UBO cascade in 3 steps: identifying ultimate beneficial owners under the Belgian 18/09/2017 law
Accountants, fiduciaries, domiciliation centers, lawyers: your duty to identify ultimate beneficial owners isn't limited to consulting the UBO register. The Belgian 18/09/2017 law mandates a three-tier cascade. Here is how to apply it without missing a category.
In brief
The Belgian UBO cascade requires running through 3 successive steps to identify a client's beneficial owners: holders of more than 25% of capital (Tier 1), persons exercising control by other means such as a shareholders' agreement (Tier 2), then members of effective management as a safety net (Tier 3). Checking the SPF Finances UBO register is not enough: verification rests with the obliged entity, and each step must be documented in the AML file.
What the law says, without paraphrasing
Article 4, 27° of the Belgian Act of 18 September 2017 defines the ultimate beneficial owner (UBO) as any natural person who ultimately owns or controls a customer. But the definition splits into three successive categories — a cascade that obliged entities must run through in order. For the overall framework, see our guide to the Belgian Act of 18 September 2017.
Many actors limit themselves to checking the Belgian UBO register of the SPF Finances. That isn't enough: the register exposes declared data, not verified data. Verifying the UBO sits with the obliged entity.
Tier 1 — The "capital" UBOs (25%)
First category: natural persons holding, directly or indirectly, more than 25% of the voting rights or capital of the client company.
- Directly: Ms Dupont holds 30% of XYZ SRL shares → direct UBO
- Indirectly: Ms Dupont holds 100% of ABC SA, which holds 40% of XYZ SRL → 40% indirect, UBO
Operational best practice:
The most frequent divergences: an omitted UBO in the register, an outgoing UBO not updated, a nominee shareholder hidden behind a shell company.
Tier 2 — The "control" UBOs
When Tier 1 designates no one above the threshold — typically in heavily diluted holdings or fragmented shareholdings — the law mandates looking for persons exercising control by other means. Classic cases:
- Multiple voting rights — shares with double or triple voting rights (Article 7:53 CCA)
- Shareholders' agreement — a convention grants a minority shareholder veto rights over strategic decisions
- Member of effective management — sole CEO, sole statutory manager of a single-shareholder SRL
- Mandatary via mandate contract or outsourced management
This tier is documented with articles of association, shareholders' agreements, bank powers of attorney, and minutes of GMs over the last three years. It is the most often skipped tier in practice — and the one a SPF Economie auditor will check first. See also our guide on AML obligations for Belgian regulated entities.
Tier 3 — The "senior managing official" UBO (safety net)
If neither Tier 1 nor Tier 2 identifies a UBO — rare but possible (large cooperative, ASBL without dominant control) — the law defaults to members of effective management: CEO, manager, board chair.
It's a safety net: it guarantees that at least one natural person is always identified as UBO of every customer.
Beware: falling back to Tier 3 must be justified in writing in your AML file. An audit seeing "UBO = CEO" without traces of Tiers 1 and 2 will infer you skipped the cascade.
How Company Belgium runs the cascade
The AML / KYC module automates the three tiers:
The final report is a timestamped signed PDF, filed in the customer record and exportable in goAML format for CTIF/CFI submission where applicable.
Refresh schedule
UBO identification is not a one-shot. The delegated regulation (EU) 2024/1640 makes the refresh obligation explicit:
- Annual update for standard-risk customers
- Semi-annual for high-risk customers (PEP, non-cooperative jurisdiction, cash above threshold)
- Immediate on event (director change published in the Belgian Official Gazette, BCE alert, negative press)
The BCE Monitoring module automatically cross-references detected events with your AML files to notify you as soon as a change warrants re-screening. See our article on monitoring company changes and alerts for further details.
What an auditor will check
- Presence of the 3 tiers in the file, even if Tier 2 or 3 ends in "not applicable"
- Written justification when skipping to the next tier
- Date and operator of each verification (technical timestamp, not just a text field)
- Sources consulted (articles, agreement, UBO register, BCE) with proofs attached
- Recent update — a file frozen for 18 months on a high-risk customer is non-compliance
Hold those 5 points and you sail through a SPF Economie audit without surprise. Deepen the methodology with our guides on AML risk assessment and mandatory KYC file content.
Frequently asked questions
What is the 3-tier UBO cascade under the Belgian Act of 18 September 2017?
The UBO cascade requires identifying beneficial owners by working through three successive levels. Tier 1 targets natural persons holding more than 25% of capital or voting rights, directly or indirectly. Tier 2 searches for persons exercising control by other means: multiple voting rights, shareholders' agreement, management mandate. Tier 3, the safety net, designates members of effective management only if Tiers 1 and 2 identified no one. Each tier must be documented in the AML file.
Is checking the SPF Finances UBO register enough to meet KYC obligations in Belgium?
No. The SPF Finances UBO register provides data declared by the company, not data verified by the obliged entity. The Belgian Act of 18 September 2017 requires an independent check: the obliged entity must build its own ownership tree, compute the effective holding at each level, and cross-reference the result with the register. Any divergence must be flagged as an AML alert, documented in the file, and analysed before a decision to enter the relationship.
How often must the UBO cascade of a client be updated in Belgium?
European delegated regulation 2024/1640 requires annual update for standard-risk clients, semi-annual for high-risk clients (PEP, non-cooperative jurisdiction, cash above threshold), and immediate on a triggering event such as a director change in the Belgian Official Gazette, a BCE alert or negative press coverage. A file frozen for more than 18 months on a high-risk client constitutes a sanctionable non-compliance.
What risk does a Belgian obliged entity face if it skips steps in the UBO cascade?
An obliged entity that fails to document all three UBO cascade steps faces SPF Economy administrative sanctions that can exceed 1,250,000 euros per infringement for legal persons. During an inspection, the auditor checks first for written justifications for each tier, sources consulted with attached evidence, and the date of the last check. The absence of a trace for Tier 2 is the most frequently found non-compliance during inspections.
