What is the 25% ownership threshold in FATF Rec 24?

The 25% threshold means any natural person who directly or indirectly owns more than 25% of a legal person's shares, voting rights, or ownership interest is a beneficial owner who must be identified and verified. Where no person meets this threshold through ownership alone, the control test applies to identify who exercises effective control. Some jurisdictions, including India, set a lower 10% threshold.

What counts as a beneficial owner under FATF Rec 24?

A beneficial owner is the natural person who ultimately owns or controls a legal person, or on whose behalf a transaction is conducted. Ownership above 25% is the primary trigger. Below that, the control test applies: anyone who exercises effective control through board appointment rights, veto powers, or contractual influence is a beneficial owner regardless of their formal shareholding percentage.

How often must beneficial ownership records be reviewed and updated?

Records must stay current throughout the business relationship. Most implementing jurisdictions require companies to notify the registry within 30 days of any material ownership change. For financial institutions, a risk-based periodic review cycle applies: high-risk corporate customers are typically reviewed annually, lower-risk customers every three to five years. Records that have never been refreshed since onboarding are treated as non-compliant during FATF effectiveness assessments.

What is the difference between FATF Rec 24 and FATF Rec 25?

Rec 24 covers legal persons: companies, corporations, foundations, and similar entities. Rec 25 covers legal arrangements: trusts, fiduciary arrangements, and structures where legal and beneficial ownership are formally separated. Both recommendations require verification and disclosure, but the mechanics differ because trusts don't file with a company registry. In practice, both apply when a trust holds shares in a company.

What are the penalties for failing to verify beneficial ownership?

Penalties are material. In the US, TD Bank's 2024 settlement for systemic AML failures including beneficial ownership controls totaled $3.09 billion. Individual violations of the Corporate Transparency Act carry fines up to $10,000 and up to two years in prison. In the UK, the FCA fined NatWest £264.8 million in 2021 for related AML systems failures, the first criminal prosecution of a major UK bank.

What is the control test in FATF Rec 24 beneficial ownership verification?

The control test applies when no natural person owns more than 25% of a legal entity. It requires identifying who exercises effective control through other means: the right to appoint or remove the majority of the board, veto rights over major decisions, contractual control over assets, or de facto influence over management. A person can be a beneficial owner through control without holding a single share.

How does FATF Rec 24 relate to the US Corporate Transparency Act?

The Corporate Transparency Act (CTA), effective January 2024, is the US implementation of FATF Rec 24 at the company level. It requires most US legal entities to file beneficial ownership information with FinCEN using a 25% ownership threshold or a catch-all for substantial control. Financial institutions then use this data, combined with their own CDD processes, to verify customers' ownership declarations against an authoritative source.

Does self-certification satisfy the verification requirement under FATF Rec 24?

No. Self-certification alone does not meet the standard. Rec 24 requires institutions to cross-check declared beneficial ownership against at least one independent and reliable source: company registry extracts, audited financial statements, identity documents verified through an authoritative proofing service, or data from a licensed KYB provider. Accepting a completed form without independent corroboration is one of the most common findings in FATF mutual evaluation reports.

FATF KYC

FATF Rec 24: What It Requires and Who It Applies To

Published: May 29, 2026 Last updated: May 29, 2026 Official source ↗

Applies to: banks,corporates

Jurisdictions: Global

FATF Recommendation 24 requires countries to ensure that adequate, accurate, and current beneficial ownership information on legal persons is obtainable by competent authorities without delay. Issued by the Financial Action Task Force and substantially revised in 2022, it creates direct compliance obligations for banks and other regulated entities to verify who ultimately owns and controls their corporate customers.

What Is FATF Rec 24?

FATF Recommendation 24 is the global anti-money laundering standard requiring countries to ensure that competent authorities can obtain or access accurate, adequate, and up-to-date beneficial ownership information on legal persons in a timely manner. The Financial Action Task Force published the original standard in 2003 as part of its 40 Recommendations and issued a substantially revised version in October 2022.

