FinCEN Beneficial Ownership Rules in 2026: Impact on KYB Programs

BOI (Beneficial Ownership Information) requirements under the US Corporate Transparency Act (CTA) establish a federal-level obligation for millions of US companies to disclose who ultimately owns and controls them. For financial institutions building KYB (Know Your Business) programmes, the CTA creates both a reference dataset and a clear regulatory signal: understand who is behind the company you are doing business with, and verify it.

The underlying obligation is durable even as the enforcement calendar has evolved — the 25% ownership threshold and the substantial-control test are the stable definitional core, and building your KYB programme around them is sound compliance planning regardless of where specific filing deadlines land.

Key takeaways

• The US Corporate Transparency Act created a federal BOI reporting requirement: companies must disclose individuals who own or control them to FinCEN (Financial Crimes Enforcement Network).
• The ownership threshold is 25% of shares or voting rights, plus a separate "substantial control" test that captures individuals with decision-making authority regardless of ownership percentage.
• Automated UBO (Ultimate Beneficial Owner) extraction — pulling registry data, parsing ownership chains, and surfacing key individuals — is the operational layer that makes KYB programmes scalable.
• A closed-loop KYB session that spawns KYC sessions for each identified UBO connects the entity check and the people check in one workflow, reducing the gap where compliance risk accumulates.
• Didit KYB starts at $2.00 per company and links UBO KYC at standard User Verification rates.

What beneficial ownership information is

Beneficial ownership information answers a question that turns out to be surprisingly difficult at scale: who ultimately owns or controls this company?

A company may be owned by another company, which is owned by a trust, which has a nominee director, which has a settlor in a third jurisdiction. Tracing that chain to the actual human beings with economic interest and decision-making authority has historically required expensive specialist legal work — and in most cases it simply was not done, creating the shell-company opacity that enables money laundering, tax evasion, and sanctions evasion.

The Corporate Transparency Act's BOI reporting requirement is the US response to that opacity. It creates a centralised FinCEN database of beneficial ownership data for covered companies, and it establishes a clear regulatory expectation that financial institutions should understand who they are doing business with. For KYB programmes, the CTA codifies what examiners have expected for years.

The 25% threshold and the substantial-control test

Two independent criteria can make someone a beneficial owner under the CTA framework:

Ownership interest. An individual who directly or indirectly owns or controls 25% or more of a company's ownership interests — shares, membership interests, or equivalent — is a beneficial owner. The key word is "indirectly": ownership through a chain of holding entities still counts.

Substantial control. An individual who exercises substantial control over a company is a beneficial owner regardless of their ownership percentage. The substantial-control test captures: senior officers (CEO, CFO, COO, general counsel, and equivalents); individuals with authority over significant decisions (major asset dispositions, restructurings, senior executive hiring); and individuals with authority over the company's beneficial ownership itself.

The practical implication of the substantial-control test is that a company's CEO is always a beneficial owner — even with zero equity. A minority investor who negotiated board control rights may be a beneficial owner. An outside general counsel with authority over legal strategy may be. The test is functional control, not equity percentage.

For regulated financial institutions, the dual-prong definition means a thorough UBO check cannot stop at ownership percentages. Decision-making authority needs to be assessed independently.

Who reports and what they submit

Covered companies — generally US corporations, LLCs, and similar entities formed by a filing with a secretary of state — must file BOI reports with FinCEN. Exempt categories include large operating companies meeting specific employee and revenue thresholds, banks and registered investment advisers already subject to other disclosure requirements, and several other classes of already-regulated or heavily scrutinised entities.

A BOI report discloses each beneficial owner's full legal name, date of birth, current address, and a unique identifying number — passport, US driver's licence, or a FinCEN identifier assigned to individuals who preregister.

Companies with changes to their beneficial ownership are required to update their FinCEN filing within a defined window. This ongoing obligation means BOI data has a freshness dimension: the registry is a starting point for a financial institution's KYB process, not a static source of truth that can be checked once and filed away.

How automated UBO extraction supports compliance

For financial institutions building KYB programmes, automated UBO extraction serves two related purposes: it accelerates the check that would otherwise require manual research, and it surfaces the ownership chain at a depth that manual review often misses.

Registry lookup pulls the official company record in real time — legal name, registration status, registered address — and parses the ownership structure from available public filings. In jurisdictions with rich company registries, this exposes UBOs directly. Where registry data is incomplete, the system flags the gaps and routes to document-based verification.

