--- title: "Beneficial-Ownership Disclosure for Crypto Onboarding: Building the UBO Stack Banks Accept" slug: ubo-disclosure-pack-crypto-banking publishedAt: 2026-05-24T14:30:00Z author: Finconduit Editorial Team tags: AMLR, 6AMLD, FATF, AML/KYC canonicalUrl: https://finconduit.com/resources/ubo-disclosure-pack-crypto-banking --- # Beneficial-Ownership Disclosure for Crypto Onboarding: Building the UBO Stack Banks Accept Complex structures fail bank onboarding more often than they fail AMLR. The five-layer UBO disclosure stack that survives 25% thresholds and sanctions screening. Across hundreds of crypto bank onboarding files we review each year, one pattern repeats. The applicant clears AML thresholds. The licence is real. The volumes are plausible. And the file still dies in committee — because the **beneficial\-ownership disclosure** is incomplete, contradictory, or missing the one piece of paper a senior reviewer needed to sign off. Complex structures — trusts over founder shares, foundations holding token treasuries, double\-tier nominee chains, family\-office holding vehicles — fail bank onboarding far more often than they fail **AMLR** itself. The statute permits these structures; banks just refuse to onboard them when the disclosure pack is sloppy. The fix is not legal — it is documentary. This guide sets out **The UBO Disclosure Stack** — a five\-layer framework that mirrors how a Tier\-1 EU bank's financial\-crime committee actually reads a file. Build the stack once, refresh it on cadence, and the same pack will clear correspondent banking, qualified custody, and EMI partner onboarding across multiple jurisdictions. ## Why UBO Failures Cost More Crypto Files Than Almost Anything Else Under the EU's [Anti\-Money Laundering Regulation](https://eur-lex.europa.eu/eli/reg/2024/1624/oj)¹[^1], every obliged entity — including **CASPs**, **EMIs**, and the banks they rely on — must identify and verify the **beneficial owner** of every corporate customer. The **25% ownership\-or\-control threshold** is the headline rule, but it is not the binding constraint in practice. The binding constraint is the bank's **second\-line risk committee**. They are not satisfied by a single shareholder register. They want a verifiable chain — every layer between the operating entity and the natural persons at the top, every nominee, every trust, every foundation, every controller\-by\-other\-means, screened against sanctions and refreshed on a cadence they can audit. When that file is missing one layer, the standard outcome is not a request for more information. It is a quiet **declined\-without\-prejudice** — a polite rejection that does not appear on any database but burns three months of the runway you cannot get back. > **Warning:** Banks rarely tell you which UBO layer killed your file. The damage is silent, the timeline is brutal, and the same pack will be presented to the next bank with the same gap. Build the stack before you apply — not after the first rejection. ## The Five\-Layer UBO Stack — Overview The UBO Disclosure Stack maps the five questions every bank's financial\-crime committee asks, in the order they ask them. Miss a layer and the file is incomplete. Mis\-order a layer and the file looks evasive. Both outcomes end the same way. 1. Layer 1 — **Identity**: who exactly are the natural persons at the top. 1. Layer 2 — **Structure**: every legal entity and arrangement between the operating company and those persons. 1. Layer 3 — **Threshold**: how the 25% rule applies, where lower triggers bite, and where control\-by\-other\-means kicks in. 1. Layer 4 — **Sanctions**: every UBO and every intermediate entity screened, plus jurisdictional nexus checks. 1. Layer 5 — **Refresh**: annual cadence plus trigger\-event updates. > **Note:** Treat the stack as a stack: each layer assumes the previous one is already verified. A bank reviewer who sees Layer 3 before Layer 2 will assume Layer 2 is missing — and stop reading. ## Layer 1 — Identity Layer 1 is the simplest layer to build and the layer most often built badly. The [EBA Guidelines on customer due diligence](https://www.eba.europa.eu/regulation-and-policy/anti-money-laundering-and-countering-financing-terrorism/guidelines-customer-due-diligence-and-factors-credit-and-financial-institutions-should-consider)²[^2] require a verified identity for every **UBO** — not just the founder, not just the named director, but every natural person who