Case snapshot: ownership on paper, shadows in practice
Max was deep into onboarding a new corporate client. Incorporated in Cyprus, the company declared itself an import-export firm specializing in agricultural commodities.
The documents looked neat:
- Shareholder register attached
- Two individual shareholders, each holding 24%
- A corporate shareholder owning the remaining 52%
On the surface, the file suggested a clear UBO—the corporate shareholder.
But when Max drilled into the registry data, he saw an unfamiliar pattern. The corporate shareholder was a holding entity registered in Belize. Its filings pointed to yet another company in the British Virgin Islands. That entity, in turn, was “owned” by a trust, with no obvious disclosure of the trust’s beneficiaries.
“Here we go,” Max sighed.
Ella walked past and peered over his screen.
“Layered ownership across secrecy jurisdictions? It seems that someone doesn’t want to be seen.”
Marcus added from his corner:
“If you stop at Belize, you’ve missed the real owner. That’s the point—they’re hiding behind corporate opacity. Finding the UBO is like solving a puzzle. If the last piece is missing, the picture isn’t finished.”
For Max, the challenge was knowing when to stop chasing and when to escalate. The KYC file could look “complete” if he froze at the Belize level. But that would miss the ultimate owner—the person actually controlling the entity.
Max escalated the case, recommending EDD and further ownership tracing. He documented it simply:
“We can’t confirm the UBO without peeling past Belize and BVI. Registry records aren’t enough. Until we know who controls the trust, the file isn’t complete.”
Why it matters: the risk of incomplete UBO identification
Failing to identify the true beneficial owner (UBO) is a structural risk. Criminals rely on complex ownership chains to:
- Distance themselves from assets
- Exploit offshore secrecy jurisdictions
- Hide behind trusts and nominee structures
- Weaken AML checks by exhausting first-line reviews
The regulatory lens
Under the AMLR :
- Article 22 requires obliged entities to identify and verify UBOs, defined as natural persons who ultimately own or control the customer.
- Where no natural person is identifiable (e.g., dispersed shareholders, opaque trusts), institutions must document the senior managing official as the fallback UBO.
- Entities cannot rely solely on registry data if there are indications of higher risk—they must apply enhanced due diligence (EDD).
Final thought: don’t stop at the first door
The initial "door" is the seemingly clean paperwork and public registry data. The phrase "don't stop at the first door" perfectly encapsulates the story's central message. It's about the distinction between what appears on the surface and the underlying reality. The story illustrates that effective due diligence requires going through that first door and continuing to investigate until the true picture of control and ownership is revealed. Max's action of escalating the case is a direct application of this principle. He isn't satisfied with a "completed" file that still has a major unresolved risk.
As compliance professionals, we must understand our role and responsibilities in the bigger picture.
