FCO requirements to ID all shareholders of a company
Discussion
Guys,
Quickie.
A director of a small company in which I own 10% of the shares has asked me for copies of my ID (passport/DL), utility bills and dates I've lived at my current address. He's claiming that it's a requirement of the bank (Santander) whom the company has an account with.
He's moved from claiming "it's the law" to "this authentication of all shareholders is a requirement of the FCA and Santander are doing an update on all business accounts".
Google can tell me that the FCA requires all banks to do Customer Due Diligence and look into Persons of Significant Control, but nothing to say that a minor shareholder of a very small and unlisted company has to provide all these details to a company director.
The director in question has a (very) long history of getting things wrong and throwing his weight around to get what he wants. He's not the sharpest tool in the shed and I'm wondering whether he's on the wrong end of a scam and falling for it badly. He's provided no other information (details from Santander / copies of letters etc) as he claims they aren't going into his inbox. He HAS provided the name of the person he's talked to who is supposedly at a Santander contact centre, and a (mobile) 'phone number for her.
Is there any such FCA requirement or is it all the scam that it smells of?
Ta!
Quickie.
A director of a small company in which I own 10% of the shares has asked me for copies of my ID (passport/DL), utility bills and dates I've lived at my current address. He's claiming that it's a requirement of the bank (Santander) whom the company has an account with.
He's moved from claiming "it's the law" to "this authentication of all shareholders is a requirement of the FCA and Santander are doing an update on all business accounts".
Google can tell me that the FCA requires all banks to do Customer Due Diligence and look into Persons of Significant Control, but nothing to say that a minor shareholder of a very small and unlisted company has to provide all these details to a company director.
The director in question has a (very) long history of getting things wrong and throwing his weight around to get what he wants. He's not the sharpest tool in the shed and I'm wondering whether he's on the wrong end of a scam and falling for it badly. He's provided no other information (details from Santander / copies of letters etc) as he claims they aren't going into his inbox. He HAS provided the name of the person he's talked to who is supposedly at a Santander contact centre, and a (mobile) 'phone number for her.
Is there any such FCA requirement or is it all the scam that it smells of?
Ta!
Thanks JoshSM. That's pretty much my thoughts as well. If anyone can confirm that the requirement is as bogus as it sounds I'd be grateful, but given that the Director who is requesting this information is a weapons-grade idiot then I'll believe it's real only when I can see it's real.
I'll not be forwarding my info!
I'll not be forwarding my info!
JoshSm said:
Even assuming the requirement is real the way this is being handled smells very off.
That said I've had real comms from banks before that were full of red flags/bad practice.
I wouldn't be passing any personal information like that via a third party regardless.
Agreed. That said I've had real comms from banks before that were full of red flags/bad practice.
I wouldn't be passing any personal information like that via a third party regardless.
I'd ask for the contact details of the person at Santander who is asking for this information and then I'd ring up Santander on a publicly advertised number or walk into one of their branches and ask them to confirm the identify of the person before contacting them and asking if they actually requested the info.
2Btoo said:
Thanks JoshSM. That's pretty much my thoughts as well. If anyone can confirm that the requirement is as bogus as it sounds I'd be grateful, but given that the Director who is requesting this information is a weapons-grade idiot then I'll believe it's real only when I can see it's real.
I'll not be forwarding my info!
Santander are going through a major "customer verification" programme, so it is absolutely possible that the requirement isn't bogus.I'll not be forwarding my info!
You should ask him to send you a copy of the communications from Santander requesting information.
The process, when I completed it last year, was extremely painful and intrusive (but exacerbated by the slightly funky structure of the companies). I can't remember exactly what we needed to submit, but as ours are at "Corporate" rather than "Business" the requirements might be slightly different.
FWIW, you will get your accounts frozen if the process isn't completed to the satisfaction of Santander. For a while, one of mine could receive inbound funds but not make any outbound transactions. That wasn't ideal.
LooneyTunes said:
Santander are going through a major "customer verification" programme, so it is absolutely possible that the requirement isn't bogus.
You should ask him to send you a copy of the communications from Santander requesting information.
Of course the perfect way to run a phish is off the back of something legitimate. The entire chain of events can be based on something real without the person asking being genuine. You should ask him to send you a copy of the communications from Santander requesting information.
Definitely needs sight of the actual comms - if the request is real it should be possible to validate it with Santander which should *hopefully* also include any references and methods for directly supplying the data.
As others have suggested. I would ask for a copy of the correspondence from Santander that requests this and say that, providing you are happy with the justification, you will send it to them directly.
Deloitte have over 800 active directors listed on Companies House. Are they going to run identity checks on every single one?
May be legit but seems overkill.
Deloitte have over 800 active directors listed on Companies House. Are they going to run identity checks on every single one?
May be legit but seems overkill.
ADJimbo said:
^^^ This ^^^
Companies House are bringing in Identity Checks for all Directors / PSC’s from 18 November 2025 under the Economic Crime and Corporate Transparency Act 2023.
Has to be done separately for each and every Ltd. Co. you’re connected to.
Except you can do this yourself, no need to let anyone else have your data plus it does not require a utility bill.Companies House are bringing in Identity Checks for all Directors / PSC’s from 18 November 2025 under the Economic Crime and Corporate Transparency Act 2023.
Has to be done separately for each and every Ltd. Co. you’re connected to.
