The UK’s performance against the Open Ownership Principles
Assessment and recommendations
Robust definitions
Principle: Beneficial ownership should be clearly and robustly defined in law, with low thresholds used to determine when ownership and control is disclosed.
In accordance with the OO Principle:
- Robust and clear definitions of BO should state that a beneficial owner should be a natural person. Definitions should cover all relevant forms of ownership and control, specifying that ownership and control can be held both directly and indirectly.
- There should be a single, unified definition in law in primary legislation, with additional secondary legislation referring to this definition.
- The definition should comprise a broad catch-all definition of what constitutes BO, and couple this with a non-exhaustive list of example ways in which BO can be held.
- Thresholds should be set low so that all relevant people with BO and control interests are included in disclosures. A risk based approach should be used to set lower thresholds for particular sectors, industries, or people. Particular consideration should be given to thresholds that apply to ownership by politically exposed persons (PEPs), with a clear definition used to determine what constitutes a PEP.
- Absolute values, rather than ranges, should be used to define the ownership or control that a beneficial owner has.
Assessment: B - Partial
Analysis
- In UK legislation, a PSC is by definition an individual (UK legislation does not use the word natural person), and not a legal entity. However, companies are allowed to submit a registrable relevant legal entity (RLE) rather than a person. A RLE is an entity that is the first relevant legal entity in the ownership chain and meets the conditions of “significant control” that is subject to its own disclosure requirements, for instance, a company that has to disclose BO in another country’s register.
- There is a single, unified definition of a person of significant control in UK primary legislation that other legislation also refers to.
- The law specifies someone is a PSC when they meet one or more of five conditions. The five conditions cover both ownership (e.g. shares) and control (e.g. voting rights, ability to appoint and remove directors, and exercising significant control through other ways). It also specifies that “conditions [...] might be met directly or indirectly”. The definition includes three strictly defined, formal ways in which somebody can qualify as a beneficial owner, and two further substantive ways in which an individual can qualify as a beneficial owner – for example, Condition IV: an individual “actually exercises significant influence or control”. However, these only cover control, and not other ways individuals can economically benefit or profit from companies (e.g. enjoyment of assets). This means that the UK legal definition covers the main traditional ways in which individuals exercise ownership and control, but not other complex BO relationships.
- Two of the formal ways in which an individual can qualify as a beneficial owner use thresholds. The thresholds are set at 25% and are not set using a risk based approach. There is no mention of PEPs within the BO definition, although this rapid assessment did not examine other potential sources of information on PEPs.
- The UK does not collect or publish the exact ownership or control share, but rather divides these into three bands (over 25% and up to (and including) 50%; more than 50% and less than 75%; and 75% or more).
Recommendations
According to the OO Principles and the policy briefing on definitions, the UK disclosure regime could improve by:
- setting lower thresholds for disclosure;
- setting specific thresholds for high-risk sectors and individuals, such as PEPs;
- requiring the disclosure (and publication) of exact ownership percentages;
- having a more general, substantive definition of who qualifies as a PSC – especially with respect to ownership and economic benefit – and having a more extensive list of examples in how these can be held.
Comprehensive coverage
Principle: Data should comprehensively cover all relevant types of legal entities and natural persons
In accordance with the OO Principle:
- All relevant legal entities and arrangements, and all relevant natural persons (i.e. people), should be included in disclosures.
- Any exemptions from the disclosure requirements should be clearly defined and justified, and reassessed on an ongoing basis. Information on the basis for exemption should be collected, or the ownership of such entities should be collected elsewhere with comparable levels of quality and access (e.g. for publicly listed companies (PLCs)).
- A shielding regime allowing certain natural persons at serious risk (e.g. domestic abuse or kidnapping) to restrict the disclosure of certain information should be in place, and should be proportionate and justified.
- Particular attention should be given to the disclosure requirements relating to specific categories of companies, including state owned enterprises (SOEs) and PLCs listed on exchanges with insufficient disclosure requirements.
Assessment: B - Partial
Analysis
- The PSC register covers companies incorporated in the UK, save for the exemptions listed below. A separate (non-public) register of trusts has been established, but this was not considered within this assessment. Coverage of other forms of legal entity or arrangement was not considered as part of this assessment.
- The UK disclosure regime features exemptions for certain types of companies. UK companies with voting shares admitted to trading on certain regulated markets are excluded from the PSC regime. Branches of non-UK companies are not subject to the requirements to hold a PSC register (although subsidiaries are). Other entities that are exempt are: Northern Irish Legal Partnerships, (Scottish) Charitable Incorporated Organisations, Royal Charter Companies, Old Public Companies, and Registered Societies. In 2017 The UK reassessed its list of exempt legal entities and brought Scottish Limited Partnerships within scope of the disclosure regime. No categories of individuals are exempt by law. For minors, for instance, it can be assumed that their parents control their child’s voting intention.
- Individuals at serious risk (e.g. domestic abuse or kidnapping) can apply to restrict the disclosure of certain information. Applications must be supported by evidence (e.g. police incident number or documentary evidence of a threat).
