June 27, 2023

4 Eyes Principle: Effective Governance Management

Discover the power of the 4 Eyes Principle in governance management. Learn how this principle safeguards data, prevents fraud, and enhances accountability.

Dear Legal Ops!
Welcome to this week’s Let’s talk about Legal Ops, offered by Newton. We tackle corporate legal departments, speed up processes, and career growth. Please send us your questions; in return, we come back with real insights and actionable tips.
If you find this post valuable, don't miss the chance to check out our latest posts.

Subscribe to get access to more posts like these!

Join Newton's newsletter to receive our blogs, templates, and the latest information right in your inbox. You can unsubscribe at any time.

Effective governance management is crucial for organizations to ensure data integrity, security, and compliance. One of the powerful principles that have gained prominence is the “4 Eyes Principle”, also known as the 2-Man Rule. This principle emphasizes the importance of having two people approve actions, decisions, and data to enhance accuracy, and accountability, and prevent potential errors.

In this article, we will delve into the core of the 4 Eyes Principle and explore real-world examples where it safeguarded valuable data.

In this article, we will cover the following:

Understanding the 4 Eye Principle

The 4 Eyes Principle, also known as the “Two-Person Integrity Principle”, is based on the premise that essential tasks or actions should be reviewed by at least two authorized people before they are considered finalized. The principle acts as a control mechanism, reducing the risk of errors, fraud, or malicious activities that may compromise sensitive data. By enforcing approval by two people, companies create a robust system of checks and ensure the accuracy of critical processes.

From the legal perspective, implementing the 4 Eyes Principle helps organizations achieve compliance with regulatory requirements and standards such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).

Examples of the 4 Eyes Principle

  • Financial Transactions: Financial institutions rely on the 4 Eyes Principle to protect their customers’ assets and financial data. For example, when transferring large sums of money, the 4 Eyes Principle is typically required to review and approve the transaction before it is processed. This double-checking procedure minimizes the risk of fraudulent activities and errors that could result in financial losses.
  • Software Development: In software development, the 4 Eyes Principle plays a vital role in ensuring code quality and security. Before code changes are merged into the main branch or deployed to production environments, they undergo a review process by at least two developers. This practice helps identify and rectify potential vulnerabilities, improves the overall reliability of the software, and reduces the likelihood of security breaches.

What are the benefits of the 4 Eyes Principle?

Adopting the 4 Eyes Principle within governance management brings several benefits:

  • Error detection and correction. Relying on two or more individuals in making critical actions or decisions significantly enhances the chances of identifying errors or inconsistencies. By catching and rectifying mistakes before they escalate, organizations can maintain data integrity and prevent potential financial or legal consequences.
  • Fraud Prevention: Dual approval is an effective way to prevent fraudulent activities. Requiring two people to validate critical transactions or access sensitive data reduces the risk of unauthorized manipulation or misuse, providing a higher level of data security.
  • Accountability and Responsibility: The 4 Eyes Principle establishes a culture of accountability within organizations. This means that each person involved in the review process is responsible for the accuracy and integrity of the approved actions. This shared responsibility creates a sense of ownership and causes a greater level of diligence and attention to detail.
  • Compliance and Regulatory Requirements: Many industries are subject to strict regulatory frameworks and mandate having more security measures. The 4 Eyes Principle serves as an effective system to ensure compliance with such security requirements and protect sensitive data.

Best Practices for Implementing the 4 Eyes Principle:

To effectively implement the 4 Eyes Principle within governance management, organizations should consider the following best practices:

  • Clearly Define Approval Processes: Establish clear guidelines on which actions or decisions you need double approval. Clearly define the roles and responsibilities of each individual involved in the review process to avoid confusion or gaps in accountability.
  • Rotate Reviewers: To reduce the risk of collision, periodically rotate people, who are involved in the review process. This practice ensures fresh perspectives and helps maintain an unbiased and rigorous approval system.
  • Documentation and Audit Trails: Maintain documentation of all approved actions, decisions, and reviews. This documentation serves as an audit trail, enabling organizations to track and verify the accuracy and integrity of critical processes. It also aids in compliance efforts and provides valuable insights for process improvement.
  • Training and Awareness: Provide training to all users involved in the 4 Eyes Principle process. Ensure they understand the importance of their role in maintaining data security, accuracy, and compliance.

How Newton implemented the 4 Eyes Principle

We asked our CTO, Christian Kirchhoff to explain the 4 Eyes Principle process and how it is implemented in NEWTON.

