Ownership Structures

PCCs, PAHVs, and Protected Cells: The UBO Gap Nobody Is Discussing

Protected Cell Companies and Private Asset Holding Vehicles defeat standard CDD by design. Assessed as single entities, they let high-risk cells hide behind a low-risk average. The risk lives in the layers.

By Cognitive Compliance 9 min read

There is a category of customer that standard customer due diligence is structurally incapable of assessing correctly, and the financial crime community talks about it far less than it should. Protected Cell Companies, Private Asset Holding Vehicles, and the layered multi-jurisdictional trust structures that often surround them are not edge cases. They are common in private wealth and institutional contexts — and they are precisely the structures most likely to conceal the beneficial ownership and risk that CDD exists to surface.

The gap is not a failure of diligence. It is a category error built into how these structures are onboarded and reviewed: a structure that is economically many entities is assessed as a single customer.

What a Protected Cell Company actually is

A Protected Cell Company is a single legal entity divided into separately ring-fenced cells. Each cell has its own assets and liabilities, legally segregated from the others, and — critically — each can have entirely different beneficial owners, different underlying activity, and a different risk profile. The core of the PCC and each individual cell can be, for risk purposes, unrelated parties sharing a legal wrapper.

This structure exists for legitimate reasons; cell segregation is a genuine commercial and legal tool. But the same feature that makes it useful makes it a near-perfect vehicle for obscuring risk from an institution that assesses it at entity level. Onboard the PCC as one customer, run CDD on the wrapper, arrive at one risk rating — and every distinct exposure inside the individual cells disappears into a single averaged assessment.

Private Asset Holding Vehicles and layered trust arrangements present the same problem in different clothing. A PAHV holds assets through layers; a complex trust interposes trustees, protectors and underlying entities between the visible client and the actual beneficial owner. In each case the risk that matters lives not in the visible wrapper but in the layers beneath it.

How a high-risk cell hides behind a low-risk average

The mechanism is worth stating plainly, because it is the whole problem. Suppose a PCC has a benign, low-risk core and fifteen cells, fourteen of them straightforward and one carrying a politically exposed connection or a sanctions nexus. Assessed at entity level, the institution sees a structure that is overwhelmingly low-risk and rates it accordingly. The single high-risk cell is not flagged, not escalated, not subjected to EDD — because at the level the assessment was performed, it is invisible. The structure has done exactly what its design permits: allowed one high-risk exposure to shelter inside a low-risk average.

In one engagement, a Guernsey PCC with seventeen protected cells had been onboarded and reviewed as a single entity. Cell-by-cell analysis surfaced three cells with PEP connections and one involving a sensitive minor-beneficiary arrangement — none of which the entity-level assessment had ever revealed. Internal teams, competent but without specialist structural expertise, had been unable to complete the work for over two years. The exposures were not hidden by sophistication; they were hidden by the unit of assessment.

Why standard CDD cannot see it

Standard CDD is built around the customer as a single unit. The onboarding form, the risk-rating model, the periodic review — all assume one customer, one beneficial-ownership picture, one risk rating. That assumption holds for the vast majority of customers and breaks completely for cellular and layered structures, where the correct number of risk assessments is not one but as many as there are cells or meaningful layers.

The failure compounds because the people performing the review often lack the specialist structural knowledge to recognise what they are looking at. A PCC presents as one entity on the documentation; without the expertise to know that the wrapper is many risks, an analyst working a standard template will diligently assess the wrapper and miss the point entirely. The diligence is real; it is simply aimed at the wrong unit.

Resolving the gap: assess the layers, not the wrapper

Closing the gap requires a different unit of assessment. The structure has to be mapped as it actually is — cells, sub-funds, holding layers, trustee and protector arrangements — to establish where control and benefit genuinely sit. Each cell and each meaningful layer is then assessed on its own merits: its own beneficial ownership traced to a natural person, its own jurisdictional exposure, its own PEP and sanctions screening.

This is more demanding than running a template, and that is the point. Some findings cannot be templated at all — a sensitive beneficiary arrangement, a PEP connection isolated in a single cell, a jurisdiction with limited transparency — and require specialist analysis and documented rationale. But it is the only approach that actually surfaces the risk these structures are capable of hiding. It is the core of CCL’s UBO and complex-ownership work, and it is what resolved the Channel Islands PCC portfolio to 100% natural-person ownership in six weeks.

Why this is a regulatory exposure, not just a technical one

It would be a mistake to file this under “technical complexity.” Beneficial ownership transparency is a foundational AML obligation, and a structure that lets a PEP or sanctions exposure pass undetected is a control failure regardless of how legitimate the wrapper is. As supervisors grow more sophisticated about complex structures, “we assessed it as a single entity” is precisely the explanation that turns a hidden exposure into a finding.

The institutions that handle these structures well are the ones that have recognised the category error and corrected it — assessing the layers, resolving to the natural person, and documenting the rationale at every step. The gap nobody is discussing is, in the end, a gap that closes the moment you stop assessing the wrapper and start assessing what is inside it.

Cognitive Compliance resolves beneficial ownership across PCCs, PAHVs and complex multi-jurisdictional structures. To resolve a structure your internal teams have been unable to complete, book an advisory call.

UBO PCC PAHV Protected Cells Beneficial Ownership CDD Trusts

Keep reading

Related insights

Regulatory Strategy 10 min read

Why KYC Is Broken in Most Banks (And Everyone Pretends Otherwise)

KYC failure is rarely a people problem. It is a design problem — flat effort, drifting standards, and MI that cannot answer the regulator's question. Here is what actually breaks, and how it gets fixed.

Read analysis
Risk & Classification 9 min read

The Illusion of Low Risk: Why Risk Scores Lie and Regulators Know It

Most institutions run customer risk models built for a population that no longer exists. A model that never flags looks like success — and is often a silent, systemic failure the regulator will find first.

Read analysis
AI Compliance Series 8 min read

Perpetual KYC Is Not an Automation Problem. It's an Architecture Problem.

Perpetual KYC is sold as an automation upgrade. Automate a broken review model and you get faster noise. The real work is architecture: triggers, data and escalation logic designed before any tool is bought.

Read analysis

Speak to the practice

Before it becomes a regulatory finding, make it a closed action.

A short, confidential advisory call to pressure-test where your KYC, AML, sanctions or risk-classification framework is exposed — and what a defensible fix looks like.

Book an Advisory Call View Case Portfolio