For most jobs, being younger than five years or older than 100 years would be cause for concern. For more than 30,000 shell companies around the world whose listed directors include preschoolers and centenarians, it’s simply business as usual according to data on shell companies published by Moody’s Analytics.
Age appropriateness, duplicative directors listed at thousands of companies, and the same residential addresses repeatedly being passed off as headquarters are just some of the red flags presented by shell companies, or paper-only businesses, Moody’s wrote.
These are among the many questionable operating practices that make shell companies among the riskiest customers for banks on the front lines of money laundering and other financial crimes like tax evasion. Such risks are also the driving force behind Know Your Business (KYB) compliance.
What is KYB in banking?
KYB is the primary anti-money laundering (AML) practice used by banks when they have businesses as customers. The primary objective of the due diligence exercise is to confirm ownership and control in order to identify the individuals who are ultimately responsible for the business. Under KYB, owners with 10-25% or more shares — known as ultimate beneficial owners (UBOs) — then undergo a Know Your Customer (KYC) review to determine and verify the identity of individuals, primarily via screening a standard form of identification as well as screening against lists of sanctions and other watchlists. The KYB process also includes confirming evidence of the company’s existence and their source of funding, understanding the business and its risks, and ascertaining expected transaction size and scope.
Many banks use KYC as the umbrella term for the entire due diligence process at onboarding as well as ongoing monitoring and periodic updating.
KYB compliance in banking
Banks and other financial institutions are routinely targeted by criminals for the historical ease of placement, the first stage of money laundering, when illegitimate proceeds from illegal activities are deposited into legitimate enterprises. In extreme cases, these funds are used to finance terrorism, human trafficking, and other serious crimes. KYB compliance is one of the best AML tools companies have to protect themselves and the larger global financial system from fraud.
Major U.S. KYB regulations for banks
Since 1970, U.S. banks and financial institutions, including mortgage lenders, credit unions, brokers, and more recently, cryptocurrency exchanges, have been regulated under the Bank Secrecy Act (BSA), which is overseen by the Financial Crimes and Enforcement Network (FinCEN) under the U.S. Department of the Treasury. The BSA outlines several KYB and KYC requirements that impacted entities must meet.
The BSA has been amended several times, including most recently in 2016 with the Customer Due Diligence (CDD) Final Rule, which specifically added the following identity and verification requirements:
- Identify and verify the identity of customers.
- Identify and verify the identity of the beneficial owners of companies opening accounts.
- Understand the nature and purpose of customer relationships to develop customer risk profiles.
- Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.
The Anti-Money Laundering Act of 2020 (AMLA) further built upon the BSA by expanding the definition of “financial institutions” to formally include cryptocurrency as well as dealers of art and antiquities. It also increased the penalties for knowingly misrepresenting or falsifying KYB-related due diligence information like beneficial ownership. The AMLA includes the Corporate Transparency Act (CTA), which creates further obstacles for shell companies and other high-risk entities by requiring many companies to self-report their ownership to FinCEN. Additionally, some U.S. states are now creating beneficial ownership laws and registries.
Beyond regulations, FinCEN also closely monitors money laundering and fraud trends and issues ad hoc advisories. For example, back in 2006, FinCEN first issued a warning on the risks of shell companies for banks.
Outside of the U.S., regulated banking security measures are region- and country-specific. For example, the European Union’s Anti-Money Laundering Directives (AMLDs) guide what EU jurisdictions must require of their banks and financial institutions to protect against financial crimes. Since 2015, under the 4th AMLD, banks in EU member states have had to identify UBOs. And in 2018, the 5th AMLD added more due diligence requirements for riskier customers, as well as a central register for beneficial owners.
KYB compliance requirements
Banking regulations for KYB can vary depending on:
- Jurisdictions or countries where a customer’s business is operating
- Jurisdictions or countries where the customer’s owners and controllers are located
- Industry and perceived risk
- Past negative news, such as sanctions
- Connection to politically exposed persons
The process for completing KYB can seem relatively straightforward:
- Verify the business by obtaining evidence of the name and address, proof of incorporation or registration, and ownership.
- Verify the key individuals involved in the business such as owners and key controllers, including the board of directors, legal representatives, trustees, and/or C-suite executives — and collect an ID.
However, when it involves non-U.S. countries, there can be notable differences.
For example, in Germany, to complete the KYB portion of the review of a standard corporate entity, an excerpt from a commercial or cooperative register may contain most of what is needed, or comparable official register and incorporation documents. This includes the names of controllers and owners.
Whereas in India, banks will require a certificate of incorporation, articles of association, business permanent account number (PAN), a current list of directors with biographical information (including full legal name, citizenship, and residential address), resolution from the board of directors, and power of attorney granted to managers, employees, or others designated to handle transactions.
Make KYB as easy as KYC with Persona
If you are a bank or financial institution looking to improve your banking due diligence workflow, automate redundant steps, and eliminate repeat customer requests, you need a KYB tool kit flexible enough to adapt to your unique requirements.
Here at Persona, we’ve designed our identity infrastructure to be configurable so you can build the verification workflows that best fit your needs. For example, Persona KYB can centralize research results and documentation for ease of access or segregate as necessary to adhere to compliance requirements.
With our expansive library of verifications, you can quickly and easily collect and analyze government IDs, other electronic documents, and even mobile driver’s licenses. Running reports, such as watchlist screenings, PEP scans, adverse media reports, and other database queries allows you to build out a fuller picture of entities and the individuals associated with them. If you have phone numbers and email addresses provided by prospective customers, our products can also assess their reputation in the background to provide you with a richer picture of risk.
Keep your team organized by using Workflows to align KYB with KYC, automatically send links to customers to complete KYC after UBOs are identified, and uncover and proactively block questionable customers with Graph.
Interested in learning more? Start for free in as little as a day or two or get a demo today.