Written by Aaron Nicodemus, Compliance Week on Monday September 26, 2022
Determining the ultimate beneficial owner (UBO) of individuals and companies your firm does business with can be a tricky thing.
Find out too little about your customers and counterparties, and your firm unknowingly could be partnering with sanctioned individuals, terrorist groups, or money launderers. Tasking a compliance department to ferret out who is behind every bank account and shell company in your firm’s network, though, is impossible using manual processes.
So, where is the sweet spot on understanding the UBO of the entities your firm does business with? And what technology is available to get you there?
First, there is the black-and-white issue of whether your firm can do business with sanctioned entities or individuals, even unknowingly. The Office of Foreign Assets Control (OFAC) bars U.S-based companies from doing business with all sanctioned individuals. The sanction system is based on the idea of strict liability, said Carlton Greene, partner with law firm Crowell & Moring.
'OFAC doesn’t care if you didn’t mean it or didn’t know you were doing business with a sanctioned individual,' he said.
During an investigation into a possible sanction violation, OFAC will want to learn how much effort the firm put into understanding the beneficial ownership of its counterparties.
'The more reason you had to think you might be dealing with a sanctioned entity, the more diligence OFAC expects you to do,' Greene said.
But doing nothing is not an option, either. OFAC recently sanctioned Tornado Cash, an Ethereum-based virtual currency mixer, over allegations the platform “failed to impose effective controls” to stop the laundering of proceeds from cybercrime.
'OFAC is sending a message that having no due diligence of any kind is not acceptable,' Greene said. 'You can’t have zero protocols or compliance capabilities and hope to escape consequence.'
OFAC also expects companies to share information internally. One department at a firm might be aware of a risk of doing business with a sanctioned individual but not share that information with, say, compliance.
'Any and all reasonably available information ought to be shared,' Greene said.
Some firms maintain separate databases for know your customer (KYC) and sanctions compliance, which creates a lot of inefficiencies, said Ted Datta, head of the financial crime compliance practice for Europe and Africa at Moody’s Analytics. Businesses “should consider drawing those two streams of information together” in one database, he said.
Beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted, according to the definition from the Financial Action Task Force. It also includes those persons who exercise ultimate effective control over a legal person or arrangement, the FATF said.
In the United States, the Corporate Transparency Act, passed in 2021, defines a beneficial owner as an individual who holds at least a 25 percent stake in the entity’s capital, at least 25 percent of the voting rights, and is a beneficiary of at least 25 percent of the legal entity’s capital.
Earlier this year an Insight article by Teodora Harrop outlined best practices for identifying UBOs, including:
The most efficient UBO investigations require an understanding of your firm’s risk appetite and appropriate technology to automate searches. Here are a few tech suggestions:
'There’s a lot we can learn about offshore companies and the people behind them using legally disclosed public data, if we know where and how to look for that,' said Jessica Abell, vice president of solutions at Sayari, during a Compliance Week webcast on unmasking offshore holdings of Russian oligarchs using public data. Sayari is an information vendor which maintains a database of more than two billion corporate disclosure documents.
'Perpetual monitoring provides notification of a change in UBO without waiting for a customer to notify. That’s really important data to capture. When the UBO changes, the risk changes,' said Datta. 'It’s really going to change landscape.'
'The key is to try to automate sanctions compliance,' said Greene. 'You’re looking for solutions that draw connections between different pieces of information, some of which is very difficult to access, to give you a complete threat picture.'
This article has been republished with permission from Compliance Week, a US-based information service on corporate governance, risk, and compliance. Compliance Week is a sister company to the International Compliance Association. Both organisations are under the umbrella of Wilmington plc. To read more visit www.complianceweek.com
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.