The 2022 revision was a direct response to documented failures. The 2021 Pandora Papers, coordinated by the International Consortium of Investigative Journalists, revealed how anonymous shell companies in FATF-member countries were routinely used to shelter hidden wealth, launder stolen government funds, and circumvent international sanctions. FATF acknowledged in its 2022 Beneficial Ownership Guidance that many countries had been relying on single mechanisms that were either unverified or easily gamed.

The central shift in 2022 was the move to a multi-mechanism approach. Countries can no longer satisfy the standard through a central registry alone. They must ensure that beneficial ownership information is held simultaneously across at least two sources: a central registry, the company itself, a licensed intermediary, or a regulated service provider. The data must be verified, not merely declared.

Legal persons covered by Rec 24 include limited liability companies, joint-stock corporations, foundations capable of holding assets, and any similar structure that separates legal title from beneficial control. Partnerships and trusts are addressed in the companion Rec 25.

Countries are assessed against Rec 24 during FATF mutual evaluations, which examine both technical compliance (laws on the books) and effectiveness (whether the system works in practice). A poor effectiveness rating leads to enhanced scrutiny from global correspondent banks and can restrict a country's access to international financial markets.

Who Does FATF Rec 24 Apply To?

Rec 24 is a sovereign obligation: countries must implement it. But the practical compliance burden falls on a defined set of regulated entities that must collect, verify, and maintain beneficial ownership data as part of their Know Your Business (KYB) and Customer Due Diligence (CDD) programs.

Entities that face direct beneficial ownership obligations include:

Banks and credit institutions. All sizes. A regional savings bank onboarding a small LLC faces the same verification requirement as a global custodian onboarding a private equity vehicle.
Trust and company service providers (TCSPs). Law firms, accountants, registered office providers, and formation agents that form or administer legal persons on behalf of clients.
Investment firms and fund managers. Including those managing funds structured as corporate vehicles such as SPVs, holding companies, or feeder funds.
Insurance companies issuing investment-linked products to corporate policyholders.
Notaries and legal professionals in civil-law jurisdictions when acting for clients in transactions involving legal persons.
Real estate agents and brokers. Covered under FATF Rec 22 as designated non-financial businesses and professions (DNFBPs), but subject to the same beneficial ownership verification requirements.
Virtual asset service providers (VASPs) covered under FATF Rec 15 when onboarding corporate customers.

There's no revenue or asset-size exemption. A dormant holding company with a single bank account is subject to the same verification requirements as a publicly listed multinational.

Jurisdictionally, the standard applies across all FATF member countries (39 members representing over 90% of global financial activity) and all jurisdictions that have adopted FATF standards through the FATF-Style Regional Bodies (FSRBs). That covers the vast majority of markets where regulated financial institutions operate.

What Does FATF Rec 24 Require?

The 2022 revision restructured the obligations around a multi-mechanism model. Countries must ensure that verified, current beneficial ownership data is available from multiple overlapping sources. For regulated institutions, this produces eight concrete requirements:

