FATF Recommendation 24 Compliance Guide
FATF Recommendation 24 requires countries to ensure adequate, accurate, and up-to-date information on the beneficial ownership of legal persons can be obtained or accessed in a timely fashion by competent authorities. Attestyx is built around this principle. This guide maps platform output to R.24's specific requirements and shows how participating foundations satisfy their own internal AML/CFT controls using the platform.
1. What R.24 actually requires
FATF R.24, as updated in 2022 with the addition of multi-pronged-approach requirements, asks each jurisdiction to ensure that beneficial-ownership information is:
- Adequate- covers the natural persons who ultimately own or control the entity
- Accurate- reflects current ownership and control, with verification
- Up-to-date- changes are reflected promptly
- Timely accessible- competent authorities can obtain it without undue delay
- Verifiable- supporting documents are retained
R.24 does not require public disclosure; it requires accessibility to competent authorities. Many jurisdictions have moved or are moving toward public registries (UK PSC, EU AMLD beneficial-ownership registries) but R.24 itself stops short of mandating public access.
2. How GrantsProof captures beneficial ownership
For every grantee, the Verdict Engine BEN suite (17 checks) requires:
- Identification of all natural persons holding 25% or more (with a 10% threshold flag for high-risk corridors)
- Identification of natural persons exercising control via voting rights, board appointment, or contractual arrangements absent equity
- Government-issued ID verification with passport or national ID for each named beneficial owner
- Address verification
- Date-of-birth verification
- Politically-exposed-person screening across all named beneficial owners
- Sanctions screening across all named beneficial owners (OFAC SDN, EU consolidated, UK HMT, UN SC, MAS targeted, AUSTRAC)
- Adverse media screening
- Cross-jurisdictional ownership trace where the entity has parents, subsidiaries, or affiliates in other jurisdictions
- Documented chain of control where ownership flows through corporate or trust structures
3. Mapping to R.24 sub-requirements
| R.24 sub-requirement | GrantsProof mechanism |
|---|---|
| Adequate (natural-person owner identification) | BEN suite, mandatory before application submission |
| Accurate (verification of identity) | Government-ID verification per beneficial owner; sanctions and PEP screening on natural persons |
| Up-to-date (timely updates) | Beneficial-ownership change required to be reported within 14 days of change; auto-flag if grantee submits a milestone with stale BO data |
| Timely access (for competent authorities) | Foundation-of-record can produce the full BO file in under 5 minutes via the platform; subpoena-response template available |
| Verifiable (supporting documents) | All BO supporting documents stored in the SDV with content-hash addressing; retention follows jurisdictional rules |
| Multi-pronged approach (post-2022 amendment) | The platform combines registry data, foundation submission, and primary-source verification - all three prongs encouraged by FATF |
4. Foundation use of platform output
Foundations are not directly subject to FATF R.24, but most are subject to AML/CFT controls under their banks and under jurisdictional rules (FinCEN BO reporting in the US, OFSI guidance in the UK, MAS guidance in Singapore, CBUAE rules in the UAE). Foundations using the platform satisfy these controls by:
- Relying on the platform's BO file as the foundation-of-record evidence
- Requiring the platform's pre-grant Verdict Record as a condition precedent for disbursement
- Anchoring foundation-side AML attestation to the underlying CourtChain record
- Using the platform's audit trail in regulator examinations
5. Mutual Evaluation support
FATF Mutual Evaluations assess each jurisdiction's R.24 implementation. Where a participating foundation's jurisdiction is undergoing Mutual Evaluation, the platform provides:
- Aggregate metrics on BO completeness across the foundation's grantee portfolio
- Median time-to-update for BO changes
- Third-party verification rates (sanctions list match, PEP screening completeness)
- Anonymized incident reports where BO data was found materially inaccurate during a milestone review
6. Limits and disclaimers
Attestyx is not a substitute for a foundation's primary AML/CFT program. It is a verification, attestation, and audit-trail layer. Foundations remain responsible for their own BSA/AML programs, suspicious-activity monitoring, and regulator interaction. The platform supports those programs; it does not replace them.