Managing beneficial ownership information within capital groups.
Recent years have brought an avalanche of changes in terms of both privacy and transparency of business activities in the European Union. On the one hand, GDPR has entered into force and the protection of personal data has been greatly strengthened. On the other hand, under anti-money laundering (AML) laws adopted by the EU member states, companies are now required to be transparent in certain areas, including the obligation to publish information about their beneficial owners. AML laws are no longer a niche regulation, of interest mainly to banks, since they have been extended to include obligations imposed on virtually all corporations, and non-compliance is subject to significant financial penalties and criminal sanctions.
Growing number of “obliged entities”
In 2013, the Financial Action Task Force (FATF) analyzed the descriptions of past money laundering crimes, as provided by the 34 member states of the organization. A report revealed that in about one third of cases, the services of accountants, lawyers, and corporate service providers had been used. The study confirmed that money laundering schemes were often deliberately planned by accounting advisors, and implemented by lawyers who did not probe the goal of the proposed solutions, despite them having little or no logical business legitimacy. This led to stronger recognition that certain professional advisors should join the group of institutions obliged to apply anti-money laundering measures with respect to their clients – known as “obliged entities” in EU nomenclature. Therefore, businesses are now requested to provide information and documents that will enable the assessment of financial crime risks not only when they use or intend to use financial services, but also when cooperating with law firms, external accountants, tax advisors, notaries, estate agents, and various other service providers. These suppliers are responsible for key services; hence, disruptions in these areas are likely to impact the day-to-day operations of many businesses.
Beneficial ownership registers and customer due diligence
Beneficial ownership registers are a relatively new tool for authorities combating financial crime and for “obliged entities”. These registers, often available to the public, contain details of beneficial owners of multiple types of businesses. Such registers are usually maintained under self-disclosure principles, and therefore are based on data internally identified by the reporting entity.
On the other hand, customer due diligence (CDD) is a process that includes, among others, the independent verification of beneficial ownership matters by “obliged entities” whenever new clients are on-boarded, and then periodically thereafter. Obliged entities are often required to compare their findings with the beneficial ownership register data, and to report inconsistencies to the financial intelligence units of local governments.
The increasing number of service providers being labelled “obliged entities” and tasked with the requirement to perform the customer due diligence process will make the procedure more and more common. Entities objecting to CDD will be unable to use key services, pursuant to the “comply or deny” rule that the obliged entities must follow. Whenever obliged entities are unable to fulfil their CDD duties, they must refuse dealings with such client.
In this article, we attempt to explain in an accessible way the basics of the global anti-money laundering (AML) and combating the financing of terrorism (CFT) systems, additional changes to the beneficial ownership regulations to be expected in the near future, and how companies doing a legitimate business can prepare for new challenges to ensure that compliance with the AML regulations does not interfere with their operations.
New forms of financial crime
Financial crime takes multiple forms, the most common of which are the financing of terrorism, money laundering, corruption and bribery, human trafficking and trading in protected animal species. These can have very serious negative implications from a social perspective.
Criminals often use the services of legitimately operating businesses to commit crimes, as the related counteracting systems are insufficient both at the level of individual service providers and in general. Changes to national or international regulations introduced in the last several years have resulted in significant improvements. Currently, thanks to better regulations and the greater awareness and experience of the obliged entities, as well as new technologies, the detection of financial crime activities has improved. Many countries are also doing better in terms of blocking criminals’ access to key services, thanks to the more thorough CDD processes.
However, technological progress has not bypassed the criminal underworld. On the contrary, it has made committing more traditional financial crimes easier, while also providing criminals with the tools to invent new types of crimes and offences.
Financial crime groups are very well organized and motivated. It is estimated that the value of funds derived from financial crime may account for 5 to 7% of global GDP. Given the worldwide scale of this phenomenon, every institution active in the world of finance or providing other key services has a role to play in counteracting financial crime.
