2.2. Features and Controls that Mitigate the Risk of a Legal Person or Arrangement
At a high level, features and controls that affect the vulnerabilities of legal persons and arrangements can be divided into four categories:
• The formation process and requirements to establish the legal person or arrangement; • The identification of the individuals actually owning and controlling legal persons and arrangements; • The reporting and recordkeeping requirements imposed on companies throughout their lifetime; and • The formation authority’s supervisory regime and enforcement tools.
The subsections that follow briefly discuss the various measures that—if effectively implemented—can help mitigate the vulnerabilities of legal persons and arrangements.
LFIs should be aware of the risks associated with all customer types, including legal persons and arrangements established outside the UAE. Appropriately assessing these risks will often involve developing an understanding of the controls in place to ensure transparency.
CBUAE recognizes that LFIs do not control the legal frameworks governing their customers. Nevertheless, CBUAE recommends that LFIs familiarize themselves with the features of the company forms most commonly found within their customer base, and the controls in place in the jurisdictions where their legal person customers are most commonly registered. LFIs should also consider seeking some or all of the following information in order to understand legal person and legal arrangement risks, particularly when conducting enhanced due diligence on legal person and legal arrangement customers that pose higher risks.
2.2.1. Formation Requirements and Process
Abuse of legal persons and arrangements for ML/TF/PF often includes the creation of complex ownership structures with many such entities—including entities of different types and in different jurisdictions; the use of one-time ‘disposable’ entities that are abandoned after they have served their purpose; or the use of previously inactive ‘shelf companies. In addition, illicit actors will be able to more easily transact anonymously if they are required to reveal only minimal information during the formation process, can rely on nominees, or can complete processes without face-to-face interaction. For these reasons, legal persons and arrangements in jurisdictions whose formations processes allow for rapid, remote, and inexpensive formation and registration may be more attractive to illicit actors.
2.2.2. Identification and Reporting of Beneficial Owners
Because anonymity is one of the greatest attractions for illicit actors who seek to abuse legal persons and arrangements, they are likely to gravitate towards jurisdictions and company forms that require them to provide minimal information about the entities and themselves and that make it difficult for third parties to identify who in fact owns and controls the entity. The following controls that may be applied by the jurisdiction registering the entity in question can, to a certain extent, reduce the vulnerabilities created by corporate opacity.
• The registering authority collects key information about the company (such as name, address, and the names of directors) at formation and makes it available to the public; • The registering authority collects the identities of all beneficial owners, or all beneficial owners owning at least a given percentage of the company, at the time of establishment, and makes this information available to domestic and foreign law enforcement, as well as AML/CFT regulated entities. o The threshold for identifying ownership should be in line with international and UAE standards. o Where the registering authority applies a threshold that exceeds 25% of the ownership interests in a legal person, LFIs should be aware that the customer is not required to report all individuals qualifying as beneficial owners in the UAE; • The legal person or arrangement is prohibited from being owned by another legal person or arrangement; • Nominee shareholders and directors are prohibited, or are appropriately regulated.
2.2.3. Reporting and Recordkeeping
Unlike individuals, legal persons and arrangements can swiftly change fundamental elements of their identity, rendering information provided during the formation process obsolete. Legal persons and arrangements can also compartmentalize information about themselves so that no single individual possesses full information about the entity. Because legal persons and arrangements abused for ML/TF/PF may not engage in licit commercial activity and may be controlled by only a small number of closely connected individuals, there is little commercial rationale for such entities to maintain adequate books and records. Illicit actors take advantage of these features by purchasing already-established companies “off the shelf;” selling companies to new owners; changing the company name; or failing to maintain records of their ownership. These vulnerabilities can, to a certain extent, be mitigated through effective controls, such as:
• Legal persons and arrangements are required to promptly update the registering authority if their key information (including beneficial ownership) changes; • Legal persons and arrangements are required to appoint a resident agent in the jurisdiction where they are established to respond to inquiries; • Legal persons and arrangements are required to make annual financial reports to their registering authority and/or to undergo a regular audit and provide the audit report to their registering authority.
2.2.4. Supervision
The effectiveness of any regime of controls over legal persons and arrangements depends on the consistency with which such controls are enforced and on the sanctions available to the supervisor and law enforcement.
• Legal persons and arrangements are monitored by their supervisor for their compliance with requirements; • The supervisor can and does levy substantial penalties, whether civil or criminal, for violations of these requirements.