Why the draft AMLA CDD Standards demand investigative judgment on complex structures, and what that means for every compliance programme built around verification and screening. 

Executive Summary 

Most compliance programmes can answer the question “who owns this entity?” They cannot reliably answer the question “is this structure designed to prevent us from finding out?” 

That second question is what Article 12(1)(d) of the AMLA draft Regulatory Technical Standards on Customer Due Diligence now requires obliged entities to address. It asks whether a corporate structure obfuscates or diminishes transparency of ownership with no legitimate economic rationale or justification. The assessment it demands is not binary. It cannot be resolved by a registry check, a screening match, or an automated score. It requires evidence-based investigative reasoning, documented in a form that a supervisor can examine and challenge. 

This is a qualitative judgment standard. It is the first time that EU regulatory technical standards have required obliged entities to perform a structured qualitative assessment of whether a corporate architecture is itself a risk indicator, rather than simply identifying and verifying the entities and individuals within it. Conditions (a) to (c) of Art. 12(1) can be determined from structural facts: legal form, jurisdiction, nominee status. Condition (d) cannot. It requires the compliance function to detect opacity, test for rationale, and document both sides of the determination. 

That changes the operating model. The vast majority of CDD programmes are built around binary controls: verification (does this entity exist?), screening (does this name match a list?), and threshold-based UBO identification (does any natural person hold 25% or more?). None of these controls produces the qualitative, evidence-weighted reasoning that condition (d) demands. Obliged entities that rely on them will face a structural gap when the RTS enters into force, which is realistically expected in Q1–Q2 2027. 

This paper examines why that gap exists, what a compliant Art. 12(1)(d) assessment must look like, and how agentic due diligence, specifically the investigative methodology embedded in CleverChain’s VERA, enables obliged entities to perform structured qualitative assessments at scale without building a separate compliance workflow. 

1. The Judgment Problem 

For decades, CDD for legal persons has been built around a sequence of binary determinations. Does the entity exist in the registry? Does the name match a sanctions list? Is there a natural person above the ownership threshold? Each question has a yes/no answer. Each answer can be produced algorithmically. The entire infrastructure of AML compliance technology, from screening engines to UBO extraction tools, is optimised for binary resolution at speed. 

Art. 12(1)(d) breaks that model. It asks a question that has no binary answer: does this structure obfuscate or diminish transparency of ownership with no legitimate economic rationale? Answering that question requires the compliance function to do three things it has not traditionally been equipped to do at scale: 

Detect structural opacity. The function must identify indicators that the architecture of the ownership chain is itself a risk factor, independently of whether any individual entity or person in the chain triggers a screening alert. A chain of four holding entities across three jurisdictions, each individually clean, may collectively represent a deliberate opacity arrangement. Detecting that arrangement requires pattern recognition across the chain, not entity-level screening. 

Test for legitimate rationale. Opacity alone is not dispositive. Complex structures exist for legitimate reasons: regulatory ring-fencing, asset protection, joint venture structuring, intellectual property holding, group treasury centralisation, tax efficiency within lawful parameters, or political and security risk mitigation for beneficial owners in hostile jurisdictions. The function must consider whether any of these justifications is supported by the documentary evidence and business context available, and document the assessment either way. 

Document the determination as a structured, auditable record. Art. 12(2) and (3) require obliged entities to take risk-sensitive measures to satisfy themselves that the information obtained is accurate to provide a comprehensive understanding of the ownership and control structure. That language contemplates a record that a supervisor can examine, e.g. what indicators were observed, what rationale was considered, and what conclusion was reached. A screening result or a UBO chart does not meet this standard. 

This is not an incremental extension of existing CDD. It is a category change. The compliance function is being asked to perform investigative reasoning, the kind of structured, evidence-weighted assessment that has historically been confined to enhanced due diligence on the highest-risk cases, as a standard capability triggered whenever a corporate structure meets the Art. 12(1) threshold. 

The scale implication is significant. The three-layer threshold, combined with any one additional condition from (a) to (c), will capture a substantial proportion of corporate customers in any institution with material cross-border exposure. Multi-layered holding chains are the norm, not the exception, in international corporate structuring. Therefore, the question becomes how many Art. 12 structures an institution’s customer base contains, and whether the compliance programme can perform a documented condition (d) assessment on each of them. 

2. Why Legacy CDD Architectures Cannot Deliver This 

Three pillars of the standard CDD operating model are structurally incapable of producing the assessment Art. 12(1)(d) requires. Understanding why is essential to understanding what must change. 