The international AML standard
Money laundering can be treated as a distinct category of financial crime. It is mainly geared towards “transforming” funds obtained unlawfully into funds that appear to have been legitimately accumulated, while allowing the criminal to reap the financial benefits from them. One of the most popular methods used by individuals or organizations attempting to launder money is to use the so-called “strawpersons”, in other words people remunerated by criminals for opening a bank account or transferring funds from an illegal source. Another popular method applied by financial criminals is to bypass the reporting thresholds (amounts above which a transaction is automatically reported for analysis by the compliance department), which is known as structuring. It involves splitting a larger transaction into a series of smaller ones. So, instead of a single high-value transfer or payment, several or even several dozen smaller transfers or payments are made, with the value of each transaction being intentionally lower than the reporting threshold. It is typical for structuring that transactions are carried out in a very short interval of time, often one after another. Financial institutions, however, have implemented solutions that enable them to identify such structuring attempts. As a result, virtually all quick and frequent cash flows, especially between private accounts, are treated as suspicious – in particular when the financial institutions are able to identify typical structuring schemes (for example, many individuals transfer funds to the account of one person, or one person transfers funds to many other individuals).
AML regulations implemented by individual jurisdictions to fight money laundering attempts are part of a larger, global puzzle.
In order to ensure the relative compatibility of financial crime prevention systems in various countries, a special intergovernmental organization was established, namely the Financial Action Task Force (the FATF). The organization has developed 40 Recommendations that have become the international standard for counteracting money laundering. The EU AML directives are aimed at adapting EU legislation to the FATF standards.
These standards assume that corporate bodies, such as companies, are merely a vehicle used by natural persons to trade in assets (for example, money or real estate). In a nutshell, this assumption means that at the end of each corporate structure, the natural persons receiving dividends or otherwise controlling these assets – the so-called “beneficial owners” – can be identified. The chain of relations between a company that owns a given asset (such as real estate or cash) and the beneficial owner can be very complicated and can cross national borders, often passing through jurisdictions with a low level of public access to information on ownership. Usually, the complex and highly globalized activities of an organization justify such a structure, but it can occur that such structures are created solely to conceal the beneficial owner and facilitate criminal activity. For example, payments for fictitious services to an entity with a concealed beneficial owner are used as a modern way to pay bribes. The purpose of the AML regulation is, among other things, to detect such structures.
Therefore, according to the FATF recommendations, ultimately companies should be “screened” regularly in terms of information on their beneficial owners from three sides, in the hope that these will hinder the concealment of beneficial ownership:
- “from the inside” – by requiring the legal persons themselves to collect and store information about their beneficial owners, including the collection of information on bearer share holders,
- by governments – by registering information on beneficial owners in corporate registers (according to the FATF standard, each country is free to decide who should have access to such registers), and
- through information collected by obliged entities, as well as beneficial ownership information reported by listed companies.
The obligation for obliged institutions to conduct customer due diligence implements the third method. The creation of the beneficial ownership registers is a way to implement the second method. The need to file information about beneficial owners with the public registers actually forces companies to use the first method.
The gradual elimination of the possibility to anonymously own shares (such as the abolition of bearer shares in an increasing number of jurisdictions) and the adoption of similar standards by more and more countries means that the system is becoming internationally verifiable and increasingly effective.
How to prepare for customer due diligence
Each obliged entity determines internally its requirements for the CDD process and the documents that the customer is required to present to go through this process. These requirements often depend on the type of customer risk (for example, the type, industry or geographical scope of the customer’s business) and the product risk (for example, the type of product the customer uses). The most common documents required by banks in this process are:
- Proof of registration with the government register and articles of association – to verify the name and address (the country of registration may differ from the country of doing business, which may affect the level of risk of cooperation with a given company from the financial institution’s perspective), personal data of members of the management staff (including representatives of the company), business purpose and tax identification details;
- Ownership structure – this is usually evidenced by reliable documentation, for example shareholder registers, with respect to each entity in the ownership chain, to verify the beneficial owners;
- Identity documents of the management staff and beneficial owners of the company and specimen signatures of such persons in order to verify their identity and authenticity of signatures;
- Documents enabling verification of the source of income, both for the company and members of the management staff.
“CDD package” – how to speed up the process
Cooperation with obliged entities can be facilitated by preparing a simple instrument – a document file presenting the group’s corporate structure and complete documentation necessary to ascertain the identity of the beneficial owner. Data and identification documents, especially when legal persons are involved, are typically verified against additional sources (often a simple check of the corporate website can either confirm that the information as shown in the CDD package is correct, or it can raise doubts). Holding comprehensive beneficial ownership documentation can also help minimize the risk of criminal and financial liability for disclosing incorrect data in the beneficial ownership registers.
