When we audit corporate onboarding processes for our clients, there is one point of failure we find more often than any other: Ultimate Beneficial Ownership (UBO) verification. The firm has verified the company's registration. They have confirmed the directors. They have checked the company against sanctions lists. And then, for the beneficial ownership question, they have accepted whatever the customer told them.
Self-declared beneficial ownership is not verification. It is data collection. And the gap between the two is where some of the most serious AML risks hide.
Why UBO verification matters more than most KYB checks
The purpose of identifying and verifying beneficial owners is to understand who ultimately controls and profits from a business relationship. This is fundamental to assessing money laundering risk because the individuals who control a company are the ones who determine how it is used. A company can have a clean registration, legitimate directors, and a genuine business purpose, and still be controlled by someone who should not be in the financial system.
FATF Recommendation 24 requires countries to ensure that beneficial ownership information is available and that competent authorities can access it. The EU's AML Package goes further, mandating central beneficial ownership registers with data quality requirements. But the regulatory requirement is not just to collect beneficial ownership information. It is to verify it. And verification requires independent corroboration, not just a form filled in by the customer.
In the UK, Companies House reform (under the Economic Crime and Corporate Transparency Act 2023) is moving towards verified beneficial ownership data, but the transition is still underway. Until then, Companies House data is essentially self-reported by the company, which means using it as your sole source of UBO verification is not actually independent verification at all.
The verification gap in practice
Here is what a typical corporate onboarding process looks like at most financial institutions.
graph TD A["Step 1: Company registration verified"] --> B["Step 2: Directors identified and screened"] B --> C["Step 3: Beneficial ownership declaration provided"] C --> D["Step 4: Declared owners screened"] D --> E["Step 5: Customer accepted"] C --> F["GAP: Declaration not independently verified"] F --> E style F fill:#fff3cd
The gap is in Step 3. The beneficial ownership declaration is provided by the customer and, in most cases, not independently verified against any external source. The compliance team screens the declared names, but they do not verify that the declared names are actually the beneficial owners.
"We had a corporate customer where the beneficial ownership declaration listed two individuals, each with 50% ownership. When we eventually did an independent verification (triggered by a separate investigation), we discovered a third individual who held effective control through a nominee arrangement that was not disclosed. The customer had passed all our onboarding checks. The declaration was simply incomplete."
Why self-declaration is unreliable
There are several reasons why self-declared beneficial ownership is unreliable, and they are not all about deliberate concealment.
| Risk factor | Why it undermines verification | Real-world example |
|---|---|---|
| Complex structures | Beneficial owner sits behind multiple layers. The declarant may not know who the ultimate owner is. | Company held through three offshore entities across three jurisdictions. Declarant lists the immediate parent company, not the ultimate controlling individual. |
| Nominee arrangements | Registered shareholder holds shares on behalf of actual owner. Declaration lists the nominee, not the beneficial owner. | Shares registered to Company A (the nominee). Actual beneficial owner is Company B. Declaration lists Company A as owner. |
| Trust structures | Trust deeds are not public. Identifying the beneficial owner requires documentation not available in any registry. | Company held through a family trust. Beneficiary information is private. Declarant lists the trustee instead. |
| Deliberate concealment | Customer intentionally misrepresents beneficial ownership to hide involvement. Self-declaration cannot detect this by design. | True beneficial owner has sanctions history. Declaration lists unrelated individual to evade detection. |
How to close the gap
Closing the UBO verification gap requires a multi-source approach. No single data source provides complete beneficial ownership information for all jurisdictions and entity types. But combining multiple sources significantly reduces the risk of relying on unverified self-declarations.
Company registry data. Start with the relevant company registry. In the UK, Companies House Persons with Significant Control (PSC) data provides a starting point, though it is self-reported. In the EU, beneficial ownership registers (where operational) provide another data point. Cross-reference the customer's declaration against registry data and investigate any discrepancies.
