Shell companies and money laundering: How to mitigate risks

Shell companies and their money laundering risks are a perennial concern for financial institutions (FIs). While not illegal outright, criminals often use shell companies to disguise illegal assets and introduce them into the legitimate financial system. 

When onboarding businesses as new customers, your organization needs appropriate tools to identify shell companies and their ultimate beneficial owners (UBOs) and flag any associated anti-money laundering (AML) risks. 

In 2025, corporate transparency remains high on the global compliance agenda, with beneficial ownership registers in place in some jurisdictions. However, global regulatory approaches to this issue remain inconsistent, leaving firms responsible for detecting and preventing AML risks relating to shell companies. 

What is a shell company? 

A shell company is a business entity with no active operations, physical presence, or significant assets. Instead, shell companies act as vehicles for other entities to hold or transfer assets. 

Shell companies are not inherently illegal and have some legitimate business purposes, including accessing foreign markets, enabling complex corporate transactions, tax planning, and asset protection. However, they are also a frequent feature of money laundering and terrorist financing schemes. 

How are shell companies used for money laundering?

In many jurisdictions, companies can be created quickly and inexpensively. When laundering illicit funds, criminals often set up shell companies as proxies to move funds on their behalf and conceal their true identities. This enables them to avoid detection by firms’ anti-money laundering/countering the financing of terrorism (AML/CFT) controls. 

The use of shell companies to disguise beneficial ownership or create complex transaction chains designed to obscure where funds have come from is a well-established risk for FIs. Trade-based money laundering (TBML), money laundering through real estate, and sanctions evasion are all examples of specific financial crime typologies that can involve shell companies. TBML, in particular, poses a growing threat across the financial landscape: In our State of Financial Crime 2025 survey, 51 percent of global compliance leaders identified it as one of their top financial crime concerns. 

AML regulations and shell companies

All FIs have customer due diligence (CDD) responsibilities under AML regulations, which require them to collect and verify certain information about their customers. Typically, this includes identifying the purpose of any new customer relationship and the UBOs of business entities. While definitions of UBOs can vary, they typically involve a minimum ownership threshold of shares in a company. 

The Financial Action Task Force (FATF) recommends this threshold not exceed 25 percent, which is followed by most but not all jurisdictions. 

• US regulations: As part of the Bank Secrecy Act (BSA), you must have customer identification programs to establish and verify all customer identities and the nature of their relationship with them. The ‘CDD Final Rule’ is an amendment to the BSA that obliges you to establish the beneficial ownership of any of their business customers to prevent the misuse of corporate ownership structures. 
• UK regulations: The Money Laundering, Terrorist Financing, and Transfer of Funds (Information on the Payer) Regulations (MLRs) require you to identify all UBOs of new accounts. 
• EU regulations: CDD, including UBO identification, is required under the EU’s Anti-Money Laundering Directives (AMLD). The new’ Sixth Anti-Money Laundering Directive (6AMLD) has broadened its definition of UBOs by allowing an ownership threshold of 15 percent for higher-risk companies. It also allows family ties to be considered when deciding who controls an entity. 
• Singapore regulations: The Monetary Authority of Singapore (MAS) rules state that you must carry out CDD of any entity you start a business relationship with or any non-customer involved in certain transactions (such as those over $20,000). You must also establish the ultimate beneficial ownership (UBO) of customer accounts. 

Depending on your jurisdiction, corporate transparency regulations will shape how identifying data is collected. Examples are: 

• Corporate transparency in the US: This has been a fraught topic, particularly from late 2024 to early 2025, with several conflicting legal judgments causing confusion over firms’ obligations. Finally, in March 2025, the US Treasury significantly revised its approach to corporate transparency regulation, indicating that US citizens or entities would not have to report their beneficial ownership information (BOI), as had previously been required by the Corporate Transparency Act. Non-US businesses, however, must still submit this information to the Financial Crimes Enforcement Network (FinCEN). 
• Corporate transparency in the UK: UK firms must declare their UBOs, also known as ‘persons with significant control’ (PSCs), on PSC registers and submit them to Companies House, the body responsible for incorporating UK businesses. As part of the Economic Crime and Corporate Transparency Act, Companies House has introduced new identity verification and ownership transparency requirements. 
• Corporate transparency in the EU: Since the implementation of 6AMLD, member states must allow access to beneficial ownership registers to those with “legitimate interest” by mid-2027. Trusts and similar legal arrangements are now required to register their UBOs, as well as businesses. 
• Corporate transparency in Singapore: Singapore maintains the Register of Registrable Controllers as a centralized UBO database. All private companies, private partnerships, and non-profit organizations must submit information on their UBOs for inclusion in this register. 