Corporate groups are often reluctant to provide detailed information on structure to their subsidiaries. This reluctance is even higher for large, family-owned businesses, where the ownership structure tends to reflect very private relations. However, centralized process management within the group makes it possible to maintain control over the scope of disclosures and allows a reasonable balance between the legal requirements and the need to protect privacy and confidentiality. At the same time, the solution allows for smooth CDD processing.
We note that the amount of service providers holding “obliged entity” status has increased, and will likely be increasing in many jurisdictions. Due to the still low awareness of various AML obligations, the CDD process is sometimes not carried out as often or as thoroughly as it should be, but we believe that, as supervisory activities by the state authorities intensify, the process will become the new normal for many categories of services.
Verifying beneficial ownership in the world of advanced technologies
As a matter of practice, we note that international groups often treat beneficial ownership disclosures in terms of “local registrations”, i.e. the tasks are allocated to teams responsible for covering a given market. As a result, it happens that different beneficial owners are identified by sister entities, whether in various jurisdictions or even within the same country. Such outcome is a result of incomplete information on ownership, a misunderstanding of the applicable legal rules, and lack of internal coordination. These practices increase the exposure of companies and the members of their management staff to financial or criminal sanctions for making disclosures that are not true and accurate.
The provisions of the EU’s 5th AML Directive, which are already in force, stipulate that beneficial ownership registers in all EU Member States must be public and linked to one another. The directive also requires that false disclosures of beneficial owners be subject to dissuasive measures or sanctions. A new requirement under the directive is that the obliged institutions must compare the results of their independent CDD studies with the contents of the beneficial ownership registers. Inconsistencies may give rise to verification proceedings on the part of the financial intelligence authorities, and to recognition of increased AML risks on the part of obliged entities.
A growing number of countries use modern IT tools that automatically compare data from beneficial ownership registers with other publicly available data (for example, the value of a shareholding or addresses are compared with the entries in the commercial registers, and information about the place of residence can be compared with the data contained in the resident registration registers, information from land registers, tax and other government databases). More and more modern “data mining” tools are being created, combining information from newer and newer databases. We expect such information to be increasingly exchanged internationally to automatically detect inconsistencies in disclosures regarding beneficial owners.
Automation in the beneficial ownership verification area is most often used to obtain data from official registers and corporate websites. This might be a significant facilitation for both obliged entity analysts and clients; however, additional local procedures are required for these solutions to work (for example, lifting the obligation to verify data on the basis of documents first provided by clients). Looking ahead, in our view significant amount of beneficial ownership data will be maintained in public registers, while the use of blockchain technology will allow for appropriate data sharing.
Given these developments, it will be of vital importance to ensure that the data available in public registers is up-to-date and reliable. Otherwise, obliged entities might expose themselves to great risks by automating data acquisition for AML purposes.
Technology is not everything
Technology can only do as much as we teach it. Relying only on technology, without a person (employee of an obliged entity) who is able to properly analyze the collected data and, most importantly, draw conclusions, is too risky – especially in non-standard or unpredictable situations. Therefore, from an obliged entity’s perspective, it is important to ensure that the employees conducting AML analyses have appropriate and up-to-date knowledge and the time and conditions to perform analyses and draw conclusions. Their role cannot be reduced to aggregating and processing data, as this is something machines can do.
However, the increasing volume of AML processes will likely result in new IT solutions being used on a larger scale. The ideas currently being considered include so-called KYC Utilities, namely a platform where banks (usually from the same regulatory area) can store and process data on joint clients. This very rational and practical idea can unify market practices, where implemented.
Cooperation and the use of shared data is an interesting topic. Despite the significant awareness and understanding of the need for cooperation within a single organization or jurisdiction, obliged entities still do not use common sources of knowledge about their clients. As a result, work already done tends to be duplicated; cost already incurred is doubled; client’s time, already utilized for the same purpose by another institution, is wasted.
Unfortunately, the issue of insufficient cooperation can also be present within a single organization. Sometimes, beneficial ownership data is collected simultaneously during the on-boarding process by an organization’s different departments, which do not exchange data, mainly for technical and procedural reasons. In the last few years, many organizations have implemented projects which aim to improve this process, with the goal of improving the customer experience.