When you query a KYB provider for beneficial ownership data, you receive a list of names formatted for your onboarding process.
Yet that list may be compiled in two very different ways. Most providers don’t tell you which method they used.
Two sources, one API field.
There are exactly two ways to determine who ultimately owns a company.
Declared UBO. The company files a declaration with a government authority, which carries legal weight and is what regulators expect. “Person X owns >25% of this entity.”
Derived UBO. When declarations are unavailable or inaccessible, an algorithm traces the shareholder chain. For instance: Company A owns 60% of Company B; Company B owns 80% of Company C. Person A, the natural person behind Company A, effectively owns 48% of Company C. Here, the UBO is computed, not declared.
Both approaches produce a list of names with ownership percentages. Both can be correct. But they are fundamentally different in nature, and in what they mean for your compliance file.
The problem: most traditional providers blend them into a single field without telling you which method was used. You get a UBO. You don’t know if it’s retrieved or inferred. That opacity is a real issue for compliance teams who need to justify their data to regulators.
Declared UBO: the primary source.
The register is the gold standard. A company declaration to a government authority carries regulatory weight and is what auditors ask for.
Many jurisdictions now require companies to file beneficial ownership declarations: the EU through its AML directives, the UK through its PSC register, and an increasing number of countries worldwide following FATF recommendations. The trend is toward more transparency, structured data, and cross-border interconnection.
However, the landscape is unstable. In the EU, access rules have changed dramatically. The CJEU’s 2022 privacy ruling reversed public access from AMLD5. The AMLR (effective 2027) will change the framework again. Register availability, access conditions, and data quality all vary widely by country.
When available, register data should be your primary source.
When the register isn’t available, UBOs are derived as a fallback.
Register UBO is the primary source. But it’s not always accessible:
- Closed or restricted registers. Some countries have restricted or closed public access to their UBO registers. Access may be limited to competent authorities and entities with demonstrated legitimate interest. If you’re not in a country’s access scheme, the register is a locked door.
- Countries without UBO registers. Not every jurisdiction has a centralized beneficial ownership register. Some countries are years behind on implementation. Other registers exist on paper but cannot be queried.
However, shareholding data is often available through company registers, even when UBO registers are closed. And that’s where recomposition comes in.
The idea is straightforward: if you can identify the shareholders of Company C, then identify the shareholders of Company B that owns Company C, and follow the chain until you reach natural persons, you can compute the effective beneficial ownership.
In practice, this is anything but simple. It requires:
- Deep shareholder extraction from dozens of registers with different formats, languages, and data structures.
- Entity resolution across jurisdictions: matching “Acme GmbH” in the German register with “Acme GmbH” as a shareholder in the French register.
- Percentage multiplication along chains and summation across parallel paths.
- Cycle detection for circular ownership structures.
- Control-by-other-means analysis, because not all control flows through share ownership.
This is deep engineering work. Getting shareholder data right across countries, with proper entity types and percentages, is the foundation for the reliable computation of derived UBO.
Derived UBO as a cross-check, more than a fallback.
Even in countries where the UBO register is wide open, the derived UBO adds a second, independent lens.
A company declares Person X as its UBO with more than 25% ownership. You can verify this yourself by tracing the shareholder chain. If the graph confirms Person X holds 40% through two intermediary entities, the declaration checks out.
But what if the graph shows Person Y holds 35% through a chain of three entities, and Person Y doesn’t appear in the register declaration? That’s a discrepancy worth investigating.
Or consider ownership structured just below the 25% threshold across multiple parallel paths. Nothing triggers the declaration obligation, but the cumulative economic interest is significant. The register won’t show this. The graph will.
The UK experience is telling. A government review of the PSC register found that financial institutions do not find it reliable enough on its own. Open Ownership’s 2025 analysis found about 20% of PSC entries list no individual owner; another 20% show combined shareholdings over 100%. The new mandatory identity verification (effective from November 2025) is a direct response to years of quality issues, such as the use of dummy names and fictional persons without verification.
Regulatory guidance is converging on the same conclusion: obliged entities cannot rely on registers alone and must verify beneficial ownership using multiple independent sources. The EU’s upcoming AML Regulation makes this explicit. FATF Recommendation 24 says the same. Recomposition from shareholder data is exactly the kind of independent verification regulators envision.
And then there are the harder cases.
Everything above covers ownership-based UBOs, the most common case. But AML frameworks also recognize control-based beneficial ownership: persons who control an entity through means other than shareholding. Voting agreements, rights to appoint or remove directors, veto powers, and family arrangements.
These are harder to detect. They rarely appear in shareholder data. Sometimes they are included in register declarations if the company is honest, but they are nearly impossible to reconstruct algorithmically. Control-by-other-means is naturally opaque.
This is an area where register declarations carry even more weight, because the information simply cannot be derived from public data. It’s also where the quality of the declaration matters most and where the gap between what’s declared and what’s real can be widest.
The transparency question: ask your provider.
This distinction between declared and derived should be visible in every UBO response you receive. It changes how you assess the data:
- A UBO filing at the register is a legal declaration. You can cite it directly.
- A derived UBO is a computation. It’s valuable, but it requires different documentation in your compliance file.
If your provider returns a single UBO field with no indication of its origin, you have a problem. Not because the data is necessarily wrong, but because you can’t explain it.
Questions worth asking:
- When you return UBO data, is it from the official register or derived from shareholders?
- Can I see which source each UBO came from?
- In countries where the UBO register is closed, how do you provide beneficial ownership information?
- Is the register data retrieved live, or from a cached/batch database?
- Do you cross-check declared UBOs against the actual ownership chain?
How Topograph handles this.
At Topograph, we make the distinction explicit. Every UBO in our API response is tagged with its source: declared at register or derived from the ownership graph. You always know what you’re looking at.
We ensure both approaches are fresh. Declared UBOs are retrieved live from official sources, not from cached databases or batch exports. Derived UBOs are built from shareholder data queried on demand from official registers. No stale snapshots—the ownership chain you see matches current registers, not outdated copies.
We invest deeply in extracting shareholder data from official company registers across 40+ countries: the detailed, structured information that enables reliable graph traversal. This isn’t a secondary concern for us; it’s core infrastructure.
And when both sources are available, we surface them together, so compliance teams can cross-check declared UBOs against the computed ownership chain and flag discrepancies before they become audit findings.
Direct access. Full traceability. No black boxes.
Topograph provides direct, real-time access to data and documents from official company registers in 40+ countries. Every data point — including UBO — is fully traceable to its official source.