|The Law of 13 January 2019, which established the Luxembourg register of beneficial owners in accordance with EU anti-money laundering directives, has to be complied with by Luxembourg legal entities since a bit more than year.
This first period of application revealed many practical questions. Guidance by relevant authorities addresses some but not all of them.
A number of questions regarding situations regularly encountered in practice remain pending. They concern topics such as the scope of the exemption for listed companies, the control via other means criterion and its impact on certain specific situations, how to handle the existence of a trust in the ownership chain, as well as the procedure for requesting a limitation of public access to the personal data of beneficial owners.
Table of contents
I. A brief recap of the UBO definition 2
a) The legal text 3
b) Regulatory guidance and diligence required 3
II. The exemption for listed companies 5
a) Foreign trading venues 5
b) Obliged entities held by listed companies 6
III. Control via other means 6
a) Control via other means definition 7
b) Review of some specific situations in light of the “control via other means” definition 8
c) Cascading analysis versus simultaneous analysis 11
IV. The senior managing official as UBO by default 12
V. The case of obliged entities held by trusts 13
VI. Public access and the application for its limitation 14
The Law of 13 January 2019 creating a register of beneficial owners, as amended (“RBO Law”) entered into force on 1 March 2019 although a six-month transitional period applied giving Luxembourg companies until the end of August 2019 to comply. A further three-month grace period until 30 November 2019 was added during which registration with the RBO remained free of charge. Since December 2019 filing fees have applied and non-compliant entities and their UBOs are exposed to criminal fines.
One year after the implementation of the RBO Law is an interesting moment to examine whether this legal instrument, the implementing measures and guidance issued by relevant authorities provide obliged entities with sufficient guidance to feel confident about their compliance. Our experience has revealed that several “grey zones” remain. Rather than giving an overview of all aspects of the RBO Law, we wish to highlight these areas of uncertainty and indicate how best to address them in our view, in particular for complex, multilayer legal structures.
In a nutshell, the RBO Law obliges all Luxembourg entities registered with the Registre de Commerce et des Sociétés (“RCS”), the Luxembourg trade and companies register, to provide the register of beneficial owners (“RBO”) with certain personal data on their ultimate beneficial owner(s) (“UBOs”), whether or not the UBO is a Luxembourg national. Hence, the RBO Law covers a large number of entities, ranging from limited liability companies to partnerships, investment funds and not-for-profit organisations, collectively referred to below as obliged entities.
Obliged entities also need to keep information on their UBO(s) at their registered office together with the corresponding supporting documents. That information needs to be adequate, accurate and current. Obliged entities have to file changes in the UBO information with the RBO and update their internal register within one month of the date they have become or should have become aware of such changes.
We have identified certain topics related to the application of the UBO definition that, in our view, continue to raise questions: the exemption for listed companies, the notion of control via other means, the concept of a senior managing official and the application of the UBO definition to obliged entities held by trusts. Apart from these topics concerning the UBO basic analysis, the exception mechanism allowing UBOs to request that their information is kept confidential also merits our attention. We first recall some basic facts and assumptions about the UBO definition and the standard of diligence applicable to obliged entities in this respect.
I. A brief recap of the UBO definition
The RBO Law refers to the Luxembourg Law of 12 November 2004 on the fight against money laundering and terrorist financing, as amended (“AML Law”) for the definition of beneficial ownership.
a) The legal text
Article 1(7) of the AML Law provides that a UBO is “any natural person(s) who ultimately owns or controls the customer or any natural person(s) on whose behalf a transaction or activity is being conducted”. It then gives additional elements of the definition with respect to corporate entities, fiducies (i.e. fiduciary arrangements) and trusts, and legal entities such as foundations and legal arrangements similar to trusts.
For companies, it results from Article 1(7)(a)(i) that a UBO is any natural person who ultimately owns or controls a legal entity through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity, including through bearer shareholdings, or through control via other means, other than a company listed on a regulated market that is subject to disclosure requirements consistent with European Union law or subject to equivalent international standards which ensure adequate transparency of ownership information.
A shareholding of 25% plus one share or an ownership interest of more than 25% in the relevant entity held by a natural person shall be an indication of direct ownership. A shareholding of 25% plus one share or an ownership interest of more than 25% in the relevant entity held by a corporate entity, which is under the control of a natural person(s), or by multiple corporate entities, which are under the control of the same natural person(s), shall be an indication of indirect ownership.
Article 1(7)(a)(ii) adds that if, after having exhausted all possible means and provided there are no grounds for suspicion, no person under point (i) is identified, or if there is any doubt that the person(s) identified are the beneficial owner(s), the beneficial owner is any natural person who holds the position of senior managing official (dirigeant principal).
In the case of fiducies and trusts, it results from Article 1(7)(b) that the following persons are designated as UBOs: (i) the settlor(s); (ii) the fiduciaire(s) or trustee(s); (iii) the protector(s), if any; (iv) the beneficiaries, or where the individuals benefiting from the legal arrangement or entity have yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates, and (v) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means.
b) Regulatory guidance and diligence required
The RBO administrator, the Luxembourg Business Registers (“LBR”), has provided guidance, in particular through an explanatory guide containing a number of schematic representations of company structures (“Explanatory Guide”). In the Explanatory Guide, the RBO administrator sets out how to calculate ownership and control percentages directly and indirectly and gives indications on how to apply the ownership test versus the notion of control via other means (see Section 3 below).