“The 4 Eyes Principle can be configured on a per data model and field basis. This means that for each data model (e.g. entity, contact, project) we can configure which fields need the 4 Eyes Principle. It is configurable on a general level, but also for each field, which users can review (which means confirm or decline) change requests in such fields.” - explains our CTO, Christian Kirchhoff.

4 Eyes Principle is integretable in different ways. In Newton, reviewers see all their pending change requests. They can see who requested the change, the optional change request reference, but also the current and requested new values, as well as links to the data itself to review the data in the context of all other data. The reviewers can either confirm or decline the request. After declining or accepting the change, it is displayed in the history of all past changes, making it easier to track all change requests.

If you’re finding this newsletter valuable, share it with a friend, and consider subscribing if you haven’t already. You can unsubscribe at any time.

Wind-up

The 4 Eyes Principle is a core principle for effective governance management that promotes accuracy, accountability, and protection of valuable data. By implementing this principle, organizations can strengthen their control mechanisms, detect errors early, prevent fraud, and comply with regulatory requirements. Newton can help you to implement that. We allow companies to not only manage entities, but also assign roles, enable the 4 Eyes Principle, and have a trial audit. All of these are implemented in one place to ensure the efficiency and simplicity of entity management.


About this article

Sources

Erçin Dedeoğlu (2022)
4-Eyes-Principle
Wiebe de Roos (2020)
The four-eyes principle: what’s important in a DevOps world
Cros Legacy (2019).
Four Eyes principle
Niccolo Abriani & Armando Catania (2022).
Corporate Governance and the So-Called ‘Four-Eyes Principle’
German Federal Ministry of Finance (2020)
Principles of Good Corporate Governance and Active Management of Federal Holdings.

Images

Featured Image: Photo by Emma Dau on Unsplash
Featured CTA blog post: Photo by Jurica Koletić on Unsplash / Photo by Christina @ wocintechchat.com on Unsplash

May 12, 2023

Ultimate Beneficial Ownership (UBO) in 2023

Learn more about Ultimate Beneficial Ownership (UBO). Understand better what UBO means, why it is important, and how it can be identified and managed effectively.

Dear Legal Ops!
Welcome to this week’s Let’s talk about Legal Ops, offered by Newton. We tackle corporate legal departments, speed up processes, and career growth. Please send us your questions; in return, we come back with real insights and actionable tips.
If you find this post valuable, don't miss the chance to check out our latest posts.

Subscribe to get access to more posts like these!

Join Newton's newsletter to receive our blogs, templates, and the latest information right in your inbox. You can unsubscribe at any time.

In 2022, the Court of Justice of the European Union reconsidered the accessibility of UBO to any member of the general public due to fundamental rights for private life and the protection of personal data. That caused several changes and new rules to follow for companies, operating in the EU.

But first, here is what you need to know about UBO:
UBO refers to the real person(s) who own or control a legal entity or asset. This means that they are the ultimate beneficiaries of any income or profits generated by the entity. The concept of UBO is important because it helps to prevent financial crimes by increasing transparency in ownership structures.

In this article, we will cover the following:

What is the difference between BO and UBO?

The terms “UBO“ and “BO“ both refer to beneficial ownership, but they differ in their scope and level of detail.

“BO“ stands for “Beneficial Ownership“, which is the legal and financial concept of who ultimately owns or controls a company, asset, or property.

Beneficial ownership can be:

  • direct, where an individual or entity holds legal ownership
  • indirect, where ownership is held through other entities or individuals.

“UBO“, on the other hand, means “Ultimate Beneficial Ownership“, which is a more specific and detailed concept.

UBO refers to the individual or entity that ultimately owns or controls a company or asset through a chain of ownership or control. Basically, the UBO is the person or entity that has the final say over the decisions made by a company or asset, regardless of holding legal ownership.

Why is Ultimate Beneficial Ownership Important?

UBO is important because it helps to prevent financial crimes such as money laundering, terrorist financing, and corruption. Due to many different scheme opportunities for frauds to hide the identity and the source of assets, it is important to have a tool such as UBO to be able to identify the origin of assets or who stands behind the legal entity. By identifying the UBO of a legal entity, law enforcement agencies, and financial institutions can better assess the risk of financial crime.

Identifying Ultimate Beneficial Ownership

Identifying UBO can be challenging, especially when complex ownership structures are used. Some common methods used by criminals to hide their identities include using nominees or shell companies, transferring ownership through multiple layers, and using offshore companies in tax havens. However, there are several measures that can be taken to identify UBO, including conducting due diligence, using beneficial ownership registries, and implementing Know Your Customer (KYC) procedures.