2.1 Registry verification is an identity control, not a risk assessment 

Corporate registries confirm that a legal entity exists and record its filed attributes: legal name, registration number, registered address, officers, and shareholding structure as disclosed. This is the compliance equivalent of checking a passport. It establishes identity but it does not, and structurally cannot, assess whether the arrangement of entities in an ownership chain serves a legitimate commercial purpose or exists primarily to frustrate transparency. 

A holding company in a chain that has no employees, no commercial activity, and no function beyond interposing a layer between the customer and its beneficial owner will appear in the registry as a perfectly valid legal entity. Its registration may be current, its filing status compliant, and its directors identifiable. None of that information addresses condition (d). The FATF Guidance on Transparency and Beneficial Ownership (2014) is explicit that countries and institutions must take a “multi-pronged approach” and look beyond registry data. 

2.2 Screening is entity-level, not structure-level 

Sanctions, PEP, and adverse media screening operate on individual entities and persons. They test whether a name matches a list. They do not assess whether the architecture of an ownership structure is itself an indicator of risk. A chain of four holding entities across three jurisdictions, each individually clean on screening, may collectively represent a deliberate opacity arrangement. No screening engine, however sophisticated its fuzzy matching, will surface that finding, because the finding is not about any individual entity, but about the relationship between entities and the absence of a commercial rationale for the way they are arranged. 

2.3 Threshold-based UBO identification stops at the wrong question 

The standard 25% beneficial ownership threshold, while operationally necessary, answers the question “who owns more than a quarter of this entity?” It does not answer the question “why is this ownership chain structured the way it is?” In many complex groups, no single natural person meets the threshold. Control is exercised through family arrangements, voting agreements, board composition, or informal influence that sits outside formal ownership structures. FATF Recommendation 24 (revised March 2022) requires identification of natural persons who exercise control through other means, but in practice, most obliged entities default to the threshold test and, failing that, apply the residual method by naming senior managing officials. That process identifies individuals. It does not assess whether the structure through which those individuals exercise control is transparent, opaque, or deliberately obscured. 

The common denominator: verification, screening, and threshold-based UBO identification are all binary controls. They produce yes/no answers. Art. 12(1)(d) requires a qualitative, evidence-weighted assessment that none of them is designed to deliver. The gap is not a feature deficit. It is an architectural mismatch between the control design and the regulatory requirement. 

3. The Regulatory Context: AMLA, Article 12, and the Timeline 

3.1 The AMLA consultation 

The Anti-Money Laundering Regulation (EU) 2024/1624 (AMLR) harmonises CDD obligations as a directly applicable regulation across all Member States from 10 July 2027. On 9 February 2026, AMLA published its consultation paper on the draft RTS under Article 28(1), specifying how obliged entities must apply CDD requirements in practice: what information must be collected, from which sources, under what conditions, and to what standard of verification. The consultation is open until 8 May 2026. AMLA held a public hearing on 24 March 2026. 

The draft RTS builds on the EBA’s response to the European Commission’s Call for Advice, delivered on 30 October 2025. AMLA took over the work and published a track-changes version against the EBA’s original to facilitate review. 

3.2 Article 12: the definition 

Art. 12 introduces, for the first time in EU regulatory technical standards, a formal definition of “complex corporate structure.” A structure qualifies as complex where there are three or more layers between the customer and the beneficial owner, and in addition, more than one of the following conditions is met: 

Conditions (a) to (c) are structural facts, while condition (d) is a qualitative assessment. That asymmetry is the central challenge this paper addresses. 

Where the conditions are met, obliged entities must take reasonable measures and, where necessary, obtain additional information such as an organigram to complement the standard ownership information. They must also take risk-sensitive measures to ensure accuracy and achieve a comprehensive understanding of the ownership and control structure (Art. 12(2)–(3)). 

3.3 The harmonisation gap 

The AMLR achieves something its predecessor directives could not: a single, directly applicable set of CDD rules across all Member States, eliminating the transposition divergence that plagued the AMLD-based framework. The RTS harmonises what information must be collected and from which sources. However, it does not harmonise how the qualitative assessment under Art. 12(1)(d) is to be performed. In fact, the current draft does not contain standardised methodology, scoring framework, or supervisory guidance that specifies how obliged entities should detect opacity, test for rationale, or document the determination. Therefore, one may expect that different institutions will develop different approaches, and AMLA may eventually issue supervisory convergence guidance. 

That creates a first-mover advantage for obliged entities that establish a structured, documented, and defensible methodology now, grounded in the indicator frameworks that international standard-setters have already developed, position their approach as the benchmark when supervisory practice coalesces. On the contrary, those that wait for guidance will be retrofitting under time pressure. 

