In April of this year one of the government’s much-discussed initiatives to increase corporate transparency and combat fraud and money laundering, the Persons with Significant Control’ (‘PSC’) register came into force.
Pre-empting the requirements of the incoming EU Fourth Anti-money laundering directive (‘MLD4’), due to be fully implemented by all EU member states by 26 June 2017, the PSC requires all unlisted UK companies to disclose individuals that:
- hold, directly or indirectly, more than 25% of a company's shares or voting rights;
- hold, directly or indirectly, the right to appoint or remove a majority of the company's directors; or
- have the right to exercise, or actually exercises, significant influence or control over the company.
At first glance, the PSC appears to be an important step in the government’s stated plans to make it harder to use UK entities to hide criminal activity. However, does the PSC register make any actual improvements on the current system?
Since its announcement in 2014 and throughout its consultation, the PSC register has come under intense scrutiny and, indeed, some very justified criticism. From the perspective of counter-fraud and compliance professionals and investigators, two concerns about the implementation of the register were immediately apparent. Both of which seriously call into question the effectiveness of the PSC register in achieving the government’s aims.
First, the new regulations place the burden of compiling the information in the PSC register on companies, which ‘must take reasonable steps to find out who owns the beneficial interest in their shares’. Second, the PSC register has been established with one of the key weaknesses of the current regulatory framework governing UK corporate registrations intact - the lack of independent verification of any information provided to Companies House.
The registry accepts submissions ‘on good faith’ and does not have any powers to validate, verify or investigate the information provided to it. Although it is a criminal offence under the Companies Act 2006 to supply false information to Companies House (this also covers the PSC register) and is punishable by a fine and up to two years’ imprisonment, the system appears to be open to misuse and has been justifiably criticised. In the course of our work at Risk Advisory we have seen several instances where false information was purposefully provided to Companies House. This information was on first inspection accurate; it was only through further investigation that we uncovered evidence that the information was purposefully misstated.
Taken together, the above suggests that the PSC register is vulnerable to abuse by fraudsters and other unscrupulous individuals, as the system is dependent on the compliance of reporting entities. Unless issues with the available data are identified and reported, either to Companies House or law enforcement authorities, it is quite possible that for many companies the ‘persons with significant control’ record will continue to state ‘There are no persons with significant control or statements available for this company’. It remains to be seen how compliant UK companies will be with filing correct information, especially in light of the fact that false or missing information is often difficult to identify, especially with regards to complicated offshore ownership structures. There is a danger in assuming that the PSC register will always hold accurate information.
By comparison, the corporate registries of most other major European economies, including France, Germany and the Netherlands, have stricter requirements when it comes to data verification. At the time of incorporation, they require photographic ID, proof of address and other notarised documents, which provide an initial barrier to the fraudulent use of companies.
At this point, it is unclear the exact way in which all EU countries will implement MLD4 and who will have access to it. However, given the more stringent requirements in place already in most of these jurisdictions, it is likely that the data will be verified and therefore more reliable than in the UK.
What then are the practical implications and does the PSC register help companies understand who they are doing business with? Clearly, without any data verification by Companies House, the entire purpose and effectiveness of the PSC register is significantly undermined. On its own, the system is dependent on the compliance of businesses and lacks a proper mechanism for confirming the veracity of the information, leaving it open to abuse. In some ways it can even provide companies and compliance professionals with a false sense of security - by assuming that the information contained on the PSC register is always correct, a potential compliance risk could be overseen.
Despite its laudable and high-minded intentions, the PSC register will do little to reduce the requirement for companies to have in place a thorough and far-reaching customer due diligence programme. Nor does it, in its current form, eliminate the requirement for a company to proactively and independently investigate counterparties to ensure that they know who they’re doing business with.
Image: House of Commons/PA/ PA Archive/Press Association Images/2016