Designing sanctions and their enforcement for beneficial ownership disclosure

  • Publication date: 28 April 2022
  • Authors: Ramandeep Kaur Chhina, Tymon Kiepe
  • |  View in: Mongolian 

Sanctionable offences in beneficial ownership transparency regimes

The following types of conduct constitute different types of noncompliance with BOT regimes, and should be sanctioned by countries to ensure the effectiveness of the disclosure regime.


Non-submission is the failure to submit information at a particular point in time required by law. To facilitate the completeness of the BO data, non-submission of BO data at initial registration should be sanctioned. Failure to submit any subsequent changes in BO to the register in a timely manner should also be sanctioned. In order to close the loophole discussed in the previous section (see Figure 2), a failure to make full and complete disclosures covering any and all subsequent changes to an entity’s BO should be sanctioned. Whilst it may be difficult to detect the failure to disclose all changes, even with the most robust verification mechanisms, evidence that a person or company has failed to disclose information may emerge from investigations.

To illustrate, Indonesian law has a provision for sanctions for non-submission of BO data.[12] However, this has not yet been implemented in practice, presenting a gap in ensuring the quality and availability of accurate and up-to-date BO information in Indonesia. As of 28 November 2021, the Indonesian government noted that only 24.50% of companies had disclosed BO information.[13]

Implementers should consider a designated authority issuing one or more warnings or queries before conduct is considered non-submission, which should be subject to heavier sanctions than for late submission. The failure to respond to the designated authorities should also be sanctioned.

Late submission

To facilitate the completeness and accuracy of BO data, late submission of BO data at initial registration or on any subsequent changes to BO information within the prescribed period of time should be sanctioned.

Countries that require the confirmation of the BO data on an annual basis should also sanction non-confirmation or late confirmation. Each country should clearly prescribe a timescale within which the BO data should be confirmed at the end of each year, even when it is integrated into the existing business processes (for example, with the submission of annual returns). There should also be clear guidelines when the submission amounts to a late confirmation or a non-confirmation, leading to sanctions. To determine the timescale, countries should be guided by other provisions of their BO or company law and regulations to ensure consistency and effectiveness; for instance, the timescale provided for updating changes in the BO information. In Ukraine, for instance, BO information must be updated annually, within 14 days after the close of each year.[14] In the United Kingdom (UK), legal entities are required to confirm their BO data to Companies House each year via the confirmation statement – the statement which they are required to submit no later than 14 days from the end of the last 12-month period.

The timescale for late submission should be as short as possible, within what is reasonable; for instance, no later than 14 calendar days from the due date after which submission will be considered as non-confirmation. The FATF specifies this should be a “reasonable period” in its Recommendation 24 but does not elaborate beyond this.[15] A draft of legislation proposed by civil society in Canada discussed a period of 30 or 90 calendar days to accommodate legal entities securing attestations and copies of identification from the beneficial owners themselves, which was being proposed as a verification mechanism.

Missing or incomplete submission

Incomplete submission of BO data, either at the initial registration or at any subsequent changes, should be sanctioned to ensure the completeness and accuracy of the BO data. This will encourage the legal entities to submit complete data to the register.

In France, for instance, incomplete or late submissions can lead to a person being prevented from engaging in certain business activities or stripping certain national civil rights, such as being placed under judicial supervision. In addition, the person responsible is subject to six months imprisonment and a fine of EUR 7,500 (approximately USD 8,200). A company is also liable for fine for incomplete or late submission, which is five times the sanction applicable to a natural person.[16]

Incorrect or false submission

Both false submission of the BO information and the submission of false supporting evidence should be subject to sanctions. The provision of false information by beneficial owners to the legal entities should also be sanctioned. Good verification systems are required to help detect the submission of incorrect or potentially false information when cross-checking with other available data sources. Imposing sanctions for false declarations, as with other breaches, will complement verification processes.

However, an important policy consideration when determining the applicable sanctions is whether and how to differentiate between deliberate falsehoods and accidental errors. One emerging practice demonstrates that deliberate submission (or facilitating the submission) of false or misleading BO information knowingly or recklessly by natural or legal persons has been dealt with by more severe penalties compared to negligent submission. In Austria, for instance, a fine of up to EUR 200,000 (approximately USD 220,000) can be imposed for intentional violations and EUR 100,000 (approximately USD 110,000) for gross negligence. Similarly, in the Philippines, substantial penalties can be imposed on legal persons or a legal arrangement that “knowingly” provide false or misleading information to the registration authority (i.e. knowingly conceal their BO), including on designated persons within those entities who are responsible for compiling the information and submitting it to the registration authority.[17] Proving that information was deliberately falsified rather than an accidental error can be difficult, and there are very few cases of successful prosecution for deliberate submission of false information. Evidence that false information was deliberately submitted may come from investigations by law enforcement.

Box 1. UK company director’s conviction for submitting false company information [18]

In 2018, the UK had its first ever successful prosecution of a company director for deliberately falsifying information about his companies. However, the person in question acted publicly to highlight a loophole.[19]

In this case, the company director incorporated two companies, one in 2013 and another in 2016, providing false information about their directors and shareholders. Companies House dissolved both companies and struck them off the register. Action was also taken against the company director who pleaded guilty to filing false information on the UK’s company register, and he has been ordered by the court to pay a fine of over GBP 12,000.