Furthermore, the Commission de Surveillance du Secteur Financier (“CSSF”), the supervisory authority of the financial sector, issued Circular 19/732 on the topic of UBO identification (“Circular 19/732”). It targets all professionals under the CSSF’s supervision with regard to Anti-Money Laundering/Combating the Financing of Terrorism (“AML/CFT”). Circular 19/732 discusses the exercise of identifying UBOs from the perspective of such professionals’ compliance with the customer due diligence requirements imposed by the AML Law, which include the identification of the customer’s UBO(s).
As the CSSF points out, this identification goes beyond the mere collection of a name or document or check in a registry. Rather, the UBO identification rests on AML/CFT policies, procedures, systems and controls that have to be adequate and effective considering the nature, scale and complexity of the professional’s business and its overall ML/FT exposure and is defined also by other CSSF circulars and regulations relating to AML/CFT. Circular 19/732 refers to the obligation to carry out a “holistic and risk-based approach” (paragraph 9) when implementing customer due diligence measures and when identifying UBO(s) in that context.
This approach reflects the wording of Article 3(2a) of the AML Law according to which professionals shall not rely exclusively on central registers such as the RBO but fulfil their customer due diligence requirements by using a risk-based approach.
However, obliged entities under the RBO Law are not necessarily subject to the customer due diligence requirements of the AML Law and are much less equipped to carry out such a fully fledged analysis. In any event, it does not follow from the RBO Law and available guidance that such a holistic and risk-based approach is required. In addition, although obliged entities can question their owners, they have little means to oblige them to come forward with information.
Although Circular 19/732 refers to the RBO Law and the convergence between the RBO Law and the AML Law as AML/CFT tools, the RBO Law merely refers to the definition of a UBO in the AML Law. This cross-reference does not entail an obligation for obliged entities to integrate the full risk analysis and due diligence imposed on professionals under the AML Law into their UBO identification exercise for RBO Law purposes. Hence, outcomes of a UBO analysis carried out in accordance with the AML Law may differ, in some cases, from the UBO information registered by obliged entities in the RBO.
Nevertheless, in our view, the obliged entity must conduct its own analysis to identify its UBOs. We would advise against the mere reliance on the RBO filing of a parent company to conclude, for instance, that no UBO can be identified. The obliged entity should ask its parent company holding a sufficient ownership percentage for the relevant information about its UBOs and document these efforts in its internal register before concluding that no UBO can be identified.
II. The exemption for listed companies
According to the RBO Law, companies listed on a Luxembourg-regulated market, on a regulated market in another EEA Member State or in a third country imposing transparency obligations recognised by the European Commission as equivalent within the meaning of Directive 2004/109/CE on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market (“Transparency Directive”), are subject to minimal information requirements.
These companies are exempt from the disclosure requirement set out in Article 3(1) of the RBO Law and are only required to include in the RBO the exact name of the regulated market(s) upon which their securities are admitted to trading (Article 3(2) of the RBO Law) as well as a supporting document (“RBO Listed Companies Exemption”). The term “regulated market” is to be interpreted with reference to the MiFID legal framework.
The application of the RBO Listed Companies Exemption to foreign trading venues as well as its impact on obliged entities held by listed companies raises a number of practical questions.
There is much to be said about how to apply the test on transparency equivalence set out in Article 3(2) of the RBO Law. In practice, it appears to be unworkable. Indeed, there are no Commission decisions recognising equivalence of regulated markets within the meaning of the Transparency Directive.
In our view, reference must be made to the wording used in Article 1(7)(a) of the AML Law, recalled in Section 1 above and further discussed under b) below, which refers to a “regulated market that is subject to disclosure requirements consistent with European Union law or subject to equivalent international standards which ensure adequate transparency of ownership”. This wording is identical to that used in AMLD4. In Circular 19/732, the CSSF rightfully refers to a third country market “subject to equivalent obligations which ensure adequate transparency of ownership information”.
This implies that the obliged entity has to carry out its own analysis as to the transparency requirements applicable to a third-country market where it (or its parent – see b) below) is listed. Commission decisions in the MiFID field with regard to the MiFID equivalent status of the third-country market may provide support but an analysis in concreto regarding transparency requirements with respect to the relevant trading venue should be made.
The treatment of obliged entities held by listed companies for RBO Law purposes is not explicitly addressed by the RBO Law.
The RBO Listed Companies Exemption does not apply to obliged entities held by listed companies.
In principle, such entities need to identify their UBOs by (i) calculating the percentage of their direct or indirect shareholding and (ii) determining the persons who effectively control the entity either through voting rights or through control via other means.
This exercise may lead up the ownership/control chain to a parent company which is listed on an EEA regulated market or on a regulated market outside the EEA subject to equivalent transparency requirements. However, natural persons who are shareholders of such companies are not identified as UBOs by the AML legal framework as results from Article 1(7)(i) of the AML Law recalled above (the “AML Listed Companies Exemption”). The reason for this is that transparency in terms of their ownership is ensured via the transparency rules applicable to the regulated markets on which the shares of these listed companies are traded.