Identify the beneficial owner. Establish the identity of every natural person who directly or indirectly owns or controls more than 25% of shares, voting rights, or ownership interest. Where no natural person meets the 25% threshold through direct ownership, apply the control test: identify who exercises control through other means, such as board appointment rights, shareholder agreements, or contractual arrangements.
Verify the declaration. Cross-check declared beneficial owners against at least one independent and reliable source. Self-certification alone doesn't meet the standard. Acceptable verification sources include company registry extracts, audited financial statements, identity documents verified through an authoritative proofing service, or data from a licensed KYB provider.
Apply a risk-based approach. Following the risk-based framework in FATF Rec 1, institutions must apply Enhanced Due Diligence (EDD) for higher-risk corporate customers: those in high-risk jurisdictions, with complex or opaque ownership structures, or in sectors known for beneficial ownership abuse such as real estate, precious metals, or professional services.
Retain records for five years. Beneficial ownership records must be kept for at least five years from the end of the business relationship or the date of a one-off transaction. This is the retention floor set by FATF Rec 11.
Update records when ownership changes. Institutions must have a process to detect and record changes in beneficial ownership during the life of the relationship. Most implementing jurisdictions require update notification within 30 days of a material ownership change.
Prohibit or immobilise bearer shares. Bearer shares must be either prohibited or held through a licensed custodian who records the owner's identity. Nominee director and shareholder arrangements must be fully documented, with the nominator's identity on file.
Provide records to competent authorities. Beneficial ownership data must be accessible to law enforcement, financial intelligence units, and tax authorities on request, without tipping off the subject of the inquiry.
Apply dissuasive sanctions. Failure to maintain accurate beneficial ownership records must attract penalties that are effective, proportionate, and dissuasive, for both the legal person and the individuals responsible.

What Evidence Do Regulators Expect?

Examiners testing Rec 24 compliance on an audit day are looking for a functioning system, not just written policies. Here's what actually gets reviewed:

Written policies and procedures:

A beneficial ownership policy that defines the 25% ownership threshold, documents the control test, and specifies what happens when no natural person meets the threshold.
A documented escalation process for complex or opaque ownership structures.
A procedure for reviewing and updating records when corporate structures change mid-relationship.

Verification records:

Evidence that each beneficial owner declaration was cross-checked against an independent source, not simply accepted as filed. For higher-risk customers, this means documented EDD steps including source-of-wealth investigation and verification of identity documents through an authoritative proofing service.
Timestamped records showing who verified the beneficial ownership data, when it was verified, and which sources were consulted.

System and data integrity:

A system of record that stores beneficial ownership data with full audit trails, covering collection date, verification method, reviewer identity, and last-review date.
Evidence of ongoing monitoring that flags changes in corporate registry data and triggers a refresh of on-file records.
For institutions using third-party KYB data providers, documented due diligence on the provider's data sources and accuracy rates.

Staff training:

Training records showing that onboarding and compliance staff can apply the 25% threshold, the control test, and the escalation criteria. Institutions where front-line staff can't explain the control test are at immediate risk of a Matters Requiring Attention (MRA) finding.

Independent testing:

Compliance testing results covering a sample of corporate accounts opened in the past 12 months, confirming that beneficial ownership verification was performed correctly and completely.

Institutions that can produce all five categories on short notice tend to pass examinations. Those that can't explain their verification methodology are in trouble before the first interview ends.

Common Failure Modes

FATF's published mutual evaluation reports and national regulator enforcement records show the same patterns repeating across jurisdictions:

Self-certification without verification. The institution collects a beneficial ownership declaration from the customer but never checks the declared names against a company registry, audited accounts, or any independent source. This pattern was a recurring finding in FinCEN's enforcement actions following the 2018 CDD Final Rule.
Threshold gaming. Ownership structures designed so that no single natural person appears to hold more than 24% of any entity in the chain. Institutions that apply only the 25% ownership test, without also running the control test, miss these arrangements entirely.
Stale records. Beneficial ownership is collected at onboarding and never refreshed. FATF's 2022 Guidance is explicit: outdated records are treated as equivalent to no records during effectiveness assessments.
Stopping at the first corporate layer. The institution records the immediate corporate shareholder without looking through to who ultimately controls that shareholder. This was documented as a systemic failure in FATF's 2019 mutual evaluation of Malta and the 2021 Luxembourg evaluation.
Nominal nominees, invisible nominators. Nominee directors appear in company records without any documentation identifying the nominator. The beneficial owner is effectively invisible.
Uncritical reliance on registry data. Company registries in several jurisdictions accept unverified self-declarations. Treating registry data as verified truth, without additional corroboration for higher-risk customers, doesn't satisfy the verification requirement.

