Not all that glitters is gold

What you need to know:

  • A safe beneficial ownership registration system must comply with international best practice while maintaining an acceptable degree of privacy of the affairs of beneficial owners.

Last year, Uganda joined the rest of the world in legislating for beneficial owner transparency to promote companies ownership transparency- a useful means of creating fairer markets and to stem illicit financial flows attributed to use of scale and spread of complex corporate structures and offshore arrangements to facilitate illegal activities such as tax evasion, money laundering and terrorist financing as demonstrated in the panama Papers.

The legal framework came at the back of Uganda being greylisted by the Financial Action Task Force (FATF) for among others, lack of strong laws against illicit financial flows. The Companies Act, the Partnership Act and the Trustees Incorporations Act were amended to provide for mandatory creation of beneficial owners’ registry. This means an end to an era of  anonymity in the business world, especially where and when the meaning of who a beneficial owner is imprecise and subjective.

In all the three pieces of legislation; a beneficial owner has the following common elements (i) is a natural person with (b) final ownership or control of an entity or (a) is a natural person on whose (b) behalf a transaction is conducted in an entity, and includes a natural person who exercises ultimate control over an entity.

An attempt to define who a beneficial owner is, is akin to the wider spread of a fishing net to catch whoever it catches contrary to targeting who it must catch! Several commenters who yours truly agrees with have argued that such a legal regime should only be targeting high risk and red flagged corporations rather than indiscriminately looping in all businessmen both ‘innocent’ and crocks. For example, the regime loops in both Private and public companies; by design, the process of listing on the security exchange, usually involves utmost transparency disclosure including shareholding among others, and the argument would be, its counterproductive to require listed companies to comply with such a legal regime.

In one of the WhatsApp groups I share with an officer from Uganda’s Registry of companies, the official advised that existing shareholders or directors are not the targeted beneficial owners but natural persons whose names do not appear on the company record. This ‘clarification’ is not within the law.

From the definition, my understanding is that entities are left to determine the threshold of ‘control’, in order to comply, yet the law should be precise on that. Unlike Uganda, jurisdictions like France, the UK and Brazil, a stake of 25 percent in a company qualifies one as a beneficial owner for the purpose of compliance. Failure to provide such a guide is likely to lead to unnecessary disclosure of personal data of unintended shareholders. Consequently, this raises data protection and privacy and entrepreneurial freedom concerns.

Even though this framework is touted by FATF as the ultimate panacea against illicit financing- a global challenge fueling terrorism and corruptions among others, the requirement for disclosure of beneficial owners information has been struck down by some courts for being disproportionate a measure against illicit financing.

The major concern are the risks related to unfettered disclosure that  has the effect of stripping investors bare and consequently exposing them to the attendant dire consequences related to personal data abuse such as fraud, kidnap, blackmail, extortion, harassment, violence or intimidation which are written on the wall.

Kidnapping and ransom  are not new in this country. In 2016 and 2017, we all remember the kidnaps and the ransom that happened and unfortunately led to the death of some Ugandans in this country. With the aid of an accessible database with details relating to beneficial owner addresses, telephone numbers, and their names, criminals can take advantage of this situation.

Therefore the question is not about why personal data is being collected and published but what and how it is being collected and published. For example, the law does not take exception to disclosure of beneficial owners who are minors, or family trusts and high risk persons yet it does not as well provide for procedural safeguards against the abuse of the right to access of the public registry. In other Jurisdictions, family trust and non-governmental organizations are exempted from such a regulatory framework.

Whereas the Registrar of companies for example, has powers to prescribe conditions for access, for now they are unknown, but they must include measures that enforce Data protection and Privacy Principles throughout the access cycle and applicants should be able to demonstrate legitimate interest  before an impartial judicial body. This may sound like an overburden on the right to access to information, but both competing rights must be balanced without looking at the other as a weaker right.

As a result, a safe beneficial ownership registration system must comply with international best practice while maintaining an acceptable degree of privacy of the affairs of beneficial owners.

Morgan Muhindo
Legal Tech and Legal Compliance Consultant at Enset Tech Ltd
[email protected]