How to Identify UBOs in Your Supply Chain

Who Is the Ultimate Beneficial Owner (UBO) of a Company?

The person who ultimately owns or controls a legal entity is known as the ultimate beneficial owner or UBO. The UBO is sometimes referred to as the ultimate beneficiary or true owner and is the natural person at the top of an ownership structure whose identity must be determined for various reasons, including for sanctions compliance.

It is important to note that corporate structures can have dozens of layers of ownership and even multiple UBOs. It is also possible for companies — especially those with complex ownership structures — to seemingly not have any identified UBOs at all, which will require technology to dig into opaque ownership and “unwrap” the actual UBOs. 

In this article, we will explore why it is important to identify UBOs in your supply chain, the risks of violating regulations like OFAC (Office of Foreign Assets Control) sanctions, and the legal implications associated with not fully understanding your suppliers’ ownership structure. We will also look at how to formalize a program to identify UBOs, including developing a process for reviewing connections, making decisions on risk limits and setting thresholds.

 

Why It’s Important to Identify a Company’s UBO

Image Source

 

It is essential for companies to identify the ultimate beneficial ownership of their suppliers because these UBOs may be subject to any number of global restrictions, including OFAC sanctions, which prohibit certain types of activity and transactions. Technology is critical for decoding complex and opaque ownership structures, especially at the speed needed to support dynamic supply chains. 

To prevent unjust action, UBO knowledge and management help to support anti-money laundering compliance (AML compliance) and screening for politically exposed persons (PEP), terrorism financing, and adverse media data. This requires customer due diligence (CDD) (meaning, that you know your customers), and know the sources of your organization’s supplies and raw materials.

 

UBO and OFAC Sanctions

The identification and verification of UBOs, while mandatory in some jurisdictions and not in others, is a key part of any robust compliance program. International organizations such as the Financial Action Task Force (FATF) have issued recommendations to strengthen UBO identification globally, but today no consistent standard exists. But some progress is being made toward it. Beneficial ownership information identification and collection requirements are also fragmented across various industries with financial institutions having a higher burden than non-financial institutions.

That said, it’s equally important for all organizations to go beyond simply checking the OFAC sanctions list when identifying UBOs, as other regulatory requirements may be applicable depending on the region in which a particular supplier is located.

For example, the Uyghur Forced Labor Prevention Act (UFLPA) took effect on June 21, 2022, which prohibits the importation of any goods produced in the Xinjiang Uyghur Autonomous Region (XUAR) of China, due to the act’s “rebuttable presumption” that it was made with forced labor.

 

Legal Considerations

Companies are required by law in many jurisdictions to conduct adequate due diligence and identify the UBOs of their customers to ensure they are not violating sanctions or forced labor restrictions. Understanding the identity of a company’s UBO is vital in a compliance program, especially when vetting high-risk third parties.

In the United States, the OFAC 50 percent rule states that if a prohibited party owns any company directly or indirectly 50 percent or greater, that owned company is also prohibited — even if that company is not on any sanctions list.

This presents added challenges, particularly in secrecy jurisdictions that have inaccessible UBO registers.  

 

Reputational Considerations

When it comes to UBOs, identifying them not only affects the legal standing of a corporation but also its reputation. For instance, while a company may be able to legally do business with a Russian counterpart, the potential reputational ramifications should be considered. Failure to keep up with these regulations can result in not only significant financial penalties but also reputational damage.

“From a reputational and business perspective, if an ownership percentage falls slightly outside OFAC’s threshold, that’s likely something you still want to know, particularly around Russian sanctions. Do you want to deal with an entity with a Russian UBO, even though it may not be prohibited? After you identify these higher-risk parties, you want to do a careful assessment whether to proceed or not from a legal, business, and reputational perspective. ” – Matthew Saxonmeyer, Associate Managing Director

Meanwhile, failing to meet customer expectations when it comes to supply chain integrity can have negative effects on your business, both financially and in terms of customer loyalty. Customers increasingly favor companies that can demonstrate their commitment to social responsibility and ethical business practices, meaning that any negative headlines can quickly erode consumer trust — and with it, shareholder value — in your corporation.

 

Opaque Ownership

One of the greatest challenges in trying to identify the UBO of a company has been opaque ownership structures. In most cases, companies are not required to report ultimate beneficial ownership information within their structure and this information may be hidden or difficult to access.

