FCO requirements to ID all shareholders of a company
Discussion
Guys,
Quickie.
A director of a small company in which I own 10% of the shares has asked me for copies of my ID (passport/DL), utility bills and dates I've lived at my current address. He's claiming that it's a requirement of the bank (Santander) whom the company has an account with.
He's moved from claiming "it's the law" to "this authentication of all shareholders is a requirement of the FCA and Santander are doing an update on all business accounts".
Google can tell me that the FCA requires all banks to do Customer Due Diligence and look into Persons of Significant Control, but nothing to say that a minor shareholder of a very small and unlisted company has to provide all these details to a company director.
The director in question has a (very) long history of getting things wrong and throwing his weight around to get what he wants. He's not the sharpest tool in the shed and I'm wondering whether he's on the wrong end of a scam and falling for it badly. He's provided no other information (details from Santander / copies of letters etc) as he claims they aren't going into his inbox. He HAS provided the name of the person he's talked to who is supposedly at a Santander contact centre, and a (mobile) 'phone number for her.
Is there any such FCA requirement or is it all the scam that it smells of?
Ta!
Quickie.
A director of a small company in which I own 10% of the shares has asked me for copies of my ID (passport/DL), utility bills and dates I've lived at my current address. He's claiming that it's a requirement of the bank (Santander) whom the company has an account with.
He's moved from claiming "it's the law" to "this authentication of all shareholders is a requirement of the FCA and Santander are doing an update on all business accounts".
Google can tell me that the FCA requires all banks to do Customer Due Diligence and look into Persons of Significant Control, but nothing to say that a minor shareholder of a very small and unlisted company has to provide all these details to a company director.
The director in question has a (very) long history of getting things wrong and throwing his weight around to get what he wants. He's not the sharpest tool in the shed and I'm wondering whether he's on the wrong end of a scam and falling for it badly. He's provided no other information (details from Santander / copies of letters etc) as he claims they aren't going into his inbox. He HAS provided the name of the person he's talked to who is supposedly at a Santander contact centre, and a (mobile) 'phone number for her.
Is there any such FCA requirement or is it all the scam that it smells of?
Ta!
Thanks JoshSM. That's pretty much my thoughts as well. If anyone can confirm that the requirement is as bogus as it sounds I'd be grateful, but given that the Director who is requesting this information is a weapons-grade idiot then I'll believe it's real only when I can see it's real.
I'll not be forwarding my info!
I'll not be forwarding my info!
JoshSm said:
Even assuming the requirement is real the way this is being handled smells very off.
That said I've had real comms from banks before that were full of red flags/bad practice.
I wouldn't be passing any personal information like that via a third party regardless.
Agreed. That said I've had real comms from banks before that were full of red flags/bad practice.
I wouldn't be passing any personal information like that via a third party regardless.
I'd ask for the contact details of the person at Santander who is asking for this information and then I'd ring up Santander on a publicly advertised number or walk into one of their branches and ask them to confirm the identify of the person before contacting them and asking if they actually requested the info.
2Btoo said:
Thanks JoshSM. That's pretty much my thoughts as well. If anyone can confirm that the requirement is as bogus as it sounds I'd be grateful, but given that the Director who is requesting this information is a weapons-grade idiot then I'll believe it's real only when I can see it's real.
I'll not be forwarding my info!
Santander are going through a major "customer verification" programme, so it is absolutely possible that the requirement isn't bogus.I'll not be forwarding my info!
You should ask him to send you a copy of the communications from Santander requesting information.
The process, when I completed it last year, was extremely painful and intrusive (but exacerbated by the slightly funky structure of the companies). I can't remember exactly what we needed to submit, but as ours are at "Corporate" rather than "Business" the requirements might be slightly different.
FWIW, you will get your accounts frozen if the process isn't completed to the satisfaction of Santander. For a while, one of mine could receive inbound funds but not make any outbound transactions. That wasn't ideal.
LooneyTunes said:
Santander are going through a major "customer verification" programme, so it is absolutely possible that the requirement isn't bogus.
You should ask him to send you a copy of the communications from Santander requesting information.
Of course the perfect way to run a phish is off the back of something legitimate. The entire chain of events can be based on something real without the person asking being genuine. You should ask him to send you a copy of the communications from Santander requesting information.
Definitely needs sight of the actual comms - if the request is real it should be possible to validate it with Santander which should *hopefully* also include any references and methods for directly supplying the data.
As others have suggested. I would ask for a copy of the correspondence from Santander that requests this and say that, providing you are happy with the justification, you will send it to them directly.
Deloitte have over 800 active directors listed on Companies House. Are they going to run identity checks on every single one?
May be legit but seems overkill.
Deloitte have over 800 active directors listed on Companies House. Are they going to run identity checks on every single one?
May be legit but seems overkill.
ADJimbo said:
^^^ This ^^^
Companies House are bringing in Identity Checks for all Directors / PSC’s from 18 November 2025 under the Economic Crime and Corporate Transparency Act 2023.
Has to be done separately for each and every Ltd. Co. you’re connected to.
Except you can do this yourself, no need to let anyone else have your data plus it does not require a utility bill.Companies House are bringing in Identity Checks for all Directors / PSC’s from 18 November 2025 under the Economic Crime and Corporate Transparency Act 2023.
Has to be done separately for each and every Ltd. Co. you’re connected to.
The identity check is only done once, the ID reference is then added to each company listing separately.
Thanks for the answers guys.
Given that this request refers to law that doesn't (seem to) exist, involves contacting a supposed Santander employee on a mobile phone number (which Google has no record of) and can't be proven because all the eMails have mysteriously not arrived in the Director's eMail account then I am calling scam. JoshSM's comment about good phishes starting with a half-truth is a very good one - thanks.
The director is thicker than mince and hasn't a clue what he's doing. I'm concluding that I'd be an idiot eMailing my ID to him without a LOT more comfort and have eMailed him to tell him so.
It's interesting that I have had no such ID requirements from any of the business bank accounts I run, which makes this request all the more smelly.
Thanks for your help.
Given that this request refers to law that doesn't (seem to) exist, involves contacting a supposed Santander employee on a mobile phone number (which Google has no record of) and can't be proven because all the eMails have mysteriously not arrived in the Director's eMail account then I am calling scam. JoshSM's comment about good phishes starting with a half-truth is a very good one - thanks.
The director is thicker than mince and hasn't a clue what he's doing. I'm concluding that I'd be an idiot eMailing my ID to him without a LOT more comfort and have eMailed him to tell him so.
It's interesting that I have had no such ID requirements from any of the business bank accounts I run, which makes this request all the more smelly.
Thanks for your help.
I work for a bank. We get address and indentity verification for any shareholder of a business we bank with a holding or 10% or more. Other banks I’ve worked in have worked on same basis. Irrespective of whether or not it is the law, it is common practice and unless you have something to hide I would just crack on as you make life more arduous for yourself by trying to fight it- if you don’t comply don’t be surprised to see notice to close issued (30/60/90 days to find alternative arrangements).
Relevant Santander links:
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/business/support/custo...
https://www.santander.co.uk/business/support/custo...
The last page has a phone number that you could try calling to verify the request. Or if your business partner provides the reference you may be to use complete the online form for your details yourself.
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/business/support/custo...
https://www.santander.co.uk/business/support/custo...
The last page has a phone number that you could try calling to verify the request. Or if your business partner provides the reference you may be to use complete the online form for your details yourself.
Gassing Station | Business | Top of Page | What's New | My Stuff