In her attempt to combat the financing of terrorism and to prevent money laundering, the European Union (EU) is creating more and more rules. The efficiency of the rules and whether the rules are really contributing to a safe European society can be disputed. One of the rules that the EU created, is the registration of the beneficiary of an organization, called UBO. UBO is short for ultimate beneficial owner, which is in principle, a person who ultimately owns or controls more than 25% of the shares or voting rights of a company, or otherwise exercises control over a company or its management. Part of the anti-money laundering rules is that a UBO must be identified as part of an obligated Customer Due Diligence that should be carried out by all industries to whom the money laundering rules apply, such as financial institutions (banks, insurance companies, payment service providers, fund managers, trust offices etc.), but also art and antique dealers, jewellers, notary publics and lawyers, real estate agents and according to future EU legislation also crowd funding platforms and crypto currency platforms. The idea behind identification of the UBO is to prevent that business is done with criminals.  

Transparency

Based on EU Anti-Money Laundering directives, all EU Member States are required to set up a so-called UBO register that is mostly administered by a Chamber of Commerce. All companies and organizations must register their UBO’s. This concerns unlisted private and public limited liability companies, foundations, associations with full legal capacity, cooperatives, partnerships (general and limited), European public limited liability companies, European Cooperative Societies, EESVs and churches and shipping companies. In the Netherlands the deadline for registration is 27th of March 2022. Untimely registration will be sanctioned with fines or penalties.

Most EU Member States wanted full transparency, which means that UBO registers are accessible to everyone and therefore public. Few countries limited access or limited the information that is published for the public. In any event, personal data will be processed and the UBO register will contain the following personal data:

• first name and surname;
• date of birth;
• nationality;
• country where the person lives in and in some cased the full address of the person can be viewed;
• the nature and extent of the economic importance of the UBO, by giving details of the amount of shares held.

Shareholders’ registers and other available documentation must evidence all information of the UBO. Of UBO’s also copy IDs and utility bills may be stored in the register, although in some cases not accessible to the public. However, in most cases financial statements are accessible and therefore it is easy to make an assessment of the financial situation of an UBO. Even if you are an “in-private” individual who has claimed its private trust and claimed to be a living person of flesh and blood, you can be traced because your legal name will be made known in the register.

Historical background

All EU Member States had to implement the UBO register as stipulated by the 4th Anti-Money Laundering Directive. This directive aims to fight tax evasion, money laundering and terrorist financing. To solve these issues, the EU considers that transparency is necessary and that an instrument such as an UBO-register is important to combat tax evasion, terrorism and money laundering. For this reason, the EU created a broader definition of the UBO for trusts. Normally, every natural person who has control over more than 25% of the assets of a legal person or trust, qualifies as UBO. But for trusts and equivalents is stated that almost every relevant person qualifies as UBO (the settlor, the trustee(s), the protector (if any), the beneficiaries, or any other natural person exercising ultimate control over the trust.). Please note that the UBO should always be a natural person and not a legal person such as a legal entity as a limited liability company. Most countries therefore only allow the register natural persons. Only a few, such as Guernsey allow the registration of a legal entity as UBO. Mostly all EU Member States implemented the UBO register as a public register. That means that they did not pay any attention to the privacy of an UBO.

Breach of privacy (breach of GDPR)

UBO-register however, does not show any privacy friendliness. It balances between transparency and the right to privacy. It does not pay any attention to the impact of the UBO registration on the privacy and the feelings of security of the UBOs. Think of family businesses, Family Offices/wealthy families and charities that are also required to register UBOs. The mandatory UBO registers and their transparency are an infringement of the fundamental right on privacy. Most Data Protection Authorities declared that making the UBO register publicly accessible is disproportionate. The Dutch organization, the Privacy First Foundation, also called Privacy First, that claims to be independent, has the aim to preserve and promote the right to privacy.

Privacy First started various lawsuits against the introduction of the UBO-register, because data relating to the financial situation of natural persons will be up for grabs since the UBO registers will contain very privacy-sensitive information. Privacy First says that the privacy breach that is the result of the UBO register and the public accessibility of sensitive data are disproportionate. It therefore wants the UBO register to be rendered inoperative. The Dutch Court of The Hague confirmed that there is every reason to doubt the legality of the European money laundering directives, which are the foundation of the UBO register. The court referred to the European Data Protection Authority that also expressed its doubts. The Dutch Court however, ruled that it couldn’t deactivate the register as long as the EU Directive is still in force and refers to the Court of Justice of the European Union. The Court of Justice of the European Union is examining whether the European legislation on which the UBO register is based violates the fundamental right to privacy. In the meantime owners of companies are stuck. In the Netherlands, all companies receive letters of the Chamber of Commerce to register their UBO. Note that the vast majority of companies are family owned and in most countries contribute 50% or more to the Gross National Product. Another issue is that the EU also requires from its “partner-countries” such as the members of the European Economic Area (Norway, Iceland, Liechtenstein) and Switzerland, and its former Member the UK, to implement the EU rules as well.

Future

While the Court of Justice of the European Union still has to raise its verdict, the EU Commission is hurrying to the next money-laundering directive, the 6th Anti-Money Laundering Directive that will introduce more detailed rules on Customer Due Diligence. The EU will also introduce a new regulator, the European Anti Money Laundering Authority that will supervise all industries on compliance with anti-money laundering rules and legislation. This authority will even prevail over national authorities. EU is thereby forcing all Member States to comply with its rules without giving any attention to data protection. Please note that Members of Parliament are not protecting the privacy of civilians by voting against legislation that limits the privacy and the freedom of civilians.

As a matter of fact the EU Commission is working on more legislation to limit the fundamental rights of people living within the EU, such as legislation on the COVID-19 entry pass, which was introduced, based on temporary legislation. The EU however, is working on legislation to ensure that the people within the EU will never get rid of QR-codes and entry passes and thereby limit the freedom of movement. The European Union is becoming the biggest threat to privacy and to freedom and democracy, and more and more a tool to carry out the plans of the World Economic Forum and working towards its Great Reset. Other privacy breaches are the use of mass surveillance through the use of cameras, automatic number plate recognition, face recognition and voice recording. The World Economic Forum and the EU are promoting privacy breaches by cooperating in the project of making cities smart by applying Internet-of-things techniques and using cameras and AI and thereby collecting data of civilians.

What to do against UBO registration?

Currently Privacy First is among those who filed lawsuits against the governments who are implementing mandatory public UBO registers. However, the question is whether the Court of Justice of the European Union will dare to deactivate the registers.

Another weapon is to actively not register the UBO. However, given the fact that family businesses have to work hard to achieve a certain turnover, and given the fact that governments sanction the non-registration of UBOs with fines, family businesses will not take the risk of a fine and therefore will in general cooperate and comply with the new rules. Governments force everyone to do what they want by using instruments of fear, such as the fear to get fined/sanctioned. In addition to this, governments also force banks to require that the UBO be registered and also force institutions to notify UBO registers that in their opinion should be registered as UBO. All financial institution must notify UBO registers of who is in their opinion the UBO of a company who is a client of that institution. The same counts for notary publics and audit firms. By this system, escape is not possible.

Another solution is leave the EU and set up your business in countries that do not have a UBO register or in countries that do respect your privacy such as Guernsey. Also in countries like India, the registration of UBOs does not exist. This might not be easy, but worth to explore if it becomes the only way to escape a regime that steals fundamental rights and breaches its own privacy laws.