In brief:
- Know Your Business (KYB) is an organization’s regulatory and legal obligation to verify the identity of any entity they do business with, ensuring they don’t participate in money laundering, financing terrorism, or other financial crimes.
- KYB is similar to Know Your Customer (KYC), with a layer of complexity because it focuses on verifying that the entire business is legitimate, rather than just a single person.
- All fintechs, banks, and FIs are required to perform KYC and KYB checks to ensure that the businesses they are working with are legitimate and operating within the law.
Financial institutions and related businesses have long been required to thoroughly verify the identity of individual customers in a process known as Know Your Customer (KYC), but the 2016 Panama Papers leak exposed a gigantic loophole for criminals. They were hiding financial crimes like money laundering in less heavily scrutinized business financial accounts, and this is where Know Your Business (KYB) compliance requirements came into play.
In this article, we’ll cover:
Let’s start with the fundamentals of KYB, its history in regulation, and what it entails for businesses.
KYB stands for “Know Your Business,” and is a regulatory requirement that requires all businesses to verify other business entities with specific pieces of information to ensure that the business is legitimate, doesn’t have corrupt business owners or shareholders, and is not misusing funds.
Businesses are required to implement strong KYB processes to ensure that your company does not do business with another illegitimate company. If they don’t, they are subject to fines and other penalizations based on regulations.
The history of Know Your Business verification compliance
In the United States, Anti-Money Laundering (AML) regulations as we know them today date back to the Bank Secrecy Act (BSA) of 1970. As the country’s first anti-money laundering law, the BSA provided the common banking regulations we observe today, like tracking suspicious activity, scrutinizing foreign transactions, and reporting all cash transactions exceeding $10,000 per day.
The next significant development in fighting financial crimes through regulation came with the USA PATRIOT Act of 2001. Spurred by the 9/11 terrorist attacks, the USA PATRIOT Act required banks and related financial institutions to collect information on all individuals holding a current financial account or opening a new one.
Then in 2016 when the Panama Papers were leaked, they revealed a hidden web of businesses being used to launder money, hide assets, and otherwise allow bad actors to cloak their illicit money moves behind shell companies. The information revealed in the Panama Papers led to criminal charges, political fallout, and international embarrassment. But perhaps most influentially of all, they led to sweeping worldwide financial regulation.
As the Panama Papers revealed, the USA PATRIOT Act’s enhanced due diligence requirements still allowed for financial malfeasance between business bank accounts. To combat this, in 2016, the government issued the Customer Due Diligence (CDD) Final Rule. The CDD Rule spelled out specific requirements for banks, fintechs and other businesses when onboarding business customers.
This set of rules and best practices is now collectively known as KYB, or Know Your Business.
What is KYB verification?
KYB verification is the specific process of actually performing KYB checks on potential businesses you intend to onboard, work with, or bring on as a customer. It requires you to check specific information about a business to verify it is accurate—before becoming involved with them.
Know Your Business verification involves checking information including:
- Business name, phone numbers, and addresses
- Business formation documents including Articles of Incorporation and business formation documents
- UBOs (Ultimate Beneficial Owners) or people associated with the business
- EIN / TIN / Business Tax ID numbers
- NAICS Codes / SIC Codes / MCC Codes
- Criminal activity or involvement
- Watchlists, Sanctions Lists, OFAC, PEP, & RCAs
How is KYB different from KYC, CDD, EDD, or CIP?
All of these acronyms are hard to keep track of, and many of them mean very similar things. Here’s (essentially) what each one means:
- KYB (Know Your Business) - Performing checks based on financial regulations regarding businesses you intend to onboard
- KYC (Know Your Business) - Performing checks based on financial regulations regarding individual customers (people) you intend to onboard
- CDD (Customer Due Diligence) - Verifying information collected to ensure it is accurate
- EDD (Enhanced Due Diligence) - Conducting additional checks on identities for high-risk customers
- CIP (Customer Identification Program) - Determining customers are real entities with unique identities, that really belong to them
{{related-content-block="/blog/cip-cdd-edd"}}
In the U.S., KYB requirements are currently regulated by the Financial Crimes Enforcement Network’s (FinCEN) Customer Due Diligence (CDD) Final Rule.
Who is required to perform KYB checks
This rule states that the following entities should implement Know Your Business checks:
- Banks and other financial institutions (including fintechs)
- Mutual funds
- Securities brokers or dealers
- Futures commission merchants
- Commodities brokers
- Other financial institutions stipulated in the Bank Secrecy Act
Essentially, all financial entities such as banks, lenders, and payment service providers are required to implement the CDD Rule. No matter what stage you are at with your business development or growth, you would be required to have a properly implemented, maintained, and thorough KYB process in place.
