Beneficial Ownership and Entity Resolution: Mapping the Network Behind a Customer
Money launderers hide behind layers of entities. How entity resolution and a beneficial-ownership graph reveal the real network — resolving duplicate records, linking related parties, and surfacing UBO and layering for investigators.
A customer is rarely a single, tidy record. Behind one account name sits a person who also appears, spelt slightly differently, on a second account; behind a company sits a holding entity, and behind that a nominee, and behind the nominee a real person who never appears on any onboarding form at all. The work of beneficial ownership and entity resolution is mapping the network behind a customer — turning a scatter of fragmented records into a picture of who actually controls what, and who is connected to whom. It is the difference between knowing your customer and knowing your customer's customer's hidden owner.
This matters because the launderer's basic technique is to break a single network into pieces your systems cannot reassemble. If three accounts look unrelated, three alerts get worked in isolation and closed. If the institution cannot see that the same beneficial owner sits behind all three, the pattern that would have made the activity obvious never surfaces. The fragmentation is not an accident; it is the point. This article explains the obligations that make beneficial ownership unavoidable, why ordinary data hides networks, and how Creodata's Entity Resolution service rebuilds them so investigators can see the whole shape of a relationship rather than one corner of it. For where this sits in the broader programme, see the complete AML platform guide.
The obligation: knowing who is really there
Every AML regime in the region requires regulated institutions to identify the ultimate beneficial owner — the natural person or persons who ultimately own or control a customer — not just the account-holder on the form. FATF Recommendations 24 and 25, and the ESAAMLG-aligned regimes that implement them across Kenya, Uganda, Tanzania, Zambia and Rwanda, treat beneficial-ownership transparency as foundational. A company is not a customer in any meaningful sense; the people behind it are. An account opened in the name of a trust, a holding company, or a chain of intermediaries is only as well understood as the institution's grasp of who ultimately benefits.
The obligation runs through the whole relationship, not just onboarding:
- At onboarding, you must establish and verify who the beneficial owners are, to a threshold of control your policy defines.
- During the relationship, you must keep that picture current as ownership changes.
- When risk rises — a sanctions hit on a connected party, an unusual transaction pattern, a politically exposed connection — you must be able to trace the ownership and control structure quickly and defensibly.
The trouble is that ownership is precisely the information a launderer is motivated to obscure. Layering through shell companies, nominee directors, and complex cross-holdings exists to put distance between the money and the person who controls it. Meeting the obligation therefore depends less on collecting declarations — those can be falsified — and more on the institution's ability to connect what it already knows across every record it holds. That is an entity-resolution problem before it is a compliance problem.
Why ordinary data hides networks
Most institutions hold more than enough information to see a network. They simply hold it in fragments that never get joined. The reasons are mundane and universal.
The same entity, many records
A person appears as "John M. Otieno" on a savings account opened in 2019, "J. Otieno" on a loan booked in 2022, and "John Otieno" on a beneficiary record from a wire transfer. Three records, one human being. Multiply that by inconsistent identifiers, transliteration from other scripts, married names, abbreviations, data-entry error, and the legitimate reuse of common names, and a single customer can be scattered across a dozen records that the core system treats as a dozen different parties. Duplicate and near-duplicate records are not an edge case; they are the normal state of customer data.
The connections live between records, not inside them
Even when each record is clean, the relationships that matter live in the gaps. A shared phone number between two "unrelated" account-holders. A common registered address across four companies. A beneficial owner named on one company's declaration who is also a director of another. None of this is visible from inside any single record. It only appears when you place the records side by side and resolve which references point at the same real-world entity — and then draw the links between those entities.
Risk is assessed one customer at a time
Onboarding, screening and monitoring are mostly built around a single customer at a time. That is reasonable, but it means connected-party risk falls through the cracks. A customer who is individually low-risk can sit at the centre of a high-risk cluster — connected to a sanctioned entity two hops away, or sharing ownership with a customer already under investigation. Assessed alone, the customer looks clean. Assessed as a node in a network, the customer looks very different. The data to see this almost always exists; what is missing is the layer that joins it.
Entity resolution: rebuilding the network
Creodata's Entity Resolution service is that joining layer. It takes the fragmented references spread across the institution's data and produces a coherent map: resolved entities, the links between them, the clusters they form, and the beneficial-ownership graph that shows who ultimately controls what. It is the structural backbone that turns a pile of records into a network an investigator can read.
Resolved entities
The first job is deduplication and matching: deciding which records refer to the same real-world person or organisation. The service consolidates the scattered references — the three Otienos above — into a single resolved entity, while keeping every source record traceable behind it. This draws on the same name-matching discipline that powers screening: fuzzy, multi-script and locale-aware matching that copes with transliteration, abbreviation and the spelling variation that is normal in a region with many languages and scripts. The output is a stable identity the rest of the platform can reason about, rather than a dozen partial views of one party.
Links
With entities resolved, the service records the links between them — the relationships that ordinary data leaves implicit. A person is a director of a company. Two companies share a registered address. An account-holder is a counterparty on another customer's transactions. A declared beneficial owner connects to the entity they control. Each link is an explicit, inspectable edge between two resolved entities, not a hunch the analyst has to reconstruct from memory.
