Why UBO Identification Is the Hardest Part of KYC
Ask any compliance officer what keeps them up at night. The answer is rarely sanctions screening or document verification. Those are solved problems—challenging, yes, but with well-established processes and mature technology. The answer is almost always beneficial ownership.
Identifying the natural persons who ultimately own or control a legal entity sounds straightforward. In practice, it is the single most complex, time-consuming, and error-prone element of the entire KYC process. It is also the element where regulatory expectations are rising fastest and where enforcement actions are most severe.
The reasons are structural. Corporate law in most jurisdictions allows layered ownership. A company can own another company, which owns another company, which is held by a trust, whose beneficiaries are individuals in three different countries. Each layer is legal. Each layer is documented somewhere. But piercing through all of them to reach the natural persons at the top requires navigating multiple jurisdictions, multiple registries, multiple document types, and multiple legal frameworks simultaneously. It is detective work that demands both legal expertise and technological capability.
For property funds, venture capital firms, and real estate professionals, UBO identification is not optional. It is a core regulatory requirement under both EU and US law. Getting it wrong means regulatory penalties, reputational damage, and potential criminal liability. Getting it right means a compliance program that withstands scrutiny and a business that can confidently accept investment from complex structures without undue delay.
This guide provides a practical, operational approach to UBO identification—from understanding the regulatory framework to piercing common corporate structures, to leveraging AI for what manual processes cannot achieve at scale.
Part 1: The Regulatory Framework
EU Requirements
The EU's approach to beneficial ownership has evolved significantly through successive Anti-Money Laundering Directives and now the AMLR package, which represents the most significant tightening of UBO requirements in a generation.
Under the current framework, a beneficial owner is defined as any natural person who ultimately owns or controls a customer entity. The ownership threshold is generally 25 percent, meaning any individual who directly or indirectly holds more than 25 percent of the shares or voting rights is considered a beneficial owner. Additionally, any person who exercises control through other means—regardless of ownership percentage—must be identified. This dual test of ownership and control is critical and frequently misunderstood: firms that only check shareholding percentages are missing half the requirement.
The AMLR package (2024-2026) strengthens these requirements significantly. It introduces directly applicable rules across all EU member states, eliminating the transposition variations that have plagued the directive-based approach for decades. Where previously Germany might interpret "beneficial owner" slightly differently than Luxembourg, the AMLR imposes a single definition. Enhanced verification requirements mean firms cannot rely solely on customer declarations but must verify beneficial ownership through independent sources. Beneficial ownership registers, while subject to privacy restrictions following the CJEU ruling in late 2022 that struck down public access, remain a key verification tool for obliged entities with legitimate interest.
Key obligations under the EU framework include identifying all beneficial owners above the threshold, verifying their identities through reliable and independent sources (not just self-declaration forms), understanding the ownership and control structure of the entity in its entirety including intermediate layers, documenting the steps taken to identify beneficial owners including any difficulties encountered and how they were resolved, and keeping beneficial ownership information up to date through ongoing monitoring rather than point-in-time checks.
The penalties for non-compliance are escalating across the EU. Fines can reach into the millions of euros, and individual compliance officers can face personal liability. The regulatory message is clear: UBO identification is not a paperwork exercise—it is a substantive investigation that must be conducted with genuine rigor.
US Requirements
The United States has historically lagged behind Europe on beneficial ownership transparency, but the Corporate Transparency Act (CTA) has changed the landscape fundamentally. The US is now converging rapidly toward European standards, and in some respects may soon exceed them.
The CTA requires most legal entities formed in or doing business in the US to report beneficial ownership information to FinCEN. Beneficial owners are defined as individuals who exercise substantial control over the entity or who own or control at least 25 percent of the ownership interests. The reporting requirements are extensive, covering millions of entities that previously had no beneficial ownership disclosure obligations whatsoever. This represents the most significant expansion of AML transparency requirements in US history.
