CASE-001: Nominee Maze — 7 Layers, One Sanctioned UBO

Seven-tier corporate stack with hatched chevron silhouette at the bottom representing the undisclosed ultimate beneficial owner.

A Cypriot trading company applied to open a correspondent account at a Tier-1 European bank. Its declared beneficial owner was an unsearchable man from a Russian industrial city. Eleven working days later, the chart had collapsed to seven nominee layers and a single name on the EU's 13th sanctions package. This is how registry forensics, the Federal Notarial Chamber's pledge ledger, and patient social-OSINT work peeled the structure apart.

The Counterparty Who Wasn’t There

A compliance officer at a Tier-1 European bank’s Vienna onboarding desk looked at the screening flag for the third time that morning. The applicant was a Cypriot single-purpose trading company, incorporated fourteen months earlier in Limassol, applying for a correspondent line to fund commodities-trade flows the size of a small national budget. The submitted ownership chart was tidy: the Cypriot SPV sat above a Russian limited liability company, and the Russian LLC sat above a sole shareholder — an individual with a domestic address in a regional industrial city, a name that returned no media hits, no LinkedIn, no court records, no PEP entries. He was a clean man on paper, and on paper his ownership was unambiguous.

The chart was the problem. Real beneficial owners of trading vehicles at this volume rarely have no digital footprint. Real beneficial owners have weddings, charity dinners, regional press photographs, university alumni pages, vehicle registrations. The applicant had none of these. He had a passport scan, a notarised declaration, and a Moscow notary’s certification of his signature on the share-transfer paperwork that had made him sole shareholder of the Russian LLC nine months before the Cypriot SPV came into existence. The bank’s onboarding window was forty-eight hours from escalation. The compliance officer marked the file for enhanced due diligence and sent it across.

“He looked like every other UBO we screen, which is exactly why we couldn’t accept him. Real people leave traces. Nominees leave a passport scan and a Moscow notary stamp.”
— Compliance lead, Tier-1 European bank (onboarding desk)

What the Registries Said

We treated the submitted chart as a hypothesis to be falsified, not confirmed. The first pass was registry work: pull complete EGRUL extracts for every Russian entity in the chain, including historical directors, share transfers, address changes, and the full set of uchastniki (participants) across the entity’s life. EGRUL is the Russian Federal Tax Service’s unified state register of legal entities. SPARK-Interfax sits on top of EGRUL with commercial enrichment, but the underlying data are public and can be cross-checked against the FTS’s own free lookup portal. We pulled both.

The named “owner” surfaced within hours, and not in the way the chart had implied. He had become sole shareholder of fourteen unrelated Russian LLCs within a ninety-day window in the third quarter of 2022 — the period immediately after the EU’s sixth and seventh sanctions packages took effect, and the period in which a substantial migration of beneficial ownership out of designated names and into intermediary names was visible across Russian corporate registries generally. None of the fourteen LLCs had material trading activity in the period since acquisition. All shared a small set of Moscow notary offices for the share transfers. Three used the same registered legal address — a small office in a regional administrative centre that, on photographic inspection via mapping services, was a residential building with no visible commercial signage. None of these features individually proved nominee structure. All of them together matched the standard nominee-pattern indicators we have documented across the engagement portfolio.

“Fourteen LLCs in ninety days is not a career. It’s a holding pen. When you see that pattern in EGRUL, you stop looking at the named shareholder and start asking who paid the notary.”
— Senior OSINT analyst, [0x]INT

The Cypriot leg was equally instructive. The Department of Registrar of Companies in Cyprus had filed the trading SPV with a director who appeared, on cross-reference against OpenCorporates and the ICIJ Offshore Leaks Database, on the boards of seventeen other Cypriot and BVI entities, several of which had appeared in published OCCRP reporting as service-providers to designated Russian principals. The director was not himself sanctioned. The pattern of his client book was the indicator.

