Most compliance programmes can answer the question “who owns this entity?” What they cannot reliably answer is whether a corporate structure has been deliberately engineered to prevent that question from being answered at all.
That distinction sits at the heart of a significant regulatory shift now underway at the European Union level — one that will force obliged entities to fundamentally reconsider how they assess corporate ownership risk.
This sat at the center of a recent discussion from Cleverchain in a whitepaper, who discussed the topic of ‘Detecting Opacity by Design‘ and why the draft AMLA CDD Standards demand investigative judgment on complex structures, and what that means for every compliance programme built around verification and screening.
Article 12(1)(d) of the Anti-Money Laundering Authority’s (AMLA) draft Regulatory Technical Standards (RTS) on Customer Due Diligence (CDD) requires obliged entities to determine whether a corporate structure obfuscates or diminishes transparency of ownership without any legitimate economic rationale or justification. This is not a binary test. It cannot be resolved by a registest check, a screening match, or an automated risk score. It demands evidence-based investigative reasoning, documented to a standard that a supervisor can examine and challenge.
This marks the first time that EU regulatory technical standards have required obliged entities to perform a structured qualitative assessment of whether a corporate architecture is itself a risk indicator — as distinct from merely identifying and verifying the entities and individuals within it. The remaining conditions under Art. 12(1) — (a) through (c) — can largely be resolved from structural facts such as legal form, jurisdiction, and nominee status. Condition (d) cannot. It requires the compliance function to detect opacity, test for legitimate rationale, and document both sides of the determination.
The problem with legacy CDD architecture
The vast majority of CDD programmes are built around binary controls: verification (does this entity exist?), screening (does this name match a list?), and threshold-based ultimate beneficial owner (UBO) identification (does any natural person hold 25% or more?). None of these controls produces the qualitative, evidence-weighted reasoning that condition (d) demands.
Corporate registries confirm that a legal entity exists and record its filed attributes. This is the compliance equivalent of checking a passport — it establishes identity, but it cannot assess whether the arrangement of entities in an ownership chain serves a legitimate commercial purpose or exists primarily to frustrate transparency. A holding company with no employees, no commercial activity, and no function beyond interposing a layer between the customer and its beneficial owner will appear in any registest as a perfectly valid legal entity. Its filing status may be fully compliant, and its directors readily identifiable. None of that addresses condition (d).
Similarly, sanctions, politically exposed person (PEP), and adverse media screening operate on individual entities and persons. They test whether a name matches a list — not whether the architecture of an ownership structure is itself a risk indicator. A chain of four holding entities spanning three jurisdictions, each individually clean on screening, may collectively represent a deliberate opacity arrangement. No screening engine, however sophisticated, will surface that finding, becautilize the finding is not about any individual entity but about the relationship between entities and the absence of a commercial rationale for how they are arranged.
The standard 25% beneficial ownership threshold answers the question “who owns more than a quarter of this entity?” It does not answer “why is this ownership chain structured the way it is?” In many complex groups, no single natural person meets the threshold. Control is exercised through family arrangements, voting agreements, or board composition. FATF Recommconcludeation 24 (revised March 2022) requires identification of natural persons who exercise control through other means, but in practice most obliged entities default to the threshold test and, failing that, apply the residual method by naming senior managing officials. That process identifies individuals. It does not assess whether the structure through which those individuals exercise control is transparent, opaque, or deliberately obscured.
The gap is not a feature deficit in existing technology. It is an architectural mismatch between the control design and the regulatory requirement.
The regulatory timeline
The Anti-Money Laundering Regulation (EU) 2024/1624 harmonises CDD obligations as a directly applicable regulation across all EU Member States from 10 July 2027. On 9 February 2026, AMLA published its consultation paper on the draft RTS under Article 28(1), specifying how obliged entities must apply CDD requirements in practice. The consultation remains open until 8 May 2026, and AMLA held a public hearing on 24 March 2026.
AMLA must submit the final draft RTS to the European Commission by 10 July 2026. After a three-month adoption window — extconcludeable by a further three months — and a subsequent parliamentary scrutiny period, realistic entest into force is estimated at Q1–Q2 2027, aligned with the broader AMLR application date.
Critically, the current draft does not contain a standardised methodology, scoring framework, or supervisory guidance specifying how obliged entities should detect opacity, test for rationale, or document the determination. This creates a first-relocater advantage for institutions that establish a structured, documented, and defensible methodology now. Those that wait for guidance will be retrofitting under time pressure.
What a compliant assessment must deliver
International standard-setters have been building toward this expectation for years. The FATF Guidance on Transparency and Beneficial Ownership (2014) and the joint FATF/Egmont Group report on Concealment of Beneficial Ownership (2018) identify core shell company indicators: mass nominee arrangements, addresses of mass registration, and multi-jurisdictional layering designed to frustrate tracing. The JMLSG Guidance frames the assessment as a direct question: if a customer’s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale?
