Hey lorimer I hope this response is relevant
Good point @1eo
This question could be added:
Do any individuals not named as UBOs have decision-making authority over the Node Provider or any of its parent companies (if applicable)? If so, please disclose their name(s), role, and provide identification as if they were UBOs holding more than 25% of the shares in the Node Provider.
This is already included in the 2nd point here:
2 Likes
Good spot,
then it should be taken care of.
2 Likes
Yes, correct. Ultimate decision authority / effective control is probably the most important criterion in this context and hence it is directly mentioned in the first question.
1 Like
Hi all,
the motion for the proposed pilot has now been submitted. You can view it here.
2 Likes
Hi Bjoern,
I noticed that there was a major point that was discussed on the call, and has been discussed on a few occasions that is missing from the proposal. Namely, requesting concrete proof that they are the UBO and are receiving the funds, paying taxes etc.
⢠If you have been a node provider for 3 months or more, submit a transaction record demonstrating proof of 3 monthsâ rewards sold on an exchange (along with documentation from the exchange). This should also include a clear trail of those funds being deposited into a bank account in your name or your companyâs name.
⢠If you are unable to provide this, please explain why.
⢠If you have not sold any of your rewards, provide the addresses where the rewards are stored and a clear trail from the reward payment from the node provider to the relevant addresses for verification.
⢠If you have been a node provider for more than 1 tax year, submit a copy of your personal or business tax return showing proof of payment of applicable taxes on your node provider rewards.
This I feel is critical. This can absolutely just go to the auditor, but without this, you are still really just taking someoneâs word for it that they are the UBO.
2 Likes
Thank you @Thyassa , for the follow-up!
Regarding the documentation required for an auditor to verify the UBO, I kept the proposal intentionally a bit broader, stating:
âProvide an ownership & control structure chart, along with corporate records, allowing to verify the control structure until the top and including any intermediary. The chart should list all UBOs and any persons exercising effective control over the node provider entity.â
As mentioned earlier, we can review with the auditors during the pilot which specific documents are most appropriate.
Your suggestion of using tax records is interesting (someone has to pay taxes somewhere) but they may not always provide clear-cut evidence. For example, the node provider entity could be paying taxes on received rewards without the UBO personally being taxed.
1 Like
The voting results of the proposal show that there is overwhelming support in the community for improved transparency and the adoption of an understood policy with regard to ownership, control and financing; however recent developments have shown that the questions proposed under the Assessment of Independence section fall short of providing a clear policy that will reliably define independence of node providers.
Leo, Enzo and David have provided us with a timely case study. One thing that is striking about the current situation is that even though the questions to assess independence have just been presented in the proposal we do not seem to have clarity about whether the new node provider ownership arrangement that has been presented by Leo in his post here would be assessed as independent or not.
Ambiguity lies in whether BlueAnt LLC would be required to disclose David as having decision-making authority over its parent company which, according to our questions, is not dependent on percentage ownership. To indicate that he does not would be nonsense, particularly given that he would likely be providing the funding in this relationship and that he is a board member of Sisyphus AG as disclosed by Leo in his post referenced above.
It has been clarified that decision-making authority of a parent company needs to be disclosed in answer to Question 1:
The implication here is that to avoid being clustered Blue Ant LLC would not be including David in its disclosures. This illustrates that the questions as currently written may incentivise the artificial removal or withholding of management titles and official positions such as board membership to avoid disclosure. This is not contributing to the transparency that weâre aiming for.
I believe that the proposed arrangement with Sisyphus AG would not satisfy our expectations of independence. One aspect of this situation that sits very uncomfortably with me and others in the community is the cross-ownership of node providers. If this situation were allowed without clustering then this would provide a green light for any node provider who has the maximum allocation of nodes to effectively acquire more under an equity arrangement with another node provider.