Learn more about how proper KYC procedures would warn Silicon Valley Bank from collapse.

Managing Ultimate Beneficial Ownership

Once UBO has been identified, it is essential to manage it effectively to make it in use. This includes maintaining accurate records of ownership, monitoring any changes in ownership, and conducting regular risk assessments, creating Legal Entity Management Identifiers (LEI). Learn more about LEI and who needs it. 

It is also important to ensure that all relevant stakeholders are aware of their obligations and responsibilities under anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.

New EU regulations regarding UBO

Recently, there were implemented some changes to the EU UBO register access rules (effective 23 November 2022), that impact compliance requirements for companies operating in the EU. Precisely, companies that are not traded publicly are given the option to restrict public access to UBO registers.

Based on that, compliance requirements might be different for companies and depend on in which country the company is registered and operates. For example, in Luxembourg and Netherlands, access to the register may be restricted, while in other EU member states, the UBO register can be accessed by providing additional documentation to authorities.

Other than that, the new regulation obligates any foreign investors (directly or indirectly) owning German real estate must prepare for extended UBO reporting requirements. Due to the Sanction Enforcement Act II, legal provisions on extended reporting requirements for purposes of the German Transparency Register came into force on 28 December 2022.

Previously, foreign entities investing directly or indirectly in German real estate were obligated to repost their UBO to the German Transparency Register. Due to the new regulations, foreign entities are required to report the UBO for the previously existing investments in German real estate by 30 June 2023, which were not registered before.

Overall, businesses operating within the EU should be aware of these changes and ensure that they comply with the relevant regulations and requirements of each country in which they operate.

If you’re finding this newsletter valuable, share it with a friend, and consider subscribing if you haven’t already. You can unsubscribe at any time.

Conclusion

Ultimate Beneficial Ownership is a critical tool in preventing the growth of the black economy, money laundering, forgery, and corruption. By increasing transparency in ownership structures, UBO can help to identify and prevent criminal activities. However, identifying and managing UBO can be challenging, and it is important to take appropriate measures to ensure compliance with AML and CTF regulations.

How does Newton help with this?

Newton delivers an easy and seamless platform to manage and automate your legal entities’ information, governance, and compliance, including UBO declarations. If your entity management processes are currently creating friction for your team, be sure to get in touch to explore how Newton can help you have everything you need to be in control of your entity portfolio.


About this article

Sources

Oraz K. (2023).
UBO: Understanding the Ultimate Beneficial Owner
CT. Corporation Staff (2023).
The importance of UBO due diligence in the global M&As
Netherlands Enterprise Agency, RVO.
UBO register for ultimate beneficial owner
Eversheds Sutherland (2022).
EU court orders UBO-register to be closed to the public
Simon L. (2023).
What does the EU UBO register access removal mean for compliance?
Eva J., Lukáš P. (2022). Changes in ultimate beneficial owners recording legislation – a modified definition of the ultimate owner and broader reporting duties
Financial Times (2022).
European countries begin taking down public company registers after ruling
FlickGocke Schaumburg (2023).
Foreign investors (directly or indirectly) owning German real estate must prepare for extended UBO reporting requirements

Images

Featured Image: Photo by Tiffany Tertipes on Unsplash
Featured CTA blog post: Photo by Jurica Koletić on Unsplash / Photo by Christina @ wocintechchat.com on Unsplash

April 21, 2023

Legal Entity Identifiers

What are legal entity management identifiers (LEIs) and what are the benefits of them. Discover how they streamline financial transactions and enhance transparency.

Dear Legal Ops!
Welcome to this week’s Let’s talk about Legal Ops, offered by Newton. We tackle corporate legal departments, speed up processes, and career growth. Please send us your questions; in return, we come back with real insights and actionable tips.
If you find this post valuable, don't miss the chance to check out our latest posts.

Subscribe to get access to more posts like these!

Join Newton's newsletter to receive our blogs, templates, and the latest information right in your inbox. You can unsubscribe at any time.

Legal entity management identifiers (LEIs) are unique codes assigned to legal entities to identify them in financial transactions. While they may seem like just another bureaucratic requirement, they actually offer several benefits that streamline financial operations and enhance transparency. In this article, we will explore what LEIs are, why they are important, and how they benefit legal entities.