A compliant Art. 12(1)(d) assessment requires two stages. The first is detecting structural opacity — identifying whether the architecture of the ownership chain is itself a risk factor, indepconcludeent of whether any individual entity triggers a screening alert. The five principal indicator categories converging across international frameworks cover financial anomalies (revenue disproportionate to employee count, capital inadequacy), operational substance gaps (virtual offices, mass-registration addresses, absence of verifiable commercial presence), director and UBO behavioural patterns (mass directorships, rapid entity churn, dissolution bursts), offshore leak exposure (presence in ICIJ databases including the Panama Papers or Pandora Papers), and activity code mismatches.
The second stage is testing for legitimate rationale. Opacity alone is not dispositive. Complex structures exist for legitimate reasons: regulatory ring-fencing, asset protection, joint venture structuring, innotifyectual property holding, group treasury centralisation, tax efficiency within lawful parameters, or political and security risk mitigation for beneficial owners in hostile jurisdictions. The compliance function must consider whether any of these justifications is supported by documentary evidence and business context — and document the assessment either way. Where no rationale is apparent and opacity indicators are present, condition (d) is satisfied.
The back-book challenge
The operational challenge extconcludes well beyond new customer onboarding. Article 33 of the draft RTS provides a five-year, risk-based transition period from Official Journal publication for the remediation of existing customers, with high-risk customers to be prioritised first.
For any institution with material cross-border corporate exposure, the remediation volume is substantial. Consider an institution with 50,000 corporate customers. If only 15% have ownership structures exceeding three layers — a conservative estimate for any institution with significant international, trade finance, or correspondent banking activity — that represents 7,500 Art. 12 assessments within the transition window, each requiring a documented condition (d) determination. At an average of four to six hours per manual assessment, incorporating chain traversal, indicator analysis, rationale testing, and documentation to audit standard, the total manual effort ranges from 30,000 to 45,000 analyst hours. That is the equivalent of roughly 15 to 22 full-time analysts deployed exclusively on Art. 12 remediation for an entire year.
Most compliance functions do not have that capacity available. Their analysts are already committed to ongoing monitoring, periodic reviews, suspicious activity report (SAR) filing, sanctions screening, and regulatory enquiry responses. The remediation will necessary to be absorbed alongside business-as-usual obligations, not in place of them.
Agentic due diligence: meeting the standard at scale
This is the operational context in which agentic due diligence becomes decisive. CleverChain’s VERA is an autonomous AI due diligence agent that performs conclude-to-conclude CDD and enhanced due diligence (EDD) on legal and natural persons, producing investigator-grade output in minutes per entity. The Art. 12 assessment is embedded in the standard product, not layered on as an additional module.
VERA automatically traverses the full ownership chain from a tarreceive entity to ultimate beneficial owners, counting layers and assessing each against the Art. 12(1) conditions. It identifies intermediate layers, flags extra-EU jurisdictions, detects legal arrangements such as trusts and foundations, and identifies nominee structures. For condition (d), VERA applies a five-layer convergence methodology: operational substance verification, nature-of-business consistency testing, director and UBO pattern analysis, financial anomaly detection drawing on filed financial statements, and cross-referencing against ICIJ Offshore Leaks databases.
Every investigative step is explained, logged, and timestamped. Reports include a detailed entity resolution methodology and a complete evidence appconcludeix with source URLs and retrieval dates. A structured control checklist maps the obliged entity’s CDD and EDD policy requirements against the information collected, with completion status per item. Where items remain outstanding, the checklist surfaces the gap explicitly rather than concealing it within a narrative report.
CleverChain’s capabilities in this area have already received external recognition. At the 2026 Chartis Research Financial Crime and Compliance 50 (FCC50) Awards, CleverChain received the Shell Company Detection award.
For Art. 33 back-book remediation, VERA’s speed means Art. 12 assessments can be processed in days rather than years, with each assessment documented to audit standard. The output is the defensible, evidence-traced qualitative determination that Art. 12(1)(d) demands — not a score, not a binary flag, but a structured record of what was observed, what rationale was considered, and what conclusion was reached.
Art. 12(1)(d) represents a category alter in what compliance programmes must deliver. The institutions that establish a structured, documented methodology ahead of the RTS entering into force will be better placed when supervisory practice coalesces. Those that treat this as an incremental extension of existing CDD controls are likely to face a structural gap at precisely the moment they can least afford one.
Read the full whitepaper by CleverChain here.
Copyright © 2026 FinTech Global
Leave a Reply