Understanding KYB and How it Relates to KYC (2024)

A new study from Juniper Research expects merchant losses from online payment fraud to exceed $362 billion globally between 2023 to 2028, with losses of $91 billion alone in 2028. Scammers who impersonate legitimate businesses play a crucial role in committing online payment fraud via marketplaces and other online services.

Merchant fraud, where fraudsters impersonate legitimate businesses, is also a major issue. In 2023, the US Federal Trade Commission reported more than 330,000 instances of business impersonation scams and nearly 160,000 reports of government impersonation scams.

To stay safe, businesses need to get to know each other before they work together. This involves Know Your Business (KYB)—a process that encompasses a wide range of procedures, including counterparty identification, determining company structure, beneficial owners etc. 

KYB measures are typically required by n AML regulations, and most jurisdictions have pretty much the same requirements. Getting them done properly—and in full compliance with all applicable laws—can put considerable strain on a business’s resources.

Let’s dive deep into KYB, how it differs from KYC, and how we verify businesses at Sumsub.

What is KYB verification?

Know Your Business verification, or KYB, is a due diligence procedure aimed at establishing the structure, ownership (including the Ultimate Beneficial Owner or UBO), economic profile, or group structure (if applicable) of a business. It also involves procedures for establishing the purpose of a business relationship and the activities of the business in question. This process enables companies to determine the authenticity of the entities they are dealing with to ensure they are not being used to conceal the identities of owners for illegitimate purposes.

Know Your Business verification measures are key components of Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations. They are also legally required by the Financial Action Task Force (FATF), regional regulations such as the 5th and 6th EU AML directives, and various national AML laws.

Why is KYB necessary?

The main reasons for implementing KYB services are compliance and fraud prevention.

1) KYB compliance. KYB helps AML-regulated companies understand whether their partners, corporate customers, or suppliers are:

• Presenting money laundering and terrorist financing risks
• Involved in financial crime or other illicit activity
• Subject to sanctions or other adverse regulatory action or adverse and negative publicity
• Suspended from activity or fined for violating regulations

Multiple regulatory watchdogs, including the UK’s Financial Conduct Authority, the European Banking Authority, and FATF, require identifying and verifying companies and UBOs in their guidelines.

KYB enables companies to assist law enforcement by reporting suspicious activity and providing available information on customers or activities being investigated.

Suggested read: Complete Guide to Suspicious Activity Reports

Inadequate KYB may be an AML warning sign. Therefore, when a company begins working with a corporate customer before carrying out necessary due diligence procedures, it exposes them to money laundering or terrorist financing risks.

2) Fraud prevention. KYB helps companies detect and eliminate fraudsters among their counterparties. This helps reduce the financial and reputational risks of money laundering, terrorist financing, and fraud.

Fraud can easily make its way into the business sphere. For instance, a fraudster can find a company that hasn’t been in operation for several years, rename it, and start placing orders with suppliers without any intention to pay for them. Before anyone realizes what’s going on, the fraudster has disappeared with millions in goods.

That’s why it’s important to notice red flags ahead of time. These include, but are not limited to:

• The company’s office address and shipping address do not match
• There is no significant credit record on the company
• The company’s official documents include mistakes or edits
• The company’s ownership is changing on a frequent basis

Requirements for KYB compliance

When establishing a business relationship with a corporate customer, regulated companies must conduct CDD (customer due diligence) procedures in accordance with AML regulations. Usually, this involves the following steps:

1. Collecting information that identifies the company, including:

• Name, registered number, registered office and principal place of business
•  Board of directors or members of the equivalent management body
• Senior management
• The law to which it is subject
• Description of the company’s activities and business model by obtaining a business plan or the articles and memorandum of association for example
• Any license from a regulatory body authorizing the entity to conduct certain activities
• Group structure if part of a group
• Legal and beneficial owners.