For investment funds, the regulatory trajectory is equally clear. The proposed Investment Adviser AML Rule would extend BSA requirements to investment advisers, including fund managers. This would require customer identification programs, SAR filing obligations, and AML compliance programs that include beneficial ownership identification as a core component. While the rule has not yet been finalized, the direction is unmistakable.
Additionally, FinCEN's Geographic Targeting Orders require title insurance companies to identify the natural persons behind shell companies in certain all-cash real estate transactions. This has been a significant tool in combating money laundering through US real estate, and the covered metropolitan areas have expanded steadily since the program's inception. The message to the real estate industry is clear: anonymous purchases through shell companies are increasingly untenable.
The direction is unmistakable: the US is moving rapidly toward EU-level beneficial ownership transparency requirements. Firms that build robust UBO identification capabilities now will be well-positioned for the regulatory trajectory, rather than scrambling to catch up when new rules take effect. Building compliance infrastructure ahead of regulatory requirements is always cheaper and less disruptive than retrofitting it under deadline pressure.
Part 2: Common Corporate Structures and How to Pierce Them
Simple Layered Ownership
The most basic structure involves one or more intermediate holding companies between the beneficial owner and the operating entity or investment. These structures are ubiquitous in international finance for legitimate tax, legal, and operational reasons.
A typical example: Individual A owns 100 percent of Company X (registered in the Netherlands), which owns 100 percent of Company Y (registered in Luxembourg), which makes an investment in your fund. The structure may exist for legitimate reasons—tax treaty access, liability compartmentalization, or regulatory requirements—but the compliance obligation remains unchanged: identify the natural person at the top.
Piercing this structure requires identifying Company Y as the direct investor, determining that Company X owns Company Y (via the Luxembourg commercial register or shareholder register), determining that Individual A owns Company X (via the Dutch commercial register or KVK extract), and verifying Individual A's identity through appropriate documentation.
This is relatively straightforward when all entities are in jurisdictions with accessible registries. The Netherlands and Luxembourg both maintain registries that can be queried by obliged entities. The challenge increases when registries are not publicly accessible, when nominee shareholders are used to obscure true ownership, or when the chain crosses into opaque jurisdictions where corporate transparency is limited by design.
Best practice: always request a complete ownership chart from the investor upfront, then independently verify each link in the chain. Never rely solely on the investor's self-declaration. The self-declaration is a starting point for your investigation, not the conclusion. Where you can verify independently, do so. Where you cannot, document why and what alternative steps you took.
Trust Structures
Trusts present unique UBO identification challenges because they do not have owners in the traditional sense. A trust is not a legal entity—it is a legal relationship. A trust has a settlor (who created it and transferred assets into it), trustees (who manage the assets according to the trust deed), beneficiaries (who benefit from the trust), and potentially a protector (who oversees the trustees and may have power to amend the trust terms).
Under EU AML rules, all of these roles must be identified as beneficial owners of the trust. This means that a trust with a single settlor, two trustees, and four beneficiaries could have seven individuals who must be identified and verified. Each of these individuals may reside in a different jurisdiction, presenting different document types and different risk profiles. The compliance burden is significantly higher than for a simple corporate investor.
The challenges multiply when trusts are discretionary, meaning the beneficiaries are not fixed but determined at the trustee's discretion based on criteria set out in the trust deed. In such cases, the class of potential beneficiaries must be identified even if specific distributions have not been made. A discretionary trust for "the children and grandchildren of the settlor" requires you to identify all individuals who fall within that class—a task that may involve genealogical research as much as corporate investigation. For large families, this can mean dozens of individuals.
Trust structures commonly appear in wealth management contexts, particularly with family offices and high-net-worth individuals from common law jurisdictions. A family trust in Jersey holding investments across multiple funds is a standard arrangement for multigenerational wealth management. The compliance team must understand trust law sufficiently to identify all relevant persons and apply appropriate due diligence to each. This is an area where many compliance teams lack expertise, and where errors are common.