meets the threshold. For each UBO, the pack must include: - A **government\-issued photo ID** \(passport preferred, national ID accepted in EEA\), within validity, with the machine\-readable zone fully legible. - A **selfie liveness check** or equivalent biometric match — either run by a regulated KYC vendor or notarised in person. - A **proof of address** dated within the last three months — utility bill, bank statement, or government correspondence. - A **tax residency declaration** with the relevant TIN, aligned with the address proof. Beyond UBOs, do the same for every **controller** — anyone who exercises decision\-making authority even if they hold less than 25%. That includes settlors and protectors of trusts, foundation council members, and any director who is not also a UBO. Banks treat missing controller files as evidence the applicant does not understand who actually runs the entity. > **Tip:** Address proofs in a different name from the ID \(spouse's utility bill, family home in a parent's name\) fail Layer 1 silently. Get the UBO their own bill in their own name before submission — it is a 30\-day fix that prevents a 90\-day rejection. ## Layer 2 — Structure Layer 2 is the document layer banks weight most heavily and applicants neglect most often. The pack must show the **complete legal chain** between the operating entity and every natural person at the top, with no gaps, no informal arrangements, and no verbal promises. At minimum the structure pack contains: - A **top\-to\-bottom organisation chart** with percentages on every edge, dated, signed by a director. - For every entity in the chain: **certificate of incorporation**, certified register of members or shareholders, register of directors, and any constitutional documents \(articles, bylaws, operating agreement\). - For every **trust**: the full trust deed \(settled, not draft\), any deeds of amendment or variation, the schedule of beneficiaries, the trustee's certificate of incumbency, and a list of all named protectors. - For every **foundation**: the foundation charter, the bylaws or regulations, the register of council members, and the founder's declaration of intent. - For every **nominee arrangement**: a signed declaration of trust between nominee and beneficial owner, naming the beneficial owner, dated, witnessed. - For every **share pledge** or option creating economic interest: the pledge agreement, the lender's confirmation that no enforcement has occurred, and disclosure of who exercises voting rights during the pledge. This is the layer where **FATF Recommendation 24** \(on legal persons\) and **Recommendation 25** \(on legal arrangements\) collide with reality. Banks read both in parallel — they will not let a foundation file go through with the trust\-style evidence pack, nor a trust file with the company\-style evidence pack. ## Layer 3 — Threshold The [AMLR](https://eur-lex.europa.eu/eli/reg/2024/1624/oj)³[^3] sets the headline rule: ownership or control of more than **25%** of shares, voting rights, or economic interest makes a natural person a beneficial owner. But the regulation also empowers member states and obliged entities to apply **lower thresholds** where higher money\-laundering risk exists — which crypto, by default, does. In practice, expect Tier\-1 EU banks onboarding **CASPs** to apply a **10% threshold** — sometimes lower. Disclose at the lower threshold from the start. Forcing the bank to ask is read as evasion. Equally critical is the **control by other means** test. Even with zero shares, a person who can appoint or remove the majority of directors, who has veto rights over material decisions, or who effectively controls strategy through a side agreement is a UBO. This catches: - Founders who transferred shares to a trust but retained protector or settlor powers. - Investors with veto rights over key hires, jurisdiction changes, or material contracts. - Lenders whose security agreements include voting rights on default scenarios. - Foundation founders who reserved the right to amend the charter or replace the council. When no natural person meets ownership or control thresholds — genuinely possible in widely\-held foundations or DAO\-adjacent structures — the **senior managing official fallback** applies. Disclose the CEO and any other natural person who effectively directs the entity, with the same Layer 1 evidence pack as a 25%\+ UBO. ## Layer 4 — Sanctions Screening Layer 4 is