External Data Sources and Beneficial Ownership

External Data Sources and Beneficial Ownership

Criminals hide behind layers of companies, trusts, and nominees. Beneficial ownership identification pierces that veil to reach the natural persons who ultimately own or control a legal-entity customer. CAMS tests the U.S. FinCEN Customer Due Diligence (CDD) Rule thresholds precisely, alongside FATF's global standard.

The two prongs of the CDD Rule

For each legal entity customer, a covered FI must identify beneficial owners under two prongs:

So a legal entity customer has between one and five beneficial owners: one control-prong person plus up to four ownership-prong persons. The 25% figure is a regulatory baseline — an FI may apply a lower threshold based on its risk assessment, and FATF likewise treats 25% as a benchmark, not a ceiling. The exam frequently tests the trap of treating 25% as the only number that matters and forgetting the control prong, which applies even when no one owns 25%.

Worked example. Company A is owned 60% by Holding B and 40% by an individual, Ms. Lee. Holding B is owned 50/50 by Mr. Singh and Ms. Patel. Tracing through: Mr. Singh and Ms. Patel each effectively own 30% of Company A (50% of 60%), and Ms. Lee owns 40% — all three exceed 25% and are beneficial owners. You must still add the control prong individual (say the CEO) if not already captured. This layered tracing is Ultimate Beneficial Ownership (UBO) analysis.

External data sources

CDD information must be corroborated and enriched using independent external sources:

• Corporate registries / beneficial-ownership registers: confirm legal existence, directors, and declared owners. Many jurisdictions maintain UBO registers following FATF Recommendation 24.
• Sanctions, PEP, and watchlist databases: screen each owner and the entity (covered in the next section).
• Adverse-media / negative-news screening: detect financial-crime allegations not yet in formal lists.
• Commercial data providers: consolidated ownership graphs, litigation, and ratings.

Red flags of ownership concealment

• Owners just below 25% (e.g., five 20% owners) — possible deliberate structuring to avoid disclosure.
• Nominee directors/shareholders and bearer shares.
• Shell companies with no employees, address only a registered agent, in secrecy jurisdictions.
• Refusal or inability to identify natural-person owners.
• Complex, multi-jurisdiction layering with no business rationale.

Common traps

First, the control prong is mandatory even with no 25% owner — a widely held entity still has one control-prong beneficial owner. Second, 'beneficial owner' is always a natural person, never another company; you must trace through entities to humans. Third, 25% is a floor, not a fixed rule — high risk justifies a lower threshold. Fourth, external registries can be inaccurate or outdated; the FI must apply a risk-based reliability assessment to its sources rather than treating a register as conclusive.

The CAMS-correct approach traces UBO to natural persons, applies both prongs, screens each, and corroborates with independent, reliable external data.

FATF Recommendation 24 and beneficial-ownership registers

Globally, FATF Recommendation 24 requires countries to ensure adequate, accurate, and up-to-date beneficial-ownership information for legal persons, increasingly through central beneficial-ownership registers. Following FATF's 2022 strengthening of R.24, many jurisdictions moved toward register-based or multi-pronged approaches. The U.S. layered the Corporate Transparency Act (CTA) on top of the bank-facing CDD Rule, requiring many companies to report beneficial owners to a FinCEN registry — though the FI's own CDD obligation to verify ownership is separate and continues.

The exam point is that a register is a corroboration source, not a substitute for the institution's own risk-based verification.

Reliability of external sources

External data varies in trustworthiness, and CAMS expects a risk-based reliability assessment of each source. A government corporate registry in a strong-rule-of-law jurisdiction is more reliable than a self-declared filing in a secrecy haven where bearer shares and nominees are permitted. Adverse-media hits must be corroborated before acting, because a single unverified article is not proof. The institution documents which sources it relies on, for what, and why — and treats single-source, uncorroborated data with appropriate caution rather than as conclusive.

Source of wealth versus source of funds

For higher-risk and PEP customers, EDD requires understanding both source of wealth (SOW) — how the customer's overall net worth was generated (inheritance, business sale, salary over a career) — and source of funds (SOF) — the origin of the specific money entering the account (a particular property sale, a dividend). External data corroborates these claims: corporate records confirm a business sale, property registries confirm a real-estate transaction. A claim that cannot be corroborated by independent data is itself a red flag, and the exam-correct response is to seek evidence rather than accept the assertion.

A worked UBO concealment scenario

A new corporate customer presents a clean structure: one named 90% owner and a registered office. External checks reveal the 90% owner is a nominee director who appears on hundreds of unrelated companies, the registered office is a mass-incorporation address, and the entity is in a secrecy jurisdiction with no apparent operations. Each fact is a recognized concealment red flag — nominee ownership, mass registration, shell characteristics — and together they mean the FI has not actually identified the natural person who controls the company.

The CAMS answer is to demand the true UBO, conduct EDD, and decline or exit if the real beneficial owner cannot be established, because beneficial ownership must always resolve to identifiable natural persons.