Penalties for Non-Compliance

Beneficial ownership failures attract some of the largest financial crime penalties on record.

United States. In October 2024, TD Bank agreed to pay approximately $3.09 billion to resolve charges with the Department of Justice, FinCEN, and the OCC for systemic BSA/AML compliance failures, including failures in beneficial ownership verification. That was the largest BSA/AML penalty in US history. Under the Corporate Transparency Act, individuals who willfully provide false beneficial ownership information face criminal penalties of up to $10,000 and up to two years in prison.

United Kingdom. In December 2021, the FCA prosecuted NatWest Group plc, which pleaded guilty to failing to maintain adequate AML systems and controls, including customer due diligence and beneficial ownership verification. The FCA imposed a £264.8 million penalty in the first-ever criminal prosecution of a major UK bank for AML failures. Under the UK MLR 2017, the FCA has unlimited fining authority for breach of beneficial ownership requirements.

European Union. The EU AMLR, applying from 2027, empowers the new EU Anti-Money Laundering Authority (AMLA) to impose fines of up to 10% of total annual turnover on credit and financial institutions for serious AML violations, including beneficial ownership failures.

FATF listing. Countries that repeatedly fail Rec 24 effectiveness assessments are placed on FATF's increased monitoring list (the grey list) or its high-risk jurisdictions list. Grey listing triggers enhanced due diligence requirements from correspondent banks globally, materially raising cross-border transaction costs for every financial institution operating in the listed country.

Related Regulations and Frameworks

Rec 24 sits at the top of a global architecture, with implementing rules at the national level and complementary standards from parallel bodies.

Within the FATF standard itself: Rec 24 connects directly to FATF Rec 10 on CDD, which requires identifying and verifying beneficial owners as a core element of customer onboarding, and to FATF Rec 11 on record keeping, which sets the five-year retention floor. The risk-based approach in FATF Rec 1 calibrates how deeply institutions must investigate any given ownership structure. Rec 25, the companion recommendation, addresses beneficial ownership of legal arrangements including trusts and similar structures.

United States. The Corporate Transparency Act (CTA) and FinCEN's Beneficial Ownership Information reporting rule (effective January 2024) are the primary US implementation. The FinCEN CDD Final Rule requires covered financial institutions to collect beneficial ownership information from legal entity customers at account opening, using a 25% ownership threshold and a catch-all for controlling persons.

European Union. The EU AMLR and 6AMLD implement Rec 24 across member states. The AMLR introduces a single EU-wide rulebook from 2027, replacing the patchwork of national transpositions with a directly applicable regulation.

United Kingdom. The UK Money Laundering Regulations 2017 transpose Rec 24 into UK law. Companies House maintains the Persons with Significant Control (PSC) register as the UK's primary beneficial ownership registry.

India. Under the PMLA 2002 and the RBI's KYC Master Directions, regulated entities must identify beneficial owners at a 10% threshold for listed companies and 25% for unlisted companies, a stricter national interpretation than the FATF floor.

How FluxForce Supports FATF Rec 24 Compliance

FluxForce's Identity Verification and KYC/AML Automation agents automate beneficial ownership verification at onboarding and during periodic review cycles. The platform cross-checks declared ownership structures against company registry data, sanctions lists, and PEP databases in real time, and it flags layered or nominee arrangements that require analyst review. For complex corporate trees, FluxForce traces control chains from intermediate entities down to the ultimate beneficial owner. Every decision produces a full audit trail, so examiners can reconstruct the verification chain without manual effort. Book a demo to see how FluxForce maps to your Rec 24 program requirements.

How FluxForce supports FATF Rec 24 compliance

FluxForce AI agents automate evidence capture, monitor transactions against FATF Rec 24 obligations in real time, and generate audit-ready reports with full decision trails.

Explore AI Modules icon

Request Industry Demo

← Back to Regulations