2. Collecting company documents, including:

• Articles of association or other governing documents 
• Proof of legal existence (certificate of incorporation)
• Documents disclosing beneficial ownership structure (articles & memorandum of association)
• Proof of registered and physical address, etc.
• Audited financial statements if necessary, i.e. if enhanced due diligence is needed

3. Verifying the identities of beneficiaries

Beneficiaries are those who directly or indirectly own more than 25% (in some jurisdictions, 10-20%) of the company or otherwise exercise significant control over it. The following documents need to be provided for verification of such individuals:

• Proof of identity, i.e. national identity card or passport
• Proof of address, i.e. utility bill or bank statement not older than three months
• Declaration of trust, etc. 

4. Understanding the nature and purpose of the proposed business relationship

This is to assess whether the intended relationship is in line with the company’s expectations and has a meaningful basis for ongoing monitoring.

5. Geographical considerations

• Local regulations: This involves checking the company’s compliance with local regulations and requirements specific to the jurisdiction where the business is registered and operates.
• Cross-border operations: For businesses operating in multiple jurisdictions, it means ensuring compliance with the regulations of all relevant countries.

6. Applying the risk-based approach to determine high-risk corporate customers

This allows companies to adopt a more flexible set of measures based on their available resources, needs, and industry risks for a more effective approach.

7. Industry-specific requirements

• Regulatory filings: Depending on the industry, there may be additional regulatory filings or KYB compliance requirements (e.g., financial services, healthcare, real estate).
• Professional licenses: For businesses in certain professions, it means verifying the credentials and licenses of key personnel may be necessary.

8. Performing anti-money laundering (AML) screening to identify high-risk conditions when dealing with corporate customers

This involves screening companies and their beneficiaries against sanctions lists, global watchlists, PEPs lists, adverse media and other similar sources.

9. Performing ongoing monitoring of business relationships with corporate customers

This involves checking if the company structure has changed, whether officials have been added to a PEP list, or if its jurisdiction has appeared under sanctions. To track all these changes over the course of a business relationship, the ongoing monitoring process should include:

• Scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds). This is to ensure that the transactions are consistent with the company’s knowledge of the corporate customer, their business, and risk profile
• Ensuring that the documents or information obtained for CDD purposes is kept up to date.

The above measures help companies know their customers better, assess risks, and ensure that partners are not involved in money laundering, terrorist financing, or financial crime.

10. Record-keeping

Businesses must keep copies of documents obtained through conducting due diligence on both individuals and companies. Most regulatory and legal frameworks dictate that companies must retain data for five years after the end of the customer relationship/completion of an occasional transaction. These records should contain the following:

• Customer information
• Transactions
• Internal and external suspicion reports
• Money Laundering Reporting Officer (MLRO) annual (and other) reports
• Information not acted upon
• Training and compliance monitoring
• Information about the effectiveness of training

Who needs KYB?

The list may differ from jurisdiction to jurisdiction. As an example, the 5th AML directive states that KYB is required for the following AML-regulated entities:

• Financial institutions
• Credit institutions
• Online payment services
• Online banking
• Crypto marketplaces
• Services auditors
• External accountants tax advisors
• Notaries
• Trusts
• Estate agents
• Gambling services

However, some corporate customers are not subject to identifying beneficial owners. Such companies include:

• Those listed on a regulated market in the European Economic Area (EEA), or on a non-EEA market that is subject to specified disclosure obligations;
• Majority-owned and consolidated subsidiaries of such companies listed as above.
• KYB verification is also beneficial for non-regulated industries such as e-commerce platforms and car sharing services. Such verification helps expose shell suppliers and the individuals behind them.

What is KYC?

Know Your Customer (KYC) is the process of identifying and verifying customers. Identification means gathering a customer’s personal data; verification means checking that this data is accurate.

To identify a customer, businesses usually need at least the following data:

• Name
• Date of birth
• Address.

