Beyond the Name on the Paper: Managing UBOs and Adverse Media for AML Compliance
- FinScan
- 4 days ago
- 4 min read
Understanding who truly controls a company—and whether they pose a financial crime risk—is no longer a nice-to-have. It’s a regulatory imperative. In part 2 of our KYC webinar series, FinScan’s Director of Advisory Services, Steve Marshall, dives into two key pillars of anti-money laundering (AML) compliance: identifying ultimate beneficial owners (UBOs) and screening for adverse media.
Here’s what he covered—and why it matters for financial institutions navigating today’s complex risk landscape.
1. Regulatory expectations: more than just a checkbox
Both UBO and adverse media screening are driven by clear, global compliance expectations. FATF’s Recommendation 24 mandates that countries create mechanisms to collect and share beneficial ownership information. The EU’s AML directives and the Wolfsberg Group’s guidance reinforce the requirement to identify not just legal owners but those who ultimately control a business or fund flows.
Yet despite this clarity, there’s often a gap between regulatory mandates and real-world execution. For instance, how do you define adverse media? What level of reputational risk warrants action? And how should organizations interpret “reasonable measures” in the context of UBO due diligence?
These gray areas require institutions to build robust, risk-based frameworks that go beyond regulatory box-checking.
2. Defining and applying risk tolerance, appetite, and controls
To navigate these challenges, organizations must first define their risk tolerance (what they can withstand operationally) and risk appetite (the amount of risk they’re willing to take on to meet business objectives). These parameters should shape how institutions conduct due diligence and determine what constitutes a red flag.
Internal controls serve as the guardrails. They ensure that risk appetite thresholds aren’t exceeded and help prevent adverse outcomes. Importantly, these controls must be dynamic. As risk tolerance or business goals shift, internal controls need to evolve in tandem.
When applied to UBO and media screening, these principles become especially important. For example, an allegation of bribery or terrorist financing should be treated very differently from a dated accusation of disorderly conduct. Risk-based screening tools must reflect this nuance.
3. Unmasking the true owners: the challenge of complex ownership structures
Identifying beneficial owners is often easier said than done—especially when ownership is layered through shell companies, foreign entities, or family members acting as proxies.
Consider a simplified example: Company A is 50% owned by Company B, which is partially owned by Company D, where Individual 9 holds a 90% stake. Without a tech-enabled ownership calculator, determining that Individual 9 effectively owns 27% of Company A would be slow and error-prone.
Technology is critical here. Screening tools should trace ownership chains, calculate percentage thresholds, and flag entities that meet regulatory reporting criteria—whether that’s 25% or more (as in the US) or more than 25% (as in the UK).
4. The role of adverse media: informing risk judgments with context
Once UBOs are identified, the next step is understanding their reputational footprint. This is where adverse media screening plays a vital role.
The FATF and the EU recommend using verifiable negative news to inform customer risk profiles. The Wolfsberg Group emphasizes integrating adverse media into a broader risk-based approach. But again, these recommendations often stop short of explaining how to do it effectively.
Institutions must determine:
What types of allegations warrant scrutiny?
How far back in time should they go?
Do unresolved accusations carry the same weight as convictions?
The answers lie in aligning media screening criteria with risk appetite, supported by intelligent tools that can filter through vast datasets to isolate truly relevant threats.
5. A lifecycle approach to mitigating AML risk
AML compliance isn’t a one-time task—it’s an ongoing process. Screening must happen at onboarding and continue throughout the customer relationship.
A strong process includes:
High-quality data ingestion – Accurate client and compliance data flow into the system.
Robust screening tools – These flag matches from registries (for UBOs) and news sources (for adverse media).
Efficient resolution workflows – Analysts assess and resolve hits to avoid unnecessary escalations.
Risk scoring – Validated matches feed into a risk engine that continuously updates the customer’s profile.
This lifecycle must also include ongoing testing of the controls and technology. If data quality degrades or algorithms underperform, risks may go undetected.
Making it work for you
UBO and adverse media screening are essential to building a resilient AML program. But without a clear risk framework and the right tools, compliance efforts can fall short.
To recap:
Regulations demand transparency, but it’s up to institutions to define and enforce reasonable measures.
Risk tolerance, risk appetite, and internal controls form the foundation of an effective due diligence process.
Technology is essential for navigating complex ownership webs and filtering media noise.
Monitoring and screening must continue throughout the customer lifecycle.
Staying compliant—and ahead of financial crime—requires more than following rules. It means building a risk-aware culture supported by smart, scalable solutions.
Want to enhance your KYC processes? Discover how our solutions can help you stay compliant with regulations and provide a smooth, customer-friendly experience.
