Increased beneficial ownership (BO) scrutiny is compelling organizations across industries to adapt compliance practices to satisfy several laws and regulations that include Know Your Customer (KYC), Anti-Money Laundering (AML), and the Foreign Account Tax Compliance Act (FATCA). Establishing a comprehensive beneficial ownership management program is crucial; beneficial ownership and ultimate beneficial ownership (UBO) identification and verification have become an essential component of the onboarding process for clients, customers, partners, and vendors.
Implementing an effective BO program can be a challenge, since BO definitions and due diligence requirements can vary depending on the regulation. The collection process itself can be a burden, made tougher by the lack of publicly available UBO registry data. Nevertheless, compliance professionals should take all reasonable measures to mitigate the risk associated with beneficial ownership information.
So how can companies establish effective BO collection, identification, and verification procedures to meet the relatively new laws? One way is by performing a separate audit project to manage the changes, and evaluating the integrity and effectiveness of the compliance program with BO -related regulatory obligations. However, there isn’t a one-size-fits-all fix; each company should take an approach that is commensurate with their risk profile.
Hallmarks of a Strong Beneficial Ownership Program
Executives, compliance officers and auditors need to evaluate and adjust their existing practices on BO management to changing regulations and environments. This will enable them to represent to regulators that they have expended best efforts to establish BO on their customers.
A robust ultimate beneficial ownership management program should:
- Follow the FATF AML framework: The program should manage the full BO data governance life-cycle and should be integrated into each component of the entire compliance program which includes policies, procedures, and risk assessment, due diligence, reporting, record-keeping, and training, culture, independent testing and audit.
- Embrace a risk-based approach: Implement a reasonable risk assessment process to evaluate how the BO data as a factor would impact the customer risk profile as well as the overall enterprise-wide compliance and audit risk assessment. The risk level elevation should lead to a deeper due diligence, require a higher level of approval and more closed monitoring, testing and auditing.
- Utilize a combination of the best available mechanisms: Adopt a combination of the best available mechanisms which includes a customer’s self-certification, integrating/cross referencing with the registry or reputable partner’s quality BO data with the addition of adverse media and open source findings for enhanced due diligence.
- Centralize the enterprise-wide BO structures to meet all compliance and business needs: Have the capability to share and obtain BO information across the enterprise and associated affiliates. Ideally, it should allow automated regulatory reporting based on self-configured ownership.
The Auditor’s Perspective on Your Beneficial Ownership Program
Auditors would expect compliance to evaluate the integrity and effectiveness of the compliance program in regards to BO related regulatory obligations. Compliance needs to address how the enterprise-wide risk assessment should be revisited as well as what best practices are needed to establish a robust BO management program. Auditors reviewing a beneficial ownership program will consider many factors, including:
- Whether the policy and procedures are updated to clearly define Beneficial Owner and the threshold to meet regulatory obligations.
- If the Beneficial Ownership data collection, storage and sharing processes are consistent and streamlined.
- The BO data reconciliation process and the methods used to decide BO confidence level.
- How Beneficial Ownership changes are monitored.
This white paper will delve into how many organizations address how enterprise-wide risk assessment should be revisited, from an auditor’s perspective. It also explores which best practices are needed to establish a robust beneficial ownership management program.