What is an Ultimate Beneficial Owner?
The Ultimate Beneficial Owner (UBO) of a company is any individual that has greater than 25% of that company’s shares or voting rights.
Why do Insurance firms need to know UBOs?
Criminals have long used complex corporate structures to defy the law and carry out criminal money laundering activity. Compliance laws including UBO screening have been implemented to deliver complete transparency in commercial due diligence processes.
Insurance firms need to have a robust, risk-based and auditable process that can identify who exercises ultimate effective control over companies with whom they trade.
UBOs need to be screened by insurance firms (including checking for Sanctions and Politically Exposed Persons) as per requirements set by the 5th Anti-Money Laundering Directive (MLD5) and the FCA.
Screening UK Companies
MLD5 has, amongst other things, made some UBO registers publicly available to promote transparency of ultimate beneficial ownership data, with the objective to combat further financial crime.
The good news is that for UK companies, the UBO is usually listed by Companies House as a Person with Significant Control (PSC), which means that many of the obligations specified in MLD5 can be met by screening PSCs. However, the reliability of PSC registers has long been questioned given the information is submitted and declared by the company itself and not actually verified independently. Relying on registers solely cannot be seen as a robust screening process.
Screening Companies Overseas
The challenge with identifying and screening a UBO overseas is that even the most sophisticated data mining systems can only mine data that exists, which is a challenge as many territories simply do not publish enough information.
Whilst MLD5 insists that all countries have introduced registers for Companies by January 2020 and by March 2020 for trusts, some nations have created their own registers meaning screening often involves collecting data from multiple sources, with little consistency and indeterminate accuracy. Whilst it is hoped national registers will become inter-connected via the European Central Platform by March 2021 firms are struggling to meet their obligations right now.
MLD5 requires that where a beneficial owner cannot be identified, firms must verify the identity of the senior person in the body corporate and keep written records of these actions. Previously, the requirement was just to keep a written record of all the actions taken to identify the beneficial owner and a provision that a firm may treat the senior person responsible as the beneficial owner.
Under MLD5, firms must (as part of their CDD when entering into a new relationship with a company, trust or other legal entity that is subject to beneficial ownership registration requirements) collect proof of registration or an excerpt of the register. The registers were introduced under MLD4 and currently firms can use the information provided to the register as part of their CDD processes but must not exclusively rely on them.
REG Tech solutions
Essentially, due to the complexities of register reporting, the lack of centralised data pools and the sporadic availability of information, relying solely on machine produced data to identify and validate UBOs is not fool proof.
However, Regtech solutions do enable a business to accurately source high volumes of data and carry out automated screening in seconds, allowing compliance professionals to properly manage a risk assessed UBO screening policy in situations where certainty is harder to achieve. Critically, recording actions and storing screening data and investigation activities, with appropriate review frequencies set and followed, underpins a robust approach in an environment where absolute certainty in all cases is impossible.
4 Steps of UBO Screening
Step 1. Identify
Determining and checking the UBO identity are key elements of the screening. This check can be automated where reliable data exists, or may be risk based. This means you may make a personal estimate of the risk of a business relationship or transaction being part of money laundering or terrorism financing systems.
Step 2. Check
Once you have detected the identity, you should screen the UBO to estimate the risk. For example, is the UBO in PEP lists, inspection lists or sanction lists, or does it have negative publicity? This could include the EU Freeze list, OFAC and the AFM Alert list. A Regtech solution highly automates this process and can continue to monitor the UBO for future changes and increases in risk.
Step 3. Risk Estimate
Use objective indicators to class your relationships into various risk categories, ranging from low to high. The nature and scale of the screening may be adjusted to this risk assessment. The lower the risk, the less effort you need to make to reduce this risk.
Step 4. Relate and Record
It is important to assess your relationships in a uniform and efficient way and file the ensuing information consistently. The identification data must be filed and updated for at least 5 years. A secure REGTech solution will provide the tools and utilities for your to achieve, manage and be able to evidence a robust UBO governance regime.
Note: For companies registered as listed, there isn’t yet a requirement to identify the UBO as they are exempt from registering their information under the UBO register (e.g. for BP, you would never need to identify the UBO as part of the AML directive as they are listed on the London Stock Exchange).