Skip to content
Beneficial ownership transparency has long been a challenge for compliance teams. But as sanctions enforcement intensifies, regulatory expectations evolve, and global ownership structures grow more opaque, Ultimate Beneficial Ownership (UBO) analysis is increasingly becoming central to defensible third-party risk management programs.
During Ethixbase360’s recent webinar, Ownership Transparency and Sanctions Risk: Building a Defensible UBO Program, experts from Ethixbase360 and Squire Patton Boggs explored how organizations should approach ownership transparency amid evolving sanctions, export control, and due diligence expectations. Speakers included Adam Klauder, partner at Squire Patton Boggs, focused on international trade compliance and sanctions; Tom Firestone, Chair of the firm’s Government Investigations and White Collar Defense Practice Group and a former federal prosecutor; and James Swenson, Managing Director at Ethixbase360, who leads enhanced due diligence and screening.
Here are five of the biggest takeaways from the discussion.
1. UBO is no longer a one-time, single-agency exercise
The regulatory perimeter around ownership has widened sharply. FinCEN’s Customer Due Diligence rule, OFAC’s 50 Percent Rule, and now the Bureau of Industry and Security’s Affiliates Rule all converge on the same question: who really owns and controls this entity?
As Adam Klauder framed it at the outset, the shift is structural:
“What was once considered more of a one-time exercise is now really an ongoing expectation — that you’re constantly looking at and refreshing your information and doing continued due diligence on the beneficial ownership structure.”
The discussion highlighted how UBO analysis now intersects with sanctions compliance, export controls, supply chain due diligence, and broader third-party risk management. Agencies including FinCEN, OFAC, and the Bureau of Industry and Security (BIS) are all expanding expectations around ownership visibility.
BIS’s Affiliates Rule — currently suspended but set to return on November 10 — will extend export restrictions to non-U.S. entities owned 50 percent or more by certain listed parties. Companies that haven’t considered folding those entities into their screening and policies are running out of runway.
2. The OFAC 50 Percent Rule is increasingly viewed as a “floor, not a ceiling”
A major focus of the discussion was evolving U.S. sanctions enforcement, particularly OFAC’s March 2026 guidance on sham transactions.
While the OFAC 50 Percent Rule remains foundational, regulators are increasingly looking beyond formal ownership percentages to assess whether sanctioned individuals continue to exercise effective control over entities through indirect structures, intermediaries, or informal influence.
Tom Firestone summarized the shift succinctly:
“The 50 Percent Rule is a floor, not a ceiling.”
That message is reinforced by OFAC’s March guidance on sham transactions. When a designated party transfers ownership on paper but continues to direct the entity, the property may still be blocked in substance — regardless of what the cap table shows. Firestone identified continued involvement of the blocked person as the single most important red flag among the seven OFAC listed:
“If you’ve got evidence of continued involvement of the SDN, then there is reason to suspect that the transaction was a sham. The same person is controlling the entity, just doing it behind this complicated structure to obscure his control.”
Other red flags worth examining: commercially unreasonable terms, transfers to family or close associates, unduly complex multi-layered structures, holding entities in jurisdictions with no connection to the underlying property, transfers in close temporal proximity to designation, and evasive responses to diligence questions.
3. Global ownership transparency remains deeply fragmented
Despite growing regulatory pressure, access to reliable ownership information remains highly inconsistent across jurisdictions.
James Swenson described ownership analysis as “a jigsaw puzzle,” where organizations often piece together fragmented information from registries, commercial databases, questionnaires, and public records.
One particularly important takeaway was that transparency does not necessarily correlate with economic development.
As James noted, some developed jurisdictions with strong financial crime frameworks can actually be more difficult for third parties to navigate due to privacy restrictions and registry limitations. Meanwhile, some emerging markets have made significant progress in digitizing corporate records and improving access to information. James also flagged new restrictions in China that may make supply-chain due diligence on Chinese suppliers materially harder going forward.
For multinational organizations, this creates a highly complex operational environment where consistency is difficult and scalability remains a challenge.
4. Regulators expect a risk-based and defensible program
Throughout the webinar, the speakers repeatedly emphasized that regulators are not necessarily expecting perfection — but they do expect organizations to demonstrate reasonable, documented, risk-based efforts.
Tom Firestone framed it this way:
“Imagine you’re being scrutinized by a regulator. How persuasive is your explanation going to be? We did X, we did Y, we did all of these things that you advised us to do — or, we didn’t even ask the question.”
The panel stressed the importance of being able to demonstrate:
- Why certain third parties were classified as high risk
- What ownership analysis was conducted
- What sources were reviewed
- Why escalation decisions were made
- What ongoing monitoring processes exist
- How the organization documented its reasoning and decision-making
James Swenson also emphasized that many organizations are adopting a phased, risk-based approach, focusing enhanced UBO analysis on higher-risk third parties first rather than attempting to apply the same level of scrutiny across entire ecosystems simultaneously.
The consistent theme was defensibility: organizations need to be able to explain and justify their process if challenged by regulators.
5. AI and automation can help — but human judgment remains critical
Although the webinar only briefly touched on AI due to time constraints, the panel acknowledged that organizations are increasingly using automation, data aggregation, and AI-driven tools to support ownership analysis and supply chain mapping.
At the same time, the speakers repeatedly cautioned that ownership analysis remains highly fact-specific and dependent on human judgment.
As Tom Firestone observed:
“There’s simply no substitute for rolling up your sleeves and getting into the facts.”
The discussion reinforced that technology can help identify patterns, monitor ownership changes, and aggregate data — but determining whether a structure is legitimate, whether a transaction appears commercially reasonable, or whether a sanctioned actor may still exercise influence often requires contextual analysis that automation alone cannot provide.
That balance between technology and defensible human analysis is likely to become increasingly important as regulators continue to scrutinize not only what organizations know about third parties, but how they reached those conclusions.
Conclusion
As the panel emphasized throughout the discussion, building a defensible UBO program is no longer simply about checking a box. It requires a continuous, risk-based approach that combines technology, documentation, human judgment, and a realistic understanding of the limitations and complexities of global ownership data.
Or, as Adam Klauder summarized during the webinar:
“It’s not just a name of someone who’s prohibited. Who are the bad actors? And what are you doing to figure out who those bad actors are?”
Watch the full conversation. Access the webinar recording
Ready to strengthen your program? Talk to Ethixbase360 about applying a risk-based, evidence-led approach to ownership transparency.