneficial owners in the context of an international ML/TF investigation. Countries where legal persons are established should be able to obtain basic and beneficial ownership information (even on those beneficial owners residing abroad). In turn, those countries where beneficial owners reside need to respond to requests to identify the beneficial ownership of legal persons.
To ensure that there is a practical level of international cooperation, Recommendation 24 contains specific requirements to provide cooperation on identifying the beneficial ownership or legal persons, including:
a) facilitating access by foreign competent authorities to basic information held by company registries (e.g., by making this information available online, or if it is not available online, by having an efficient mechanism through which foreign authorities can request information)
b) exchanging information on shareholders (including when it is held by the company or stock exchange) to enable foreign authorities to quickly move along a chain of legal ownership
c) using their competent authorities’ powers to obtain beneficial ownership information on behalf of foreign counterparts (e.g., at the request of foreign competent authorities, not only when conducting their own investigations).
169. The exchange of information with a foreign counterpart should avoid unduly restrictive conditions for accessing information, subject to internationally agreed standards. What could be considered as “an unduly restrictive conditions on the exchange of information or assistance” may include, inter alia, the refusal of requests for assistance on the grounds that they involve a fiscal, including tax, matters, or on the grounds of bank secrecy.
170. The point(s) of contact, agency or registry information and procedure in accessing or requesting this information, should be made publicly available (e.g., online) or through specific posted guidance on procedures.
171. Countries should have mechanisms in place to identify and describe the different types, forms and basic features of legal persons in the country. In addition, basic and/or beneficial ownership information held by various registries or alternative mechanism may be publicly available and accessible online.
172. Law enforcement and other competent authorities should expect to find most of the basic information publicly available. Countries should publicise instructions on how to make a formal request for additional information, such as through mutual legal assistance, should that remain necessary.
173. To facilitate efficient and rapid exchange of beneficial ownership information across borders, countries should make contact information for receiving and responding to requests publicly available. Countries should designate the appropriate agency(ies) (e.g., ministries or agencies with registry jurisdiction) responsible for receiving and processing foreign requests for beneficial ownership information and provide clear guidance to foreign counterparts on the process for requesting information with clear requirements, as well as any restrictions, for the requested information. Countries need to have in place an adequate internal procedure for interagency cooperation amongst relevant competent authorities in processing such requests. A defined, reasonable response time should be transparently reflected in the procedure.
174. Countries should monitor the quality of the assistance which they receive from other countries.
Table of Contents: BENEFICIAL OWNERSHIP OF LEGAL PERSONS
Related Sites
Contact
Related Posts
Can We Use Form 8802 to Apply for Form 6166 – Certification of U.S. Tax Residency, to Avoid Taxes Overseas?
Residential Real Estate Rule