Persistent noncompliance

Countries should ensure that there are appropriate provisions in the relevant law for sanctioning persistent noncompliance with BO disclosure requirements. In Austria, for instance, in the event of a persistent failure to report BO information, coercive penalties will be imposed twice according to the BO disclosure regime.[20] Similar provisions on increasing the level of the fine for persistent noncompliance can also be found in the BO disclosure regimes of other countries, such as Greece and the UK.

Noncompliance of additional obligations related to disclosure

If a country has incorporated other relevant provisions in its BO disclosure regime applicable to third parties, it is important to ensure that these parties are made subject to liability, and that dissuasive and proportionate sanctions are put in place for their failure to comply with their obligations. It is important to ensure compliance and the effective implementation of these provisions by other relevant parties. This can include, for instance, imposing obligations on the private sector, such as the requirement for obliged entities to report any discrepancies between their own findings of due diligence processes and centrally registered BO information, also known as discrepancy reporting, as required by the AMLD5.

Other sanctionable offences

In addition to the above conduct, a few jurisdictions have also included other BO-related sanctionable offences within their BO regimes. These include, for instance, measures to ensure that BO data is not misused. Some of the potential misuses of BO data could be, for instance, using or sharing the data for commercial purposes; using it for malicious claims against individuals; or selling or sharing the data with criminals for the purpose of identity theft. The effect of this type of legislation remains to be seen, although this can potentially help mitigate risks arising from the reduction in privacy inherent in BO disclosures, which is even more important when information is made public.[21] Although this is not the main focus of this briefing, it is nevertheless relevant to bring it to the attention of implementers and policy makers to consider the potential incorporation of such offences within their BO disclosure regime.

Box 2. Sanctions to prevent misuse of beneficial ownership data

In Austria, unauthorised consultation of the BO register is punishable with a fine of up to EUR 30,000 (approximately USD 32,500), and the distribution of BO information to third parties may result in a fine of up to EUR 50,000 (approximately USD 54,100).[22]

In the United States (US), which is still implementing its BO register, civil and criminal penalties exist for improper disclosure or use of BO data. The Corporate Transparency Act (CTA) provides that except as authorised by the CTA, it is unlawful for any person to knowingly disclose or use the BO information obtained through a report submitted to the Financial Crimes Enforcement Network (FinCEN) under the CTA, or a disclosure made by FinCEN for any unauthorised disclosure or use. Any person making an unauthorised disclosure or use that violates the CTA is liable to the US for a civil penalty of up to USD 500 for each day that the violation continues or has not been remedied, and may be fined up to USD 250,000, imprisoned for up to five years, or both.[23]

Where such provisions exist to prevent the misuse of BO data on the register, BO data access should be auditable and audited on a regular basis in order to enforce these. Such an approach, although in a different context, has also been adopted by the Organisation for Economic Co-operation and Development (OECD) Common Reporting Standard, which requires countries to impose penalties or sanctions for improper disclosure or use of the collected taxpayer data.[24]

End notes

[12] “Peraturan Menteri Hukum Dan Hak Asasi Manusia, Republik Indonesia, Nomor 21 Tahun 2019”, Berita Negara Republik Indonesia, 2019,

[13] “Corruption Prevention Action: Utilization of Beneficial Ownership Data for Criminal Case Handling, Licensing, and Public Procurement”, Komisi Pemberantasan Korupsi, Presentation, 30 November 2021.

[14] CT Corporation Staff, “Ukraine issues new guidance on beneficial ownership reporting”, Wolters Kluwer, 3 August 2021,

[15] International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, FATF, 94.

[16] Tymon Kiepe, “Verification of Beneficial Ownership Data”, Open Ownership, May 2020, 10,

[17] G. A. Gegenheimer, Recommendation Report to the Philippines to Improve the Framework and Process on Obtaining Accurate and Up-to- date Beneficial Ownership Information (Philippines: ADB TA-9433 REG Enhancing Tax Transparency of ADB Developing Member Countries, April 2021), unpublished, 64.

[18] “UK’s ‘first ever’ successful prosecution for false company information”, Companies House, 23 March 2018,

[19] Peter Stubley, “Companies House lambasted for trumpeting conviction of fraud whistleblower Kevin Brewer”, The Independent, 17 April 2018,

[20] Best Practices on Beneficial Ownership for Legal Persons, FATF, 65.

[21] See, for instance: “Open Ownership Principles – Public access”, Open Ownership, updated July 2021,

[22] “The UBO Register: Update 2019”, PricewaterhouseCoopers (PWC), December 2019,

[23] James A. Kopfensteiner and William E. Quick, “Corporate Transparency Act: Your Beneficial Entity Ownership Disclosure Is Now Required”, The National Law Review, 17 March 2021,

[24] Standard for Automatic Exchange of Financial Account Information in Tax Matters: Second Edition (OECD Publishing: Paris, 21 July 2014), 82,

[25] “Legal approaches to beneficial ownership transparency in EITI countries”, EITI, June 2019, 15,

Next page: Types of sanctions in beneficial ownership disclosure regimes