Under Anti-Money Laundering (AML) obligations, businesses must also ensure that customers are trusted individuals—i.e., not fraudsters or under sanctions. This can be done by сhecking global sanctions lists, watchlists, blocklists, or adverse media.

Suggested read: KYC Guide—What’s KYC and Why Is It Important?

The connection between KYC and KYB

KYC

Focus:

KYC is primarily focused on verifying the identity of individual customers to prevent fraud, money laundering, and other financial crimes. 

Checks:

The usual checks include verification of personal information such as name, date of birth, address, and identification documents (e.g., passport, driver’s license). Additional checks may include examining financial history, monitoring transactions, and assessing risk profiles.

Industries:

KYC is largely adopted by both regulated and unregulated industries. 

It’s obligatory to implement KYC for AML-obligated entities, such as banks, neobanks, crypto, law firms, real estate, car sharing, and other businesses dealing with personal financial transactions. Unregulated entities primarily implement KYC to prevent fraud. 

KYB

Focus:

KYB is aimed at verifying the identity and legitimacy of businesses. It ensures that businesses are genuine, legally registered entities and helps prevent corporate fraud and other illegal activities.

Checks:

Depending on the nature of business and exact jurisdiction, KYB checks involve collecting information about the business entity, such as its registration details, ownership structure, and key management personnel. It includes verifying business licenses, tax identification numbers, corporate filings, and sometimes financial statements.

Industries:

KYB is used by financial institutions, payment processors, marketplaces, e-commerce platforms and other entities that need to verify the legitimacy of businesses they are dealing with.

KYC and KYB regulations

KYC:

KYC is adopted by both regulated and unregulated entities to make sure that clients are who they say they are and prevent fraud. KYC processes are also governed by Anti-Money Laundering (AML) laws, like the USA PATRIOT Act and the European Union’s Anti-Money Laundering Directives, which means that regulated entities are obliged to adopt KYC.

KYB:

KYB requirements are also driven by AML regulations, but they are more focused on corporate entities. Regulations also vary widely depending on the jurisdiction and the type of business.

In March 2023, the Financial Action Task Force (FATF) updated its guidelines on beneficial ownership. The revision emphasizes the need for countries to implement a “multi-faceted strategy” in this area. It is crucial for relevant authorities to have access to accurate, current, and comprehensive information about the beneficial ownership of legal entities. Furthermore, these authorities must ensure that both primary and beneficial ownership details are promptly updated.

How Sumsub’s KYB solution works

Sumsub works to understand the specific requirements of each business and offers a comprehensive, tailored KYB check that fully automates company verification and AML screening. 

Sumsub offers six unique modules that can be combined via the Workflow Builder, making Sumsub the only 6-in-1 solution on the market:

1. Corporate registry check
2. Ownership and control check
3. UBO verification
4. AML screening
5. Questionnaires 
6. Corporate documents review

The client can choose how many modules they need and combine them as they like.

Businesses usually need to integrate three or four vendors to cover the same scope. However, Sumsub has everything in one place, covering all business verification needs and allowing businesses to customize the checks as they want.

Data collection

There are three ways to collect required data from companies and UBOs:

• Widget—this is the Web SDK that customers use to collect required data. Customers can embed the widget on their website, or simply send the user a link to the widget where they can fill in all required information.
• Dashboard—where customers can create applicant profiles and upload all information they already have about users.
• API integration—a way to create applicant profiles where customers can send required data using API requests.

The only following basic KYB data is mandatory for corporate registry checks:

• Company name
• Country

KYB checks

1. Registry checks. Additional information about the company is extracted from global and local registries:

• Company name
• Registration number
• Whether the company is active
• Company type
• Nature of business
• The company address
• The corporate structure
• Shareholders and beneficiaries

2. AML screening. This includes screening of legal entities and individuals against global sanctions and watchlists, PEP lists, adverse media, etc. AML screening is applicable in more than 190 countries. If nothing suspicious is found, the status of the company will be green; otherwise, all suspicious matches will be indicated as full or potential.