3.4 Timeline 

AMLA must submit the final draft RTS to the Commission by 10 July 2026. The Commission has three months (extendable by three) to adopt the delegated act, followed by a three-month EP/Council scrutiny period (also extendable). Entry into force: twenty days after Official Journal publication. Realistic estimate: Q1–Q2 2027, aligned with the AMLR application date of 10 July 2027. 

4. What a Compliant Art. 12(1)(d) Assessment Must Deliver 

This section sets out the indicator framework and two-stage assessment methodology that best practice demands, drawing on converging guidance from international standard-setters and supervisory authorities. 

4.1 Stage one: detecting opacity 

International standard-setters have developed converging indicator frameworks for identifying structures that lack legitimate purpose. The FATF Guidance on Transparency and Beneficial Ownership (2014) and the joint FATF/Egmont Group report on Concealment of Beneficial Ownership (2018) identify core shell company indicators: mass nominee arrangements, informal nominees (such as family members with no apparent involvement in operations), addresses of mass registration typically belonging to trust and company service providers, and multi-jurisdictional layering designed to frustrate tracing. The JMLSG Guidance (Part I, Chapter 4) frames the assessment as a direct question: if the customer’s ownership and control structure is complex or opaque, is there an obvious commercial or lawful rationale? It lists bearer shares, nominee shareholders, and structures that could serve as asset-holding vehicles as risk factors requiring documented assessment. Similar expectations on ownership transparency, bearer share disclosure, and related-party aggregation appear in the Wolfsberg Group’s Correspondent Banking Due Diligence Questionnaire (CBDDQ v1.4, 2023). Similar frameworks have also been developed by at European Regulators. For example, the Bank of Italy’s Financial Intelligence Unit (UIF) published a synthetic indicator (Quaderno dell’antiriciclaggio No. 15, December 2020) combining balance-sheet ratios to identify shell companies used for invoice fraud (“società cartiere”), demonstrating that shell entities leave a measurable financial footprint that diverges systematically from operating companies in the same sector. 

These frameworks converge on five principal indicator categories: 

For context, the EU’s proposed ATAD III (Unshell Directive), although formally withdrawn by ECOFIN in June 2025, further crystallised the analytical framework through its substance-test gateway indicators: predominantly passive income, cross-border activity, and outsourcing of administration and decision-making. These remain analytically relevant as a reference framework even absent codification. 

4.2 Stage two: testing for legitimate rationale 

Art. 12(1)(d) requires a positive finding that there is no legitimate economic rationale. Therefore, the obliged entity must consider whether recognised justifications exist for the observed structure. Legitimate rationales may include for example regulatory ring-fencing (e.g. capital or licensing requirements), asset protection in jurisdictions with creditor-friendly regimes, joint venture structuring, intellectual property holding arrangements, group treasury centralisation, tax efficiency within lawful parameters or political and security risk mitigation for beneficial owners in hostile jurisdictions. 

The AFME consultation response to the EBA’s original draft is instructive: it recommended that the obligation be reframed to assess whether a structure might have been established solely to avoid or reduce transparency of beneficial ownership with no other likely or possible legitimate justification. That language influenced the AMLA version and confirms the two-stage nature of the assessment: structural evidence of opacity, followed by rationale testing. 

Where no rationale is apparent from the documentation, business context, or customer explanation, and where opacity indicators are present, condition (d) is satisfied. 

4.3 Documentation standard 

Best practice is to document both stages as a structured, auditable record: indicators detected (per category, with source attribution), legitimate rationale considered (with documented basis for acceptance or rejection), and conclusion reached. This is the evidential standard that Art. 12(2) and (3) contemplate. A binary outcome (“condition (d) met / not met”) without the supporting reasoning is not defensible under supervisory examination. 

The assessment structure: (1) Traverse the ownership chain and count layers. (2) Test each condition (a) to (c) against structural facts. (3) Assess condition (d) by running the five indicator categories against each entity in the chain. (4) Where indicators are found, test for legitimate rationale from documentary evidence and business context. (5) Document the determination: indicators observed, rationale considered, conclusion reached, with source attribution throughout. 

5. The Back-Book Problem: Art. 33 and the Scale of Remediation 

The operational challenge is not confined to new customer onboarding. Article 33 of the draft RTS provides a five-year risk-based transition period from Official Journal publication for the remediation of existing customers against the new CDD standard, with high-risk customers to be prioritised first. 

