Alice Eneyo

Beneficial ownership is one of the most established concepts in anti-money laundering compliance. It is also one of the most persistently misunderstood in practice. At onboarding, most financial institutions collect beneficial ownership declarations, identify individuals with controlling interests, and document ownership percentages as part of standard due diligence. On the surface, this appears to satisfy regulatory expectations.

In June 2025, procurement vendor Chain IQ Group AG was hit by a sophisticated cyberattack. Hackers accessed data from Chain IQ and at least 19 of its clients, uploading files to the dark web shortly afterward, exposing over 130,000 employee records from firms including UBS and Pictet. None of those firms had hired the attackers’ actual entry point. They had hired Chain IQ.

If 2024 reminded us of anything, it’s that the threat landscape never stands still. In every breach headline, there’s a familiar pattern: an organization falls not because of its own failure, but because a trusted partner left a back door open.