the layer that has become non\-negotiable since the 2022 sanctions packages. Under [6AMLD](https://eur-lex.europa.eu/eli/dir/2018/1673/oj)⁴[^4] and successor EU sanctions regulations, banks must screen every UBO, every intermediate entity, and every jurisdictional nexus in the chain — not just the operating company. A complete sanctions pack contains: - Screening results for every UBO, controller, and director against **OFAC**, **EU consolidated**, **UK OFSI**, and **UN** lists, dated within 30 days of file submission. - Screening results for every **intermediate entity** in the chain — holding companies, trustees, foundation councils — against the same lists. - A **PEP screening** output, with positive matches accompanied by a written rationale and any EDD steps already taken. - A **sanctioned\-jurisdiction nexus check** — for every UBO, where they were born, where they are tax\-resident, where they spend material time, and whether any holding entity has a registered address in a high\-risk or sanctioned jurisdiction. For crypto applicants there is a further layer: **on\-chain attribution**. If a UBO is associated — even via early\-stage investment — with a wallet cluster that has touched sanctioned addresses, the bank's chain\-analytics tooling will surface it before yours does. Pre\-empt this with a vendor\-issued screening report from a recognised analytics provider, covering each UBO's disclosed wallets. > **Warning:** 30\-day\-old screening results are stale for a financial\-crime committee. Re\-screen on the day of submission. If the file sits in the bank's queue for more than 60 days, refresh and resubmit unprompted — it signals discipline. ## Layer 5 — Refresh Cadence The stack is not a one\-time deliverable. Banks expect a documented refresh policy, both **periodic** and **event\-driven**. Without it, the file goes stale and triggers another full review at the worst possible time — typically when you are scaling volumes. The minimum refresh cadence: - Full **annual review** — every UBO file re\-verified, every screening re\-run, every constitutional document confirmed current. - Trigger\-event refresh on: change of ownership above 5%, change of director, settlor or trustee death, foundation council change, charter or trust deed amendment, change of corporate name, change of registered address, change of regulated activity, material new fundraising round. - Quarterly **sanctions re\-screen** of all named parties — automated, logged, retained for audit. Document the cadence in a one\-page **UBO refresh policy** signed by the MLRO, and include it in the disclosure pack. Banks reading the policy are reading whether you understand the regulation is dynamic — not whether the policy is elegant. ## Comparison Table — Common Structures by Complexity Tier *Table: How disclosure depth and red\-flag risk scale with structural complexity.* | Structure | Complexity Tier | Disclosure Depth | Red\-Flag Risk | | --- | --- | --- | --- | | Simple holding company over operating entity | Tier 1 — Low | Standard 5\-layer pack | Low — clean if jurisdictions are aligned | | Multi\-jurisdiction holding chain \(3\+ entities\) | Tier 2 — Medium | Per\-entity Layer 1 \+ 2 pack | Medium — requires substance \+ tax rationale | | Trust over founder shares \(discretionary\) | Tier 3 — High | Trust deed, settlor \+ protector evidence, beneficiary schedule | High — protector powers scrutinised closely | | Foundation holding token treasury | Tier 3 — High | Charter, bylaws, council register, founder declaration | High — control\-by\-other\-means test critical | | Double\-tier nominee chain | Tier 4 — Severe | Full nominee deeds at every layer, beneficiary disclosure | Severe — many banks decline regardless of pack | | Bearer\-share entity in chain | Tier 5 — Effectively unbankable | N/A — restructure before applying | Disqualifying for Tier\-1 EU banks | ## Comparison Table — AMLR vs FCA vs MAS UBO Treatment Cross\-jurisdiction applicants need to know where each regulator's treatment diverges. The headline [FATF Recommendation 24](https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Documents/fatf-recommendations.html)⁵[^5] is a floor; national regulators routinely raise it. *Table: Beneficial\-ownership treatment across AMLR, FCA, and MAS regimes.