The Layer Underneath the Layer

The pivot came from the Federal Notarial Chamber. The Chamber maintains a public registry of pledged shares and notarial acts (Reestr uvedomleniy o zaloge dvizhimogo imushchestva) which captures the pledge instruments often used to control nominee structures without registering a change of ownership. Pledge instruments are a quiet form of control in Russian corporate law: a pledged participation interest can carry voting and disposition rights to the pledgee, while the named shareholder remains nominally in place. They are documented, they are searchable, and they are routinely overlooked by Western compliance workflows because the documentation is in Russian and the registry interface is unfamiliar.

Two of the fourteen LLCs the “owner” had acquired in Q3 2022 had pledged their participation interests via instruments executed at the same notary, on the same day, in favour of a Cyprus company. The Cyprus pledgee’s director appeared, on prior published reporting, as a long-standing corporate-services provider for a person designated under the EU’s 12th and subsequently 13th sanctions packages. The pledge metadata named a specific corporate-services group whose registered agent records, available through OpenCorporates and the OCCRP Aleph archive, linked five further BVI entities to the same upper-tier beneficial group. The structure was no longer seven horizontal layers; it was a five-tier vertical with the pledge instruments acting as the silent control mechanism between the visible Russian leg and the invisible upper-tier beneficial group.

“The notary chamber pledge register is the single most underused dataset in Russian UBO work. It tells you who actually controls a Russian LLC even when the participant column says someone else.”
— Senior risk officer, Big-4 forensic services practice

Social OSINT corroborated the registry trail. The named “owner” appeared in three archived regional press photographs — recovered via Wayback and a regional newspaper’s own archive — as a junior employee at a holding company whose general director was the same individual designated under the 12th and 13th packages. The photographs were from corporate events between 2018 and 2021 and captioned in the regional press with the holding company’s name. The named “owner” was, in plain reading of his actual employment history, a long-serving junior staff member of the sanctioned principal’s holding. He had been promoted, on paper, to sole-shareholder status across fourteen vehicles in the weeks after his employer’s designation became binding.

The 50% Rule analysis fell out of the structure as soon as the pledge instruments were surfaced. Under the standard OFAC aggregate-ownership methodology — matched, with minor procedural differences, by the EU’s ownership-and-control guidance — the Cypriot SPV inherited the sanctions exposure of its pledged upstream control. The bank’s MLRO did not need a counsel opinion to decline the onboarding; the chart spoke for itself once the pledge layer was visible.

Where the Money Touched Ground

We delivered a tiered ownership reconstruction inside the bank’s onboarding window. Seven nominee layers between the Vienna account applicant and the sanctioned ultimate beneficial owner, each layer sourced to a discrete public-records extract with capture date, original-language source link, certified translation where required, and an explicit chain-of-inference paragraph for any conclusion that rested on more than direct registry evidence. The deliverable was structured to be defensible in a subsequent regulatory enquiry: not a narrative report, but an evidentiary bundle.

// Reconstruction summary

  • Tier 1: Cypriot trading SPV (the account applicant).
  • Tier 2: Cypriot holding, sole shareholder of the SPV, director cross-named on seventeen affiliated entities.
  • Tier 3: Russian LLC, sole participant on the submitted chart.
  • Tier 4: Named “owner” — a junior employee of the sanctioned principal’s pre-2022 holding company.
  • Tier 5 (pledge layer): Cyprus pledgee holding voting and disposition rights over two of the fourteen acquired LLCs via Federal Notarial Chamber instruments.
  • Tier 6: Corporate-services group named in the pledge metadata, with registered-agent records linking five BVI entities into the upper-tier beneficial group.
  • Tier 7: Designated individual, listed in the EU’s 12th package and subsequently 13th, whose pre-2022 holding company employed the named “owner” in a junior capacity.