- UK PLCs trading on regulated markets in the European Economic Area or on certain specified exchanges in the US (including the New York Stock Exchange (NYSE) and NASDAQ), Japan, Switzerland, and Israel) do not have to keep a PSC register themselves and so are excluded from the PSC regime. Their unlisted UK subsidiaries will still have to maintain their own PSC registers. There does not appear to be specific guidance or requirements for SOEs.
Recommendations
According to the OO Principles, the UK disclosure regime could improve by:
- continuing to reassess – on an ongoing basis – exemptions for legal entity types in response to changing levels of risk and having clear justifications for any exemptions;
- publishing the working and justification of exempting certain legal entities;
- establishing and publishing criteria by which certain exchange markets are exempted;
- including guidance for PLCs not trading on exempted markets;
- establishing specific requirements for SOEs.
Sufficient detail
Principle: Beneficial ownership disclosures should collect sufficient detail to allow users to understand and use the data
In accordance with the OO Principle:
- Key information should be included about the beneficial owner, the disclosing company, and the means through which ownership or control is held.
- Clear identifiers should be used for people and companies.
- PEPs should be clearly identified within the data.
- Where BO is held indirectly through multiple legal entities, sufficient information should be published to understand full ownership chains.
Assessment: A - full
Analysis
- The following details are collected for each registrable PSC:
- name;
- date of birth;
- nationality;
- country of residence;
- correspondence address;
- usual residential address;
- the date he or she became a PSC in relation to the company;
- which conditions for being a PSC are met;
- whether an application has been made for the individual’s information to be protected from public disclosure.
- UK company numbers are used as a unique identifier for entities, but unique identifiers for people are not used. However, data users are able to compare names and addresses in order to identify where the same individual is likely to be the beneficial owner of multiple companies. With no verification in place, names and addresses are sometimes spelled or formatted differently, posing further challenges.
- Information on whether individuals are PEPs is not collected.
- The UK data does not show full ownership chains for each company. Disclosures do not specify the full ownership chains where BO is held indirectly through a chain of entities, although where the chain consists of UK companies it is possible to link together disclosures for connected companies using software such as the OO Register. However, users cannot be confident that this reflects the full ownership chain. Because RLEs can be declared as beneficial owners, some ownership chains will be incomplete. Whilst RLE ownership information is available (this is a requirement), it is not necessarily available in the PSC register, nor is it standardised, so it is not ideal for joined up analysis or visualising full ownership chains and structures.
Recommendations
According to the OO Principles, the UK disclosure regime could improve by:
- collecting and publishing data in order to show full ownership chains;
- using unique identifiers for persons across different companies to facilitate disambiguating individuals.
A central register
Principle: Data should be collated in a central register
In accordance with the OO Principle:
- BO disclosures should be collated and held within a central register.
Assessment: A - full
Analysis
- All BO disclosures for UK companies are collated and held within the PSC register. There are plans for a separate register for foreign entities that own UK property or participate in UK government procurement, but it is unclear how this will relate to the PSC register. However, these plans were not reviewed as part of this assessment.
Public access
Principle: Data should be accessible to the public
In accordance with the OO Principle:
- The public should have access to BO data.
- Data should be accessible and usable without barriers such as payment, identification, registration requirements, collection of data about users of the register, or restrictive licensing, and searchable by both company and beneficial owner.
- Published information should be sufficient for users to understand and use the data to achieve policy goals, whilst respecting relevant privacy laws.
- Where information about certain classes of persons (e.g. minors) is exempt from publication, the exemption should be clearly defined and justified.
- Where a disclosure system permits exemptions from publication on a case-by-case basis (for example, to mitigate personal safety risk), the grounds for exemption should be clearly defined, proportionate, and fairly applied.
- Where data has been exempted from publication, the publicly available data should note that BO information is held by authorities but has been exempt from publication.
Assessment: A - Full
Analysis
- There is public access to the PSC register.
- Access to the PSC register is free from restrictions such as registration or payment. It is licensed under the Open Government Licence (allowing use and reuse, both commercial and non-commercial, as long as users credit the source). The register is searchable by both company and officers, but not by PSCs specifically.
- The information available is sufficient for users to understand and use the data; the following fields are published:
- name;
- date of birth (month and year only);
- nationality;
- country of residence;
- correspondence address;
- the date the individual became a PSC in relation to the company;
- which conditions for being a PSC are met.
- No classes of natural persons are exempt by law from publication.
- Guidance is provided for individuals who are at serious risk (e.g. domestic abuse or kidnapping) to apply to restrict the publication of certain information from the PSC register. Applications must be supported by evidence (e.g. police incident number or documentary evidence of a threat).
- Where information is missing, has been redacted, or an individuals’ details exempted from publication, one of a list of potential reasons is given.
Recommendations
According to the OO Principles, the UK disclosure regime could improve by:
- introducing searchability by PSC.
Structured data
Principle: Data should be structured and interoperable
In accordance with the OO Principle:
- BO data should be available as structured data, with each declaration conforming to a specified data model or template.
- Data should be available digitally, including in a machine-readable format.
- Data should be available in bulk as well as on a per record basis.
Assessment: A - Full
Analysis
- The PSC register data is available as structured data in a JSON format, described online in the documentation.