Corporate structure data providers. Commercial providers offer corporate structure data that maps ownership chains across jurisdictions. These providers aggregate registry data from multiple countries and can identify intermediate entities that sit between the company and its ultimate beneficial owner. The coverage and depth vary by provider and jurisdiction, but they provide independent corroboration that self-declaration alone cannot.
Shareholder register verification. For companies where shareholder information is available (either from the company itself or from registry filings), compare the shareholder register against the beneficial ownership declaration. Discrepancies (shareholders listed on the register but not on the declaration, or vice versa) should trigger further investigation.
Document verification. For higher-risk corporate relationships, request supporting documentation: share certificates, trust deeds, partnership agreements, or constitutional documents. Verify that these documents are consistent with the declared beneficial ownership. This is more resource-intensive, but for high-risk cases, the additional assurance is necessary.
"We started cross-referencing UBO declarations against three independent data sources. In the first month, we found discrepancies in 18% of our corporate applications. Most were innocent (outdated information, rounding differences in ownership percentages). But three cases were material misrepresentations that we would not have caught otherwise."
The multi-jurisdictional challenge
UBO verification is difficult enough in a single jurisdiction. When corporate structures span multiple countries, the challenge compounds. Ownership data availability, format, and reliability vary enormously across jurisdictions. Some countries have comprehensive, accessible corporate registries. Others have registries that are incomplete, outdated, or effectively inaccessible to foreign firms.
| Jurisdiction type | Data availability | Verification approach |
|---|---|---|
| Tier 1 (comprehensive registries) | Public, real-time, digitised beneficial ownership data | Automated cross-reference against registry. Lower false-positive rate. |
| Tier 2 (partial registries) | Public registry data, but incomplete or outdated | Cross-reference multiple sources. Manual review for complex structures. |
| Tier 3 (limited registries) | Limited public data. Inaccessible or unreliable registries | Enhanced measures: legal opinions, document requests, service restrictions until verified. |
The EU's beneficial ownership register interconnection (BORIS) is intended to address this for EU member states, allowing cross-border access to beneficial ownership data. But the implementation timeline and data quality standards are still evolving. In the meantime, compliance teams dealing with multi-jurisdictional structures need to accept that verification will be partial in some cases and build their risk assessments accordingly.
For high-risk structures involving jurisdictions with limited data availability, the risk-based approach may require enhanced measures: more detailed documentation requests, independent legal opinions on the ownership structure, or restrictions on the types of services offered until beneficial ownership can be adequately verified.
Automating UBO verification
Manual UBO verification is thorough but slow. Tracing ownership chains through multiple jurisdictions, cross-referencing against multiple data sources, and investigating discrepancies can take hours per corporate customer. For firms onboarding significant volumes of corporate customers, manual verification does not scale.
Automated UBO verification tools can reduce this burden significantly. These tools pull corporate structure data from multiple registries and commercial providers, automatically trace ownership chains, identify beneficial owners based on configurable thresholds, and flag discrepancies between declared and discovered beneficial ownership.
The automation is not perfect. Complex structures (particularly those involving trusts, foundations, or entities in jurisdictions with limited registry data) still require human analysis. But automation handles the straightforward cases efficiently, freeing your compliance team to focus on the complex ones.
An orchestrated approach, where UBO verification draws on multiple data providers through a single integration, provides the best combination of coverage, accuracy, and efficiency. Different providers have strengths in different jurisdictions and entity types. Routing verification queries to the best provider for each specific case produces better results than relying on any single source.
Key takeaways
- Self-declared beneficial ownership is not verification. Independent corroboration against multiple data sources is required to meet FATF Recommendation 24 and regulatory expectations.
- Complex structures, nominees, trusts, and deliberate concealment are all reasons why a single data source cannot close the UBO verification gap.
- A multi-source approach combining company registries, corporate structure data providers, shareholder registers, and document verification significantly reduces AML risk.
- Multi-jurisdictional verification requires tiered strategies: automated cross-reference for strong jurisdictions, manual review and enhanced measures for weak or inaccessible registries.
- Automation handles straightforward cases at scale, but complex ownership chains still require human analysis to identify the true beneficial owner.