Applicants can add additional levels of verification and make them mandatory for users if needed.

Sumsub’s KYB verification steps

There are 5 steps to effective KYB verification:

Step 1: Collecting company data

Customers set the required levels of verification and determine the types and quantity of required documents. This step can be basic (only the company name and country) or may include additional fields such as company website, register location, legal address, postal address, etc. The customer can also set customized fields for UBOs, shareholders, and representatives.

Step 2. Using questionnaires

The customer can prepare and send questionnaires to their counterparts in order to:

• Determine the risk level of the verified company
• Collect additional information from the verified company, if needed
• Upload custom documents, for example, Source of Funds

The customer may use questionnaire templates or customize their own. The questions can be made optional or mandatory.

Step 3. KYC verification of Ultimate Beneficial Owners (UBOs)

UBOs, shareholders, and representatives are required to undergo KYC verification in the system. A wide range of automated KYC checks can be set for each of them. In addition to identity verification, UBOs, shareholders, and representatives can be required to undergo a liveness check, as well as screening against sanctions lists, global watchlists, PEPs lists, adverse media, etc. It depends on the particular KYB flow determined by the customer.

There are various ways for users to proceed with identity verification:

• The user copies a link and sends it to the beneficiary via messenger or email
• If there is no liveness check in the flow, an authorized representative of the company can provide appropriate documents on behalf of the beneficiaries to complete verification. An authorized representative is an individual whose legal authority to act on behalf of the customer is confirmed by power of attorney
• All verification statuses are updated automatically and the system allows the applicant to re-upload documents and pass checks again if something goes wrong. Also, the customer can see the reasons provided for document resubmissions, pending applications, and incomplete document submissions by beneficiaries

The customer can see the company structure in the dashboard, including all verified individuals, percentage of ownership, and verification statuses. All this information can be submitted to the regulator in the form of a report.

Step 4. Uploading documents

Depending on the regulatory requirements, companies may upload documents that confirm their legal existence and identify/verify shareholders and beneficiaries. Users may set mandatory documents such as:

• Certificate of incorporation/registration
• Memorandum/articles of incorporation/association/ registration
• Excerpt from a state company registry
• Shareholder registry
• Director registry, etc.

The types and number of documents required may vary depending on the business specifics, jurisdiction, etc. The company can check the applicant’s uploaded documents and perform AML and registry checks themselves, or delegate this function to Sumsub’s KYB specialists.

Sumsub has a unique team of compliance specialists who can handle the entire due diligence process, including reviewing the corporate documents.

Step 5. Obtaining a company report

The client can download the report with the following information:

• All manual and automated checks performed
• All information from registries, documents, and questionnaires
• Company structure and officers
• UBOs and corporate documents
• Links to the sources used during the checks (local and international government records, watchlists, sanctions lists, etc).

To sum up, Sumsub’s moduled KYB verification solution makes life a lot easier for businesses which can customize the checks as they want with Sumsub. Companies obtain all the data they require ( corporate structures, registry documentation, identified ultimate beneficial owners, etc.) in one straightforward window, with enhanced due diligence KYC available. Important to mention that, depending on the regulations or client needs, some of the steps can be skipped or added. 

Sumsub’s KYB solution helps businesses confidently onboard counterparties while enabling continuous, automated data re-checks and monitoring services to mitigate risk within existing business relationships.

FAQ

• What is KYB verification?

  KYB verification is the process of validating the identity and legitimacy of a business entity.

• What is KYC and KYB?

  KYC (Know Your Customer) involves verifying individual customers, while KYB (Know Your Business) focuses on verifying business entities.

• What are KYB requirements?

  KYB requirements typically include business registration documents, ownership and management information, financial statements, and compliance with relevant regulations.

• What is KYB compliance?

  KYB compliance ensures that a business adheres to regulatory standards for verifying and maintaining accurate information about its identity and operations.