23 November 2025
FATF ¦ R.24 Transparency and Beneficial Ownership of Legal Persons
Recommendation 24: Strengthening Transparency and Beneficial Ownership of Legal Persons
Recommendation 24 requires countries to identify and mitigate the risks that legal persons — primarily companies but also foundations, partnerships and other legal entities — can be misused for money laundering and terrorist financing. The Recommendation mandates that competent authorities be able to obtain timely, adequate, accurate and up-to-date information on the beneficial ownership and control of legal persons that are created domestically or that pose material risks and have sufficient links with the country. States may choose the architecture for collecting and making that information available (a centralized beneficial ownership register, company registry with enhanced data, or a combination of mechanisms), but they must meet the minimum standards set out in the interpretive note.
Basic information requirements and company registries
To identify beneficial owners, authorities first need reliable basic corporate information. At a minimum this includes the company’s name, proof of incorporation, legal form and status, registered office address, constitutional documents (for example memorandum and articles), a list of directors and unique identifiers such as tax identification numbers. Companies must also keep a register of shareholders or members showing names, shareholdings and categories of shares including voting rights. All companies formed in a jurisdiction should be registered in a company registry, which should record the basic information above and facilitate access by competent authorities, financial institutions and DNFBPs. Where the company or a public body already holds beneficial ownership information domestically, a shareholder register may be located abroad provided the company can promptly provide the required information on request.
Multi-pronged approach to beneficial ownership information
Countries should adopt a combination of mechanisms so that beneficial ownership can be determined quickly. Those mechanisms include:
- requiring companies to obtain and keep adequate, accurate and current beneficial ownership information and to cooperate fully with competent authorities;
- maintaining beneficial ownership information in a public authority or body (for example a company registry, tax authority, FIU or a dedicated BO registry); or
- implementing alternative mechanisms that give timely, efficient access to accurate beneficial ownership data.
Supplementary sources — such as regulator and stock exchange records, and BO information collected by reporting entities under Recommendations 10 and 22 — should be used where necessary. All parties that hold relevant information, including companies, intermediaries and liquidators, must retain records for at least five years after the company ceases to exist or ceases to be a customer.
Standards for adequacy, accuracy and timeliness
“Adequate” information is sufficient to identify the natural person(s) who ultimately own or control the legal person and the means by which control is exercised.
“Accurate” means the information has been verified using reliable, independently sourced documents, data or information; the degree of verification can be risk-based.
“Up-to-date” means the information is current and updated within a reasonable period after any change (for example within one month).
Competent authorities, especially law enforcement and FIUs, should have the powers needed to obtain rapid access to both basic and beneficial ownership information held by domestic public bodies, regulated entities and reporting entities. Company registries should facilitate timely access to public basic information for financial institutions, DNFBPs and foreign competent authorities, and jurisdictions should consider allowing them access to beneficial ownership details where appropriate.
Preventing misuse: bearer instruments and nominees
To reduce anonymity risks, countries must prohibit issuance of new bearer shares and bearer share warrants and apply measures to prevent misuse of any existing bearer instruments. Options for existing bearer instruments include converting them to registered form, immobilising them with regulated intermediaries who can provide timely access to competent authorities, and requiring holders to notify the company and for the company to record identity before any rights can be exercised.
Nominee shareholders and directors pose similar risks and should be managed. Measures could include requiring nominees to disclose their status and the identity of the nominator to the company and relevant registry (with nomineestatus recorded in public information), licensing nominees and requiring them to keep and make available the identity of the natural person on whose behalf they act, or prohibiting nominee shareholders or directors. Where nominees are already licensed as regulated entities subject to AML/CFT obligations, separate licensing might not be necessary but transparency and oversight remain essential.
Applying requirements to other legal persons
Recommendation 24’s principles extend beyond companies. Foundations, Anstalt, waqf (except in countries where waqf are legal arrangements under R.25) and limited liability partnerships should be subject to similar transparency measures adapted to their form and risk profile. For other types of legal persons, jurisdictions must assess ML/TF risk and ensure basic information is recorded, accurate and accessible so beneficial ownership can be established in a timely way.
Liability, sanctions and record retention
There must be clear responsibility for compliance, with effective, proportionate and dissuasive sanctions for legal or natural persons that fail to meet transparency and information requirements. Records relevant to beneficial ownership must be kept for at least five years after the entity ceases to exist or after the reporting relationship ends.
International cooperation and information exchange
Effective international cooperation is essential. States should rapidly and constructively provide wide-ranging mutual assistance with basic and beneficial ownership information, including facilitating access to company registry data, exchanging shareholder information, and using domestic powers to obtain BO information on behalf of foreign counterparts. Jurisdictions must not impose unduly restrictive conditions — such as invoking tax secrecy or banking secrecy — to frustrate legitimate requests and should monitor the quality and timeliness of mutual assistance. Agencies responsible for responding to BO information requests should be designated and made publicly known.
Practical implications for financial institutions and DNFBPs
Financial institutions and DNFBPs benefit when jurisdictions make BO information accessible because it supports customer due diligence under Recommendation 10 and ongoing monitoring. Where public access to BO registers is limited, regulated entities will still be required to collect and verify beneficial ownership information under their AML/CFT obligations. Regulators and supervisors should ensure that reporting entities have the powers and data they need to meet those obligations and that they escalate unresolved inconsistencies or suspicions to the authorities.