In our view, for RBO Law purposes, obliged entities directly or indirectly held by listed companies can refer to the AML Listed Companies Exemption applying to that parent company to conclude that no UBO can be identified. This reasoning applies irrespective of the fact whether a natural person could be identified as UBO of the listed company and, hence, indirectly of the relevant subsidiary.
However, it needs to be verified that there are no other shareholders and, ultimately, natural persons owning directly or indirectly a +25% interest of the obliged entity or controlling it via other means other than through the listed parent company. Otherwise, the obliged entity may indeed be able to identify a UBO.
It is worth noting that Circular 19/732 does not discuss the topic of entities held by listed companies. A conservative reading of Circular 19/732 (para. 33) may lead to considering that the identification of all clients other than those whose own shares are listed on a qualifying regulated market requires identification of their UBOs. However, such a reading does not make sense in practice. A subsidiary would then be held to a higher standard of transparency than its listed parent company.
We are therefore of the view that an obliged entity owned by a company listed on a qualifying regulated market can stop the UBO identification chain at the level of that listed parent. For RBO filing requirements, save for the exception regarding potential other UBOs mentioned above, that entity will consider that it cannot identify its UBOs and register it senior managing officials.
III. Control via other means
Even though a natural person (directly or through an intermediate legal entity) does not meet the ownership test due to the fact that it does not hold a shareholding of 25% plus one share or an ownership interest of more than 25% in the entity concerned, such a situation does not automatically disqualify this natural person as UBO, to the extent that this natural person can still have control over the obliged entity via other means.
This control via other means situation is referred to by the AML Law itself, according to which (Article 1(7)), a UBO is a natural person who ultimately controls a legal entity through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that entity, or through control via other means.
a) Control via other means definition
The Law of 25 March 2020 transposing AMLD5 introduced a definition of “control via other means” in the definition of UBO under Article 1(7) of the AML Law, which now indicates that “control through other means may be determined in accordance with Articles 1711-1 to 1711-3 of the Law of 10 August 1915 on commercial companies, as amended”, (these provisions being related to the setting up of consolidated accounts), which provide notably that:
“each company (…) must draw up consolidated accounts and a consolidated management report if it:
- has a majority of the shareholders’ or members’ voting rights in another undertaking; or
- has the right to appoint or remove a majority of the members of the administrative, management or supervisory body of another undertaking and is at the same time a shareholder in or member of that undertaking; or
- is a shareholder in or member of an undertaking and controls alone, pursuant to an agreement with other shareholders in or members of that undertaking, a majority of shareholders’ or members’ voting rights in that undertaking”.
Article 1(7) of the AML Law further provides that the following criteria shall also be taken into consideration so as to determine whether or not a natural person has control over the obliged entity via other means:
“(aa) the direct or indirect right to exercise a dominant influence over a customer, on the basis of a contract entered into with that customer or of a clause of the articles of association of that customer, where the law governing that customer allows being subject to such contracts or such statutory clauses;
(bb) the fact that the majority of the members of the administrative, management or supervisory bodies of the customer, in office during the financial year as well as the preceding financial year an until the preparation of the consolidated financial statements, were appointed through direct or indirect exercise of the voting rights of one natural person;
(cc) the direct or indirect power to exercise or the actual direct or indirect exercise of a dominant influence or control over the customer, including the fact that the customer is placed under a single management with another undertaking;
(dd) an obligation, under the national law to which the parent undertaking of the customer is subject, to prepare consolidated financial statements and a consolidated management report;”
In addition to this definition, CSSF Circular 19/732 provides a very broad list of indicative criteria to be used by financial sector entities to determine whether a natural person is controlling the obliged entity:
“In determining the natural person(s) effectively controlling the customer which is not an individual (i.e. a legal entity or legal arrangement), the following non-exhaustive factors may be useful to consider, always on a case-by-case basis: – Individuals granted control through shareholders agreements; – Individuals with the ability to de facto control the customer; – Individuals that sign orders or initiate transactions, or regularly intervene otherwise in the relationship without the need to exercise for example official/formal representative functions of the company; – Individuals having the exclusive right to exercise the power to appoint or dismiss a majority of the members of the administrative, management or supervisory body of the legal person which determines the financial and business policy; – Individuals responsible for essential managerial decisions; – Individuals having the right to use all or part of the assets of a legal person; – Former shareholder or management member exercising a significant influence on the legal entity; – Personal relationships with the customer, for example family members, – Individuals possessing a significant minority interest whereas the other shareholders have significantly lower participations; – Individuals having the right to determine the financial and business policy of the customer on the basis of a domination agreement with the party directly involved or on the basis of a provision in the statutes of the party directly involved; – With regards to special purpose vehicles, the indirect party bearing the majority of risks and opportunities of the party directly involved to achieve a narrowly and precisely defined objective of the parent company; etc.”