Let me illustrate what this precedent would allow:
I could create five new companies with five different associates listed as the UBOs and these companies could become node providers (I know enough technically competent people who could maintain IC nodes without my assistance). I could then create five new companies in which I hold a 20% share in return for my invested capital. These five new companies purchase the existing node provider entities, disclosing the same UBOs as their respective node provider entities. Under this arrangement I would have potentially doubled my revenue, I would have full or partial ownership of up to six times the allowable nodes and my name would only be required to be disclosed for my original node provider entity.
I could also create a new company with two, three or four other people. Our company owns their node provider entity. I retain 20% of the parent company. Same scenario as above. Same scenario as the Sisyphus AG proposition.
It may be even easier; I could just take a direct 20% share of my associatesâ node provider entities (and however many other node provider entities that are open to a capital injection).
I have absolutely nothing against Leo, Enzo and David and I appreciate their contribution to the IC. I just donât like the precedent that this sets. It seems that there are simpler, compliant solutions to their situation as posed here, assuming some leniency is extended to give them time to repay the loans to David.
Question 5 makes it clear that debt financing of any amount is not condoned between node providers and would result in clustering. I would propose that funding through equity / ownership be restricted the same way. Maybe this could be achieved by modifying Question 2 to:
- Q2: Overlap with Other Node Providers
- Is any direct or indirect owner, UBO or person exercising effective control of this node provider also a direct or indirect owner, UBO or person exercising effective control of another node provider?
- If yes, provide the legal name(s) of the person and the other node provider(s).
Question 2 must also make it clear whether the legal names provided are to be disclosed publicly or privately to an auditor. As currently written Question 2 will lead to different interpretations with respect to disclosure requirements.
Node providers could request an exemption from this requirement. I would suggest that an exemption would be appropriate for Dfinity and for very large node provider entities. The rationale for this is that node provision is such a very small part of what large entities do. For example, Sygnum Bank is now a $1B business. A small share holding in an entity this size has very little to do with node provision. In Sygnumâs case if there are no longer any owners with at least 25% ownership then they would only need to disclose their board members and senior management team.
4 Likes
Thank you for the detailed feedback, @icarus !
You essentially propose lowering the beneficial-ownership threshold from the current 25 percent to any shareholding (with possible exceptions for big entities).
The choice of 25 percent was based on established compliance standards (e.g., FATF), which were by motivated by two reasons:
- Blocking power: In many jurisdictions, a 25 percent stake is enough to block special decisions that require a 75 percent majority, giving the holder meaningful negative control.
- Practicality: Capturing every minority shareholder can be quite time consuming (and hence it makes sense to apply some sort of threshold).
Your proposal is certainly stricter, but I guess the question is: If the objective is independence, how much influence does someone with < 25 percent truly have? On balance, sticking to the standard 25 percent threshold seems reasonable to me.
Regarding the Sisyphus AG: I agree that it would make sense to tighten the governance structure. Removing David from the board would eliminate his âcontrolâ role, soâunder existing pilot rulesâhe would no longer qualify as an ultimate beneficial owner.
1 Like
In the introduction, the questionnaire already specifies âThe self-declaration form is divided into public information (shared openly on the forum and/or wiki) and private information (shared only with an assigned auditor to verify the accuracy of the public statement). By default, answers to the questionnaire are considered public unless otherwise specified.â
So I think the answers to Q2 should be public. If this is not clear enough, we can include it in the follow-up version after the pilot.
1 Like
I think compliance standards such as those laid out by FATF are being misrepresented in this discussion.
The concept of a UBO is not strictly attached to the 25% threshold in the way that many in this discussion are suggesting. 25% is the maximum threshold that should be used according to FATF guidance, not the threshold that should be used (itâs the least strict/comprehensive one). The actual threshold used is supposed to be established based on risk assessment and how security-critical the context is.
Guidance-Beneficial-Ownership-Legal-Persons.pdf.coredownload.pdf (page 18, paragraph 37)
Such a threshold should not exceed a maximum of 25%
Note that this is not just saying that any ownership share should not exceed 25%. Itâs saying much more than that - that in riskier contexts the threshold should actually be lower, and that any ownership share should not exceed that lower threshold.