AML red flags for shell companies

The fact that shell companies are legal and the anonymity they can provide criminals can make AML/CFT compliance challenging. You should ensure your organization’s compliance team is familiar with red flag characteristics that indicate that a shell company may be used to launder money. These include:

• Difficulties in obtaining information about the originators or beneficiaries of transactions or transfers.
• A company that exhibits transaction activity inconsistent with its business profile, including unusually high volumes of transactions or sporadic bursts of transactions.
• Payments that have no clear or stated purpose or that do not involve any discernible goods or services.
• Multiple high-value transfers between known shell companies.
• Payments that are only identifiable via reference to a contract or invoice.
• Transactions involving goods and services that do not match the profile of the companies sending or receiving them.
• Transactions that involve two separate companies registered to the same address or companies that provide only the address of their registered agent.
• A single company sending wire transfers to an unusually large number of beneficiaries.
• Transactions that frequently involve beneficiaries in high-risk jurisdictions or offshore financial destinations.

The State of Financial Crime 2025

Corporate transparency is a key theme in our fifth annual state-of-the-industry report, built around a global survey of 600 senior compliance decision-makers.

Download your copy

How to mitigate AML risks from shell companies

Money laundering through shell companies poses a significant threat to the legitimate financial system and FIs’ business growth; if regulators find gaps in your AML controls, they can issue heavy fines as a deterrent to other firms. Given the scale of this threat, you should implement risk-based measures to detect and prevent money laundering through shell companies: 

• Define beneficial ownership of customer accounts: At onboarding, you should ask customers for essential information. This includes company names, registration numbers, addresses, and the names of individuals in senior management roles. Using this information, you should determine who to define as a UBO. This involves checking individuals against ownership thresholds (including direct and indirect ownership). 
• Use a variety of screening tools for CDD: When carrying out know your customer (KYC) and know your business (KYB) checks, you should screen customers against sanctions lists, politically exposed person (PEP) data, and adverse media data to minimize your risk exposure. PEPs and sanctioned entities present a higher risk of attempting to launder money through shell companies. At the same time, negative news stories can sometimes alert you to customer risks before official sources. 
• Continue to monitor customer relationships: Once you have onboarded a customer, you should carry out ongoing monitoring, ensuring CDD is a continuous process rather than a static one. You should also monitor customer transactions since some AML risks relating to shell companies can only be discovered over time by analyzing payment patterns. 
• Select an appropriate software vendor: Given inconsistencies in the global approach towards beneficial ownership reporting, you should not rely on centralized UBO databases for all the information you need. Instead, you should choose a vendor who can provide you with detailed, reliable data so you can carry out effective KYC and KYB processes. 
• Enhance screening with automation: Screening software that uses artificial intelligence (AI) and machine learning (ML) technologies can significantly enhance efficiency. Unlike manual checks, automated systems can scan sanctions lists and other data constantly, ensuring you get updates instantly and reducing your risk of dealing with high-risk customers. 

Advanced AML due diligence tools 

ComplyAdvantage’s AML solutions help firms identify the AML risks they face from dealing with shell companies, assess cases for red flags, and protect themselves from exposure to financial crime. With ComplyAdvantage, you can access: 

• Secure and efficient customer onboarding: Upgrade your CDD processes and get a complete picture of your AML risks with proprietary data from ComplyAdvantage. Use advanced matching algorithms to minimize false positives across sanctions, adverse media, and PEP screening. 
• Detailed risk intelligence: Access more than just names on sanctions lists with sanctions-related data that shows entities related to or controlled by sanctioned individuals and businesses. 
• Real-time updates: Ensure your ongoing customer monitoring is as effective as possible by receiving information updates without delay. ComplyAdvantage’s data is refreshed using automated systems, so you’re informed of changes well ahead of competitors, with expert verification for added peace of mind.