Clusters
Links accumulate into clusters: groups of entities bound together by ownership, control, shared attributes or transactional ties. A cluster is the natural unit for assessing connected-party risk, because it is the shape the launderer was trying to keep you from seeing. Once the cluster is visible, the question changes from "is this customer risky?" to "is this customer sitting inside a risky network?" — a question the data could always answer but the institution could rarely ask.
The beneficial-ownership graph
On top of the links and clusters sits the beneficial-ownership graph — the UBO graph — which traces ownership and control through intermediaries to the natural persons at the end of the chain. This is what turns a layered structure from an obstacle into a map. Where a launderer has stacked a holding company over a nominee over an operating entity, the graph walks the chain and surfaces the ultimate owner, with each hop shown as an edge you can inspect. The structure designed to hide control becomes the very thing that displays it.
How this surfaces layering and connected-party risk
The payoff lands in two places: during enhanced due diligence, and during live investigation.
During EDD
When a relationship tips into enhanced scrutiny — a high-risk customer, a PEP connection, a complex corporate structure — the analyst needs to understand ownership before they can judge the relationship. The UBO graph gives them the chain at a glance rather than a stack of declarations to reconcile by hand. They can see whether the declared owners match the resolved network, whether intermediaries exist that the customer did not mention, and whether any node in the chain carries sanctions, PEP or adverse-media exposure. Complex ownership is the most common trigger for deeper review and the hardest part to do manually; for how that fits the broader workflow, see enhanced due diligence on complex ownership structures.
During investigation
The same map drives investigation. Layering is, in essence, a pattern in a graph — funds and control passing through a chain of entities to break the line of sight. When the network is resolved, that pattern stops being invisible. An investigator can see that three accounts under separate names share a single beneficial owner, that a counterparty in one case is the subject of another, or that money is circling a cluster rather than leaving it. These are exactly the layering typologies a resolved network exposes — structures that are impossible to read one record at a time and obvious once the graph is drawn.
Crucially, this investigation tooling does not live in a separate analytics product the team has to learn and switch into. It is embedded in the Case UI. From inside a case, the analyst can pivot from the customer to the cluster, walk the ownership chain, and follow links to related cases without leaving the investigation. The entity-resolution layer is also what powers the linked-case graph that connects investigations sharing an owner, a counterparty or an address — the mechanics of which are covered in investigating linked cases. Seeing the network and acting on it happen in the same place.
| What the analyst has | Without entity resolution | With the Entity Resolution service |
|---|---|---|
| A duplicated customer | Three records, three partial views | One resolved entity, full history |
| A connected party | Invisible unless someone remembers | An explicit, inspectable link |
| A layered ownership chain | Declarations to reconcile by hand | A UBO graph walked to the natural person |
| A suspicious pattern | One alert worked in isolation | A cluster a launderer hoped you would not see |
Evidence, audit and the limits of the map
A network map influences consequential decisions — whether to escalate, to file, or to exit a relationship — so it is held to the same evidence-first standard as the rest of the platform. Every resolved entity traces back to its source records; every link is inspectable; every ownership edge shows its basis. An analyst is never asked to trust the graph as a black box. They are shown why two records were merged and why two entities are connected, and so is anyone who reviews the decision later. Consequential actions taken on the strength of the network — a merge that materially changes a customer's risk picture, an override of a resolution — are protected by four-eyes approval and written to the append-only, immutable audit log, so the institution can always show how its view of a customer's network was built.
The map is a tool for judgement, not a replacement for it. Resolution proposes that two records are the same entity or that two entities are connected; the analyst confirms, modifies or rejects. That human control matters, because a wrong merge is its own risk — conflating two genuinely different people is as damaging as missing that two records are one person. The discipline is the same one that runs through the whole platform: the system surfaces the connection and its evidence, and a person makes the call on the record.
Frequently asked questions
What is the difference between a customer record and a resolved entity?
A customer record is one row in one system — an account, a loan, a beneficiary line. A resolved entity is the real-world person or organisation that one or more records refer to. Entity resolution decides which scattered records point at the same party and consolidates them into a single resolved entity, while keeping every source record traceable behind it. The record is what you stored; the resolved entity is who is actually there.
How does the beneficial-ownership graph handle layered or nominee structures?
The UBO graph traces ownership and control through intermediaries to the natural persons at the end of the chain, showing each hop as an inspectable edge. Where ownership is stacked through holding companies or nominee arrangements, the graph walks the chain rather than stopping at the first entity, so the structure intended to obscure the ultimate owner becomes the map that reveals them. Declared owners can then be compared against the resolved network to expose gaps.
Does entity resolution decide things automatically?
No. The service surfaces resolved entities, links and ownership chains, and shows the evidence behind each — why two records were matched, why two entities are connected. The analyst confirms, modifies or rejects. Consequential changes are protected by four-eyes approval and recorded in the immutable audit log. The map informs judgement; it does not replace the investigator who makes the call.
Where does an investigator actually use this?
Inside the Case UI. Investigation tooling is embedded in the case interface, so from within a case the analyst can pivot to the cluster, walk the ownership graph, and follow links to related cases without switching tools. The same entity-resolution layer powers the linked-case graph that connects investigations sharing an owner, counterparty or address.
Networks are how money laundering hides, and a resolved network is how it stops hiding. If you want to see how resolved entities, links, clusters and a beneficial-ownership graph turn fragmented records into a map an investigator can read, explore the Creodata AML Platform, talk to our financial crime compliance advisory team, or book a demo and we will walk one through with your own structures in mind.