What Is UBO Verification? The Complete Guide to Identifying Ultimate Beneficial Owners [2026]

In March 2026, FinCEN imposed a $1.3 billion penalty on TD Bank - the largest civil money penalty ever assessed against a depository institution - for willful failures in its anti-money laundering program, including inadequate identification of high-risk customers and beneficial owners behind suspicious transactions.

This was not an isolated event. Across jurisdictions, regulators are making one thing unmistakably clear: if you do not know who ultimately owns and controls the businesses you deal with, the consequences are severe - financially, legally, and reputationally.

UBO verification - the process of identifying and verifying the natural persons who ultimately own or control a legal entity - sits at the core of modern KYB (Know Your Business) and AML compliance. Yet it remains one of the most operationally complex tasks facing compliance teams today. Multi-layered corporate structures, nominee arrangements, trusts, and cross-border ownership chains make it far harder than simply checking a registry.

This guide covers everything compliance professionals, product teams, and fintech decision-makers need to know: what UBO verification is, why it matters, how global thresholds differ across 15+ jurisdictions, the latest 2025-2026 regulatory developments, a detailed step-by-step verification process, the real operational challenges, and how technology is solving them.

What Is an Ultimate Beneficial Owner (UBO)?

An Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a legal entity - regardless of whether their name appears on official registration documents. The key word is ultimate: UBO identification requires tracing through intermediary companies, trusts, and holding structures until you reach a real human being.

This distinction matters because legal ownership and beneficial ownership are often not the same thing. A company may be legally owned by another company, which is owned by a trust, which is controlled by an individual. That individual - the person who actually profits from or directs the entity's activities - is the UBO.

How Ownership Differs from Control

Most regulatory frameworks define a UBO through two separate tests:

1. Ownership test: A natural person who directly or indirectly holds a specified percentage of shares, voting rights, or ownership interests in the entity (typically 25%, though this varies by jurisdiction).
2. Control test: A natural person who exercises control through other means - such as the right to appoint or remove a majority of directors, veto rights over strategic decisions, significant influence through shareholder agreements, or the ability to direct the entity's financial and operating policies.

An individual can be a UBO under the control test even if they hold zero shares. This is one of the most commonly misunderstood aspects of UBO verification, and one that both iDenfy and Sumsub acknowledge but do not explore in operational depth.

UBO vs Legal Owner vs Shareholder vs Beneficiary

These terms are often confused. Here is how they differ:

The critical point: a legal owner can be a corporate entity. A UBO is always a natural person. Compliance frameworks require you to trace through corporate layers until you identify real human beings.

Why Does UBO Verification Matter for Compliance?

UBO verification is not a box-ticking exercise. It is the mechanism through which regulated businesses prevent their infrastructure from being used for money laundering, terrorist financing, sanctions evasion, corruption, and tax fraud.

Shell Companies and Corporate Opacity

Shell companies - entities with no significant operations, assets, or employees - are the primary vehicle through which illicit funds are laundered and hidden. According to FATF typologies and multiple national Financial Intelligence Unit reports, over half of significant cross-border money laundering cases involve at least one shell, front, or conduit company.

Research by Shufti Pro (2025) found that 68% of identified money laundering schemes use multi-layered account and entity structures - structures that are specifically designed to obscure beneficial ownership.

Without UBO verification, a bank or fintech has no way to know whether the company it is onboarding is a legitimate business or a vehicle for financial crime.

Real Enforcement Consequences

The cost of getting this wrong is not theoretical:

These cases share a common thread: institutions failed to identify who was really behind the accounts and entities they served. UBO verification is the first line of defense against this failure.

For a deeper understanding of how money laundering works in practice, see this guide on the 3 stages of money laundering.

What Are the Global UBO Ownership Thresholds by Jurisdiction?

One of the most operationally challenging aspects of UBO verification is that ownership thresholds differ significantly across jurisdictions. A structure that triggers UBO identification in India (10% threshold) may not trigger it in the US (25% threshold).