In our view, however, this list should be handled with caution in the RBO Law context since it seems overly broad to cover “dominant influence”, which is the key term now used in the AML Law to define control via other means.
b) Review of some specific situations in light of the “control via other means” definition
- General partner of partnerships
If the general partner has full control of the partnership of which it is the management company (insofar as it has full right to appoint and dismiss all the board members and exercise the shareholders’ voting rights at the shareholders meetings), the general partner shall be regarded as fulfilling the “control” criterion.
The latter view implies that a look-through of the general partner is required and that natural persons who hold, directly or indirectly, a stake exceeding 25% in the general partner, or who ultimately control, via other means, the general partner shall be registered as UBO of the entity of which the general partner is the management company.
This being said, it is important in our view to analyse the general partner’s role on a case-by-case basis, and to distinguish the general partner from a mere management company:
- a general partner, whose role is defined by the law and the articles of association of the entity concerned, holds at least one share of the company/partnership/entity, manages the latter and exercises the shareholders’ voting rights (accordingly its office cannot be easily terminated) shall thus be submitted to the look-through analysis;
- a management company, mere service provider acting on the basis of a management agreement and having no voting rights, shall thus be disregarded for UBO identification purposes.
- Shareholders’ agreements and veto rights
This specific situation is detailed in the Explanatory Guide, according to which natural persons who have signed a shareholders’ agreement on the basis of which they act in concert at general meetings shall be deemed controlling the company by other means. Thus, such persons, even though they each have an ownership below the 25% + 1 threshold, shall be considered as beneficial owner and included as such in the RBO. In addition, regarding a family context, the RBO considers that a company where no shareholder meets the ownership criteria, but where parents and siblings hold together more than 25% + 1 of the share capital of the company concerned should be considered as UBOs if they act in concert in general meetings.
Our opinion is, that in a situation where shareholders have entered into a shareholders’ agreement or where shareholders belong to the same family, this should also be analysed on a case-by-case basis.
To determine whether the existence of a shareholders’ agreement organises a (joint) control situation among its parties, such shareholders’ agreement must be analysed cautiously.
If the only purpose of a shareholders’ agreement is to organise or provide restrictions on share transfers, it shall not be deemed as organising control over the concerned company. On the contrary, if the shareholders’ agreement grants a shareholder the possibility to appoint the majority of the members of the board, or the majority over the shareholders decisions, that shareholder shall doubtless be considered as a controlling shareholder, no matter the percentage of ownership he/she holds in such a company or entity.
Whether a shareholder is to be considered as solely controlling or whether several shareholders have joint control depends on the facts of the case: depending on respective shareholdings and the content of a shareholders’ agreement, concerted action by different shareholders may be needed for decision-making. In such a case, all these shareholders may qualify as UBOs.
A shareholders’ agreement can also grant a shareholder veto rights on certain decisions. As regards this matter of veto rights, the analysis should be carried out with the utmost care and on a case-by-case basis as veto rights are of a contractual nature and their scope can accordingly greatly vary from one situation to another.
Even though the CSSF seems to assert in Circular 19/732 that a shareholder having veto rights exercises control via other means over the customer, in our view, a veto right does not per se imply control over the company (e.g. a veto right on the approval of the annual accounts does not give control over the company). It is only if that veto right applies to strategic decisions which relate to the core business of the company, thus exerting a significant or decisive influence, that the beneficiary of such a veto right may be considered as controlling the company. Indeed, in that case, the company’s business cannot be carried out without the prior approval of this shareholder.
In this respect, EU merger control rules are interesting to consider, as they can provide some additional thoughts on the veto rights and control analysis. Indeed, it must be pointed out that EU merger control rules make an exception for veto rights not going beyond those normally granted to minority shareholders in order to protect their financial interests as investors when determining if such minority shareholders in a joint venture context acquire (joint) control. Only veto rights granted to them on strategic decisions on the business policy are deemed to give rise to control.
According to the European Commission, veto rights over changes in the articles of association, share capital increase or decrease, or liquidation, are normal means of protection of minority shareholders’ rights, to the extent that such decisions relate to the essence of the joint venture/partnership itself and shall not be deemed as conferring joint control.
On the contrary, veto rights on issues such as the budget, the business plan, major investments or the appointment of senior management shall be deemed as typically conferring joint control.
The European Commission further considers that it may be sufficient that only some, or even one such right, exists so as to qualify a joint control situation. However, whether or not this is indeed the fact in the case under scrutiny, depends upon the precise content of the veto right itself and also the importance of this right in the context of the specific business of the joint venture or company concerned, reasons for which, to us, a case-by-case analysis is strongly recommendable.
Corporate entities may issue notes instead of ownership titles in order to finance their operations. Only economic rights (interest collection) are attached to such instruments. This noteholder scenario is particularly relevant in the case of securitisation companies.
The RBO Law and available regulatory guidance do not examine the case of noteholders.
Noteholders invest in the corporate entity’s debt but do not contribute to its share capital and have no voting rights so that they do not exercise control. In our view, notes without rights similar to those derived from equity (voting rights or control) are to be considered as debt only and fall outside the scope of the UBO analysis. Indeed, the definition of a UBO insists on control and does not relate to the economic benefit of a structure.
