Recommendations for effective disclosure regimes
The Global Coalition to Fight Financial Crime (GCFFC), as part of its objectives to promote more effective information sharing between public and private entities, and to propose mechanisms to identify emerging threats and best practice approaches to more robust controls against money laundering, believes that all actors fighting financial crime should have instant access to high quality, highly usable beneficial ownership (BO) data. The use of anonymously owned legal entities – through shell companies, trusts, or other legal constructions – for hiding the proceeds of crime as well as its owners are well documented. As widely recognised by FATF, the EU, the OECD, and many other individual governments, BO data – knowing the real people that own and control legal entities – is a critical piece of information required to fight financial crime. Over 100 jurisdictions have committed to implementing BO transparency (BOT) reforms, with over 40 committing in 2020 alone. However, international standards to date fall short of generating data that is useful and readily available for all law enforcement agencies, obliged entities and other actors fighting financial crime.
The GCFFC comprises different actors engaged in fighting financial crime: law enforcement agencies, obliged legal entities, civil society organisations. Based on the collective expertise of its constituent members, the GCFFC believes that in order for BO data to be of the highest possible quality and useful for the widest possible range of actors fighting financial crime, disclosure regimes implemented by jurisdictions should strive to have the following features, based on the Open Ownership principles for effective disclosure:
- BO should be clearly and robustly defined in law, with sufficiently low thresholds used to determine when ownership and control is disclosed
Clearly defining BO and ensuring it covers all relevant forms of ownership and control makes the disclosure regime less vulnerable to exploitation by those seeking to abuse the system. Robust and clear definitions of BO should state that a beneficial owner should be a natural person. Definitions should cover all relevant forms of ownership and control, specifying that ownership and control can be held both directly and indirectly. Recent implementers have thresholds between 5% and 20%. Low thresholds are not a substitute for a robust definition but should not exceed 25%. There should be a single definition in primary legislation. Where multiple definitions exist, these should be unified definition.
- BO disclosures should comprehensively cover all relevant types of legal entities and natural persons
All types of entities and arrangements through which ownership and control can be exercised and all types of beneficial owners (including non-residents) should be included in declarations, unless reasonably exempt. Exemptions from declaring beneficial owners should be granted only when the entity is already disclosing its BO in sufficient and accessible detail, and this information is accessible to authorities through alternative mechanisms with equivalent requirements (e.g. PLCs with listed on exchanges with equivalent disclosure requirements). Any exemption should be clearly defined and justified, and reassessed on an ongoing basis, and narrowly interpreted.
- BO disclosures should contain sufficient detail to allow users to understand and use the data
Sufficient information should be collected to be able to unambiguously identify people, entities and arrangements, using clear identifiers for people, companies and trusts. Identifiers help to match individuals and companies across different datasets, for instance for verification. Where BO is held indirectly through multiple legal entities, sufficient information should be published to understand full ownership chains. Information collected should be limited to what is necessary to achieve the policy objective (data minimisation).
- Data should be collated in a central register
Having a centralised BO register means that authorities and other users can access information on the BO of companies through one central location in a standardised format. This is a prerequisite for effective use of BO data by all user groups, as it removes some of the practical barriers to accessing and analysing BO information. Where central registers have been implemented (e.g. the UK), law enforcement has reported it being quicker and easier to obtain BO data for investigations, saving considerable amounts of police time. Countries maintaining a central register perform better against FATF’s requirement to ensure timely access to adequate, accurate, and up-to-date information on the BO of companies.
- Data should be accessible to all actors fighting financial crime
In order to allow the full range of stakeholders engaged in fighting financial crime to use BO data, in addition to access for authorities and obliged entities, governments should consider making subsets of the data publicly accessible free of charge, both searchable and in bulk, without barriers to access such as registration, identification and restrictive licensing. Public registers can improve the speed and ease of access for law enforcement authorities from other countries. Civil society investigations can complement but are no substitute for law enforcement investigations. Similarly, public access can complement verification mechanisms, but governments should not rely on this alone. Data should be published in accordance with local privacy and data protection legislation, and governments should mitigate any risks that may arise from publication.
- Data should be structured and interoperable
When data is in a structured format it can be easily analysed and linked with other datasets, enhancing the data’s utility to expose transnational networks of illicit financial flows and support effective and timely due diligence. It is also easier to verify, as a greater range of verification mechanisms can be used. When data is machine readable and available in bulk, multiple declarations can be analysed together. This allows Financial Intelligence Units, banks, and journalists to apply data science and machine learning techniques to identify suspicious patterns of ownership or beneficial owners that appear on other datasets of interest (for example, sanctions lists). Where the private sector and civil society have access to BO data in bulk, evidence shows that innovations can drive development of new due diligence products and detecting financial crime.
- Measures should be taken to ensure data is verified
To maximise the impact of BO registers, it is important that users and authorities can trust that representations of ownership in a register have a high degree of fidelity to the true reality of who owns or controls a particular company and recognise where it does not. A system that relies on self-reporting without verification is not sufficient. Checks should be implemented to eliminate accidental errors by verifying the beneficial owner, the entity and the ownership/control relationship between them, both at the point of and after submission. The latter includes, for instance, monitoring by the registrar based on ongoing risk assessments and discrepancy reporting by obliged entities.
- Data should be kept up to date and historical records maintained
Initial registration and subsequent changes to BO should be legally required to be submitted in a timely manner, with information updated within a short, defined time period after any changes occur. Data should be confirmed as correct at regular intervals. Historical records should be maintained, and retention periods should be mandated by law. Historical and auditable records are critical for law enforcement to verify ownership claims against historical records. Historical changes can be referred to during investigation even where the accuracy of data is in question.
- Adequate sanctions and enforcement should exist for non-compliance
Effective, proportionate, dissuasive, and enforceable sanctions should exist for non-compliance with disclosure requirements, including for non-submission, late submission, incomplete submission, or false submission. Both monetary and non-monetary sanctions (e.g. restricting a company transferring shares) should be in place for the person making the declaration, the beneficial owner, registered officers of the company, and the declaring company making the declaration where appropriate. Relevant agencies should be empowered and resourced to enforce the sanctions.
Implementing BOT regimes with the above features will require commitment and investment from governments, which should make sufficient financial and human resources available to do so. The GCFFC recognises that high quality and usable data does not automatically lead to data use, and governments should take a proactive approach to increasing the capacity for data use amongst all actors fighting financial crime. Implementing governments should run consultations with all potential data users to maximise utility and use.
Thibault Jacobs, Bertrand Huet and Niamh Griffin
Contact: [email protected]
About the Global Coalition to Fight Financial Crime
The Global Coalition to Fight Financial Crime brings together different parts of the anti-financial crime ecosystem to work towards the establishment of global standards, built on public-private cooperation, to complement and make more effective current regional safeguards. For more information, visit www.gcffc.org.
Important note: For the avoidance of doubt, this paper has not been approved, supported or endorsed by the Institute of International Finance (IIF) who are conducting their own review and expect to have their own members’ position on this issue in due course. The GCFFC similarly neither supports nor endorses any IIF position in this regard.