The following table covers the ownership thresholds and control-based criteria for 15+ major jurisdictions:

Sources: FATF Recommendation 24, FinCEN BOI, EU AMLD6), Zavia.ai UBO Regulations, Moodys KYC

Key Observations for Compliance Teams

• India and South Africa set significantly lower thresholds (10% and 5% respectively), meaning structures that appear compliant in the US or EU may require UBO identification in these jurisdictions.
• Japan's two-tier system means that if one person holds >50%, they are the sole UBO - others at 25%+ are not identified. This is unique globally.
• The EU is moving toward 15% for high-risk sectors under AMLD6, signaling a global trend toward lower thresholds.
• Banks often apply stricter internal thresholds (10% or even 5%) regardless of legal minimums, as a risk-based measure.

For a broader understanding of business verification processes, see this guide on how to verify the legitimacy of a business.

What Are the Latest UBO Regulations in 2025-2026?

The UBO regulatory landscape is shifting rapidly across major jurisdictions. Compliance teams must track these changes to avoid being caught off guard.

United States: Corporate Transparency Act (CTA) - Narrowed but Not Gone

The CTA has been in a volatile state throughout 2025:

• March 2025: FinCEN issued an interim final rule that significantly narrowed reporting obligations. Most domestic US-formed entities are now exempt from BOI (Beneficial Ownership Information) reporting (Pillsbury).
• Foreign reporting companies registered to do business in the US remain in scope.
• Multiple conflicting court rulings have created enforcement uncertainty, with some courts upholding the CTA's constitutionality and others issuing temporary injunctions (Procopio).
• New York's LLC Transparency Act (NYLLCTA) took effect January 1, 2026, creating a state-level UBO disclosure requirement that partially fills the federal gap (Hughes Hubbard).

Practical implication: The FinCEN CDD Rule (25% + 1 control person) still applies to financial institutions. The CTA's BOI reporting regime is unstable and could re-expand. Compliance teams should maintain UBO collection capabilities even for domestic entities.

European Union: AMLD6 and the New AML Package

The EU is building the most comprehensive AML framework in the world:

• AMLD6 was adopted in 2024, with Member State transposition deadlines of July 10, 2026 (partial) and July 10, 2027 (full) (European Parliament)).
• The AMLR (Anti-Money Laundering Regulation), effective from July 10, 2027, will create a single EU rulebook - directly applicable across all Member States, reducing national fragmentation.
• AMLA (Anti-Money Laundering Authority) is being established in Frankfurt as the EU's first dedicated AML supervisor.
• Key changes: harmonized CDD/EDD rules, interconnected UBO registers with "legitimate interest" access criteria, potential 15% threshold for high-risk sectors, and enhanced crypto transfer traceability (Signicat, Kyckr).

FATF Recommendation 24: Tighter Verification Standards

FATF has revised Recommendation 24 to require that beneficial ownership information be:

• Adequate, accurate, and up-to-date (not just collected at onboarding)
• Verified through independent sources - self-declaration alone is no longer sufficient
• Accessible to competent authorities in a timely manner
• Supported by risk assessments of legal persons at the country level

These revisions are driving national reforms globally and will be tested in upcoming FATF mutual evaluations.

UK: Continued PSC Regime Tightening

The UK's PSC (Persons with Significant Control) regime at Companies House remains one of the world's most established UBO disclosure systems. Under the Economic Crime and Corporate Transparency Act (ECCTA) 2023, reforms are pushing toward:

• Stronger identity verification for directors and PSCs
• Better data quality and digital/standardized filing
• Greater enforcement against false filings

For a comprehensive overview of AML compliance frameworks, see this guide on the 5 pillars of an AML compliance program.