* | Element | EU AMLR | UK FCA | Singapore MAS | | --- | --- | --- | --- | | Headline threshold | More than 25% | More than 25% | More than 25% | | Lower threshold for high\-risk | Yes — obliged entity may apply | Yes — risk\-based | Yes — for DPT licensees, expected | | Control by other means | Required — express test | Required — PSC regime | Required — control over significant matters | | Annual refresh | Required for higher\-risk | Required for higher\-risk | Required for all licensees | | Sanctions screening cadence | Continuous on EU consolidated | Continuous on UK OFSI | Continuous on MAS targeted list \+ UN | | Public UBO register | National registers \(EU\) | PSC register \(UK\) | No public register; ACRA filings | ## Edge Cases — PEPs, Sanctioned\-Jurisdiction UBOs, Bearer Shares ### PEP UBOs A **PEP** in the chain is not automatically disqualifying, but it triggers **enhanced due diligence** across the entire file. Pre\-empt this with a written **PEP rationale memo**: who, what role, when held, source of wealth, source of funds, and the specific EDD controls applied. Include open\-source media checks dated within 30 days. ### Sanctioned\-Jurisdiction UBOs A UBO born in or tax\-resident in a sanctioned jurisdiction is a hard problem. Banks evaluate present\-day nexus rather than birthplace, but the file must lead with evidence of where the UBO actually lives, works, and pays tax — and how long ago any sanctioned\-jurisdiction nexus ended. Without this, the screening match alone ends the application. ### Bearer Shares There is no version of the stack that rescues a bearer\-share entity. [FATF Recommendation 25](https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Documents/fatf-recommendations.html)⁶[^6] and successor guidance have all but eliminated bearer\-share regimes in OECD jurisdictions, and Tier\-1 EU banks will not onboard a chain containing one. **Restructure before applying** — convert to registered shares, immobilise them with a regulated custodian, or migrate the entity to a different jurisdiction. ### CRS Alignment Banks cross\-check UBO disclosures against the entity's [OECD Common Reporting Standard](https://www.oecd.org/tax/automatic-exchange/common-reporting-standard/)⁷[^7] self\-certification. Discrepancies between the AML pack and the CRS form — different controlling persons, different residencies, different entity classifications — read as deliberate. Reconcile both before submission. ## The Cover Memo That Ties It Together The most underrated component of a complex UBO file is the **cover memo** — a one\-to\-two page narrative written for the bank's financial\-crime committee that walks them through the stack in plain English. The file without a cover memo is read as a document dump. The file with a clear cover memo is read as a controlled disclosure. A good cover memo does six things: 1. Names every natural person in the chain and the percentage / control basis on which they qualify as a UBO. 1. Explains the structural rationale — why a trust, why a foundation, why each holding company — in tax\-neutral, commercially defensible language. 1. Confirms the lower threshold applied and why. 1. Lists any positive PEP or adverse media matches and the EDD response. 1. States the refresh cadence and who owns the policy internally. 1. Cross\-references every supporting document by section and page number. This is the document the senior reviewer reads first and last. Write it last — after the stack is built — and write it for someone with eight other files on their desk. ## FAQ ### What counts as a UBO for a crypto company? Under AMLR, any natural person who owns or controls more than 25% of shares, voting rights, or economic interest — or who exercises control by other means such as veto rights, the power to appoint or remove directors, or strategic direction via side agreement. For higher\-risk applicants \(crypto by default\), banks routinely apply a 10% threshold or lower. If no person meets the threshold, the senior managing official is disclosed instead. ### Do trusts and foundations need to disclose UBOs to banks? Yes, and the disclosure is broader than for companies. FATF Recommendation 25 and AMLR require identification of the settlor, the trustee, the protector \(where one exists\), the beneficiaries or class of beneficiaries, and any other natural person exercising effective control over the arrangement. Foundations require equivalent disclosure of the founder, council members, and beneficiaries. Discretionary trusts with broad beneficiary classes need a clear methodology for identifying beneficial