What’s going on with UBO registers? Insights from Kyckr’s CEO Steve Lamb

The way companies access ultimate beneficial ownership information is changing across the EU. Steve Lamb explores how, and what the changes mean for financial crime teams.

Finding ultimate beneficial ownership (UBO) information on EU corporate registers has been tricky for financial crime and compliance teams for years.

This goes back to 2022. The Court of Justice of the European Union ruled that public UBO information contravened the right to individual privacy. Coming off the back of the EU’s 5th Anti-Money Laundering Directive – which made UBO information open to the public – the ruling was a spanner in the works for the fight against money laundering, tax evasion, and terrorist financing.  

EU member states responded in myriad ways. Some, like Poland, kept UBO access public. Others, like Cyprus, limited access to national obliged entities and competent authorities.

A small majority, however, made UBO information available to organisations and persons that could prove a ‘legitimate interest’. That could include journalists, civil society, obliged entities, and anyone involved in anti-money laundering. 

The patchwork approach to legitimate interest access

This sounds simple, but in practice it has been anything but. Each register provides legitimate interest access (LIA) in different ways.

Transparency International highlighted this problem in its recent research, which found that while these countries provide LIA on paper, often such requests are virtually impossible in practice.

France and Spain’s registers, for example, require a national ID to use, which instantly rules out foreign banks. Luxembourg’s requires proof of a “transactional link” between the requester and the entity in question. Ireland’s register, despite operating on a LIA model, hasn’t processed a request since public access ended in 2022.

And in many cases, approval is done on a ‘case-by-case’ basis. For banks, law firms, fintechs, and asset exchanges needing robust AML and Know Your Business (KYB) processes, this fragmentation is a material compliance risk.

Many send hundreds or thousands of UBO requests every week. The absence of harmonised processes creates uncertainty and an uneven playing field. It also means many cannot access the registry data needed to satisfy risk and regulatory expectations. 

The situation has become untenable for all involved, and so the EU has responded.

Enter 6AMLD: the EU attempts to harmonise legitimate interest access to UBO registries

Passed in May 2024, the 6AMLD aims to bring some much-needed harmony to this fragmented EU-wide situation, making ‘legitimate interest access’ the rule, as well as other changes:

• Making UBO information available as machine-readable data.
• All accessible on the EU central register
• The same information: name, date of birth, nationality, the nature of that control.

Discussions are also in play to create an EU-wide UBO request template. Article 14 states that the EU Commission will create standardised templates and procedures to facilitate the mutual recognition of legitimate interest, if access has been granted in one member state.

This would act as a sort of UBO Register ‘Blue Card’ that, if access has been granted in one register, immediately works across all EU registers.

It’s still early days. The statement of intent is encouraging but many member states haven’t even started transposing the 6AMLD into national law, which is why the EU Commission opened infringement procedures against Belgium, Denmark, Germany, Estonia, Greece, Italy, Cyprus, Croatia, Poland, Slovakia and Sweden, all having failed to notify the EU that they had started.

They had until November 2025 to act. At the time of writing, compliance teams can continue to expect fragmented systems and operational complexity – and many may not reap the full benefits of 6AMLD until 2027 at the earliest.

What to expect as the 6AMLD beds in across 2026

Banks and other obliged entities cannot afford complacency. Even if 6AMLD is implemented in letter, longstanding differences in registry culture and technology will persist. Cyprus is unlikely to offer easy cross-border access any time soon, while Denmark is fast emerging as a leader thanks to its robust API and proactive approach to open data integration.

But the direction of travel is positive: better digitalisation, incremental harmonisation, and gradual improvements in the quality and accessibility of beneficial ownership data. The “one-stop-shop” vision isn’t quite reality yet, but the underlying regulatory momentum is growing.

Strategic moves for compliance and AML teams

So, with regulations still in flux here’s how compliance teams can respond:

• Document and audit LIA request experiences by jurisdiction to strengthen internal controls.
• Leverage machine-readable data in progressive registers to standardise onboarding where possible.
• Monitor regulatory timelines to anticipate likely future bottlenecks or opportunities for automation.
• Prepare for fragmentation as a continued, not short-lived, feature - adapt workflows to optimise for consistency, not perfection.

To stay ahead in 2026, compliance teams need to take advantage of the latest digital registry tools, so they can respond quickly to regulatory changes and fragmented UBO access. Proactive adaptation to evolving transparency standards will be the key to keeping risk under control.

About the author

Steve Lamb is the CEO of Kyckr. Steve has been a key part of Kyckr’s leadership team since joining as Head of Product in 2020 and is a recognised authority in Know Your Business (KYB) and Anti-Money Laundering (AML) practices, with extensive experience in the field of corporate registry data. 

 

 

About the company

For financial crime teams that need reliable and independent company data to verify their customers, Kyckr provides access to a live network of over 300 company register connections in a single portal or API. Kyckr’s solutions help businesses to succeed in the fight against fraud, money laundering, and financial crime. To learn more about Kyckr, visit www.kyckr.com