For any obliged entity with material cross-border corporate exposure, the remediation volume is substantial. Consider an institution with 50,000 corporate customers. If only 15% have ownership structures exceeding three layers (a conservative estimate for any institution with significant international, trade finance, or correspondent banking activity), that is 7,500 Art. 12 assessments within the transition window, each requiring a documented condition (d) determination. At an average of 4–6 hours per manual assessment (incorporating chain traversal, indicator analysis, rationale testing, and documentation to audit standard), the manual effort is in the range of 30,000 to 45,000 analyst hours, equivalent to roughly 15 to 22 full-time equivalent analysts deployed exclusively on Art. 12 remediation for a full year, assuming ca. 2,000 productive hours per analyst per year and 48 effective weeks given holidays, training and sick days. 

Most compliance functions do not have that capacity available. Their analysts are already committed to ongoing monitoring, periodic reviews, SAR filing, sanctions screening, and regulatory enquiry responses. The remediation will need to be absorbed alongside business-as-usual, not instead of it. 

This is the operational context in which the value of investigative automation becomes decisive. A manual Art. 12 programme is feasible for the highest-risk tier. It is not feasible across the full population of structures that the three-layer threshold will capture. The institution needs a capability that can perform the five-category indicator analysis, the rationale assessment, and the audit-ready documentation at a speed and consistency that manual investigation cannot match. 

6. How Agentic Due Diligence Meets the Standard 

The judgment problem described in this paper, performing structured, evidence-based qualitative assessments at scale, is the specific problem that agentic due diligence is designed to solve. CleverChain’s VERA is an autonomous AI due diligence agent that performs end-to-end CDD and EDD on legal and natural persons, producing investigator-grade output in minutes per entity. The Art. 12 assessment is embedded in the standard product, not layered on as an additional module. 

6.1 Layer traversal and condition detection 

VERA automatically traverses the full ownership chain from target entity to ultimate beneficial owners, counting layers and assessing each against the Art. 12(1) conditions. It identifies intermediate layers, flags extra-EU jurisdictions (condition (b)), detects legal arrangements such as trusts and foundations (condition (a)), and identifies nominee structures (condition (c)). For widely-held listed entities with dispersed institutional shareholders, VERA applies the residual method and traces each institutional block upstream to confirm that none individually or collectively triggers the ownership threshold. The obliged entity can make the Art. 12(1) determination directly from the output. 

6.2 Condition (d): the five-layer opacity assessment 

VERA addresses condition (d) through a convergence of multiple detection layers rather than a single binary indicator: 

Operational substance verification tests for virtual offices, mail-forwarding services, mass-registration addresses, and absence of verifiable physical premises, combined with web presence analysis, directory listings, and telephone/domain reverse-lookups. 

Nature-of-business consistency testing flags cases where declared activity codes diverge from evidenced activity or where no evidenced activity exists. 

Director and UBO pattern analysis identifies mass directorships, rapid entity churn, compulsory strike-off patterns, address clustering, dormancy, SIC mismatches, wave incorporation, and dissolution bursts. 

Financial anomaly detection analyses filed financial statements to identify revenue-to-employee ratios inconsistent with stated sector activity, anomalous cost structures, minimal operational expenditure relative to declared turnover, and capital adequacy gaps, mirroring the analytical approach of the Bank of Italy UIF’s synthetic indicator. 

Offshore leak cross-referencing screens against ICIJ Offshore Leaks, Panama Papers, Paradise Papers, and Pandora Papers. 

Collectively, these layers enable VERA to present the evidence on both sides of the Art. 12(1)(d) assessment: opacity indicators found and potential legitimate explanations available from the documentary record. The obliged entity makes and documents the determination, supported by a structured evidence base rather than an unguided manual review. 

CleverChain’s capabilities in this area are continuously evolving and were already recognised by Chartis Research at the 2026 Financial Crime and Compliance 50 (FCC50) Awards, where CleverChain received the Shell Company Detection award. 

6.3 Organigram, residual reconciliation, and group-level risk 

Every VERA report includes a structured ownership chart (organigram) showing the full chain from target entity to UBOs with percentage holdings, legal forms, and jurisdictions at each level, directly satisfying Art. 12(2). For dispersed ownership structures, VERA performs a full residual reconciliation, summing identified institutional blocks, quantifying treasury/self-held shares, estimating the composition of the remainder, and testing for connected-party aggregation. Group-level risk surfacing independently screens each entity in the chain against adverse media, enforcement databases, and regulatory filings, ensuring that a subsidiary’s operational cleanliness is documented alongside any parent-level risk. 