- The PSC register data is available digitally, including in a machine-readable format.
- The PSC register data is available on a per-record basis at Companies House and in bulk as a daily snapshot, or via a REST API.
Recommendations
The UK disclosure regime fully meets with the OO Principle on structured data, but could consider going further and meeting international norms by:
- publishing BO data in line with the Beneficial Ownership Data Standard (BODS).
Verified
Principle: Measures should be taken to verify the data
In accordance with the OO Principle:
- When data is submitted, measures should be taken to verify the:
- beneficial owner;
- entity;
- control relationship between the beneficial owner and the entity;
- person making the disclosure.
- This should be done by one or more of the following methods:
- ensuring values conform to known and expected patterns;
- cross-checking information against existing authoritative systems and other government registers;
- checking supporting evidence against original documents.
- After data has been submitted, it should be checked to identify potential errors, inconsistencies, and outdated entries, using a risk based approach where appropriate, requiring updates to the data where necessary.
- Mechanisms should be in place to raise red flags, both by requiring entities dealing with BO data to report discrepancies and by setting up systems to detect suspicious patterns.
- Ownership types that are difficult or impossible to verify (e.g. bearer shares) should be prohibited.
Assessment: C - Poor
Analysis
- CH carries out basic checks but does not have the statutory powers to verify the data when it is submitted to the PSC register. However, BEIS has recently announced plans to introduce a number of verification mechanisms, including identity verification of directors, PSCs, and those submitting information.
- Currently, CH does not actively scrutinise the data to identify potential errors. By making the register available to the public, the UK register allows third parties (journalists, NGOs, etc.) to check the data for mistakes and report discrepancies identified (as was done by Global Witness and Datakind in 2018). CH subsequently acts on these reports by bringing this to the companies’ attention and requesting revised information.
- CH currently lacks legal powers to analyse the data in order to raise red flags, although proposed reforms would give CH powers “to query, investigate, and remove false information”. Under anti-money laundering legislation, entities dealing with BO data are required to report discrepancies between data they hold and the data held on the PSC register. It is unclear whether CH is taking any additional measures in support of verification processes.
- Bearer shares have been prohibited in the UK since 2016.
Recommendations
According to the OO Principles and the policy briefing on verification, the UK disclosure regime could improve by:
- implementing in full the proposed verification checks;
- ensuring the proposed automated validation includes checks on fields such as country names and dates of birth;
- implementing specific checks for the verification of the control and ownership relations between PSCs and legal entities (in addition to the announced checks).
Up to date and auditable
Principle: Data should be kept up to date and historical records maintained
In accordance with the OO Principle:
- Initial registration and subsequent changes to BO should be submitted in a timely manner, with information updated within a short, defined time period after changes occur.
- Data should be confirmed as correct on at least an annual basis.
- All changes in BO should be reported.
- An auditable record of the BO of companies should be created by dating declarations and storing historical records, including for dormant and dissolved companies.
Assessment: A - Full
Analysis
- By law, information on the PSC register must be kept up to date. Companies must provide the updated information to CH within 28 days.
- When companies submit their accounts, they must confirm the held information is correct on an annual basis.
- All individual changes in BO are required to be reported.
- Records are kept for up to ten years from the date on which an individual ceases to be a registrable person in relation to a company. A history of filings is available to the public, including for dormant and dissolved companies.
Sanctions and enforcement
Principle: Adequate sanctions and enforcement should exist for noncompliance
In accordance with the OO Principle:
- Effective, proportionate, dissuasive, and enforceable sanctions should exist for noncompliance with disclosure requirements, including for non-submission, late submission, incomplete submission, or false submission.
- Sanctions that cover the person making the declaration, the beneficial owner, registered officers of the company, and the company making the declaration should be considered.
- Sanctions should include both monetary and non-monetary penalties.
- Relevant agencies should be empowered and resourced to enforce the sanctions that exist for noncompliance.
Assessment: B - Partial
Analysis
- The requirement is on the company and the officers to find and submit the information, and it is an offence not to do so. Failure to provide accurate information and failure to comply with notices requiring someone to provide information are criminal offences, and may result in a fine and or a prison sentence of up to two years. Companies may service notices and put restrictions on individuals (PSCs) that hold interests if they fail to provide information, which involves freezing interests, or even selling them off (whilst protecting third parties). If a company has not served notice to a PSC, but this person “ought reasonably” to know whether he or she is a PSC, it is an offence for this person not to submit their information themselves.
- Sanctions include both monetary and non-monetary penalties.
- Sanctions are not widely used, and as PSC data is not verified this poses challenges to prosecution. Along with the plans for verification, the proposed powers for CH “to query, investigate, and remove false information” should also make it easier to detect, and subsequently prosecute, non-compliance.
Recommendations
According to the OO Principles, the UK disclosure regime could improve by:
- expanding sanctions to include both monetary and non-monetary sanctions against the PSC, the person submitting the information (e.g. preventing from incorporating companies, holding shares, or removing right to dividends), as well as the legal entity (e.g. preventing from incorporating or striking off the register);
- actively identifying and prosecuting potential violations and increasing capacity in order to do so if required.