The growing compliance case for verified contact registers in mining and private equity.
Most companies, if asked whether their shareholder register is accurate, will say yes. It’s in the system. It gets updated when there’s a trade. The transfer agent handles it.
Most companies are wrong.
The register might be accurate in a technical, legal sense, recording who owns what and when the transfer happened. But the contact information attached to those records? The phone numbers, email addresses, mailing addresses for the human beings behind those positions? That’s a different question entirely. And it’s a question that regulators, increasingly, are starting to ask.
Beneficial ownership transparency requirements are tightening across the UK, Canada, and Australia. Anti-money laundering frameworks are demanding more rigorous identification of who actually sits behind a shareholding. And the expectation that a company can demonstrate it knows who its investors are, can actually reach them, can verify their continued existence and engagement, is moving from a governance best practice to a compliance baseline.
We once started a shareholder outreach campaign for a mining executive who handed us a list and asked us to call through it. The calls immediately ran into trouble. People were confused about who we were calling from. Some were hostile. A number asked how we’d gotten their number at all. When I called the client to understand the list’s origins, the answer was illuminating, and not in a good way.
He had accumulated shareholders across four separate public companies over the course of his career. At some point, someone had simply merged all of those lists together and handed it to us as if it were a coherent record. There was no segmentation. No consent trail. No way of knowing which investors had a relationship with which company, or whether any of them had asked to hear from this particular entity at all.
It was an honest mistake. But it was also exactly the kind of data governance failure that, in a tightening regulatory environment, creates real exposure. The question of where that list came from, how it was assembled, and whether the people on it had any legitimate reason to receive unsolicited contact is not an abstract one anymore.
There’s also a dimension to this that goes beyond formal regulation, into the realm of operational intelligence. We have made outreach calls, supposedly routine contact verification campaigns, that surfaced things the client had no idea about. A service relationship in serious distress. A key contact who had left a role and been replaced by someone who actively disliked the company. In one case, a complaint about individual conduct that the client immediately recognised as significant. They asked how we knew. We knew because a real person had spoken to a real customer, asked how things were going, and listened carefully to the answer.
The instinct in most organisations is to treat compliance as a cost. The paperwork. The filing. The thing you do to avoid a fine. The smarter way to think about it, particularly for mining companies, PE-backed businesses, and organisations building shareholder registers ahead of significant liquidity events, is that a clean, verified, well-documented contact register is a genuine organisational asset. It demonstrates governance maturity. It removes exposure. And it builds the kind of trust with investors and regulators alike that is extraordinarily difficult to rebuild once it’s been lost.
The companies that are thinking about this now, while it’s still a choice rather than a mandate, will be in a very different position to those who start thinking about it when someone asks them to prove they know who their shareholders are.
Know your shareholders. Not as a regulatory exercise. As a business fundamental.
