UBO Identification: Why Compliance Teams Still Struggle with Layered Ownership Structures

Behind every company, trust, fund, or foundation, there is a physical person who ultimately owns or controls it. Identifying that person, the ultimate beneficial owner, is one of the most fundamental obligations in KYC compliance. It is also, in practice, one of the most difficult.

The challenge is not the concept. Most compliance professionals understand the basic threshold: in the EU, a natural person holding more than 25% of shares or voting rights is a UBO. But the threshold itself is not universal. In Mauritius it is 20%. Some counterparties and internal risk policies set it at 10% or 15%. And in every jurisdiction, the difficulty is not the number. It is the structures that sit between the UBO and the entity being assessed: layers of holdings, trusts, SPVs, and intermediate companies that obscure direct ownership and make calculation anything but straightforward.

This article examines why layered ownership structures create persistent problems for compliance teams, what regulators expect firms to do about it, and how the right technology can turn a manual, error-prone process into something reliable and auditable.

The Simple Case Is Rarely the Real Case

In textbook KYC, UBO identification is arithmetic. A company has three shareholders: one holds 30%, another holds 45%, the third holds 25%. Each of them crosses the threshold. Each is a UBO. Case closed.

But compliance teams rarely encounter textbook structures. The entities they assess typically involve multiple layers of corporate ownership, where no single individual appears directly on the share register of the entity in question. Instead, shares are held by other companies, which are in turn held by other companies, which may be held by trusts or foundations with their own governance structures.

To identify the UBO, a compliance officer must trace ownership through every layer, calculating the effective ownership percentage at each step. A person who holds 60% of Company A, which holds 50% of Company B, which holds 80% of Company C, has an effective indirect ownership of 24% in Company C. Just below the threshold. Change any single percentage in that chain, and the calculation changes with it.

This is where the real work begins.

Why Indirect Ownership Changes Break Everything

The initial UBO calculation, however complex, is a one-time effort during onboarding. The ongoing challenge is what happens when something changes.

Ownership structures are not static. Shares are transferred, new investors enter, existing shareholders dilute, subsidiaries are created or dissolved. Each change, no matter how small, can cascade through the entire ownership chain and alter who qualifies as a UBO.

Consider a group structure with four layers of companies and a dozen shareholders distributed across those layers. A 5% share transfer at the second layer does not just affect the company where the transfer occurred. It changes the effective ownership calculation for every entity below it in the chain. A person who was previously at 26% indirect ownership might drop to 23%. They are no longer a UBO. Someone else, previously at 24%, might now be at 27%. They are now a UBO who was previously unidentified.

For many compliance teams, this means reopening a spreadsheet, manually recalculating every ownership path, cross-referencing the results against the threshold, and updating the compliance file accordingly. If the group structure is complex, and for management companies overseeing funds, trusts, and holding structures it almost always is, this recalculation can take hours.

The real risk is not the time it takes. It is the errors that creep in when complex arithmetic is performed manually under time pressure, and the compliance gaps that emerge when recalculations are delayed because the team simply does not have the capacity to do them promptly.

What Regulators Actually Expect

Regulatory expectations around UBO identification have tightened considerably in recent years. The EU's Anti-Money Laundering Regulation (AMLR), which consolidates and strengthens the requirements of previous directives, makes the obligations explicit.

Regulated firms must identify all natural persons who ultimately own or control a customer entity. The standard EU threshold remains 25% of shares or voting rights, but regulators have made clear that ownership is not the only path to control. Senior management positions, the right to appoint or remove directors, and other forms of influence can also establish UBO status. Importantly, the assessment is not limited to individual holdings. Where a person holds shares alone or together with associated persons, the combined holding must be considered. A shareholder at 15% whose spouse holds another 12% may cross the threshold collectively, even though neither does individually.

There is also a critical fallback rule that many firms overlook. When no natural person can be identified who holds more than 25% direct or indirect ownership or control, the members of the entity's senior management or board of directors are deemed to be the UBOs. This is not a loophole or a shortcut. It is a regulatory requirement. The firm must still document why no qualifying beneficial owner could be identified, and why the board or senior management was designated instead. Regulators will scrutinise this reasoning closely.

Critically, regulators expect firms to look through the entire ownership chain, not just the first layer. Where ownership is held through a chain of corporate entities, the firm must calculate the effective ownership at each level and identify every natural person who crosses the threshold through any combination of direct and indirect holdings.

This is not a suggestion. During examinations, regulators routinely ask firms to demonstrate how they identified UBOs, what methodology they used to calculate indirect ownership, and how they verified the information. Firms that cannot produce a clear, documented calculation for every entity in their portfolio face regulatory action.

The expectation extends to ongoing monitoring. It is not sufficient to identify UBOs at onboarding and assume the analysis remains valid. Firms must have processes in place to detect changes in ownership structures and recalculate UBO status when those changes occur.

