It has never been more important for firms to maintain strong systems to appropriately assess customer risk, and yet, obtaining comprehensive ultimate beneficial ownership information presents a significant challenge for many regulated institutions.
A lack of clear and consistent data and management of cross-jurisdictional inconsistencies, unfortunately, complicates these projects. However, the emergence of new technology means automated solutions are now available, and the prevalence of partnerships with technology providers means compliance with ultimate beneficial ownership requirements can be achieved by financial institutions without the commitment of significant human resource.
An Ultimate Beneficial Owner, or UBO, describes an individual or entity that is the ultimate beneficiary of a company and holds at least a 25% stake in the entity’s capital, at least 25% of the voting rights in the general meeting of shareholders, and, is a beneficiary of at least 25% of the legal entity’s capital. The threshold varies among jurisdictions and regulatory authorities, but the overarching objective of identifying a UBO remains consistent: to prevent the misuse of legal persons or arrangements for money laundering or terrorist financing.
Why is UBO identification essential?
Contextualising the current backdrop to ultimate beneficial ownership, Ian Henderson, CEO of Kyckr, explains that UBO identification amounts to a subset or a component of know your customer (KYC) and anti-money laundering (AML) and has been the cause of significant penalties issued to financial organisations across the globe.
Historically, businesses have not clearly understood their customers’ backgrounds and as a result, bad actors were able to invade those organisations or take over the mantle of individuals. This is then used to facilitate the laundering of money, the financing of terrorism, or indeed fraud.
“With every passing year and new ruse that bad actors come up with, the regulators and organisations try to stamp that threat out. The original targets of a lot of the AML activity were private individuals, but the next era travels into the corporate world, and that's where fintech can assist organisations and other business customers to carry out know your business (KYB), rather than simply KYC.”
Lisa Johansen, Chief Compliance Officer, OpenPayd, explains that identifying and verifying UBOs is an essential and critical component for any financial institution’s anti-money laundering and customer due diligence programme. It is also vital for the mitigation of regulatory, financial and reputational risk.
“Criminals are known to use complex corporate structures to hide their true identities and conceal where their funds have come from or what they are being used for. This means careful and consistent monitoring is key to protecting the business from being used as a vehicle for criminal activity.”
Phil Coole, OakNorth Bank’s MLRO and director, financial crime, states “ultimately if you do not know who the UBOs are, you cannot effectively say that you understand the customer and the risk they present.”
“Understanding who owns, controls, benefits from and provides funding into customers is absolutely key to any FI’s AML programme. UBOs are a cornerstone of many AML laws and so there is a basic legal requirement to obtain this information in the first instance. Notwithstanding this, UBOs often present the key risk within a customer arrangement as these individuals are those who are ultimately benefitting from the relationship with you and are also the individuals who have the power to make decisions.”
The obstacles hindering UBO requirements
Johansen explains that one of the main challenges complicating the management of UBO obligations is that it can often be difficult analysing and understanding complicated corporate structures that use corporate vehicles such as trusts, which are often designed to provide secrecy.
Complex structures with multiple levels of ownership means vast amounts of documentation, all of which need collecting, verifying, and tracking. It only takes a few instances of conflicting or false information across the customer file to delay the onboarding process.
Johansen adds: “For clients, it can also feel like the onboarding process is invasive, especially during the collection of private and confidential information - the source of wealth is particularly difficult. If not properly planned and executed, the onboarding and communication process between compliance, customer-facing teams, and the customer when collecting and verifying information can become so lengthy, it ultimately leads to loss of interest from the customers.”
Even when the process is complete, customers may not be onboarded due to the lack of information provided. During the lifetime of the customer relationship, UBO information must be kept up to date, which also causes operational challenges due to multiple communications and requests from the customer.
Coole adds that there are still challenges presented when utilising vendors to assist with ownership analysis where this extends to tax havens and similarly opaque jurisdictions. “This is not necessarily the fault of vendors but is symptomatic of countries still offering this type of secrecy arrangement as a way of profiting from company formation arrangements.”
How technology can help regulated firms to meet data challenges
A lack of standardised methods for obtaining UBO information can be costly, time-consuming, and prone to human error. While UBO registers are now publicly available in a number of jurisdictions across the globe, the implementation and accessibility of such registers differ, observes Johansen. Additionally, data is often not standardised and is varied across jurisdictions.