How Is a UBO Identified and Verified? (Step-by-Step Process)

Most guides describe UBO identification in 4 steps. In practice, the process is more nuanced. Here is a 6-step operational workflow that reflects how compliance teams at banks and fintechs actually perform UBO verification:

Step 1: Verify the Legal Entity

Before identifying UBOs, confirm the entity itself is legitimate:

• Collect the company's registration number, legal name, registered address, entity type, and jurisdiction of incorporation
• Verify this information against official corporate registries (e.g., Companies House in the UK, Secretary of State databases in the US, MCA in India)
• Confirm the company's current legal status (active, dissolved, suspended)
• Identify the names and roles of directors, officers, and senior management

This step establishes the foundation. If the entity itself cannot be verified, the UBO identification process cannot proceed reliably.

Step 2: Map the Full Ownership Chain

This is the most complex and time-consuming step:

• Identify all shareholders and their ownership percentages, starting from the entity's shareholder register or registry filings
• For each shareholder that is a corporate entity (not a natural person), trace through to its shareholders
• Continue tracing through each layer of intermediary entities until you reach natural persons
• Document the full ownership chain, including direct and indirect ownership percentages

Example: If Person A owns 60% of Company X, and Company X owns 50% of Company Y (the entity you are verifying), then Person A's indirect ownership of Company Y is 30% (60% × 50%).

Cross-border chains add complexity: a UK company may be owned by a BVI holding company, which is owned by a Singaporean trust, whose settlor is a natural person in India. Each layer may require accessing different registries, in different languages, with different data formats.

Step 3: Identify UBOs Against Jurisdictional Thresholds

Apply the relevant jurisdiction's ownership threshold to each natural person identified in Step 2:

• In the EU: any natural person with ≥25% direct or indirect ownership
• In India: any natural person with ≥10% shares, voting rights, or right to dividends
• In South Africa: any natural person with ≥5% beneficial ownership

If no natural person meets the ownership threshold, move to the control test.

Step 4: Assess Control Beyond Ownership

This step catches individuals who control the entity without meeting ownership thresholds:

• Shareholder agreements that grant veto rights or special voting powers
• Board appointment rights - the ability to appoint or remove a majority of directors
• Voting pacts or "acting in concert" arrangements
• Special share classes with disproportionate voting power
• Trust arrangements where a protector or trustee exercises effective control

If no individual is identified under either the ownership or control test, most frameworks require identifying the senior managing official (e.g., CEO, Managing Director) as the fallback UBO.

Step 5: Perform KYC/AML Screening on Each UBO

Each identified UBO must undergo individual verification:

• Identity verification: government-issued ID document verification, facial biometric matching, liveness detection
• Sanctions screening: check against OFAC, UN, EU, and other global sanctions lists
• PEP screening: identify Politically Exposed Persons across all levels (heads of state, senior officials, their associates and family members)
• Adverse media screening: search for negative news coverage related to financial crime, fraud, corruption, or regulatory action
• Criminal record checks: where available and legally permitted

Step 6: Apply Risk-Based Due Diligence

Not all UBOs present the same level of risk. Apply proportional measures:

• Standard CDD (Customer Due Diligence): for UBOs with straightforward ownership, no PEP/sanctions hits, low-risk jurisdictions
• Enhanced Due Diligence (EDD): for UBOs who are PEPs, connected to high-risk jurisdictions, involved in complex multi-layered structures, or flagged by adverse media
• Simplified Due Diligence (SDD): for very low-risk scenarios (e.g., publicly listed companies in well-regulated markets)

EDD typically involves deeper investigation: source of wealth verification, additional documentation, senior management sign-off, and more frequent ongoing reviews.

For a step-by-step guide to checking business legitimacy, see this guide on how to check if a company is legitimate.

What Are the Biggest Challenges in UBO Verification?

Understanding the process is one thing. Executing it at scale - across jurisdictions, entity types, and risk levels - is where the real difficulty lies.

Multi-Layered Corporate Structures

The most common challenge. Real-world ownership structures can span 5-10+ entities across multiple jurisdictions, each with its own registry format, access rules, and language. Tracing from the account-holding entity to the natural person at the top of the chain requires accessing multiple data sources, reconciling inconsistent information, and calculating indirect ownership through each layer.