{{gated-content-block="/insights/kyb-for-every-stage-of-a-business"}}
The key KYB compliance requirements focus on preventing an entity’s involvement with any businesses that are:
- Money laundering
- On Sanctions Lists or Watchlists (like OFAC)
- Financing terrorism
- Committing fraud, tax crimes, or other financial crimes
If your business has the potential to help enable any bad actors committing financial crimes, you would be bound by these regulations, and would need a formal Know Your Business verification process in place.
What Know Your Business verification checks you need to perform
To stay compliant with the CDD Rule, businesses must collect and verify the following information to onboard new customers:
- Name - The business’s registered, legal name.
- Address - The business’s operating address or addresses. A business’s operating address may be different from its registered address. For example, in the U.S., relaxed laws lead many corporations to register in Delaware, Nevada or Wyoming even when operating elsewhere.
- Taxpayer identification number (TIN) - For United States-based businesses, this is generally an Employer Identification Number (EIN). An EIN is a unique number that a business uses to open a bank account, file taxes, and otherwise verify its unique identity, and a thorough EIN Search would be required to verify a company’s TIN.
- Business registration status - Is the business registered in the state where they claim they are? Are they in good standing with their registration state’s Secretary of State?
- Licensing documentation - Are businesses up to date and in good standing with any local, state or federal licensing boards required to perform their business function?
- Identities of ultimate beneficial owners (UBOs) and their personal details - If shareholders have 25% or more of beneficial ownership in the company, you must verify the UBOs of a company by determining their identity, assessing their name, address, and valid government documentation such as a driver’s license or passport. You also must ensure that these individuals do not appear on international sanctions lists, are not suspected of funding terrorism, and otherwise have not proven to be bad actors
To remain compliant with anti-money laundering (AML) laws like the BSA, the USA PATRIOT Act, and the CDD Rule, entities onboarding businesses must implement KYB checks on all the information we just discussed, and ensure they’re not enabling financial crimes.
The CDD Rule does not prescribe exactly how each bank, financial institution, fintech or other entity should conduct these checks—that’s on the entity itself to determine what its process is. This makes it challenging to build your Know Your Business process, because each entity’s system will look a little different.
Here’s our advice on how to do it:
1. Appoint or hire a designated KYB Compliance Officer
The depth of regulations regarding KYB makes a Compliance Officer an absolute necessity, and it’s not a step you can skip. This person can set the tone at the top, build out the KYB verification process, and be responsible for implementation and the effectiveness of the program.
This person will also need to keep up to date with regulatory changes and new requirements, and make sure they are integrated into the existing KYB process.
{{gated-content-block="/insights/ebook-navigating-regulatory-changes-and-mitigating-risk"}}
2. Establish company-specific KYB policies & implement a training program for all employees
Once the Compliance Officer is in place, you can begin to build out the specific policies your company needs to have an effective KYB process—and these will look different at every company. You should be able to outline your process from beginning to end, including:
- Who at your company is responsible for what when it comes to KYB
- What information you need to check
- How you will collect the information from customers
- How you will assess risk during onboarding
- How you will perform Enhanced Due Diligence (EDD) when customers have high risk scores
- How you will keep up-to-date on regulatory changes and iterate your process
Once the policies are clear, ensure all team members are trained in exactly what they mean and how to follow them. Whether a team member is directly performing KYB checks or not, they should be aware of the Know Your Business process in full. When changes are made to the KYB policies and procedures later, make sure all team members are aware of it.
3. Take a risk-based approach to KYB onboarding
Onboarding risk assessment is a balancing act between making sure you are conducting thorough enough KYB checks to meet all required regulations, while not creating such a cumbersome and friction-filled onboarding process that it’s turning away customers and losing business.
The most effective way to balance this is by customizing your KYB process and fraud prevention based on the assessed risk level of each applicant, making sure legitimate customers are not unnecessarily burdened, but there are still completely adequate protections in place to halt any fraudulent activity. You can do this by:
- Segmenting applicants based on their risk profiles
- Implement dynamic individual risk scoring
- Automate onboarding with human oversight
- Use adaptive verification techniques based on the risk profile
- Implement continuous monitoring tools to uncover emerging threats
For more details, review our full guide on how to balance friction with fraud during onboarding.
4. Verify Know Your Business information across multiple valid sources
KYB is not just about collecting information from your customers, but verifying that the information is correct. To do that, you need to perform checks against data sources, and specifically, valid sources that have access to databases with the information you need.