Practical approach: request the trust deed or a summary of trust terms (recognizing that the full deed may be subject to confidentiality), identify all parties to the trust (settlor, trustees, beneficiaries, protector), verify the identities of all identified parties through appropriate documentation, assess whether any parties are PEPs in their respective jurisdictions, screen all identified parties against applicable sanctions lists, and document the trust structure and your verification steps comprehensively.
Nominee Arrangements
Nominee shareholders and nominee directors are legal arrangements where one person holds shares or a directorship on behalf of another. They are common in certain jurisdictions, particularly offshore financial centers where nominee services are a significant industry.
The nominee appears on the company register. The true owner does not. This is precisely the opacity that AML regulations aim to penetrate, and it is one of the most common mechanisms used to obscure beneficial ownership. It is important to understand that nominee arrangements are not inherently illegal—they serve legitimate purposes in many contexts—but they create transparency challenges that compliance teams must address.
Identifying nominees requires looking for several indicators. The same individual appearing as a director or shareholder across multiple unrelated companies is a strong signal that they are a professional nominee rather than a genuine owner. Professional nominee service providers—whose names compliance teams should learn to recognize—are another red flag. Corporate service providers in certain jurisdictions routinely offer nominee services, and their names appear across hundreds of company registrations. Declarations of trust or nominee agreements should be requested when nominee arrangements are suspected or when the jurisdiction makes them likely. And jurisdictions where nominee arrangements are common practice should trigger automatic additional scrutiny.
When a nominee arrangement is identified, the compliance team must look through the nominee to identify and verify the person on whose behalf the nominee acts. This requires requesting the nominee agreement or declaration of trust, identifying the beneficial owner behind the nominee, verifying the beneficial owner's identity through appropriate documentation, and documenting the nominee arrangement and the steps taken to identify the true owner. The documentation should clearly show that you identified the arrangement and took appropriate steps—not that you accepted the nominee at face value.
Regulators have zero tolerance for accepting nominees at face value. If your KYC stops at the registered shareholder without investigating whether a nominee arrangement exists, your compliance program has a critical gap that will not survive regulatory examination. Supervisors specifically test for this in their inspections.
Complex Multi-Jurisdictional Structures
The most challenging structures combine multiple layers, multiple jurisdictions, and multiple entity types into arrangements that require significant effort to penetrate.
A real-world example: An individual in Country A establishes a trust in Country B. The trust holds shares in a holding company in Country C. That holding company owns a subsidiary in Country D, which owns a special purpose vehicle in Country E, which invests in your fund in Country F. Six jurisdictions, four entity types, and a trust—all of which must be unwound to identify the natural person at the top.
Piercing this structure requires navigating five jurisdictions with different registry systems, multiple entity types (trust, holding companies, SPV) with different documentation requirements, and varying levels of registry transparency. It may take days of manual work by experienced compliance professionals, or it may take AI-powered analysis minutes.
Red flags that suggest deliberate opacity rather than legitimate complexity include unnecessarily complex structures for the stated investment purpose (a €50,000 investment through a five-layer structure raises questions), jurisdictions chosen for secrecy rather than legitimate business reasons (why is a holding company in a jurisdiction with no connection to either the investor or the investment?), frequent restructuring or changes to the ownership chain, reluctance to provide ownership information or documentation, and structures where the economic rationale does not match the complexity.
The principle is proportionality: legitimate international investment structures can be complex for valid tax, legal, and operational reasons. A multinational family with assets across multiple jurisdictions may genuinely need a multi-layered holding structure for tax efficiency and succession planning. The compliance question is whether the complexity is proportionate to the stated purpose and whether transparency is achievable through reasonable verification efforts. Where the answer to either question is no, enhanced scrutiny is warranted and should be thoroughly documented.
Part 3: Tools and Techniques for UBO Identification
Registry Access and Integration
Beneficial ownership registers are the primary verification source in many jurisdictions. Effective UBO identification requires systematic access to these registries—not ad hoc manual searches conducted when a compliance officer has time.
