Why vetting a company without its UBOs is a critical compliance failure
A clean shell company is not a clean entity. The hard part of due diligence is the people behind the legal wrapper — UBOs, controlling shareholders, board directors. Vetting only the entity is the canonical false-clean.
Imagine running OFAC + sanctions + adverse media on Acme Holdings Ltd and getting a clean report. You sign the broker contract. Six months later, the DOJ knocks: Acme is 60% owned by a Politically Exposed Person who has been on the OFAC SDN list for two years. You vetted the entity. You did NOT vet the people behind the entity. That is the compliance failure cascading DD exists to prevent.
Corruption flows through people, not legal shells
Every enforcement case against an FCPA, BSA, or AML failure traces back to a natural person — never to a legal entity in the abstract. A bribery payment is approved by a director. A sanctioned individual hides ownership through a holding company. A PEP routes funds through a UBO-opaque corporate stack. The entity is the wrapper; the risk is in the contents.
What the EDD industry has been doing for a decade
- Refinitiv WorldCheck Enhanced auto-vets every named UBO and director on every corporate subject.
- Ethixbase360 spawns a sub-report per controlling shareholder ≥25% as the FCPA-program default.
- Dow Jones RDC Enhanced does the same as an upgrade tier, less by default.
- Sayari, BvD Orbis, Dun & Bradstreet — every enterprise EDD vendor ships the cascade as a headline feature.
Why this is now the DueVestor default for Type C + Type D
As of this week, every Type C and Type D report auto-detects the UBOs and directors of the corporate subject — pulled from OpenCorporates, Companies House UK PSC, and SEC EDGAR — and spawns a Type B child report on each one. The composite risk on the parent rolls up the worst-severity finding across every child. If any UBO sits on OFAC, the parent flips to HIGH regardless of how clean the entity looked.
Cost transparency: before any child report runs, you see a preview screen listing every detected UBO + director with the credit cost. You select who to vet; no surprise charges; no silent partial cascades. If your wallet runs out mid-cascade, the report fails loud rather than silently shipping an incomplete view.
Why "no UBOs found" is itself a finding
When the cascade extractor finds zero public UBOs or directors, the report says so explicitly. For most private companies in offshore jurisdictions this is the norm, not the exception. The recommendation in those cases is a Type C self-attestation: ask the company to disclose its own cap table, then cross-verify whatever they declare against the registry data we DO find.
A defensible compliance program is one where the auditor cannot point at any unchecked person in the diligence chain. Cascading DD is the floor, not the ceiling.