In this article, we will cover the following:

In today’s fast-paced global economy, it is essential for financial transactions to be transparent, secure, and efficient. Legal entity management identifiers (LEIs) play a crucial role in achieving these goals by providing a standardized way of identifying legal entities in financial transactions. LEIs were introduced in response to the 2008 financial crisis, which exposed the lack of transparency in financial markets. LEIs offer several benefits, such as enhancing transparency, streamlining financial operations, and enabling regulatory authorities to monitor systemic risk.

In other words, the publicly available LEI data pool creates a global directory and enhances transparency in the global marketplace.

LEIs are 20-digit alphanumeric codes that identify legal entities in financial transactions. Each LEI is unique and is linked to information about the legal entity, such as its name, address, and legal form. LEIs are assigned by Local Operating Units (LOUs), which are authorized by the Global Legal Entity Identifier Foundation (GLEIF). Legal entities must obtain an LEI if they engage in financial transactions, such as buying or selling securities, or if they participate in financial markets. Obtaining an LEI is a simple process that involves registering with a LOU and providing information about the legal entity.

LEIs are important for several reasons. First, they enhance transparency in financial transactions by providing a standardized way of identifying legal entities. This makes it easier to track and monitor money flows, which is essential for preventing fraud, money laundering, and other illegal activities. Second, LEIs streamline financial operations by reducing the need for manual data entry and reconciliation. This saves time and money for legal entities and financial institutions. Third, LEIs enable regulatory authorities to more easily identify and monitor systemic risk, which is essential for maintaining financial stability.

Legal entities that obtain an LEI can benefit in several ways. For example, LEIs make it easier to open bank accounts and obtain credit. They also enable legal entities to participate in financial markets, such as trading securities or derivatives. Additionally, LEIs can help legal entities comply with regulatory requirements, such as Know Your Customer (KYC) and Anti-Money Laundering (AML) rules. LEIs also enhance transparency, which can improve a legal entity’s reputation and credibility.

Learn more how proper KYC procedure would warn Silicon Valley Bank from collapse.

According to industry estimates, universal adoption of the global LEI system could save the financial sector up to $10 billion.

If you’re finding this newsletter valuable, share it with a friend, and consider subscribing if you haven’t already. You can unsubscribe at any time.

The future of LEIs

Blockchain Technology and LEIs

Blockchain is one of the new technologies that have the potential to revolutionize the future of Legal Entity Identifiers (LEIs). The security and transparency provided by blockchain technology make it an ideal platform for storing and managing data associated with LEIs. By utilizing blockchain technology, the precision and openness of data associated with each LEI can be significantly improved.

Artificial Intelligence and LEIs

The future of LEIs could be greatly influenced by another technology on the rise: Artificial intelligence (AI). AI-driven systems have the potential to enhance the precision and calibre of the data related to LEIs by automatically validating information and detecting any probable mistakes or irregularities. This can lead to a smoother LEI registration process and minimize the likelihood of inaccuracies in financial reporting.

In summary, the future of LEIs appears promising as new developments and technologies are expected to enhance identification systems’ accuracy, transparency, and standardization.

What is next?

With numerous legal entities bearing similar names and operating across the world, several of the largest multinational banks possess thousands of such entities. As the global LEI system continues to grow, it is anticipated that it will assist regulators and market players in comprehending and recording these intricate corporate structures and hierarchies.
Our technology aids companies to manage legal entities efficiently and seamlessly. It assists in automated document assembly, permitting users to promptly generate, assess, and amend documents.

About this article

Sources

Ka Kei Chan and Alistair Milne (2013)
The Global Legal Entity Identifier System: Will It Deliver?
Stewe Waite (2023)
The Importance of LEI in Global Trade and Supply Chains
Office of Financial Research (2019)
Trust and the Global Coffeehouse: Digital Verification and the Legal Entity Identifier in a Modern Financial Market
Linda F. Powell, Mark M., Elena S. (2011)
Legal Entity Identifier: What Else Do You Need to Know?
GLEIF
Get an LEI: Find LEI Issuing Organizations
Karen Redman (2019)
The past, present and future of the legal entities identifier.
John Foster (2023)
The future of legal entity identifiers: Emerging trends and technologies - AZ Big Media
Simmons+Simmons
The Global LEI System and Other Unique Identifiers

Image

Featured image: Photo by Sebastian Pichler on Unsplash
Featured CTA blog post: Photo by Jurica Koletić on Unsplash / Photo by Christina @ wocintechchat.com on Unsplash