In Europe, most member states maintain beneficial ownership registers, though access rules vary significantly. Some registries offer API access, enabling automated verification that integrates directly with your compliance workflow. Others require manual searches through web portals with varying degrees of usability and data quality. A few still require formal written requests with processing times measured in weeks rather than seconds.
Key European registries include the UK's Companies House and Persons with Significant Control register (public, API available, generally well-maintained and frequently updated), Luxembourg's Registre des Bénéficiaires Effectifs (accessible to obliged entities with demonstrated legitimate interest), the Netherlands KVK register (public for company information, restricted for UBO data following privacy concerns), Germany's Transparenzregister (accessible to obliged entities with legitimate interest), and France's Registre des Bénéficiaires Effectifs (accessible to obliged entities through the INPI platform). Each registry has different data formats, different access mechanisms, and different update frequencies.
For non-European jurisdictions, registry access is more variable. The US FinCEN beneficial ownership database is accessible to financial institutions and certain other entities under the CTA framework, representing a major new data source. Many offshore jurisdictions have limited or no public registries, requiring reliance on other verification methods such as certified corporate documents, legal opinions, and direct engagement with the investor.
AI-powered compliance platforms can integrate with multiple registries simultaneously, automating the verification process across jurisdictions. Instead of a compliance officer manually searching each registry in sequence, the system queries all relevant registries based on the ownership chain and returns consolidated results—flagging discrepancies between registries, missing information, and potential concerns for human review. This transforms UBO verification from a multi-day manual process to a matter of minutes.
AI-Powered Structure Analysis
Modern AI systems bring several capabilities to UBO identification that manual processes simply cannot match at scale. These capabilities are not luxury features—they are increasingly essential for organizations dealing with complex international structures.
Graph-based entity resolution maps relationships between entities and individuals across multiple data sources simultaneously. When your system processes a new investor, it does not just look at the declared ownership structure in isolation. It cross-references against corporate registries, sanctions databases, PEP lists, adverse media, and its own historical data to build a complete picture. Connections that would be invisible to a compliance officer reviewing a single file become apparent when the entire network is mapped. A shared director between two apparently unrelated companies, a beneficial owner who appears in multiple structures, or an address associated with known shell company activity—all of these become visible through graph analysis.
Anomaly detection identifies structures that deviate from normal patterns. If most investors in a particular fund segment have two or three layers of ownership, a structure with seven layers triggers automated scrutiny. If ownership percentages are structured to stay just below the 25 percent threshold—such as four shareholders each holding 24.9 percent—the system flags this as potential threshold avoidance that warrants investigation. These patterns are difficult for human analysts to spot across a large client base but are straightforward for AI systems.
Document analysis uses natural language processing to extract ownership information from unstructured documents such as articles of association, shareholder agreements, and trust deeds in multiple languages. Rather than a compliance officer reading a 50-page document in a foreign language to find ownership clauses, AI extracts the relevant information in seconds, presenting it in a structured format for review and verification.
Continuous monitoring tracks changes in ownership structures over time. When a company in the ownership chain changes directors, issues new shares, modifies its articles of association, or files updated information with a registry, the system alerts the compliance team to reassess the UBO determination. This transforms UBO identification from a point-in-time exercise to an ongoing process that keeps pace with real-world changes—which is exactly what regulators expect.
Part 4: Common Failures and How to Avoid Them
Failure 1: Accepting Self-Declaration Without Verification
The most common UBO identification failure is accepting the investor's self-declaration of beneficial ownership without independent verification. It is also the failure most likely to result in regulatory criticism, because it is easy for supervisors to detect during inspections.
A self-declaration form is a starting point, not an endpoint. Regulators explicitly require verification through reliable, independent sources. If your UBO identification process consists of sending a form, receiving it back, and filing it, your program is deficient—regardless of how well-designed the form is or how detailed the information provided.