The bank’s MLRO rejected the onboarding application inside their internal escalation window and filed a Suspicious Activity Report to the Austrian Financial Intelligence Unit, citing the reconstruction and the specific Federal Notarial Chamber pledge-instrument identifiers. A subsequent enquiry from the Cyprus Department of Registrar of Companies, prompted by the FIU referral, opened a domestic compliance review of the registered service-provider on the Cypriot leg. The named “owner” was not himself listed; the structure he fronted was demonstrably under the aggregate-control of a listed person. No funds entered the bank. No exposure crystallised. The Cypriot SPV remains, as of publication, an entity without a Western correspondent line.

“We had forty-eight hours and a chart that looked clean. The reconstruction handed us a defensible decline note we could put in front of the regulator the next day.”
— MLRO, Tier-1 European bank

What We Took Away

Three lessons from the nominee maze engagement that have since been written into our standing playbook for nominee work against Russian-leg structures.

The pledge layer is where the truth sits. Western compliance workflows over-rely on participant-column data from EGRUL. The Federal Notarial Chamber’s pledge register is in Russian, has an unfamiliar interface, and produces output that requires translation. It is also the single most reliable indicator of nominee control structures in the post-2022 Russian corporate landscape. Any UBO chain that touches a Russian LLC acquired since Q2 2022 should be checked against the pledge register as a default step, not an enhanced step. Our 50 Percent Rule methodology page walks through the procedural integration. The free OFAC 50-Percent Rule Calculator we publish handles the aggregate-arithmetic side once the pledge layer is correctly modelled.

Naming conventions matter. Russian-Cyrillic names of natural persons are transliterated inconsistently across registries, sanctions lists, and commercial PEP databases. The same individual will appear in EGRUL under one transliteration, on the EU Official Journal under another, and in regional press under a third. A name-match negative in the standard screening tool is not a clean result if the name has not been run through the canonical four transliteration standards. Our free Cyrillic-to-Latin transliterator outputs GOST 7.79-2000, ICAO Doc 9303, BGN/PCGN 1947, and the Russian Passport 2010+ standard side-by-side; that single-screen comparison would have surfaced the named owner’s pre-2022 employer in a regional press archive on day one of the engagement, rather than day five.

OpenSanctions and OCCRP Aleph are the public cross-checks of last resort. The OpenSanctions consolidated dataset aggregates OFAC SDN, EU Official Journal, UK OFSI, Ukrainian NABC, and a long tail of national lists into a single queryable index. OCCRP Aleph archives the underlying investigative reporting and the leaked-document corpora that connect named principals to corporate-services providers. Neither is a substitute for primary registry work, but either would have surfaced the corporate-services group on the pledge layer within an hour of being asked. The combination of EGRUL plus pledge register plus OpenSanctions plus Aleph, run as a single workflow, would have collapsed the chart on the bank’s own desk; the engagement we ran was, in effect, a demonstration of what that workflow looks like applied at evidentiary standard.

// Result

Seven nominee layers collapsed to one sanctioned UBO in eleven working days; onboarding declined, SAR filed to the Austrian FIU, no exposure crystallised, no funds entered the bank’s perimeter.

External public-record sources referenced in this methodology

About this engagement

Case identifiers, dates, jurisdictions of the named onboarding desk, and the specific notary offices and individual names have been adjusted to protect client confidentiality. The methodology, the registry pivots, the role of the Federal Notarial Chamber pledge register in collapsing nominee structures, and the substantive shape of the reconstruction described above are accurate to the engagement. No published claim in this case study identifies a real natural person or a real corporate entity beyond reference to public sanctions designations and to public investigative archives.

Need a similar investigation?

Onboarding desk, MLRO function, instructing counsel, or institutional investor: if you are looking at an ownership chart that resolves cleanly on paper and uncleanly in your instincts, we can run the registry work, the pledge layer, and the social OSINT inside a single evidentiary deliverable. Typical turnaround for a UBO reconstruction of this complexity is between seven and fourteen working days.

Request a Case Brief