6.4 Audit trail, explainability, and speed 

Every investigative step is explained, logged, and timestamped. Reports include a detailed entity resolution methodology and a complete evidence appendix with source URLs and retrieval dates. A structured control checklist maps the obliged entity’s CDD/EDD policy and regulatory requirements against the information collected, with completion status per item. Where items remain outstanding, the checklist makes the gap visible and actionable rather than concealed within a narrative report. 

VERA produces a complete due diligence report in just a few minutes per entity, regardless of complexity. For Art. 33 back-book remediation, this means Art. 12 assessments can be processed in days rather than years, with each assessment documented to audit standard. 

6.5 Mapping to the Art. 12 framework 

Conclusion 

Article 12(1)(d) is a category change in CDD requirements and in what compliance programmes must deliver. For the first time, EU regulatory technical standards require obliged entities to perform a structured qualitative assessment of whether a corporate ownership architecture is itself a risk indicator. That assessment cannot be produced by verification, screening, or threshold-based UBO identification, the three pillars on which most CDD programmes currently rest. 

The international standard-setting framework has been building toward this expectation for years. The AMLA RTS codifies it. The harmonisation gap (what to collect is standardised; how to assess condition (d) is not) creates a first-mover advantage for obliged entities that establish a documented methodology now. The back-book remediation obligation under Art. 33 makes the scale dimension unavoidable. 

CleverChain’s VERA addresses the judgment problem by embedding investigative, evidence-based Art. 12 assessment within the standard due diligence product: automatic layer traversal, condition detection, five-category opacity analysis, rationale documentation, organigram generation, residual ownership reconciliation, group-level risk surfacing, and audit-ready documentation of every investigative step. The output is the defensible, evidence-traced qualitative determination that Art. 12(1)(d) demands, not a score. 

Start the Conversation 

If your current CDD programme cannot systematically assess complex structures against the Art. 12 conditions, or if your Art. 12(1)(d) assessment relies on case-by-case manual judgment without a structured indicator framework, CleverChain offers a free assurance discussion to benchmark your controls against the draft RTS requirements. 

Learn more at cleverchain.ai and contact us to see VERA in action. 

Disclaimer: This document is provided for informational purposes only and does not constitute legal or regulatory advice. It reflects the draft RTS as published by AMLA on 9 February 2026 and assumes the text is adopted without material amendment. Obliged entities should independently assess the final adopted text and take their own legal counsel on implementation. 

References 

[1] FATF/Egmont Group. Concealment of Beneficial Ownership (July 2018). fatf-gafi.org. 

[2] FATF. Guidance on Transparency and Beneficial Ownership (October 2014). fatf-gafi.org. 

[3] FATF. Recommendation 24: Transparency and Beneficial Ownership of Legal Persons (revised March 2022; Interpretive Note updated October 2023). fatf-gafi.org. 

[4] FATF. Guidance on Beneficial Ownership and Transparency of Legal Arrangements (March 2024). fatf-gafi.org. 

[5] FATF. Annual Report 2023–2024. fatf-gafi.org. 

[6] EBA. Guidelines on ML/TF Risk Factors (EBA/GL/2021/02, revised January 2023). eba.europa.eu. 

[7] JMLSG. Prevention of Money Laundering / Combating the Financing of Terrorism: Guidance for the UK Financial Sector, Part I (updated November 2024). Chapter 4: Risk-Based Approach. jmlsg.org.uk. 

[8] Wolfsberg Group. Correspondent Banking Due Diligence Questionnaire (CBDDQ v1.4, 2023). wolfsberg-group.org. 

[9] Bank of Italy / UIF. Quaderno dell’antiriciclaggio No. 15: Un indicatore sintetico per individuare le società cosiddette cartiere. Pellegrini, De Franceschis, Bentivogli, Laurenza (December 2020). uif.bancaditalia.it. 

[10] AMLA. Consultation Paper: Draft RTS on Customer Due Diligence under Article 28(1) AMLR (9 February 2026). amla.europa.eu. 

[11] EBA. Response to the European Commission’s Call for Advice on new AMLA mandates (30 October 2025). eba.europa.eu. 

[12] AFME. Response to EBA Consultation on Proposed RTS (2025). afme.eu. 

[13] EU ATAD III / Unshell Directive. Proposal for a Council Directive to prevent misuse of shell entities for tax purposes (December 2021). Withdrawn by ECOFIN 18 June 2025. 

[14] Chartis Research. Financial Crime and Compliance 50 (FCC50) 2026: Ranking and Award Winners (9 March 2026). chartis-research.com. 

[15] US Treasury. FATF Strengthens Financial Transparency Standards and Updates Evaluation Methodology (March 2022). treasury.gov. 

© 2026 CleverChain Limited. All rights reserved.