It is also worth noting that the threshold question is not as settled as it may appear. While the EU standard is 25%, the upcoming AMLR regulation aims to harmonise rules that were previously implemented through directives, meaning each member state could set its own requirements. Different jurisdictions outside the EU apply different thresholds entirely. And many counterparties, regardless of what the law requires, apply a lower threshold of 10% or 15% in their own due diligence as a matter of internal risk policy. A system that hardcodes 25% and nothing else will fail the first time it encounters a counterparty or jurisdiction that expects something different.

The Spreadsheet Problem

Despite these requirements, the tools most compliance teams use for UBO identification have not kept pace with regulatory expectations.

The overwhelming majority of firms still perform UBO calculations in spreadsheets. Some do not even get that far. It is not uncommon to find ownership structures maintained in PowerPoint slides, manually drawn and annotated. The person responsible keeps a folder of current and historical versions, organised by memory rather than any formal system. They know where everything is because they built it themselves. But no one else in the firm could reconstruct it if they needed to.

Even in the more disciplined case, the process is the same. An analyst maps out the ownership structure, enters the percentages at each layer, builds formulas to calculate indirect ownership, and manually identifies which natural persons cross the threshold. The spreadsheet is saved to a shared drive, attached to the customer file, and referenced during periodic reviews.

This approach has several fundamental problems.

It does not scale. A spreadsheet that works for a simple two-layer structure becomes unwieldy for a group with five layers, multiple cross-holdings, and dozens of shareholders. The formula complexity grows exponentially, and the risk of circular references or broken calculations increases with each additional layer.

It is not connected to the source data. When ownership changes, someone must manually update the spreadsheet. This requires the compliance team to know that a change occurred, which in turn requires reliable information flows from the customer. In practice, there is often a significant lag between when ownership changes and when the spreadsheet reflects that change.

It does not produce an audit trail. A spreadsheet shows the current state. It does not show who changed what, when, or why. When a regulator asks how the UBO analysis evolved over time, the compliance team must reconstruct the history from emails, file notes, and memory.

It is isolated from the compliance workflow. The UBO calculation exists in a spreadsheet. The customer documents exist in a document management system. The risk assessment exists in another tool. The compliance officer must manually cross-reference all three to ensure consistency.

The Problem on the Other Side

The burden of UBO identification does not fall only on the firm conducting the KYC. It also falls on the entity being assessed.

Consider the perspective of a company that is subject to KYC from multiple counterparties. Each counterparty sends its own request, asking for an ownership chart, supporting documents, and identification for each UBO. The requests are similar but never identical. One counterparty wants everyone above 25%. Another wants 10%. A third wants the chart signed by an independent auditor or notarised. A fourth wants it in a specific format that requires re-entering all the data manually.

For the person sitting on the receiving end of these requests, this is not compliance work in the strategic sense. It is administrative repetition. They are producing the same information, over and over, in slightly different formats, for different parties, with different validity requirements. When ownership changes, even by a small amount, they must update every version, recalculate the downstream effects, and redistribute the updated charts to every counterparty that holds one.

This is expensive. Not just in time, but in the cost of getting documents notarised, signed by the right internal authority, and delivered through secure channels. And when something does not add up, when a counterparty spots a discrepancy or asks a follow-up question, the whole cycle starts again.

The firms that can produce ownership charts from a single, live data source, filtered to whatever threshold the counterparty requires and exportable in a format that satisfies their specific requirements, eliminate this entire category of repetitive work. They respond faster, with fewer errors, and with less back-and-forth. That matters to both sides of the KYC relationship.

Why Versioning and History Matter

Regulatory retention requirements for KYC documentation are typically five years from the end of the business relationship, though many firms apply a ten-year standard. For ownership structures, this means the firm must be able to reconstruct the exact state of the ownership chart at any point in time.

This is not just about keeping old files. It is about being able to answer a specific question: what did the ownership structure look like on a given date, and who was identified as a UBO at that time? Regulators, internal auditors, and external auditors all ask this question. So do counterparties during transactions, when they need to confirm that the structure was unchanged during a specific period.

A system that only shows the current state of ownership is not sufficient. The firm needs immutable versioning, where every change to the ownership structure is recorded with a timestamp, the identity of the person who made the change, and the downstream effect on UBO calculations. When a percentage shifts from 90% to 92% at one layer, the system should record that change and show whether it altered UBO status at any point in the chain.

Without this, the firm is left reconstructing history from file folders, email threads, and the memory of whoever happened to manage the structure at the time. That is not a defensible audit position.

Different Structures, Different Challenges

Not all layered structures are equally complex, and a robust UBO identification process must handle the full spectrum.

Corporate Chains

The most common structure involves a chain of companies. Company A owns Company B, which owns Company C. Calculating indirect ownership through a linear chain is relatively straightforward multiplication. The complexity increases when chains branch: when Company A holds stakes in multiple subsidiaries, each of which holds stakes in further entities, creating a tree structure that requires the compliance team to trace every path from every natural person to the entity being assessed.