The identity check is only done once, the ID reference is then added to each company listing separately.
Thanks for the answers guys.
Given that this request refers to law that doesn't (seem to) exist, involves contacting a supposed Santander employee on a mobile phone number (which Google has no record of) and can't be proven because all the eMails have mysteriously not arrived in the Director's eMail account then I am calling scam. JoshSM's comment about good phishes starting with a half-truth is a very good one - thanks.
The director is thicker than mince and hasn't a clue what he's doing. I'm concluding that I'd be an idiot eMailing my ID to him without a LOT more comfort and have eMailed him to tell him so.
It's interesting that I have had no such ID requirements from any of the business bank accounts I run, which makes this request all the more smelly.
Thanks for your help.
Given that this request refers to law that doesn't (seem to) exist, involves contacting a supposed Santander employee on a mobile phone number (which Google has no record of) and can't be proven because all the eMails have mysteriously not arrived in the Director's eMail account then I am calling scam. JoshSM's comment about good phishes starting with a half-truth is a very good one - thanks.
The director is thicker than mince and hasn't a clue what he's doing. I'm concluding that I'd be an idiot eMailing my ID to him without a LOT more comfort and have eMailed him to tell him so.
It's interesting that I have had no such ID requirements from any of the business bank accounts I run, which makes this request all the more smelly.
Thanks for your help.
I work for a bank. We get address and indentity verification for any shareholder of a business we bank with a holding or 10% or more. Other banks I’ve worked in have worked on same basis. Irrespective of whether or not it is the law, it is common practice and unless you have something to hide I would just crack on as you make life more arduous for yourself by trying to fight it- if you don’t comply don’t be surprised to see notice to close issued (30/60/90 days to find alternative arrangements).
Relevant Santander links:
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/business/support/custo...
https://www.santander.co.uk/business/support/custo...
The last page has a phone number that you could try calling to verify the request. Or if your business partner provides the reference you may be to use complete the online form for your details yourself.
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/assets/s3fs-public/doc...
https://www.santander.co.uk/business/support/custo...
https://www.santander.co.uk/business/support/custo...
The last page has a phone number that you could try calling to verify the request. Or if your business partner provides the reference you may be to use complete the online form for your details yourself.
This isn’t necessarily completely on topic but Santander sent me an email requesting similar details. The link in the email went to a strange looking third party and they quoted an address I hadn’t used for years. All my statements and bills had been coming to my new address without issue.
This obviously made me worried. I phoned Santander’s phishing team to discuss and they said it did indeed seem scammy. I also sent the email to their report phishing email address with a cover letter.
Thought no more of it but did keep a closer eye on my account for a few weeks. No issue so I forgot about it.
Fast forward a few months when I transferred a five figure sum to the account. Amount left one account and landed in the Santander account no problem.
Next day I went into Santander to pay the money out only to find the account locked for payments out.
You can probably guess that they locked the account because I hadn’t supplied the info they previously requested in the scammy looking email. Turns out they were then writing to me about it to the old address that had been changed years before as evidenced by the statements and invoice coming to my new address.
Should be east to fix, right?
It took me two months to get my money back. Santander were rude, incompetent and disinterested at every turn. It was actually genuinely shocking to me how they conducted themselves.
The ombudsman would have probably helped but they moved at a glacial pace. Santander paid me enough compensation in the end that I didn’t see the point in continuing with the ombudsman but I wouldn’t touch Santander again.
I actually rearranged all my banking after that so that I’m not reliant on one or two anymore and always check payments out before I transfer any large amounts in.
This obviously made me worried. I phoned Santander’s phishing team to discuss and they said it did indeed seem scammy. I also sent the email to their report phishing email address with a cover letter.
Thought no more of it but did keep a closer eye on my account for a few weeks. No issue so I forgot about it.
Fast forward a few months when I transferred a five figure sum to the account. Amount left one account and landed in the Santander account no problem.
Next day I went into Santander to pay the money out only to find the account locked for payments out.
You can probably guess that they locked the account because I hadn’t supplied the info they previously requested in the scammy looking email. Turns out they were then writing to me about it to the old address that had been changed years before as evidenced by the statements and invoice coming to my new address.
Should be east to fix, right?
It took me two months to get my money back. Santander were rude, incompetent and disinterested at every turn. It was actually genuinely shocking to me how they conducted themselves.
The ombudsman would have probably helped but they moved at a glacial pace. Santander paid me enough compensation in the end that I didn’t see the point in continuing with the ombudsman but I wouldn’t touch Santander again.
I actually rearranged all my banking after that so that I’m not reliant on one or two anymore and always check payments out before I transfer any large amounts in.
Guys, thanks for the answers. All are appreciated and helpful. The problem seems to have gone away now; the director in question has sent a garbled message which seems to say that Santander have unlocked the account.
You have invested in a business, but you don't appear to have confidence in the ability of the management.
Are you expecting an excellent financial return?Family business, and the Director in question is my uncle. He's an utter cocksprocket who has been busily running the company into the ground for the last 20 years. Removing his access to the company bank account would be a good thing as it would decelerate the losses! Sadly nothing I can do about it.
Jon39 said:
You have invested in a business, but you don't appear to have confidence in the ability of the management.
Are you expecting an excellent financial return?
Gassing Station | Business | Top of Page | What's New | My Stuff