If the ownership of a company is obscured, it might indicate red flags in terms of potential criminal activities such as tax evasion, terrorist financing, money laundering or violating AML regulations. Corporate directors must make sure their suppliers’ business relationships are not associated with any fraudulent activities before doing business with them from a regulatory standpoint. Even further, any issues caused by that partnership could also affect the integrity and reputation of their own organization in the eyes of customers as well.

Technologies such as Exiger’s Insight 3PM make it easier for organizations to quickly and accurately identify UBOs by leveraging attributes such as entity type, the jurisdiction of registration, related persons and addresses. This AI-powered approach ensures that compliance teams can quickly identify any potential sanctions risks associated with their suppliers and customers.

 

Steps to Formalize a Program to Identify Ownership

It’s essential for organizations to have a formalized program to effectively manage regulatory and reputational risks in their supplier and partner ecosystem and identify UBOs. When formalizing a program to identify ownership, here are some of the key steps you should take:

1. Finding the Right Technology

The right sanctions screening software can provide access to a range of data sources and surface the ultimate beneficial ownership risks that require more review. 

Exiger’s technology offers two key benefits to help you ascertain beneficial ownership quickly, accurately, and securely:

      • Automation of manual processes: Our software automates manual tasks such as searching databases, reviewing documents, verifying credentials and creating reports, significantly reducing your time-to-value.

      • Comprehensive coverage: Exiger has access to public and premium global data sources and provides 24/7 monitoring for changes in beneficial ownership.

    2. Reviewing Connections

    Exiger’s technology has the ability to delve into the relationships between entities and networks of individuals to gain visibility into the beneficial owners behind them.

    It’s essential to understand who has significant control of the company, including ownership history, corporate structures, and other assets owned by an individual UBO.

    For an efficient way to review connections throughout your supply chain and partner ecosystem to ensure that all beneficial ownerships are visible, Exiger offers powerful tools to speed up your process and better manage risk within your organization.

    3. Making Decisions and Setting Thresholds

    Once you have collected the data, reviewed the connections and identified potential UBOs, you have the necessary ingredients to make decisions and set thresholds. These include what criteria should be used to accept or reject certain types of relationships based on their associated regulatory or reputational risks. The process should be based on a combination of business judgment and risk assessment. To assist in making these decisions, risk management technology should provide a user interface that allows for easily setting risk level thresholds.

    Setting thresholds will ensure that certain risks are flagged according to their severity. By assigning multiple risk factors, your organization can set parameters for the acceptance or rejection of certain relationships. Thresholds can also be used to monitor changes in the ownership structure over time and identify any suspicious activity for further review.

    When setting thresholds, it’s important to consider:

        • The level of risk associated with a particular connection

        • Any industry regulations related to UBO identification
        • The reputational impact of doing business with an ownership structure that operates with sanctioned entities
       

      Exiger’s DDIQ Helps Businesses Determine UBOs in Their Supply Chain

      To ensure compliance with OFAC and other regulatory organizations, as well as prevent any potential reputational damage, you’ll need to formalize a program to identify UBOs. To recap, key steps include:

        1. Securing the right technology
        2. Thoroughly reviewing connections
        3. Making informed decisions
        4. Setting firm thresholds

        Exiger is here to help you to identify UBO and other critical aspects of TPRM and SCRM.

        Our DDIQ technology uses advanced AI to automatically identify intermediaries, connections, and ownership of companies to determine the ultimate beneficial owner or owners. DDIQ also helps organizations to review connections quickly and make better-informed decisions based on available data. Continuous monitoring capabilities allow organizations to set threshold filters that will trigger notifications when certain risk indicators are discovered. Ready to see it in action? Request a demo today.

        our blog

        Perspectives

        NIST Framework - Perspectives
        Client Alert
        Updated NIST Framework Puts Focus on Cyber Supply Chain Risk Management
        Find and Focus on Risk
        Article
        Supply Chain Illuminations for Supply Chain Risk Management
        SD Case Study Aerospace - LinkedIn
        Article
        How Supply Chains Gain from the CHIPS Act and Its Risk-Mitigation Stand

        Demo The
        Exiger Platform