Beneficial Ownership Registries: Privacy and Protection

21 Dec 2023

When it comes to international wealth structuring, there is often debate over whether it is appropriate to make information available to the public in respect of the ownership of such structures.

It is important to highlight at the outset, that there is a significant difference between “privacy” and “secrecy” when discussing private wealth. It is the responsibility of a regulated trustee to protect the privacy of its clients, while simultaneously complying with all legal requirements to provide information to relevant bodies, including law enforcement and financial service institutions.

Personal data protection laws are in place globally, with the rationale being that individuals have a right to protect their personal data, as “in the wrong hands”, such data can be used to cause harm.

High-net-worth individuals are entitled to the same legal protections of their personal data as anyone else. This protection was, arguably, jeopardised in 2019 when the Cayman Islands and Crown Dependencies, along with other jurisdictions, made a commitment to give the public access to the Beneficial Ownership Registers (BORs) after a global transparency standard was introduced.

BORs list personal data about the ultimate beneficial owners of various wealth structures, including the individual’s full name, date of birth and residential address. The potential that this data would be made publicly available sparked fears over personal safety, particularly when considering trust structures, of which the beneficiaries are often minors. Those fears were not unfounded.

In November 2022, the Court of Justice of the European Union (CJEU) issued a judgment following a “small number of appeals” regarding public registers of beneficial ownership. That judgment determined, in no uncertain terms, that “the general public’s access to information on beneficial ownership constitutes a serious interference with the fundamental rights to respect for private life and to the protection of personal data”.

If data is not sufficiently protected, it can be misused to commit serious offences including blackmail, identity theft and fraud. The threats of public access to personal data, particularly relating to high-net-worth (HNW) individuals and families, can be as severe as a threat to life, for example in the case of kidnappings for ransom.   One month before the CJEU ruling, South African millionaire Naazim Moti’s four sons, at the time aged 7, 11, 13 and 15, were held for ransom for three weeks.

The children had been kidnapped at gunpoint from a vehicle while on the way to school and, while the details of the case are not publicly available, it would be reasonable to draw the conclusion that they were, likely, targeted due to the family’s well-publicised net worth.

The Moti case serves as a stark reminder of how vulnerable members of HNW families can be to financially motivated crimes, and that personal data including residential addresses can pose as much of a risk as bank account details.

In the wake of the CJEU ruling, governments across the world considered the potential impacts of public access BORs.

The Cayman Islands recently announced its intention to introduce an enhanced beneficial ownership framework through 2024, under the jurisdiction’s new Beneficial Ownership Transparency Act. The Act was introduced as part of Cayman’s commitment to meeting Financial Action Task Force (FATF) global standards related to transparency.

FATF guidance identifies that the “unique legal status” of corporate vehicles including companies, trusts, foundations, and partnerships, poses a risk of misuse to conceal the true beneficial owners and the “real reason” for holding assets in such vehicles. In these circumstances, beneficial ownership could potentially be obscured via complex ownership structures or shell companies.

The recommendation from FATF states that countries should “seek to strike a balance between the general public interest in disclosing the data to prevent money laundering and terrorist financing, and the beneficial owners’ fundamental rights” and stipulated that this may result in countries taking a “tiered” approach to disclosing information to the public.

It is therefore the responsibility of each jurisdiction to determine the appropriate balance, which has resulted in varying approaches.

Where the Crown Dependencies – including Guernsey – and the Cayman Islands had previously committed to introducing public registers, the CJEU ruling, along with the FATF guidance, has resulted in revisions to a withdrawal from these commitments.

The Cayman Islands Beneficial Ownership Transparency Act, for example, contains a clause that will regulate the provision of a limited form of public access to specific BOR information, which would need to be affirmed by Parliament and would be subject to prior public consultation.

The Crown Dependencies have committed to developing and delivering “legitimate interest” access, rather than full public access, citing the CJEU ruling as an influencing factor in the decision to withdraw from its original commitment.

Above all, trustees have a responsibility to both adhere to all legal requirements, and to act in the best interests of all the current and future beneficiaries of any wealth structure. “Best interests” is a broad term and extends beyond financial considerations.

Undoubtedly, the emotional trauma experienced by the children, and wider family, in the Moti case is a prime example of how access to the private data of HNW individuals and families can be used to cause untold harm beyond financial consequences.

While considering the importance of privacy, it is also essential to understand the risks of “secrecy” within the financial services industry. Where privacy offers protection to individuals from crimes such as kidnapping, secrecy can be incredibly damaging to the wider public as it can facilitate crimes including money laundering.

For trustees and regulators, there is a continual balancing act to both protect privacy and eliminate secrecy and ensure transparency in financial transactions and organisational operations.

This delicate equilibrium requires navigating the fine line between safeguarding sensitive information to uphold individuals’ privacy rights and promoting openness to maintain trust and accountability within the regulatory framework.