Example: A fintech in the US may be owned by a Delaware LLC, which is owned by a Cayman Islands holding company, which is owned by a Singapore family office, whose beneficiaries include three individuals across India and the UK. Each layer requires a separate registry lookup and legal interpretation.

Nominee Arrangements

Nominee shareholders and directors are legitimate tools in many jurisdictions - but they are also used to conceal true beneficial ownership. Compliance teams must distinguish between legitimate privacy arrangements and deliberate concealment, then evidence the underlying beneficial owner with documentary continuity from entity to UBO.

Corporate service providers (CSPs) that manage nominee structures add third-party risk: you must periodically re-confirm that nominees still act as declared and that UBOs haven't changed.

Trusts, Foundations, and Opaque Vehicles

Trusts present unique challenges because they involve multiple roles - settlors, trustees, protectors, and beneficiaries - any of whom might qualify as a UBO depending on the jurisdiction and the terms of the trust deed. Private trust deeds, "letters of wishes," and bespoke governance arrangements require legal expertise to parse, which does not scale well for high-volume onboarding.

Some jurisdictions treat trusts distinctly; others barely recognize them. Requirements for registering trusts, disclosing beneficiaries, or filing BOI vary widely, forcing different workflows per country.

Cross-Border Registry Fragmentation

Data availability ranges from open, searchable digital registries to paywalled, paper-based, or practically inaccessible records. Even within the EU, where BO registers are being interconnected, data quality and format vary significantly between Member States.

Records in non-Latin scripts, non-machine-readable formats (scanned PDFs, handwritten forms), or outdated registry systems add manual effort, translation cost, and error risk.

Data Quality and Self-Declaration Reliability

Clients often provide self-declared UBO information. Regulators - including FATF under revised Recommendation 24 - are explicit that self-declaration alone is not sufficient. Institutions must corroborate with multiple independent sources, reconcile discrepancies, and document their reasoning.

Ongoing Monitoring vs. One-Time Checks

UBOs change after M&A, restructurings, capital raises, or private share transfers. Many institutions still rely on periodic KYC refresh cycles (annual or biennial), which miss mid-cycle changes. FATF and EU regulators increasingly expect event-driven monitoring and continuous screening, not just onboarding-time verification.

Remediation at Scale

New UBO regulations - such as the EU's AMLD6 transposition deadlines or the evolving US CTA requirements - frequently require institutions to re-paper their existing client portfolios. This means launching large-scale outreach campaigns to collect updated UBO information from thousands of existing corporate clients, many of whom were onboarded years ago under different standards.

These remediation projects are resource-intensive: they require dedicated teams, technology for bulk document capture and verification, and tight timelines driven by regulatory deadlines. Institutions that lack automated UBO verification capabilities often face backlogs that create compliance risk during the transition period.

Skills Shortage and Training

Experienced compliance analysts who understand complex corporate structuring, cross-border tax and regulatory arbitrage, and the nuances of nominee and trust arrangements are scarce and expensive. This skills gap is particularly acute in fintechs and mid-market institutions that may lack the deep compliance benches of major global banks.

Even where experienced staff exist, ensuring consistent application of UBO policies across countries, business lines, and partner fintechs requires ongoing training and standardization. In BaaS (Banking-as-a-Service) models, sponsor banks are now held accountable for their fintech partners' UBO and AML/KYC controls - meaning the skills gap at the fintech level becomes a direct risk for the sponsoring bank.

Balancing Speed with Thoroughness

For fintechs and digital-first institutions, there is a fundamental tension between the speed that customers expect during onboarding and the depth that regulators require for UBO verification. A corporate customer applying for a payment processing account expects to be operational within days, not weeks. But a thorough UBO investigation of a multi-layered offshore structure may require accessing registries in multiple jurisdictions, reviewing trust deeds, and conducting enhanced due diligence - processes that can take weeks if done manually.

This tension is the primary driver behind the adoption of automated UBO verification technology: it allows institutions to maintain onboarding speed while achieving the verification depth that regulators demand.