Ownership graphs — visualisations of the full beneficial ownership chain — make the complete picture visible and auditable. Company A owned by Company B (60%) and Trust C (40%), Trust C settled by Individual X, Company B owned by Individual Y (55%) and Individual Z (45%). Both Y and Z exceed the 25% threshold under the ownership test. Individual X, as settlor, may meet the substantial-control test. An examiner reviewing your KYB file should be able to see that chain from a single record.

Verification: the step after identification

Identifying UBOs is the first step. Verifying that they are who they claim to be is the second. And verifying that neither the entity nor any UBO appears on AML (Anti-Money Laundering) watchlists is the third.

Doing all of that manually for a company with four UBOs and two directors means coordinating six separate verification processes across different teams and timelines. The gap between identifying who needs to be verified and actually completing that verification is where KYB programmes fail in practice — and where examiners find weaknesses most often.

A closed-loop KYB session automates that chain: the parent KYB session identifies UBOs, spawns a linked KYC session for each one, and waits. Each UBO receives a verification link and completes document and biometric verification. When all linked sessions resolve, the parent KYB session updates its status. The company and every person behind it are verified in one workflow, one audit trail, one console view.

KYB and BOI data working together

BOI filings with FinCEN represent one data source for understanding beneficial ownership — particularly for US entities covered by the CTA. For financial institutions with FinCEN access, BOI registry data can corroborate or supplement what a company discloses during onboarding.

For financial institutions without direct FinCEN data access, automated registry lookup, UBO extraction from company filings, and document-based verification of individuals fill the same compliance need through a different data path. Most KYB programmes layer multiple sources: government registries, commercial UBO data providers, and the company's own disclosure — with discrepancies between sources surfaced for analyst review.

Use cases

Community banks and credit unions — the CTA created both a reporting obligation for their business customers and a clear expectation of UBO verification at onboarding. Automated KYB reduces the staff burden of manual entity research that previously consumed significant analyst time per business account.

Fintech lenders — a loan to an LLC with a complex ownership structure is a risk exposure if the UBOs are unverified. Automated UBO extraction with linked KYC, surfacing a sanctioned owner before disbursement, is the concrete compliance benefit.

Payment processors with business customers — processor liability for facilitating transactions through shell companies with undisclosed ownership is real. KYB at merchant onboarding, with UBO verification and entity AML, is the standard that regulators examine in processor audits.

Corporate treasury platforms — platforms managing company funds need to know who controls those funds. Beneficial ownership verification is a baseline expectation, and regulators look closely at how this population is handled.

How Didit helps

Didit Business Verification covers registry lookup, UBO extraction, officer data, entity AML, and document verification from a single session. Each identified UBO can automatically receive a linked KYC session — document verification, passive liveness, face match, and AML screening — completing the full ownership chain in one workflow.

KYB starts at $2.00 per company. Linked UBO KYC sessions bill at standard User Verification rates ($0.33 for the full core flow: document $0.15 + liveness $0.10 + face match $0.05 + IP analysis $0.03). All sessions are accessible via the /v3/businesses/ management API and visible in the Business Console with ownership graph visualisation.

Ongoing AML Monitoring at $0.07/user/yr keeps every verified UBO rescreened daily — a beneficial owner designated after onboarding triggers an alert before the next transaction clears.

Frequently asked questions

What is the 25% threshold in practice?

Any individual who directly or indirectly owns or controls 25% or more of a company's shares or voting rights meets the ownership test. The substantial-control test captures individuals with decision-making authority regardless of ownership stake — including senior officers and anyone with authority over significant business decisions or over beneficial ownership itself.

Does KYB replace AML screening for the individuals behind a company?

No. Entity AML checks the company itself against watchlists. Linked KYC sessions check each UBO individually. Both are required; a sanctioned individual may not trigger an entity-level AML hit, and an entity-level hit may not flag a sanctioned UBO.

How current is the registry data?

Registry data reflects what each jurisdiction's companies house or secretary of state makes publicly available — freshness varies. Didit runs registry lookups in real time against the authoritative source. BOI filings with FinCEN are a separate US-specific dataset with its own access and freshness characteristics.

How much does UBO verification cost?

KYB session from $2.00 per company. Linked KYC for each UBO at standard User Verification rates — $0.33 per person for the full core flow. No minimums, pay per call.

Can the system handle multi-tier ownership structures?

Yes. Didit's UBO extraction parses multi-layer ownership chains — intermediate holding companies, trusts, and similar structures — to surface the ultimate beneficial owners at the end of each chain and flag gaps where data is unavailable.

Ready to get started?

Read the Business Verification overview in the docs, see the full product on the Business Verification product page, and review per-call pricing on the pricing page. When you're ready, start free — the Business Console handles both entity and individual verification, with your first 500 checks free every month.