Nothing thrills — or terrifies — a compliance analyst more than a complex corporate ownership structure. Multiple layers, the seemingly random presence of holding companies, dotted and solid lines of indirect ownership, and multiple family members with nearly identical names. Extra points if you have to grab a calculator and scratch paper to determine the ultimate beneficial owners (UBOs).
Individual identity verification through Know Your Customer (KYC) might get the lion’s share of the attention when it comes to protecting against fraud and money laundering, but performing Know Your Business (KYB) verifications to understand the businesses conducting business is itself, well, big business.
Companies are fined millions of dollars each year by regulators for failing to complete sufficient KYC- and KYB-related due diligence on their customers. In September 2023, the Puerto Rico-based Bancrédito International Bank & Trust Corporation was fined $15 million by FinCEN for various regulatory violations, including not implementing and maintaining an anti-money laundering (AML) program. As a result, the bank processed millions of dollars in suspicious transactions between 2015 and 2022.
When companies take the time and effort to learn key details about who they are working with, they not only reduce the likelihood of criminal activity and associated fraud, but also costly enforcement actions by government regulators and the undesirable negative news coverage that follows. Chances are, you have teams focused on KYB or KYC, and probably both. So it’s important that you can articulate what each process entails and where your worlds overlap.
What is KYC?
Know Your Customer (KYC) is the series of anti-money laundering (AML) protections that banks, financial institutions, and a growing list of other companies use to determine and verify the identity of individuals prior to entering a transactional relationship. The most basic KYC practice is to collect and screen a customer’s identity using a standard form of identification. Pending the results of the screening, further due diligence may follow.
Depending on their industry and business location(s), companies can either choose to implement KYC on their own or they may be mandated to do so. KYC reviews are also completed periodically or as information changes, such as if there is a name change or an ID expires.
What is KYB?
Know Your Business (KYB) is the due diligence practice used when a customer is a business. The primary driver of KYB is to drill down to the individuals who own, control, or own and control the business. Companies are generally responsible for identifying owners with 10-25% or more shares of their customer. Once confirmed, the UBOs then undergo a KYC review, which effectively bridges KYB and AML.
Regulatory requirements
Nearly every country has enacted regulatory requirements related to understanding the business. For example, in the U.S., the Financial Crimes Enforcement Network (FinCEN) oversees customer due diligence mandates. For much of Europe, the EU 5th Anti-Money Laundering Directive (5AMLD) guides respective EU laws requiring companies on the front lines of finance to better know their customers.
Key steps in KYB and KYC
What is required to complete KYB and KYC can vary greatly between companies and depends on factors such as business need, risk appetite, and available budget. However, the most basic KYB and KYC compliance programs generally feature the same foundational steps.
Business entity verification
Just like a KYC process requires an ID or passport for an individual, businesses also have to show proof of their legal existence. Customers that are businesses must be validated under a Customer Identification Program, typically using official business registration databases maintained by countries, states, and/or cities. Legal documentation may also be collected from the business itself, such as a certificate of incorporation or articles of formation, shareholder registry, Board of Directors meeting minutes, etc. These generally require legal validation.
KYC identification and verification
For banks and other financial institutions and related entities, every individual account holder will need to provide a current and valid form of identification, usually a driver’s license or a passport. Depending on regulatory guidelines, businesses will also need to identify the UBOs, which can include major shareholders, board members, managers, beneficiaries, trustees, and legal representatives — and provide identification for some or all. The names and any identifying information or accompanying identification will then be verified.
Screening
The screening process can range from simple ID verification to confirm its validity to screening applicants against global watchlists, sanctions lists, politically exposed person (PEP) lists, and adverse media to flag known negative news that could create additional money laundering, corruption, or reputational risk for a company.
Additional compliance requirements
KYB and KYC processes are dictated by increasingly complex and nuanced AML regulations that vary depending on:
- Jurisdictions or countries where a business is operating
- Jurisdictions or countries where their owners and controllers are located
- Industry and perceived risk
- Past negative news, such as sanctions
- Connection to politically exposed persons
Customer due diligence
Depending on the above risk factors, as well as any results from screenings, the KYB process could also require a range of customer due diligence reviews, such as confirming the company’s source of funding, understanding the business being conducted, and any anticipated mergers or changes as well as expected transaction size, scope, and geography.
KYB and KYC in financial transactions
Completing both KYB and KYC is not only proper fraud prevention but also an assurance to the public that your company values trust and safety and is willing to invest in it. Failing to fully vet customers can cost far more.
Going back to Bancrédito International Bank, investigators found several egregious examples of KYB and KYC failures, including with one customer, an unnamed Venezuelan national who was conducting personal business with Bancrédito’s chairman as well as sending multimillion-dollar cross-border wires. Not only was the individual publicly named in a previous lawsuit alleging participation in a Ponzi scheme, but the person even had an historical connection to late president and infamous dictator Hugo Chávez. A simple KYC review would have found several reasons for the individual to be flagged as high risk.
Likewise, another Bancrédito customer was an investment company with the sole stated purpose of owning a luxury yacht. Though the bank never confirmed the beneficial ownership of the yacht, according to its consent order, the customer’s account was still allowed to make $1.3 million in flagged transfers to unrelated accounts for the purpose of renovating the yacht they may or may not have owned. The initiator of those funds? Bancrédito’s chairman, who had no confirmed link to the investment company or the yacht. Again, even the most basic of KYB compliance programs would have identified the need for further due diligence and legal review.
Not every customer is going to be popping bottles on the high seas or fraternizing with the political elite, of course. But a responsible KYB and KYC program — and an informed risk assessment — should be in place to protect your bottom line.
Future trends in KYB and KYC
The nature of criminals is always to remain a step ahead of those trying to stop them. The financial crimes of the future aren’t necessarily known yet, though it is highly likely that artificial intelligence (AI) and cryptocurrency will be involved. AI is also expected to be a strong tool in the belt of banks and law enforcement, both to aid in verification as well as mine data for suspicious transactions. Natural language processing, network analytics, and predictive analytics are all advancements that are being implemented and sharpened now for future benefit.
Make KYC and KYB seamless with Persona
If your company is looking to improve its due diligence workflow, automate redundant steps, and eliminate repeat customer requests, you need a KYC and AML tool kit flexible enough to adapt to your unique requirements.
Here at Persona, we’ve designed our identity infrastructure to be flexible and easy to integrate so that you can build verification workflows to onboard businesses quickly and ensure global compliance with KYC, AML, and KYB regulations. For example, Persona helped payment provider Branch scale its KYB process to complement its existing KYC program. The key to creating a KYB process as seamless as KYC was bringing in various data sources and consolidating existing information, thereby enabling decisions to be made faster with a more complete information set.
With our expansive library of verifications, you can quickly and easily collect and analyze government IDs, other documents, and even mobile driver’s licenses. Running reports, such as watchlist screenings, PEP scans, adverse media reports, and other database queries allows you to build out a fuller picture of individuals or entities. For additional risk signals, you can fully assess the phone numbers and email addresses that prospective customers provide. Use Workflows to reap the benefits of automation, such as aligning KYB with KYC and automatically sending links to customers to complete KYC after UBOs are identified. Graph can uncover and proactively block money launderers and other known individuals in their network.
Interested in learning more? Start for free or get a demo today.