Archway

Guide

UBO tracking — the complete 2026 guide

Ultimate beneficial ownership sits at the center of every modern KYB questionnaire. This guide covers what breaks in practice, how jurisdictions differ, and the workflow a multi-entity operator actually needs.

Why UBO tracking broke in 2024–2026

Three compounding shifts hit corporate compliance teams at once. FinCEN's Corporate Transparency Act implementation went through multiple scope changes between 2024 and 2025, finally landing with material exemptions for US-formed entities but keeping foreign-formed US-registered entities in scope. The EU AMLR began phased rollout, standardizing UBO transparency requirements across member states. And the UK's Persons with Significant Control regime moved toward stricter identity verification at Companies House.

For any company operating across two or more of these regimes, UBO tracking stopped being a one-page spreadsheet and became a cross-jurisdiction data problem.

What counts as a UBO — jurisdiction matrix

The definition is consistent in structure — 25% ownership plus control — but each regime has its own nuances and reporting destinations.

RegimeOwnership triggerControl triggerReports to
FinCEN BOI (US)25% ownershipSubstantial control (senior officer, board majority, etc.)FinCEN BOSS database
EU AMLR25% ownershipControl through other meansNational central registers
UK PSC25% shares or votingAppoint majority of directors; significant influenceCompanies House
Singapore RORC25% interestControl as defined by ACRAPrivate internal register; disclosed to ACRA on request

The three UBO graphs every compliance team needs

Most teams try to express UBO as a single ownership tree. It breaks the moment you encounter voting rights that diverge from equity, or control rights granted independent of either. Split the model into three layers:

  1. Equity ownership graph. Who owns what fraction of each entity. Traced indirectly up the chain until a natural person or an exempt entity (public company, regulated fund) is reached.
  2. Voting rights graph. Who controls the vote. Diverges from equity in dual-class share structures, preferred-equity arrangements, and voting-trust agreements.
  3. Control graph. Who can appoint or remove directors, trigger material decisions, or otherwise exert control regardless of equity or votes. Includes PSC-style "significant influence" and FinCEN-style "substantial control."

The same person can appear in all three graphs, in two, or in one. Different regimes ask for different lenses on the same underlying structure.

When UBOs change — the trigger events

Refresh is event-driven, not calendar-driven. The events that trigger disclosure obligations:

  • New equity issuance crossing 25% (new UBO emerges)
  • Equity buyback or transfer taking an existing UBO below 25% (UBO ceases)
  • Change of director majority or appointment rights (new control UBO)
  • UBO identity document renewal (passport or national ID replaced)
  • UBO address change (home address on file no longer current)
  • UBO name change (marriage, divorce, legal name change)
  • Corporate restructuring that alters indirect ownership percentages
  • Trust amendment affecting settlor, trustees, or beneficiaries

Each event has a regulator-side and counterparty-side obligation. FinCEN BOI requires a 30-day update. UK PSC requires a 14-day Companies House filing. Your banks and exchanges have their own notification windows buried in onboarding contracts.

Building a UBO tracking workflow

A working UBO tracking workflow has four stages:

  1. Canonical UBO record. One record per natural person, stored with identity documents, home address, date of birth, and nationality. Linked — not duplicated — to every entity where they appear.
  2. Entity-to-UBO graph. For each legal entity, the list of UBOs with their ownership percentage, voting percentage, and control basis. Traced through all direct and indirect holdings.
  3. Change detection and routing. When a trigger event happens (see above), automatic surfacing of every counterparty and regulator affected. A single UBO passport renewal may touch twenty downstream counterparties.
  4. Disclosure ledger. An immutable record of every UBO-related disclosure: which counterparty received what data on what date. Critical for audit response and FOIA-like requests.

Most compliance teams approximate this with spreadsheets and SharePoint folders. It holds until you hit about five entities and ten counterparties, then breaks.

Common mistakes

  • Stale passports. UBO identity documents expire. If a bank requires a current passport and your disclosure references one that expired six months ago, the submission is invalid.
  • Un-disclosed indirect ownership. A UBO who owns 30% of a parent that owns 100% of your subsidiary is a UBO of the subsidiary. Missing this is the single most common audit finding.
  • Ignoring control-only UBOs. A director with the right to appoint the majority of the board has control even without equity. Most spreadsheets miss this category.
  • Inconsistent thresholds across counterparties. Some banks want everyone above 10%, others above 25%. A single canonical record with multiple threshold views prevents confusion.
  • Mixing UBO data with entity data. UBO passports and personal addresses need tighter access control than corporate documents. Storing them in the same folder structure invites exposure.

How Archway helps

Archway models UBOs as first-class person records, separate from entities. The ownership, voting, and control graphs are distinct and queryable. Change events surface every downstream counterparty affected and generate the packet needed for each one. The disclosure ledger is immutable. See the product page for the full capability set or the multi-entity solutions page for a group-structure-specific walk-through.

FAQ

UBO tracking questions

Most jurisdictions use 25% as the threshold for ownership or voting rights, with an additional control-based trigger (ability to appoint the majority of directors or exert significant influence). FinCEN BOI, EU AMLR, UK PSC, and Singapore RORC all use 25%. Some counterparties apply lower thresholds internally — banks may ask for 10% or 5% disclosures in risk-based EDD.

Counterparty-driven: most banks ask for an updated UBO attestation annually and immediately upon material change. Regulator-driven: FinCEN BOI requires updates within 30 days of a reportable change. UK PSC requires Companies House updates within 14 days. A well-run UBO workflow treats refresh as event-driven, not calendar-driven.

Any change in the underlying facts a prior disclosure asserted: new UBO exceeding 25%, UBO loss of qualifying interest, change of address on file, passport or ID renewal, change of control roles (new director with majority appointment power), change of company name, or change of registered office. Material change also triggers recalculation of indirect ownership percentages up the corporate chain.

Yes. Most regimes follow indirect ownership through the corporate chain until a natural person is reached. Practically this means tracing parent entities, fund vehicles, and SPVs until identifying an individual who meets the ownership or control threshold. For trust structures, the settlor, trustees, and beneficiaries are all typically disclosable.

Separately from entity documents, with stricter access control. UBO passports and home addresses are personal data — GDPR-regulated in the EU, and a material breach risk anywhere. Keep them encrypted at rest with document-level access permissions, limit who can view vs. who can attach-to-submission, and track every access event. Archway keeps a separate encryption boundary for personal documents.

Related reading

Annual KYB refresh playbook

Operator guide to the renewal cycle

KYB glossary

20 terms every compliance team needs

Multi-entity KYB

UBO tracking across subsidiaries and SPVs

Stop tracking UBOs in spreadsheets

Canonical UBO records, change detection, and disclosure ledger — built for multi-counterparty compliance.

Launch DemoContact Us