25% is largely arbitrary with respect to the IC and is not informed by the particular problem context. Instead, itâs the most relaxed threshold permissible by FATF standards (which are explicitly flexible with regard to applying lower thresholds based on perceived risks). I have not seen a thorough analysis of the risks sufficient to justify a 25% threshold being applied in the context of the IC. The IC necessitates deterministic decentralisation as a foundational requirement that everything else rests on.
If an auditor isnât going to chase down and scrutinise minority shareholders, how can you be sure those minority share holders do not equate to the same person higher up the chain (who cumulatively therefore has more than just a minority share in terms of their sum total influence).
For argumentâs sake (and as a simplification), someone owning 24.9% may be somewhat invisible. But that means they could conceivably own another 24.9% share via another ownership channel, and another and another.
The approach surely needs to work the other way around. 75% of the ownership shares of a node provider entity should need to be 100% accounted for and thoroughly vetted before an auditor should even consider ignoring a minority shareholder. Even then, how can you discount that remaining share actually belonging to one of the other minority shareholders?
3 Likes
FATFâs 25% ownership is generally perceived as a universal standard. IMHO we do not have enough data to justify higher or lower number as a starting point. So while your concern about 24.9% is valid, I think it is one of many issues we can encounter while running the UBO pilot. Once it is ready and we publish the results, weâll happily discuss with them with the community to agree on the path forward and whether (if any) requirements should be changed/added/removed.
1 Like
A universal standard for what? - establishing âindependent partiesâ, or establishing the minimum ownership slice at which anti-money-laundering laws force a bank to do extra KYC paperwork?
Thereâs a difference, donât you think?
The IC cannot eat its cake and have it too. It canât invent the term âdeterministic decentralisationâ (based on a promise of âindependent partiesâ), and then water down the definition of âindependentâ to mean something else entirely.
1 Like
I hope this idea can be considered alongside the pilot programme, and/or actions to take away from the pilot programme.
Hey @bjoernek, had there been any progress on this side of things?
1 Like
Can I also ask what measures are going to be in place to account for ownership changes that occur after the audits? Wouldnât any change⌠â
For this, and other reasons, the UBO threshold is currently set far too high.
As mentioned FATF guidance has been misrepresented with respect to the 25% limit.
2 Likes
Regarding the handling of incorrect information, the node provider self-declaration form contains the following text (so this will be decided case by case, I assume).
As part of the governance structure, the Network Nervous System may vote to:
* Remove node providers that violate these principles or provide untruthful responses.
* Appoint legal representation to pursue such node providers.
4 Likes
Now that weâve seen our first example of a Node Provider audit from the pilot programme, Iâd like to voice some concerns.
The ParaFi situation serves as an interesting case study.
Having read the auditors write-up, it seems that the audit has been limited to the information that the Node Provider supplied the auditor. The writeup is also full of comments that make it clear the audit has not been comprehensive.
My main concern is that it makes authoritative statements that it canât actually back up, and are in fact wrong (or at best, very misleading).
I think we should be viewing this audit process from the perspective of - would it catch a motivated and well organised bad actor out?
At the moment, it would seem this wouldnât be sufficient. I hope to see discussion about the suitability and transparency of this process before the IC goes all in on NP audits.
3 Likes
I believe that all NPs will be audited by multiple auditing companies and Dfinity will compare how comprehensive/reliable the auditors reports are.
It is interesting that the auditor stopped at the Parafi Technologies level though. You would think that they should have dug into who owns Parafi Technologies as it is obviously a child company (or whatever corporate structure they choose to call it) of Parafi Digital/Parafi Capital.
@bjoernek any idea why the auditor did not fully expand the UBO search?
If this is how all audits will be handled than any bad actor can easily hide who the UBOs are by creating a subsidiary. They donât even have to disguise the name apparentlyâŚ
It really devalues the audit process (which is expensive and time consuming) as I found out way more than an audit would reveal about certain node providers just by using northdata.comâŚ
2 Likes