Trusts and Foundations

Trusts introduce a different kind of complexity. A trust does not have shareholders in the conventional sense. It has settlors, trustees, beneficiaries, and protectors, each of whom may exercise different forms of control. Identifying the UBO of an entity held through a trust requires understanding the trust deed, the powers of each role, and the degree of control each person exercises.

Foundations present similar challenges. The founder, board members, and beneficiaries may all have a claim to UBO status depending on the jurisdiction and the specific governance arrangements.

Nominee and Fiduciary Arrangements

In some jurisdictions, shares are held by nominees on behalf of the real owner. The nominee appears on the register, but the beneficial owner is someone else entirely. Compliance teams must look behind the nominee arrangement to identify the natural person who actually benefits from or controls the shareholding.

Fiduciary arrangements in the fund management context add further layers. A management company may hold shares in a fund on behalf of investors, creating a structure where the legal ownership chain does not reflect the economic reality.

Cross-Holdings and Circular Ownership

The most complex structures involve cross-holdings, where Company A holds a stake in Company B, and Company B holds a stake in Company A. Circular ownership creates mathematical challenges for indirect ownership calculation and requires careful handling to avoid infinite loops in the computation.

What Automation Should Actually Do

The case for automating UBO identification is not about replacing compliance judgment. It is about eliminating the mechanical work that consumes disproportionate time and introduces unnecessary error.

A well-designed system should do the following.

Maintain a live ownership model. Rather than recalculating from scratch each time, the system should maintain a persistent model of the group structure that updates incrementally as ownership information changes. When a 5% share transfer occurs at one layer, the system should automatically recalculate the downstream impact across every affected entity.

Calculate indirect ownership through every path. The system should trace all ownership paths from every natural person to the entity being assessed, aggregating indirect ownership percentages across parallel paths and handling branching structures correctly.

Apply configurable thresholds. The system should not hardcode a single UBO threshold. It should allow the firm to set the relevant threshold per jurisdiction, per counterparty, or per internal policy. A structure assessed at 25% for one purpose may need to be assessed at 10% for another. The system should make it possible to switch between thresholds and instantly see how the results change, without re-entering any data.

Produce an auditable, versioned record. Every calculation should be logged with the inputs used, the methodology applied, and the result produced. When ownership changes, the system should record what changed, when, and how it affected UBO status. It should be possible to reconstruct the exact ownership structure and UBO determination as it existed on any given date, even years after the fact.

Connect to the compliance workflow. UBO identification should not exist in isolation. When a new UBO is identified, the system should trigger the appropriate KYC requirements: document requests, enhanced due diligence, risk reassessment, or all three, automatically and in line with the firm's compliance policy.

Handle the board fallback correctly. When no natural person crosses the threshold, the system should recognise this condition and designate the senior management or board of directors as UBOs, with a clear record of why the fallback was applied. This should not require manual intervention. It should follow from the calculation itself.

The goal is not to remove the compliance officer from the process. It is to ensure they spend their time exercising judgment on the cases that require it, rather than performing arithmetic that a machine can do more reliably.

The Organisational Chart as a Compliance Tool

One underappreciated aspect of UBO identification is the role of visual representation. Ownership structures that are impenetrable as rows in a spreadsheet become immediately comprehensible when displayed as an organisational chart.

A visual group structure allows compliance officers to see at a glance how entities relate to each other, where ownership concentrates, and where the paths to natural persons become indirect. It makes it possible to identify structural anomalies, such as unusually deep chains, unexpected cross-holdings, or entities that appear to serve no commercial purpose, that might warrant further investigation.

When the organisational chart is interactive and connected to live ownership data, it becomes more than a visual aid. It becomes a compliance tool. The compliance officer can click on any entity to see its ownership breakdown, trace the path to each UBO, and understand immediately how a change at one level affects the rest of the structure.

For management companies that oversee complex fund structures with SPVs, holding companies, feeder funds, and multiple investor tiers, this visual approach transforms what was previously a painful analytical exercise into something that can be understood, explained, and audited with confidence.

Looking Forward

Regulatory expectations around UBO identification will continue to intensify. The establishment of AMLA as a central EU supervisory authority, the increasing focus on complex structures as vehicles for financial crime, and the growing sophistication of ownership arrangements all point in the same direction: firms will need to demonstrate more rigorous, more timely, and more transparent UBO identification processes.

The firms that continue to rely on manual spreadsheet calculations will find it increasingly difficult to meet these expectations. The arithmetic is too complex, the structures change too frequently, and the regulatory tolerance for gaps and delays is shrinking.

The firms that invest in automated, policy-driven UBO identification, where ownership models are maintained in real time, calculations are performed consistently, and every result is traceable to its inputs, will be better positioned to satisfy regulators, serve their customers, and scale their operations without proportional increases in compliance headcount.

UBO identification is not a problem that needs more analysts. It is a problem that needs better tools.

Want to see how automated UBO identification works in practice? Talk to our team about a walkthrough.