For more on building comprehensive AML programs that address these challenges, see this guide on AML policy for fintechs.

How Can Technology Solve UBO Verification Challenges?

Manual UBO verification - searching registries one by one, tracing ownership chains on spreadsheets, screening each individual against watchlists separately - does not scale. For institutions onboarding hundreds or thousands of corporate customers, technology is not optional.

Automated UBO Discovery and Corporate Data Aggregation

Modern platforms pull data from multiple company registries, commercial data providers, and UBO registers simultaneously. They automatically:

• Build ownership trees by tracing through intermediary entities
• Calculate direct and indirect ownership percentages
• Identify individuals who cross jurisdictional thresholds
• Flag discrepancies between client declarations and registry data

What once took compliance analysts hours per entity can be completed in minutes.

AI/ML for Entity Resolution and Hidden Ownership Detection

AI and machine learning models can:

• Resolve entities across data sources (matching "ABC Holdings Ltd" in one registry with "ABC Holdings Limited" in another)
• Detect hidden or indirect ownership links that manual review might miss
• Identify patterns suggesting nominee misuse, circular ownership, or layering
• Support risk-based prioritization by highlighting suspicious chains and high-risk jurisdictions

Important caveat: Regulators expect humans to understand and justify the output. "Black box" AI decisions are not acceptable for compliance purposes. Technology should augment human judgment, not replace it.

Graph-Based Ownership Visualization

Complex ownership structures are much easier to understand - and explain to regulators - when visualized as network graphs rather than described in text. Graph-based tools allow compliance teams to see multi-layered chains, identify unusual patterns, and communicate findings clearly during audits.

Integrated KYB + KYC Workflows

The most effective approach links corporate ownership discovery directly with individual verification. When a UBO is identified, the system automatically triggers identity verification, sanctions screening, PEP checks, and adverse media monitoring - without requiring manual handoffs between separate tools or teams.

Workflow Orchestration and Audit Trails

Centralized case management systems that orchestrate tasks, approvals, and escalations while maintaining complete audit trails are essential for regulatory readiness. They ensure that every decision - what data sources were used, who reviewed the UBO determination, what exceptions were made - is documented and defensible.

How Signzy Simplifies UBO Verification for Regulated Businesses

Signzy's UBO Check is designed to automate the operationally complex parts of UBO verification while maintaining the transparency and auditability that regulators require.

What Signzy's UBO Check Offers

• Global coverage: UBO verification across 150+ countries and all 50 US states, connecting to official company databases, registries, and audit reporting sources
• Automated ownership chain tracing: AI-powered analysis of business shareholding patterns and beneficial ownership structures - including multi-layered corporate chains across jurisdictions
• Integrated KYC on identified UBOs: Once UBOs are identified, Signzy's One Touch KYC performs identity verification, facial biometric matching, and liveness detection on each individual
• AML/Sanctions/PEP screening: Screening against 1,000+ global watchlists including OFAC, UN, EU, and FinCEN databases, with daily updates and fuzzy logic matching for name variations
• 97% API accuracy across 160M+ businesses verified, with processing completed within minutes
• No-code workflow builder: Compliance teams can configure UBO verification flows, adjust risk thresholds, and deploy jurisdiction-specific workflows without developer resources
• Rapid deployment: API-first architecture enables integration in 48 hours to 4 days - compared to weeks or months for many alternatives

How It Fits into the Broader Compliance Stack

Signzy's UBO Check is part of a comprehensive KYB platform that includes business registration verification, EIN/TIN verification, document fraud checks, and ongoing AML monitoring. This unified approach means risk signals from UBO verification, identity checks, and transaction monitoring are correlated rather than siloed - improving detection accuracy while reducing the total cost and complexity of managing multiple vendor integrations.

For organizations that need to verify both the business and its owners as part of onboarding, Signzy provides the full workflow in a single platform. Learn more about how to find the UBO of a company or explore Signzy's UBO Check.