Following a seminal ruling from the EU Court of Justice in November, the journey towards greater corporate transparency recently encountered a stumbling block. As further developments remain uncertain, what options are available to compliance teams and members
of the public looking to access official beneficial ownership information across jurisdictions in Europe and globally?
On 22 November 2022, the Court of Justice of the European Union (CJEU) ruled that providing public access to Ultimate Beneficial Ownership (UBO) registers is a
violation of privacy and data protection. As a result, the requirement that member states provide and maintain open UBO registers was deemed invalid, posing a question on the future of corporate transparency standards across the EU.
In the aftermath of the decision, the European Commission and the European parliament will have to amend current legislation to reflect the court’s decision. While this process will likely take at least a few months, governments have already started
removing public access to their registers to protect themselves against potential legal repercussions down the line. By Friday, November 25th, Austria, the Netherlands, Belgium and Luxembourg had already taken their databases off line.
But how did we get to such a ruling? The CJEU decision originated from a request by the Luxembourg courts after appeals of various individuals and companies in Luxembourg. The question at the centre of the legal examination was whether public UBO registers
could be considered in violation of privacy and data protection rights. In a way, this was an epic battle between two competing pieces of regulations: the AML Directives on one side, and the infamous General Data Protection Regulation (GDPR) on the other.
At least for the time being, GDPR seems to have come out on top.
The history of UBO Registers in the EU
In June 2017, the 4th Anti-Money Laundering Directive (AMLD4) came into effect, requiring all EU members to create dedicated registers that would contain information on Ultimate Beneficial Owners (UBOs) of companies registered in their country.
Then, roughly a year after the enactment of AMLD4, the EU released its successor, the fifth AML Directive. Published in June 2018, AMLD5 mandated that access to public beneficial ownership registers should be extended to members of the public across the
EU, with the declared aim of allowing for “greater scrutiny of information by civil society, including by the press or civil society organisations”.
As of October 2022, 26 out of those 27 countries had met the requirement (the outlier, as shown in the below image, was Italy). Most member states fulfilled their UBO register obligation by introducing a separate register for UBOs, but a few countries, such
as Bulgaria and Slovakia, opted for a different strategy, adding UBO information to pre-existing registers of companies.
Source of Data used in the above infographic:
The role of traditional company registries
Even before the November 2022 ruling, the patchy implementation of the UBO register requirement caused various challenges. And not only across jurisdictions, but also at a local level, as governments often lacked resources, incentives or deterrents to ensure
that all required companies filed their UBO information. A typical example of this was in Germany, where even 18 months after the deadline for filing UBO information only a small minority of German companies had done so. German authorities finally set up a
series of escalating fines for noncompliance at that time to enforce the regulation.
As a result, individuals or regulated institutions, such as banks, that were required to verify UBO information often had to rely on the traditional national registry to get a reliable list of shareholders. This would be used as the starting point of the
UBO investigation, mapping every level of ownership manually and requesting documentary evidence from clients if and when the unravelling ended up in a more secretive or inaccessible jurisdiction.
Now, while we wait to see how the situation will further evolve, traditional registries still represent a very sensible option to
ensure transparency even in times of regulatory uncertainty. In fact, the role of traditional company registries in helping both members of the public and financial institutions identify companies’ beneficial owners should not be underestimated.
Following extensive digitisation efforts in the last decade, these databases remain an invaluable resource for compliance teams looking to protect their business against the risk of money laundering.
In fact, if we look at the European Union alone, national company registries in all 27 member states provide vital information that can be leveraged to unravel corporate structures. These include details on controlling entities and individuals
and the list of shareholders, partners and beneficial owners for most common entity types.
However, European countries are not the only ones to store this type of information in their registries. In line with recommendations by the Financial Action Task Force (FATF), a constantly growing number of countries are providing these details via their
local registry. For instance, of the 126 registries available through the Know Your Customer platform, as many as 84% provide official and reliable information on controlling entities and individuals for companies registered in their jurisdiction, while 65%
also provide information on shareholders, partners and beneficial owners.
Embracing RegTech to ensure transparency and scalability
Unravelling company structures in full, instead of relying on self-reported data on the final beneficiaries only, has an often-overlooked advantage. This approach makes it
much harder to hide sanctioned individuals or shell companies with suspicious arrangements in the intermediate levels of a corporate structure. By mapping all significant shareholders, every level of ownership and grey area is accounted for.
However, going through each layer of a complex corporate structure is a daunting task if done manually. Even the most experienced compliance officer will struggle to access company registries and read official documents in several languages to retrieve primary
source data in offshore or remote jurisdictions. At the same time, the sheer amount of time that such systematic but manual practice required would cause the cost of AML compliance to skyrocket.
While the cost and resource allocation needed to unravel every layer of corporate ownership manually is unsustainable, this is not the case if financial institutions and members of the public choose to embrace RegTech innovation.
Specialist regulatory technology can in fact automate not only access to company registries, but also the extraction of shareholder information from a variety of company documents, presenting the results of these investigations in intuitive structure charts
for immediate review. By integrating this type of functionality with on-going sanctions, PEP and adverse media screening, it is possible to get a much better understanding of which companies might be involved in illicit money flows or be the cover of criminals.
If the European Union and the international community are serious in wanting to curb money laundering, it is necessary to find a regulatory approach that balances data protection and privacy concerns with the need for greater corporate transparency. In the
meantime, compliance teams at regulated institutions as well as journalists and members of the public can find in traditional company registries, coupled with RegTech solutions able to standardise access and data extraction, an extremely useful resource to
uncover ownership information, identify suspicious cases and investigate company structures based on official data.