This dearth of data coupled with linguistic differences and poorly built and unresponsive platforms means that “the process of sourcing data becomes a lengthy and expensive task. Technology may be able to streamline these discrepancies and make the process of collecting UBO data more user friendly,” outlines Johansen.
Banks have historically been forced to dedicate significant resource to uncovering ultimate beneficial owners. LexisNexis Risk Solutions reports that European banks median time of 36 hours to conduct customer due diligence (which includes UBO checks) on domestic large or foreign SME & corporates. This is a significant manual effort which typically manifests in the diversion of human resource away from value-generating aspects of the business toward compliance.
The challenge around this paucity of information is echoed by Henderson, who believes that the ability to leverage technology to assist in compiling and analysing data in an automated way will evolve in iterations – rather than as a revolution per se.
Henderson states that “this notion of evolving from 80% human process and 20% machine process, to 10% human process and 90% machine process will be the journey. Also, I think this journey will accelerate on the back of banks’ digital transformation programs. 2021-2022 will be the period where you start to see a much more significant uptake of automated solutions, partly as a result of better data being implemented by national organisations.”
For Coole, while a UBO strategy must be “modern”, it does need to meet basic regulatory and legal principles, and it needs to operate practically. As regulations and the law do not cover all circumstances, he notes that there must be an implementation of commerciality and common sense. It is paramount that this type of approach is also audited correctly, and decisions made around UBO analysis are robust.
He furthers that strategies which include technology are helpful – even essential for larger firms with significant through-flow of customers – however, he does not advocate implementing technology just for technology’s sake. It is vital to understand the tech and what it offers, as well as what it cannot.
“Tech certainly helps with speed and can form UBO analysis much quicker than a human could, as well as being able to draw complex structure charts and even such things as flag links with prospective and existing customers and other helpful CDD steps. For banks with limited resources, systems may assist with obtaining UBOs from global company registries, particularly where knowledge of these registries (i.e. going to source yourself) is low.”
However, Coole elaborates that tech cannot tell you if the information the registries are providing you with is true and correct, and there may be limitation in their ability to verify sources, to only use credible sources and ultimately to ensure the veracity of data.
“Some of the better vendors in this space can do parts of this and do it very well but again, firms need to be wary of whether streamlining still provides robust risk mitigation.”
Managing jurisdictional divergences
Jurisdictional inconsistencies further complicate these situations as UBO regulations and reporting requirements tend to vary from country to country.
The best way for financial institutions to manage differences when operating across jurisdictions, Johansen explains, is to ensure they have a competent regulatory team in place. This team should be kept abreast of the ever-changing regulatory changes in this field and this is reflected in compliance policy.
In the European Union, these are legislated under the 6th Anti-Money Laundering Directive, which came into effect for all EU member states on the 3rd December 2020, and must be implemented by the 3 June 2021. “Many non-EU counties have also publicly committed towards UBO transparency. Post-Brexit, it is also expected that the UK will not deviate much from the requirements stipulated under the EU directives,” Johansen elaborates.
The key to managing jurisdictional discrepancies is to have an understanding of the differences, particularly when operating across multiple jurisdictions, believes Coole, and having regulatory-focused staff who have cross-border remits will assist in facilitating this knowledge sharing.
Coole furthers that “front line business people who operate in global markets should also have some awareness of this so that it can be communicated effectively to customers and minimise disruption or complaints. Regular training on the differences and an understanding of the horizon picture (such as what is changing in the future) will also assist.”
According to Henderson, there are two branches to the challenge of managing UBO requirements across multiple jurisdictions. First, regulation surrounding UBO may involve engagement with an ownership tree that extends beyond the domestic jurisdiction, meaning that information on beneficial owners in different countries may be required.
Second, despite relative consistency with UBO regulations, international financial organisations are obliged to comply with multiple sets of regulations when, for example, the threshold for what constitutes a beneficial owner is 10% or 20% compared to the UK’s benchmark of 25%.
On the latter point, Henderson notes that financial organisations will often adopt the highest “watermark” and apply this at a global level rather than customising for each varied jurisdiction. This is also attractive to single-market organisations who work with international clients and seek to avoid confusion or risk non-compliance.
Further, this approach can be leveraged by banks seeking to reinforce their reputation as embracing the most rigorous standards of UBO obligations on a global level.