However, in some circumstances noteholders could be considered as persons exercising “control via other means” over an obliged entity. As explained above, this widely interpreted concept refers to effective control without legal control and paragraph 52 of Circular 19/732, which provides a broad list of non-exhaustive factors to consider and includes the ability to exercise de facto control, thus putting noteholders under scrutiny for the UBO analysis. Indeed, in certain specific scenarios debt holders may be found to exercise de facto control over an obliged entity. This does not contradict but rather confirms the principle that debtholders are excluded from the UBO analysis unless they have specific means of controlling the obliged entity without ownership. A case-by-case analysis may accordingly be required in certain circumstances.
Noteholders are debt holders. Unless they have the possibility to appoint the majority of the board members or have veto rights over strategic decisions over the company they lent money to, they are not to be considered as having control of the company via other means. The situation would be different, however, in the event that the debt is secured by a pledge over the issuer’s shares and any such pledge is realised due to a default under the loan agreement. In such a case and assuming that more than 25% of the ownership of the pledged shares would pass to the noteholder due to the realisation of the pledge, the noteholder would then be considered as a UBO of the company whose shares are transferred by virtue of the pledge, based on the ownership criterion.
c) Cascading analysis versus simultaneous analysis
The question arises whether the ownership criterion and the control via other means criterion are to be applied alternatively (cascading analysis) or cumulatively (simultaneous analysis). In other words, once a UBO has been identified on ownership ground, shall one consider that the UBO analysis is complete, or must one continue to see whether other UBOs can be identified through the application of the control via other means criterion?
Circular 19/732 seems to distinguish the steps relating to the identification of a natural person who directly or indirectly owns or controls a sufficient interest (step 1) and the identification of a natural person who controls the entity via other means (step 2); step 2 being applied only when no natural person can be identified under any of the scenarios under step 1, which seems to imply that step 2 only comes into play if no UBO can be identified under step 1.
Recent amendments to the AML Law brought by the Law of 25 March 2020 also seem to imply a cascading approach. Regarding the customer due diligence to be carried out by professionals, which includes UBO identification of the customer, the AML Law now indicates (Article 3(2)(b), second subparagraph, point (ii)) that for customers who are legal persons, the identity of natural persons exercising control over that legal person through other means is information to be used insofar as there is doubt under point (i) as to whether the persons with the controlling ownership interest are the beneficial owners or where no natural person exerts control through ownership interests.
According to this cascading analysis, step 2 (existence of control via other means) only needs to be applied when step 1 (control through sufficient ownership) does not lead to a convincing result. However, we believe that this provision of the AML Law should be read with care in the RBO Law context. It does not correspond to AMLD4 wording. It results from the parliamentary works of the Law of 25 March 2020 that this wording was inspired by the Interpretative Note to Recommendation 10 of the Financial Action Task Force (FATF) Recommendations, which indeed refer to a “cascading” approach in this respect. However, the wording of the relevant provisions of AMLD4 and AMLD5 relating to UBO identification, transposed via the definition in Article 1(7) of the AML Law, clearly supports the cumulative approach. Indeed, the AML Law does not make any distinction between the two criteria, which are both included in the same sentence.
The simultaneous approach is also defended by the RBO in its guidance. Hence, in our view, steps 1 and 2 need to be applied simultaneously.
Accordingly, a company may simultaneously need to identify in the RBO UBOs on the basis of the ownership criterion as well as UBOs on the basis of the control via other means criterion. Most often the outcome of the analysis based on these two criteria will lead to the same UBOs, but not always as a company can simultaneously have shareholders holding stakes above 25% and a shareholder controlling the company via other means who holds less than 25% (e.g. through a shareholders’ agreement giving him the right to appoint the majority of the board members, etc.).
IV. The senior managing official as UBO by default
The identification of the UBO is a best efforts obligation (obligation de moyens) and not a performance obligation (obligation de résultat).
As recalled above, as per the provisions of the AML Law, if no UBO “(i) is identified, or if there is any doubt that the person(s) identified are the beneficial owner(s), any natural person who holds the position of senior managing official (dirigeant principal)” shall be deemed to be the UBO and registered with the RBO. However, the concerned company will have to document that appropriate due diligence has been carried out to identify the UBOs.
As a matter of clarification, one should note that the senior managing official to be registered with the RBO is always the one of the obliged entity (and not the one of the intermediary entity or of the controlling entity).
Even though the concept of “senior managing official” initially gave rise to some discussion since there was no legal definition of the term, the concept has since been clarified by the LBR. In the current version of the Explanatory Guide the LBR indicates that the notion of senior managing official is to be understood in general as the legally prescribed management body and not only, for example, the chairman of a board of directors. The Chief Executive Officer (CEO) may also be considered as senior managing official, or any other equivalent body appointed by virtue of legal or statutory provisions, in which case only the CEO or the equivalent body is to be recorded.
Hence, if a daily manager “délégué à la gestion journalière” has been appointed and registered as such with the RCS, the latter can be registered by default as senior managing official in lieu and place of all the members of the management body of the Luxembourg obliged entity.
V. The case of obliged entities held by trusts
Article 1(7)(b) of the AML Law specifically designates the persons identified as UBOs of trusts (see Section 1 above). In practice, there are no obliged entities under the RBO Law corresponding to trusts in Luxembourg.