owners. ### How often do banks expect the UBO file to be refreshed? Full annual refresh is the baseline for higher\-risk customers under AMLR and EBA guidelines. On top of that, banks expect trigger\-event refreshes within 30 days of any change of ownership, change of director, settlor death, foundation amendment, or material restructuring. Sanctions screening should be re\-run continuously or at least quarterly, with logs retained. ### Can a nominee shareholder satisfy beneficial\-ownership disclosure? No — a nominee is never the UBO. The natural person behind the nominee is. Banks expect a signed declaration of trust between the nominee and the beneficial owner, dated and witnessed, naming the beneficial owner explicitly. Two\-tier nominee arrangements are accepted by some Tier\-1 banks if every layer is fully documented, but many decline the structure outright as a matter of policy. ### What happens if a UBO is a politically exposed person? A PEP triggers enhanced due diligence across the entire onboarding file. Banks require senior management sign\-off, an explicit source\-of\-wealth and source\-of\-funds narrative, ongoing monitoring at a higher frequency, and a written PEP rationale memo. A PEP is not automatically disqualifying, but the EDD pack must be ready at submission — adding it after first review usually means a fresh round of committee scrutiny. ### How do I disclose a UBO in a DAO or widely\-held foundation? When no natural person meets the ownership or control thresholds, the AMLR fallback applies: disclose the senior managing official\(s\) — typically the CEO, executive directors, or foundation council chair — with the full Layer 1 evidence pack. Document why no UBO meets the threshold, citing the constitutional documents that demonstrate widely\-held control. Some banks treat true DAO structures as ineligible for onboarding; verify before structuring. > **Call to action:** Onboarding a complex structure? Finconduit assembles the UBO disclosure stack for multi\-jurisdiction founders, trusts, and foundation chains. Book a free structure review. ## Related Guides - [Bank Diligence File for Regulated Crypto Firms](/resources/bank-diligence-file-crypto-firm) — the parent file the UBO stack sits inside, with the wider 12\-section structure banks expect. - [The 2026 Substance Bar](/resources/substance-bar-2026) — how holding\-company substance is now scrutinised alongside the UBO chain. - [What Banks Actually Evaluate When Onboarding a CASP](/resources/what-banks-evaluate-casp) — the broader committee perspective the UBO pack feeds into. - [AMLR Readiness Programme: 12\-Month Roadmap](/resources/amlr-readiness-12-month-roadmap) — where the UBO refresh policy sits within the wider AMLR programme. Banks do not reject complex structures because they are complex. They reject them because the disclosure is **incomplete**. Build the **five\-layer stack** once, refresh it on cadence, and lead with the **cover memo** — and the same pack will clear **correspondent banking**, **qualified custody**, and **EMI partner onboarding** without another full file rebuild for the next year. ## Footnotes [^1]: Regulation \(EU\) 2024/1624 of the European Parliament and of the Council of 31 May 2024 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing \(AMLR\). [^2]: European Banking Authority, Guidelines on customer due diligence and the factors credit and financial institutions should consider when assessing the money laundering and terrorist financing risk associated with individual business relationships and occasional transactions, EBA/GL/2023/03. [^3]: AMLR, Regulation \(EU\) 2024/1624, Article 51 \(beneficial ownership of corporate entities, 25% threshold and lower triggers\). [^4]: Directive \(EU\) 2018/1673 of the European Parliament and of the Council of 23 October 2018 on combating money laundering by criminal law \(6AMLD\). [^5]: Financial Action Task Force, Recommendation 24 — Transparency and beneficial ownership of legal persons \(revised March 2022\); see also Recommendation 25 on legal arrangements. [^6]: FATF Recommendation 25 — Transparency and beneficial ownership of legal arrangements \(revised 2023\); applies to trusts and analogous arrangements. [^7]: OECD, Standard for Automatic Exchange of Financial Account Information in Tax Matters \(Common Reporting Standard / CRS\), Second Edition, 2017. --- Source: https://finconduit.com/resources/ubo-disclosure-pack-crypto-banking