PBOC releases consultation draft on beneficial ownership identification and verification requirements for financial institutions

Financial institutions subject to the Draft Measures

The scope of obligated financial institutions governed by the Draft Measures (Obligated Institutions) is intended to be the same as that in the Measures for the Management of Know-Your-Client and the Preservation of Customer Identification Information and Transaction Records by Financial Institutions, most recently revised and re-issued by PBOC on 28 November 2025 (the KYC Measures) (in Chinese:《金融机构客户尽职调查和客户身份资料及交易记录保存管理办法》).

The revised KYC Measures adopt the same approach as the New AML Law and provide a comprehensive list of Obligated Institutions subject to BO identification obligations.

Risk-based, reasonable, and reliable principles

Echoing the New AML Law, the Draft Measures require Obligated Institutions to adopt a risk-based approach, using differentiated measures commensurate with the client's risk level to identify and verify BOs. Measures that are clearly excessive or apply a “one-size-fits-all” approach must be avoided.

The Draft Measures require Obligated Institutions to identify and verify their clients’ BOs through reasonable means, to the point where they are 'satisfied' that they understand the client’s BO structure. Market commentary takes the view that instead of imposing specific and strict rules, this principle requires the Obligated Institutions to act in a way that a prudent institution would reasonably act in the circumstances and also allows some flexibility.

The Draft Measures also require Obligated Institutions to identify and verify BOs using supporting materials, data, or information from reliable sources, and to holistically assess overall reliability through cross-verification. Obligated Institutions must not obtain BO information by solely relying on the information in the PBOC Beneficial Owner Information Query and Management System (the System)¹, nor should they substitute their own judgment with batch processing or automated tools in the BO identification and verification process.

BOs of different types of clients

The Draft Measures set out who qualifies as a BO for various categories of clients:

As a general rule, the BO of all legal persons or non-legal person organizations refers to the natural person who has: 

• Ultimate ownership of 25% or more of equity, shares, or partnership interests (directly or indirectly); or
• Ultimate entitlement to 25% or more of economic benefits or voting rights, even if that ownership is below 25%; or
• Actual control (whether individually or jointly), including control through  agreements or close relationships. This may involve the authority to appoint or remove the legal representative, directors, supervisors, senior management or managing partners; the power to make decisions on major business/management matters; influence over financial decisions; or the ability to exercise long-term control over key assets or principal funds.

If no one falls within the scenarios above, then the person responsible for the day-to-day management is deemed to be the BO for this purpose.

The Draft Measures also provide who the BO shall be for other client types, including branches, trusts, and asset management products.

Additionally, BO identification may be exempted or simplified for certain types of clients of the Obligated Institutions. For example, for Qualified Foreign Institutional Investors (QFIIs), who are subject to a specific legal regime in China, the legal representative, authorized representative, or the person in charge of QFII business may be deemed the BO, provided no high-risk circumstance exists.

Supporting materials and required BO information

The Draft Measures provide a list of various supporting materials that Obligated Institutions must obtain to identify a client’s BO. These include registration certificates or licenses, constitutional documents, major agreements, lists of senior officers, lists of shareholders or partners, and other documents designated for the client’s organisational type (e.g. legal person versus a partnership).

According to the Draft Measures, Obligated Institutions must identify and retain the following BO information of a client:

• The BO’s identity information, including name, gender, nationality, date of birth, identification certificate type, identification number and validity period; and
• Information on the BO’s ownership rights, including types of beneficial ownership, formation and (if applicable) termination dates of the relationship, and depending on the ownership type, the percentage of shareholding or partnership, percentage of income or voting rights, or other means of ownership.

Verification, enhanced due diligence measures and continuous monitoring

Obligated Institutions must verify their clients' BO information based on risk-based and reasonable principles. Verification of a BO’s identity information must first be checked against publicly available information from governmental or official channels. Verification of a BO’s ownership rights should be primarily based on supporting documents, data, or information provided by the relevant client, and where necessary, this information should be verified using multiple sources such as government authority information, publicly available information, and information found by the Obligated Institution. If the client and its conduct are genuinely believed to be at low risk, the Obligated Institution may directly rely on the client-provided information regarding its BO's ownership status; otherwise, the Obligated Institutions must consider using enhanced due diligence measures. 

The Draft Measures outline specific scenarios that trigger enhanced due diligence requirements, such as when a client originates from a high-risk jurisdiction, has a complicated ownership or control structure, or exhibits abnormal changes to its ownership or control structure. Enhanced identification or verification measures may include lowering the BO verification threshold from 25% to 10%, obtaining additional information on the client’s ownership and control structure, conducting independent checks and on-site visits, increasing the frequency of reviews and information updates for the client and its BO, or, where necessary, declining to onboard the client or terminating the client relationship. 

In addition, if an individual client presents an elevated money laundering or terrorist financing risk, the Obligated Institution shall, where appropriate, determine whether that person is a BO of any of its existing corporate clients, conduct a linkage analysis, and apply necessary risk management measures.

Obligated Institutions must continuously monitor their clients throughout the relationship and reassess BO information when circumstances affecting ownership or control arise, such as material changes in ownership, control or key personnel.

Identifying and reporting discrepancies

The Draft Measures require Obligated Institutions to cross-verify the identified BO information with the information retained in the System.

If any discrepancies are detected, Obligated Institutions must verify these with their clients. If a material discrepancy is found (e.g., the identified BO and filed BO are different, or key BO information is inconsistent), and the Obligated Institution has reasonable grounds to believe the discrepancy arises from inaccurate information filed in the System, it must submit a discrepancy report within 30 days afterwards. PBOC will issue separate guidelines on the submission of these reports. 

According to the Draft Measures, Obligated Institutions are encouraged to submit high quality discrepancy reports that aid verification of BOs and effectively help clients accurately file or update BO records.

Grace period

The Draft Measures provide a six-month grace period for Obligated Institutions to complete BO identification and verification for their high-risk clients and a one-year grace period for all other existing clients.