The RBO Law does not indicate how to apply the criteria of the UBO definition in the case of indirect ownership of a Luxembourg corporate entity, i.e. when a natural person holds an ownership interest in or otherwise controls this entity through another corporate entity or through a trust.
In our view, at each level of the control chain, the rules relating to the specific type of entity need to be applied. If a Luxembourg entity is ultimately held or controlled by a trust, its UBOs are the persons the AML Law identifies as UBOs of the trust (i.e. the list of persons mentioned in points (i) to (v) of Article 1(7)(b) of the AML Law).
This approach is confirmed by Circular 19/732 according to our reading where the CSSF indicates (paragraph 26) that when a legal entity “is entirely or partially owned by a trust, the rules on identification of the UBO of legal entities and trusts apply simultaneously”.
A possible mistake is to consider that beneficiaries only qualify if they own a certain percentage of interest. However, contrary to Article 1(7)(a) of the AML Law applicable to corporate entities mentioning a +25% (indicative) threshold, its Article 1(7)(b) regarding fiduciary arrangements and trusts does not provide for a threshold so all designated persons qualify provided they are identifiable.
Regarding the scenario where the persons mentioned in points (i) to (v) of Article 1(7)(b) of the AML Law recalled above are not natural persons, the question remains whether a look-through approach should be adopted regarding corporate entities.
Bearing in mind the wording of the RBO Law designating specific persons, there are good arguments in our view not to apply a look-through approach for such legal entities where (at least) one of the persons identified under these points (i) to (v) is a natural person. However, where no natural persons can be identified, additional diligence is appropriate and a look-through of the trustee should be applied to identify its UBOs considering the fact that it is controlling the trust.
We take note of the fact that Circular 19/732 also seems to require professionals under its supervision to carry out a look-through of corporate trustees of trusts indirectly owning a Luxembourg legal entity that is their customer when identifying its UBOs. However, in our view, this does not compromise the analysis for RBO Law purposes set out above that no look-through is required when natural persons have been identified as UBOs of the trust. In addition, Circular 19/732 leaves certain questions unanswered, such as whether the look-through approach would only apply to corporate trustees or also to other legal entities identified on the basis of points (i) to (v) of Article 1(7)(b) of the AML Law.
VI. Public access and the application for its limitation
It follows from Articles 11 and 12 of the RBO Law that national authorities as defined in the RBO Law, as well as the general public, have access to the information filed in the RBO. Members of the general public do not need to demonstrate a specific interest in obtaining the information and can consult the RBO anonymously via electronic means but only a more limited set of data is accessible to them, excluding the UBO’s address and national identification number. National authorities have access to all data. Obliged entities and their UBOs are not informed about searches made on the information they have registered.
It is important to note that a search in the RBO by members of the general public can only be carried out on the basis of the corporate name, the firm name, or the name or the RCS registration number of a legal entity whereas national authorities can also carry out searches on the basis of the name of an UBO (Articles 7(2) and 8(2) of the GDR). Case law confirmed in this respect that it is not possible to oblige the LBR, even via court order, to communicate to a member of the general public the names and registration numbers of the legal entities with respect to which a natural person has been identified as UBO.
Based on Article 15 of the RBO Law, a registered entity or a UBO may request to limit access to the information on the basis of a duly reasoned application to the administrator of the RBO submitted at the same time or after the request for registration.
Such applications must demonstrate that exceptional circumstances apply. Apart from UBOs who are minors or otherwise incapacitated, who only need to prove this specific condition, the applicant must submit proof that exceptional circumstances exist as a consequence of which public access to the UBO’s personal data would expose the UBO to a disproportionate risk, a risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation. The LBR has said in public that these conditions will be analysed strictly and its decision practice confirms this.
If a limitation of access is granted, the general public’s access to the UBO data will be restricted but national authorities, credit institutions and financial institutions as well as bailiffs and notaries acting in their capacity as public officials will still have access. The limitation is granted only for the duration of the circumstances which justify it without exceeding a maximum period of three years but a renewal may be requested.
A refusal of the application can be challenged in court. Until the final court ruling on the challenge of a refusal decision, access to the information will be limited. Interested parties can also challenge a limitation of access granted.
The appeal procedure regarding refusal decisions raises a number of questions. The standard of proof required with regard to the “exceptional circumstances” a legal entity or UBO has to advance regarding the alleged disproportionate risk(s) invoked lacks clarity. It is therefore to be welcomed that the Luxembourg Commercial court has referred several questions to the Court of Justice of the European Union (“CJEU”) requesting an interpretation of the AMLD5 wording in this respect. Logically, in principle, while this request is pending, all cases implying a review of refusal decisions on the merits are stayed.
However, beyond the question of the standard of proof and the uncertainty about the test of “disproportionate risk”, public access to UBO personal data in the RBO raises essential questions regarding the validity of the mechanism in view of the fundamental rights of UBOs protected by the Charter of Fundamental Rights of the European Union (2000/C 364/01) (the “Charter”), and, in particular, its Article 8, according to which “1. Everyone has the right to the protection of personal data concerning him or her”. Furthermore, Article 7 of the Charter stipulates that “everyone has the right to respect for his or her private and family life, home and communications.” The protection of these rights is also guaranteed by the Luxembourg Constitution. In addition, the public access mechanism obviously conflicts with the objectives pursued by and requirements set out in Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”).