5. Establish an Ongoing Monitoring system
Once you have these pillars of your KYB process in place, you should set up an Ongoing Monitoring system that can identify red flags or inconsistencies in your compliance program, and then make adjustments as needed. Ongoing Monitoring also helps you stay on top of Know Your Business regulation changes, and make sure they are integrated into your process.
It also ensures that your customers are being checked periodically, and not just when you onboard them. If something about their status changes like having a lien filed against them or entering a prohibited industry, you need to be aware of it, and have a plan on how to detect it and then act with it.
6. Automate the KYB process using software
There are a few methods and strategies you can use to automate your KYB process, but the most impactful way is to use KYB verification software to avoid doing manual identity checks on each individual business, which is simply not sustainable for companies that work with a high volume of other businesses.
Other things you can do include setting up rule-based decision making, leveraging and analyzing big data, and utilizing AI-powered tools and machine learning to help iterate your process—especially for repetitive tasks. If you want to learn more about this topic, we have a comprehensive guide on how to automate the KYB process with specifics on how to do each of these things.
7. Create a plan for how to deal with failed KYB checks or issues
It’s ambitious to think that your KYB program is going to be flawless from day one, so if you’re prepared ahead of time, you’ll be more equipped to deal with a problem when it comes up. Build out clear guidelines for failed KYB checks, security breaches, internal misconduct, loss of critical team members, and so on.
Having this in place means that if the worst happens, you’re prepared to deal with it. Not only will this protect your brand and your company’s reputation, but it could also save you when it comes to regulatory fines depending on how quickly and effectively you act when something goes wrong.
8. Run internal audits and iterate your KYB process
We’ve already mentioned how important it is to stay on top of KYB regulatory changes as they come, but it’s also important to remember that as your business and its offerings change, so might your risk exposure, and subsequently, the information you need to collect. You need to take this into account when it comes to your KYB verification process, and make sure it is evolving as you do.
You should also regularly review your KYB and fraud detection metrics, making sure you adjust your risk-based approach to continue to combat the emerging and evolving fraud threats, while keeping your onboarding process as frictionless as possible for your customers.
Most companies require the use of a dedicated Know Your Business tool they can implement in their identity verification process, so we’ve compiled a list of the top choices depending on the specific needs of your business.
1. Best for business identity verification & onboarding: Middesk
Middesk is a leading business identity verification platform, enabling you to verify and onboard more business customers, faster. With instant insights, you can score and evaluate risk with confidence to make business onboarding decisions faster.
Middesk aims to streamline business-focused onboarding, credit assessment, and entity management. With data on 100% of registered businesses in the U.S. and 92% of data refreshed within the last 10 days, you can be confident you are onboarding with accurate data.
Middesk customers have seen a 31% uplift in onboarding auto-approvals. See how they’re doing it with Middesk business identity verification.
2. Best for KYC (Know Your Customer): Socure
Socure’s platform focuses on KYC, and Socure is actually partnered with Middesk, so both tools can provide both types of identity verification. Socure unifies identity verification, fraud detection, and risk decisioning all in one platform, so you can enable many aspects of your full KYB process.
Check out Socure’s KYC platform.
3. Best for global businesses: Alloy
Offering business identity verification for companies outside of the U.S. as well, Alloy is more of a global solution with over 200 data sources integrated into a single workstream. By leveraging a lot of data simultaneously, you can use Alloy to really automate your onboarding process.
Learn more about Alloy’s identity verification tools.
4. Best for deposit & loan origination: MANTL
Providing Omnichannel Account Origination, MANTL is bridging the gap between in-branch and offline banking, and making information easier to access for consumers, businesses, and fraud prevention teams. Using MANTL can empower your growth by streamlining loan applications, while making sure you still mitigate fraud.
Take a look through Mantl’s deposit & loan origination offerings.
For more information on how to evaluate a KYB tool, check out our full list of the best KYB software:
{{related-content-block="/blog/best-kyb-software"}}
No company wants to inadvertently work with an illegitimate business. A clear set of Know Your Business requirements help keep honest businesses safe and operational while isolating the bad actors. Enhanced due diligence meets regulatory requirements and is just plain good business. But jumping through identity verification hoops also slows down the speed of business onboarding.
As the leading business identity verification platform, Middesk enables innovative companies to accelerate customer onboarding while managing risk at scale. Middesk’s Business Verification solution applies modern data science and machine learning techniques with trusted data sources to verify business identities in real-time, improving coverage rates while cutting manual review times.
Schedule a demo today to see how Middesk gives you the competitive edge by allowing you to onboard your customers quickly and accurately so you can spend less time on compliance and more time serving your customers.