UBO Identification Platforms: Does Your Data Meet FATF Recommendation 10?

FATF Recommendation 10 requires UBO identification data to come from “independent, reliable sources”. Most platforms return an answer. Fewer can tell you where that answer came from, how fresh it is, or whether it would survive regulatory scrutiny. The difference matters more than any speed benchmark. 

KYC Database vs. Live Registry Network: Which Produces FATF-Compliant UBO Data? 

There are two types of UBO identification platforms. 

• KYC database: Providers like Moody's Orbis, Dun & Bradstreet, and Global Database ingest company data from registries and other sources, structure it, and store it. When you query their API, you're querying their copy of the data. 

• Live registry network: Instead of holding a copy, the platform connects directly to the source registry in real time and returns whatever the registry holds at that moment, time and date-stamped at the point of retrieval. 

The crux: Speed and accuracy trade off differently in each model. Anyone who tells you otherwise is selling you something. 

Speed: Why Databases Are Faster, and Why That Matters Less Than You'd Think 

Speed is a big differentiator for low-risk onboarding workflows. 

• A database-backed API: Fast because all the heavy work has already been done. The data has been ingested, parsed, and structured. Your query hits a server and returns a result in milliseconds. 

• A live registry network: It does that work in real time. It reaches the source registry, handles whatever format that registry uses (often unstructured HTML or a PDF), resolves the data, and returns it to you. You're subject to the registry's own uptime and response times, which vary considerably across jurisdictions. 

Databases are (generally) faster. The question is whether the speed difference is operationally significant for your use case.  

For straight-through onboarding flows – entities with simple ownership structures, low risk, and jurisdictions with good refresh rates – it might be. For EDD or periodic review, it almost certainly isn't. 

The Challenges of Registry Dependency 

Registry connections occasionally disrupt. This happened on 25 March 2026, when Kyckr users reported issues connecting to the Australian registry. It was resolved within two hours.  

Scheduled maintenance is a factor, too. But neither should be overstated: Kyckr's API uptime across March 2026 was 99.95%. 

For high-risk customers, that dependency is arguably a feature. A live connection that occasionally waits is still a live connection. A database that returns stale data instantly tells you nothing useful. 

Accuracy: Where the Real Difference Lies 

In Recommendation 10, the FATF is clear that UBO verification must rely on "independent, reliable" sources. They call this “identification data”.  

In their Interpretative Note to Recommendation 10, they go further: UBO identification data must be obtained “from a public register, from the customer, or from other reliable sources.” 

 The important word is independent. A database that aggregates data from multiple commercial providers, or that incorporates customer-disclosed information, is not independent by any reasonable reading of that standard. 

The Importance of National Laws 

Some registry providers claim they can get beneficial ownership information in countries with no central, public UBO register, such as Switzerland. While tempting, this isn’t to be encouraged.  

Regulators would likely probe it. UBO information sourced from a jurisdiction with no central public register is hard to characterise as either 'independent' or 'reliable' under any reasonable reading of the FATF standard. 

From Repositories to Gatekeepers: Registries in 2026 

Registries are independent. And increasingly, they're reliable – far from the stereotype of passive recipients of submissions.

According to Business Registry Insights’ 2024 report on data verification, 72% of registrars cross-check filings against other government databases, either manually or through automated tools.

A registry that actively strikes off non-compliant entities and enforces nominee transparency is providing a materially different quality of data than one that does not.  

Political Independence 

Registry quality varies significantly when it comes to the political independence of the registrar: Singapore and the UK operate very differently from Russia or China, and your compliance framework should reflect that. 

Data Freshness 

There's also the question of data freshness. A database entry sourced from a registry two days ago is not much of a concern. One sourced five months ago, from a secondary aggregator, with no clear audit trail, is a different matter. Freshness and provenance are not the same thing, and both matter. 

Some KYC databases, such as Global Database, Dun and Bradstreet, and Moody’s Orbis, periodically refresh their data sources: some daily, others weekly, others monthly.  

Example: Global Database refreshes its Cayman Islands and Canadian provincial data monthly, while Kyckr returns live structured data in real time. 

This isn’t to say that KYC databases are not useful – far from it. According to its website, Global Database offers incredibly wide coverage for company data, including sales and prospecting data, that a live registry network, such as Kyckr, simply doesn’t offer. 

For lower-risk customers with stable ownership structures, a monthly refresh may be adequate. For high-risk customers, politically exposed persons, or complex multi-jurisdictional structures, it isn't. 

Why Regulators Want Provenance 

Kyckr's analysis of FCA AML enforcement actions found that 68% of fines involved failures linked to outdated, missing, or incomplete data. An API can return an identified UBO. That's not the same as a verified one. 

Auditors and regulators don't just want the answer. They want the evidence trail behind it. Where did this identification come from? What source? How fresh is it? Could it be challenged? 

This is where the database model has a structural weakness that it can't fully overcome. If the underlying sources are a mixture of registry data, third-party commercial data, and customer disclosures, the provenance chain is compromised.  

It may be fast; it may look complete, but it won't hold up to scrutiny the way a live, timestamped primary-source connection will.

The FATF Compliance Question 

One more point that's often missed. 

UBO registers alone are not sufficient for FATF-compliant UBO verification. Take the UK: the PSC register does not capture indirect ownership. Verifying a British company's UBO solely against PSC data will miss structures that route beneficial ownership through intermediaries. A compliant process must use shareholder data and UBO data in combination, working through the ownership chain until a natural person is identified. 

A platform that relies solely on UBO registry data is faster, yes. It is also incomplete. For senior compliance professionals at obliged entities, "faster but incomplete" is not a trade-off worth making.

What to Ask Any Provider 

When evaluating a UBO identification platform, whether a KYC database or a live registry network, these are the questions that will separate a considered answer from a sales pitch: 

• Where, precisely, does your data come from? Ask for a source-by-source breakdown, not a marketing summary. 

• How often is it updated? And how do you know? 

• Can you provide a complete provenance trail for a given UBO identification, audit-ready? 

• For live registry connections specifically, which registries are you directly connected to, and which do you access via a third party? 

• How does your platform handle jurisdictions with weaker registry governance? 

The answers will tell you more than any benchmark comparison. 

Frequently Asked Questions 

Are UBO databases FATF-compliant? 

It depends on how they're used. FATF's Interpretative Note to Recommendation 10 requires identification data to come from a public register, from the customer, or from other reliable sources. A database mixing registry data, third-party commercial data, and customer disclosures produces a provenance chain that is difficult to characterise as independent, particularly under regulatory scrutiny for high-risk customers. For lower-risk entities with stable ownership structures, a well-maintained database may be adequate. For EDD, the provenance question becomes harder to answer. 

How often are UBO platform databases updated? 

It varies by provider and jurisdiction. Some databases refresh certain markets daily, others weekly or monthly. Refresh frequency matters less than provenance. A record updated yesterday from a secondary aggregator with no clear audit trail is not necessarily more reliable than one updated last week directly from a primary registry. Both questions need answers: how fresh, and from where. 

What does FATF Recommendation 10 require for UBO verification? 

Recommendation 10 requires financial institutions to identify and verify beneficial owners as part of customer due diligence. The Interpretative Note is specific: identification data must come from a public register, from the customer, or from other reliable sources. Customer-disclosed data alone is not sufficient. For complex ownership structures, institutions must trace the ownership chain until a natural person is identified. UBO register data without shareholder data will not always get you there.