In our view, these questions cannot be put aside simply by considering that they must have been taken into account by the EU legislator. Fundamental rights can indeed be limited. However, their limitation must be necessary and genuinely meet objectives of general interest or the need to protect the rights and freedoms of others.
It is questionable in our view whether the unlimited consultation of personal UBO data by the general public without a requirement to demonstrate a legitimate interest or provide identification is a proportional measure in view of the key objective pursued by the AML Directives, i.e. “tracing criminals who might otherwise be able to hide their identity behind a corporate structure” (see, in particular, Recital 25 of AMLD4). Considering the unlimited access of authorities (and accepting a possibly enlarged access for financial sector professionals), does the fight against money laundering and terrorist financing require the assistance of the general public? The final guardian of this delicate proportionality analysis must be the CJEU. In this respect, it is important to note that the District Court has most recently accepted to refer several additional questions on the validity and interpretation of the public access regime imposed by AMLD5 to the CJEU.
As of 6 December 2019, i.e. a few days after the RBO registration deadline of 30 November 2019, 73.61% of the 139,400 entities concerned in Luxembourg were registered with the RBO. The number has undoubtedly increased since but there are no statistics available on the current number of registered entities or the percentage of non-compliant entities. To our knowledge, there is only one court decision rendered so far imposing a criminal fine for non-compliance with the RBO Law.
The RBO Law obviously imposes an additional regulatory burden on compliance teams. The exercise may be familiar for regulated entities who are professionals under the AML Law but not for other entities. Care needs to be taken to keep the relevant information up to date in the register held at the company and in the RBO when changes occur.
The RBO Law gives rise to certain uncertainties in its application and regulatory guidance has proved insufficient on certain points. Obliged entities also need to be aware that a validated RBO filing is not a guarantee that the filing is correct. Interrogations by financial sector professionals having checked the filing may reveal discrepancies with their own analysis. It is important to recall that these professionals have an obligation to notify such discrepancies to the RBO in accordance with Article 8(1) of the RBO Law (although no sanctions are foreseen in the RBO Law).
Obliged entities should document efforts to identify UBOs in order to arm themselves against criminal liability. This, however, is a liability of the company and not of the directors although their liability could be engaged on the basis of the general liability regime. In this respect, we would recommend the managers/directors of the company concerned to keep evidence of the reasonable diligence carried out in connection with the UBO identification process.
The RBO Law also provides for the criminal liability of UBOs for non-cooperation but one can question the practical impact of this sanction for UBOs in third countries. Of course, there would be a reputational issue for the company and possibly the UBOs in the case of criminal sanctions.
The more recently introduced RTF completes the transposition in Luxembourg of the ongoing trend towards transparency imposed by the EU legislator particularly in the AML field, but has a stricter access regime. It remains to be seen whether the final word has been said about the compatibility of the RBO’s public access mechanism with fundamental privacy rights.
 Criminal fines from 1,250 EUR to 1,250,000 EUR may be imposed on the relevant entity in case of failure to comply with its obligations under the RBO Law or on the UBO for failure to provide the relevant entity with the correct information.
 Further practical details on registration with and access to the RBO are set out in a Grand-Ducal Regulation of 15 February 2019 (“GDR”). Practical guidance (circulars, technical guides and an FAQ) about the data to be submitted and the filing process can be found on the website of the RBO (www.lbr.lu).
 Regarding foundations or legal arrangements similar to trusts, it follows from Article 1(7)(c) of the AML Law that any natural person holding equivalent or similar positions to those referred to in point (b) need to be considered as UBOs.
 Circular 19/732 of 2 December 2019 on the Prevention of Money Laundering and Terrorist Financing: Clarifications on the Identification and Verification of the Identity of the Ultimate Beneficial Owner(s).
 Within the meaning of the AML Law.
 The RBO Law provides for criminal fines for a UBO not providing the necessary information to an obliged entity (Articles 17(1) and 21(3) of the RBO Law). However, for a UBO residing outside Luxembourg or even outside the European Economic Area (EEA), the practical impact of this provision may seem reduced.
 Directive 2014/65/EU of the European Parliament dated 15 May 2014 on markets in financial instruments (MiFID II), which repealed Directive 2004/39/EC of the European Commission dated 21 April 2004 on markets in financial instruments (MiFID), and Regulation 600/2014/EU of the European Parliament dated 15 May 2014 on markets in financial instruments.
 Directive 2015/849/EU of the European Parliament dated 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation 648/2012/EU of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (“AMLD4“). AMLD4 was amended by Directive 2018/843/EU of the European Parliament dated 30 May 2018 amending Directive 2015/849/EU on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (“AMLD5“).
 and it is not clearly addressed in the Explanatory Guide: it is uncertain whether its Slide 30 fully supports our analysis although it can be read in this way.
 See footnote 8.
 Slide 19.
 Slide 18.