The fix: treat every self-declaration as a claim to be verified. Cross-reference against registries, request supporting documentation such as shareholder registers and certificates of incorporation, and document your verification steps. Where you cannot independently verify a claim, document why and what additional steps you took to gain comfort.
Failure 2: Stopping at the First Legal Owner
Many compliance teams identify the immediate shareholder and stop there. If Company X invests in your fund, they identify Company X as the investor and perhaps its directors, but do not look through Company X to identify the natural persons who own or control it.
This fails the fundamental purpose of UBO identification. The entire point is to reach natural persons—human beings with identities that can be verified and screened. Legal entities cannot be beneficial owners except in specific, limited circumstances where no natural person is identifiable after exhaustive efforts—and those circumstances require thorough documentation of the steps taken.
The fix: build a process that always continues up the ownership chain until natural persons are identified. Use a clear escalation path for complex structures that require additional investigation, and set expectations with your team that UBO identification for entity investors will take longer than for individual investors.
Failure 3: Ignoring Control Without Ownership
Beneficial ownership is not just about shareholding percentages. A person can be a beneficial owner through control exercised by other means. This includes the power to appoint or remove directors, control through shareholder agreements or voting arrangements, significant influence through financing arrangements such as loans that carry effective control rights, and de facto control through family or business relationships.
A common scenario: a company has four equal shareholders at 25 percent each. No single shareholder exceeds the threshold. But one shareholder has a side agreement giving them the right to appoint the majority of directors. That person exercises control and is a beneficial owner despite not exceeding the ownership threshold. If you only checked the share register, you would miss this entirely.
The fix: always assess both ownership and control. Ask not just "who owns this entity?" but "who controls the decisions this entity makes?" Review shareholder agreements, articles of association, and any side letters or arrangements that may confer control beyond what the share register shows. Document both analyses separately.
Failure 4: One-Time Identification Without Ongoing Monitoring
UBO identification is not a one-time exercise completed at onboarding and then filed away. Ownership structures change. Shares are transferred. Directors are replaced. Trusts are amended. Beneficial owners die, and their interests pass to heirs. Companies are restructured. New layers are added or removed.
If your UBO information is only as current as your last onboarding review, you are operating with outdated information that may no longer reflect reality. A beneficial owner identified three years ago may have sold their interest, been designated as a PEP, appeared on a sanctions list, or been the subject of adverse media since your last review.
The fix: implement event-driven UBO monitoring that supplements periodic reviews. Automated monitoring of registry changes, sanctions designations, PEP list updates, and adverse media keeps your UBO information current between formal review cycles. When changes are detected, the system triggers a reassessment rather than waiting for the next scheduled review.
Conclusion: UBO Identification as a Core Competency
UBO identification is not a checkbox exercise to be completed as quickly and cheaply as possible. It is a core compliance competency that requires legal knowledge, investigative skill, and increasingly, technological capability that can match the complexity of modern corporate structures.
The regulatory direction is unmistakable: requirements are tightening, transparency is increasing, and enforcement is intensifying. The AMLR's directly applicable rules eliminate the national variations that some firms exploited. The CTA brings the US into alignment with European standards. AMLA's supervisory coordination drives convergence toward best practice across the EU. Firms that build robust UBO identification capabilities now will not only satisfy current regulations but be positioned for the inevitable further tightening ahead.
The combination of structured processes, trained staff, and AI-powered tools creates UBO identification that is thorough, efficient, and defensible. Manual-only approaches cannot keep pace with the complexity of modern corporate structures or the expectations of modern regulators. Technology alone is insufficient without the legal knowledge to interpret what the data reveals. The winning combination is human expertise augmented by AI capability—compliance officers who understand the law, supported by systems that can process the data at scale.
Invest in UBO identification capability. It is among the highest-return compliance investments you can make—reducing regulatory risk, accelerating investor onboarding, and demonstrating to regulators and investors alike that your compliance program is genuinely robust, not merely decorative.