The bottom-line impact of poor UBO strategy
Inadequate or the absence of robust UBO due diligence to prevent money laundering and terrorist financing exposes a financial institution to serious risks to their reputation, operations, finances, strategy and compliance.
Coole explains that most financial crime-related fines that are focused on systems and controls failings invariably have issues with UBO analysis, and firms not understanding their customers as a result (and missing some fairly major financial crime red flags as a result).
“Firms should not be onboarding customers where they do not understand its ownership, and so failings in this area are, quite rightly, taken really seriously by the regulator. Consequences through fines, reputational damage, resource impact or impact on the way in which you do business can be really debilitating and all have been seen in true-life examples and we’re still seeing the same issues in 2021.”
Johansen explains that this is because financial institutions may find themselves inadvertently processing funds that originate from illicit activity and paying a high cost for it: “the bottom line is that the cost of compliance is far cheaper than non-compliance.”
Johansen furthers that “modernising the UBO strategy is an important step in accelerating and harmonising the onboarding process. Effective compliance software and tools, that can accurately and quickly verify the UBO not only help to reinforce an institution’s compliance regime, but goes hand in hand with making the customer journey more frictionless, seamless and secure.”
Identifying the upside: The business case for strong UBO compliance
Rapid onboarding, strengthened customer relationships, and reduced costs in terms of human resources are just a handful of benefits that Johansen believes act as a result of improved UBO management.
“Improving the process can lead to improved efficiency and a reduction in errors, which in turn decreases risk, including reputational, operational, regulatory, financial and strategic risks, and the likelihood of enforcement action.”
Johansen observes that as the world becomes more globalised and adopts more hybrid ways of working, virtual verification and communication with UBOs, directors and company representatives should be at the heart of every financial institution’s digital transformation journey.
There are multiple ways that a financial institution can build stronger UBO compliance into their digital transformation journey such as investing in compliance tools and automating the verification of its UBOs. This will help speed up and enhance the compliance program and promote a successful digital transformation journey.
For Henderson, the fundamental USP for investing in a strong UBO framework is that of the ability to automate. Accurate data is difficult to locate, and to then leverage this data in an effective way requires a vast amount of human resource. “As this data is readily automatable with modern digital extraction techniques such as optical character recognition, AI, machine learning, there is no need for this human-heavy cost to continue.
“The heavy lifting will be done much more efficiently and securely through automation.”
Vitally, these tools allow financial organisations to more effectively understand and implement regulatory obligations, helping to strengthen the security and therefore resilience of financial services across the board.
Coole sees effective UBO management as a means to better understand customers and more effectively meet legal and regulatory expectations. Also, it better protects the institution from bad actors and, as a result, better protects the institution’s home economy from facilitating financial crime.
“There’s a flip side where better understanding your customers more generally can result in increased lead generation from a business perspective if you’re able to properly utilise the data on who you’re exposed to.”
Partnering with FinTechs to take advantage of expertise
For financial institutions, it is becoming increasingly attractive to partner with specialised compliance technology providers to leverage these tools and solutions.
Coole recognises that building a complete UBO solution into a digital front end is incredibly challenging given the different types of ownership complexity there can be – for instance, tech cannot currently solve ownership via trusts.
“That said, there’s certainly scope for simpler products and journeys to be enhanced by hooking up onboarding platforms and front-ends to APIs into, e.g. Companies House or an external vendor, which can automatically start providing the data back to the customer to confirm. Or those checks could be done in the background for more simple corporates and help to provide “straight through” journeys for those relationships.”
He qualifies that firms must understand, though, the limitations of automating UBO analysis – what structures can it do fully and which can’t, how to cater for fall out, and how to interact with the customer during this journey.
Multiple information sources are needed in order to fully comply with financial compliance obligations. Henderson notes that “banks must undertake KYB, KYC, they must monitor for appearances on sanctions lists, adverse media screening, know your supplier regulations call for compliance around human trafficking and modern slavery – the list is extensive.”
As a result, financial services has seen a growth in client lifetime management systems and broader KYC systems aggregation capabilities to bring all of these information sources together and accessible through a single point – often a single API into the financial organisation.
Henderson argues that not only do partnerships tend to offer a more efficient way for banks to comply with UBO regulations, but as many individual micro-organisations feed data into the technology provider’s platform or solution, every institution involved in the chain is going to gain a stronger, more detailed picture of their financial crime compliance.