 Paragraphs 65 et seq. of the EU Commission’s consolidated jurisdictional notice under Merger Regulation N°139/2004.
 See also point 33(d) of the FATF Guidance “Transparency and beneficial ownership”, October 2014, which refers to natural persons exerting control without ownership by participating in the financing of the enterprise as an example of control through other means.
 See Explanatory Guide, p 6, which provides that “the analysis to be done in steps 1 [ownership criterion] and 2 [control via other means] is done concurrently and not successively or eliminatory”.
 Initially, the LBR Circular 19/02 regarding not-for profit associations (version of 28 March 2019) provided that the senior managing official was deemed to be the whole management body of the concerned entity (and not only the president of the board of directors or of the board of managers or the members of the executive committee). Even though this circular was issued as regards not-for profit associations only, it was assumed that such a position would also be applicable to companies.
 See Explanatory Guide, p 11. LBR Circular 19/02 has been amended in the meantime and provides for a similar wording (version of 7 August 2019).
 Notably because they are not registered in the RCS. A specific register for trusts and fiducies and their beneficial owners was recently introduced by the Law of 10 July 2020 creating a register of fiducies and trusts (“RFT Law”). The RFT Law provides, in particular, for the mandatory registration of certain personal data of the UBOs of trusts and fiducies in a newly created register of fiducies and trusts (“RFT”), complementary to the RBO for legal entities. However, a discussion of the specifics of the RFT would exceed the scope of this contribution.
 Or the natural persons holding equivalent or similar positions in a foundation or legal arrangement similar to a trust in the case of a Luxembourg entity ultimately held or controlled by a foundation or a legal arrangement similar to a trust.
 Contrary to the RFT Law (Article 14), the RBO Law only allows for the registration of natural persons as UBOs.
 See figures 2 and 3 on pages 11 and 12 of Circular 19/732.
 See also our comments in Section 1 above regarding the standard of diligence in the RBO Law context, which does not necessarily include the risk assessment applicable to AML professionals in the context of their KYC obligations.
 Some other inconsistencies must be pointed at regarding the Circular’s discussion of trusts. Its paragraph 27 erroneously quotes Article 7(1)(b)(v) of the AML Law as identifying as UBO any other natural person exercising ultimate control or influence over the trust. However, the AML Law does not include the – vague – concept of influence but only refers to control. In addition, the meaning of paragraph 30 lacks precision. It states that “[I]n case where the trust is 100% owned by a legal entity, the rules applicable to legal entities apply.” However, none of the persons in points (i) to (v) of Article 1(7)(b) of the AML Law legally own the trust so the implications of this paragraph in practice are unclear.
 See Tribunal d’arrondissement de Luxembourg, 28 February 2020 (ref. TAL-20202-00979). In the case at hand, a creditor tried to obtain access to information on beneficial ownership of a debtor.
 From a procedural point of view, the RBO Law lacks clarity on the deadline for filing such an application. The fact that the time limit starts running with the publication of a notice and decision date on the LBR’s website (Article 15(5) of the RBO Law), a notice, which seems to be available on that website only in very recent cases, must be opposed to the fact that, in practice, the decision may be notified to the party requesting confidentiality at a later date. Given the context, it is also peculiar that the appeal must be brought before a civil or commercial chamber of the district court rather than before an administrative court. This is due to the fact that LBR is a civil entity. The short 15-day deadline to serve a writ of summons on the RBO and avoid publication of the relevant data raises questions as to the availability of an effective judicial remedy as required by Article 30(9) of AMLD4, as amended by AMLD5. This is different for appeals in the context of the RFT Law (a 30-day deadline to bring an appeal before the administrative court applies).
 See pending Case C-37/20, Luxembourg Business Registers, www.curia.europa.eu.
 For a discussion on this topic see J. COUR and F. BELLENCONTRE, « Loi du 13 janvier 2019 instituant un registre des bénéficiaires effectifs au Luxembourg: éléments saillants et pistes de réflexion », Revue pratique de droit des affaires, 03/2019, p. 15, and A. ROCHER, « Les données personnelles des bénéficiaires effectifs de sociétés », Revue des sociétés, mars 2020, p. 139.
 In contrast, the demonstration of a legitimate interest is required for members of the general public wanting to access the RTF (see Article 27(1) of the RFT Law in accordance with Article 31 of AMLD4). One can argue that the nature of trusts warrants a higher level of confidentiality. However, a different standard then applies to UBOs of trusts which indirectly hold obliged entities subject to UBO disclosure in accordance with the RBO Law.
 Tribunal d’arrondissement de Luxembourg, 13 November 2020 (ref. 2020TALCH02/01568). The case should soon be identified and the questions accessible on www.curia.europa.eu.
 Paperjam, 6 December 2019.
 Tribunal d’arrondissement de Diekirch, 16 July 2020 (ref. 20200924738). A 2,500 EUR fine was imposed, taking into account the seriousness of the breach (absence of filing) and the company’s willingness to regularize its situation (individual nature and proportionality of penalties principle).
Avocat au Barreau de Luxembourg
Elvinger Hoss Prussen
Avocat au Barreau des Hauts de Seine
Elvinger Hoss Prussen