Conclusion
Recommendation 24 sets a clear standard: jurisdictions must create an environment in which competent authorities can promptly identify the natural persons who ultimately own and control legal persons. Achieving that requires robust basic company data, verified and current beneficial ownership information held in accessible registries or alternative mechanisms, specific measures to neutralise bearer instruments and nominee arrangements, tailored rules for other legal entities, enforceable sanctions, and active international cooperation. Implemented effectively, these measures significantly reduce the opportunities for misuse of legal persons for money laundering, terrorist financing and related crimes.
FATF Ratings Overview
Luxembourg ¦ FATF Effectiveness & Technical Compliance Ratings
Anti-money laundering and counter-terrorist financing measures
Luxembourg Mutual Evaluation Report, September 2023
This assessment was adopted by the FATF at its June 2023 Plenary meeting and summarises the anti-money laundering and counter-terrorist financing (AML/CFT) measures in place in Luxembourg as at the date of the on-site visit: 2-18 November 2022.
Table 1. Effectiveness Ratings
Note: Effectiveness ratings can be either a High- HE, Substantial- SE, Moderate- ME, or Low – LE, level of effectiveness.
IO1 Risk, policy and coordination
Money laundering and terrorist financing risks are identified, assessed and understood, policies are co-operatively developed and, where appropriate, actions co-ordinated domestically to combat money laundering and the financing of terrorism.
Substantial
IO2 International cooperation
International co-operation delivers appropriate information, financial intelligence and evidence, and facilitates action against criminals and their property.
Substantial
IO3 Supervision
Supervisors appropriately supervise, monitor and regulate financial institutions and VASPs for compliance with AML/CFT requirements, and financial institutions and VASPs adequately apply AML/CFT preventive measures, and report suspicious transactions. The actions taken by supervisors, financial institutions and VASPs are commensurate with the risks.
Moderate
IO4 Preventive measures
Supervisors appropriately supervise, monitor and regulate DNFBPs for compliance with AML/CFT requirements, and DNFBPs adequately apply AML/CFT preventive measures commensurate with the risks, and report suspicious transactions.
Moderate
IO5 Legal persons and arrangements
Legal persons and arrangements are prevented from misuse for money laundering or terrorist financing, and information on their beneficial ownership is available to competent authorities without impediments.
Substantial
IO6 Financial intelligence
Financial intelligence and all other relevant information are appropriately used by competent authorities for money laundering and terrorist financing investigations.
Substantial
IO7 ML investigation & prosecution
Money laundering offences and activities are investigated, and offenders are prosecuted and subject to effective, proportionate and dissuasive sanctions.
Moderate
IO8 Confiscation
Asset recovery processes lead to confiscation and permanent deprivation of criminal property and property of corresponding value.
Moderate
IO9 TF investigation & prosecution
Terrorist financing offences and activities are investigated and persons who finance terrorism are prosecuted and subject to effective, proportionate and dissuasive sanctions.
Substantial
IO10 TF preventive measures & financial sanctions
Terrorists, terrorist organisations and terrorist financiers are prevented from raising, moving and using funds.
Moderate
IO11 PF financial sanctions
Persons and entities involved in the proliferation of weapons of mass destruction are prevented from raising, moving and using funds, consistent with the relevant UNSCRs.
Moderate
Table 2. Technical Compliance Ratings
Note: Technical compliance ratings can be either a C – compliant, LC – largely compliant, PC – partially compliant or NC – non compliant.
R.1 Assessing Risks and applying a Risk-Based Approach
C – compliant
R.2 National Co-operation and Co-ordination
C – compliant
R.3 Money laundering offence
C – compliant
R.4 Confiscation and provisional measures
LC – largely compliant
R.5 Terrorist financing offence
C – compliant
R.6 Targeted financial sanctions related to terrorism and terrorist financing
LC – largely compliant
R.7 Targeted financial sanctions related to proliferation
LC – largely compliant
R.8 Non-profit organisations
PC – partially compliant
R.9 Financial institution secrecy laws
C – compliant
R.10 Customer due diligence
C – compliant
R.11 Record-keeping
C – compliant
R.12 Politically exposed persons
C – compliant
R.13 Correspondent banking
C – compliant
R.14 Money or value transfer services (MVTS)
C – compliant
R.15 New technologies
LC – largely compliant
R.16 Payment transparency
C – compliant
R.17 Reliance on third parties
C – compliant
R.19 Higher-risk countries
C – compliant
R.20 Reporting of suspicious transactions
C – compliant
R.21 Tipping-off and confidentiality
C – compliant
R.22 DNFBPs: Customer due diligence
C – compliant
R.23 DNFBPs: Other measures
C – compliant
R.24 Transparency and beneficial ownership of legal persons
LC – largely compliant
R.27 Powers of supervisors
C – compliant
R.28 Regulation and supervision of DNFBPs
C – compliant
R.29 Financial intelligence units
C – compliant
R.30 Responsibilities of law enforcement and investigative authorities
LC – largely compliant
R.32 Cash Couriers
LC – largely compliant
R.33 Statistics
LC – largely compliant
R.34 Guidance and feedback
C – compliant
R.35 Sanctions
LC – largely compliant
R.36 International instruments
LC – largely compliant
R.37 Mutual legal assistance
C – compliant
R.38 Mutual legal assistance: freezing and confiscation
C – compliant
R.39 Extradition
C – compliant
R.40 Other forms of international co-operation
LC – largely compliant
Dive deeper
What else?
