Fraud and money laundering are growing threats to the B2B industry. In 2021, 98% of B2B retailers, manufacturers and marketplaces had experienced financial losses due to successful fraud attacks.
To stay safe, businesses need to get to know each other if they work together. This involves company identification, verification of the information provided by the business counterparty, determining company structure, beneficial owners etc. Such Know Your Business (or KYB) measures are also required by national and global AML regulations.
Most jurisdictions have pretty much the same requirements for KYB measures. Yet, for businesses, getting these done properly—and in full compliance with all applicable laws—can put considerable strain on their resources.
Let’s dive deep into KYB and see how we verify businesses at Sumsub.
What is KYB verification?
Know Your Business, or KYB, is a due diligence procedure aimed at establishing the structure, ownership, purpose and activities of a given company. This process enables companies to determine the authenticity of the entities they are dealing with to ensure they are not being used to conceal the identities of owners for illegitimate purposes.
KYB verification measures are key components of Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) regulations. They are also legally required by the Financial Action Task Force (FATF), regional regulations such as the 5th and 6th EU AML directives, and various national AML laws.
When establishing a business relationship with a corporate customer, a regulated company must conduct CDD procedures in accordance with AML regulations. Usually, this involves the following steps:
- its name, registered number, registered office and principal place of business;
- its board of directors or members of the equivalent management body;
- its senior management;
- the law to which it is subject;
- its legal and beneficial owners.
- articles of association or other governing documents;
- proof of legal existence (certificate of incorporation);
- documents disclosing beneficial ownership structure (articles & memorandum of association);
- proof of registered and physical address, etc.
Beneficiaries are those who directly or indirectly own more than 25% (in some jurisdictions, 10-20%) of the company or otherwise exercise significant control over it. The following documents need to be provided for verification of such individuals:
- proof of address;
- declaration of trust, etc.
This is to assess whether it’s in line with the company’s expectations and has a meaningful basis for ongoing monitoring.
This allows companies to adopt a more flexible set of measures to target their resources more effectively and apply preventative measures relevant to the nature of risks.
Performing anti-money laundering (AML) screening to identify high-risk conditions when dealing with corporate customers
This involves screening companies and their beneficiaries against sanctions lists, global watchlists, PEPs lists, adverse media and other similar sources.
This involves checking if the company structure has changed, whether officials have been added to PEP list, or if its jurisdiction has appeared under sanctions. To track all these changes over the course of a business relationship, the ongoing monitoring process should include:
- scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds). This is to ensure that the transactions are consistent with the company’s knowledge of the corporate customer, their business and risk profile;
- ensuring that the documents or information obtained for CDD purposes is kept up to date.
The above measures help companies know their customers, assess risks and ensure that their partner is not involved in money laundering, terrorist financing and financial crime.
Businesses must keep copies of documents obtained through conducting due diligence on both individuals and companies.
Companies must retain data for five years after the end of the customer relationship/completion of an occasional transaction. These records should contain the following:
- customer information;
- internal and external suspicion reports;
- Money Laundering Reporting Officer (MLRO) annual (and other) reports;
- information not acted upon;
- training and compliance monitoring;
- information about the effectiveness of training.
Why is KYB necessary?
The most obvious reasons for KYB verification include regulatory compliance and fraud prevention.
1) Regulatory compliance. KYB helps AML-regulated companies understand whether their partners, corporate customers or suppliers are:
- presenting money laundering and terrorist financing risks;
- involved in financial crime or other illicit activity;
- subject to sanctions or other adverse regulatory action.
In addition, business verification enables companies to assist law enforcement by reporting suspicious activity and providing available information on customers or activities being investigated.
Inadequate CDD, or lack thereof, may be a warning sign of a violation of AML regulations. This means that a company begins working with a corporate customer before carrying out necessary due diligence procedures, exposing them to the risk of involvment in money laundering or terrorist financing.
2) Fraud prevention. KYB helps companies detect and eliminate fraudsters among their counterparties. This helps reduce the financial and reputational risks of money laundering, terrorist financing and fraud.
Fraud can easily make its way into a business. For instance, a fraudster finds information about a company that hasn’t been in operation for several years. They rename it and start placing orders with suppliers without any intention to pay for them. Before anyone realizes what’s going on, the fraudster has disappeared with millions in goods.
That’s why it’s important to notice red flags ahead of time. These may include but are not limited to:
- the company’s office address and shipping address do not match;
- there is no significant credit record on the company;
- the company’s official documents include mistakes;
- the company’s ownership has changed significantly.
Who needs KYB?
According to 5th AML directive, KYB is required for the following AML-regulated entities:
- financial institutions;
- credit institutions;
- online payment services;
- online banking;
- crypto marketplaces;
- services auditors;
- external accountants tax advisors;
- estate agents;
- gambling services, etc.
However, some corporate customers are not subject to identifying and verifying the identities of beneficial owners. Such companies include:
- those listed on a regulated market in the European Economic Area (EEA), or on a non-EEA market that is subject to specified disclosure obligations;
- majority-owned and consolidated subsidiaries of such companies listed as above.
KYB verification is also beneficial for non-regulated industries such as e-commerce platforms and car sharing services. Such verification helps expose shell suppliers and the individuals behind them.
Automated & Manual KYB
The KYB process is complex and requires companies to collect, analyze, and manage vast amounts of data on the businesses that they have relationships with. Doing this manually is typically even more complicated and time-consuming as it requires:
- creating in-house compliance infrastructure with IT-experts and compliance officers;
- screenings through an endless number of watchlists, sanction lists, and PEP lists, often without any guarantee of achieving the desired results.
Automated workflows verify companies and individuals in real-time while ensuring regulatory compliance and seamless onboarding. At the same time, there’s room for human intervention where tailored solutions are necessary. Such hybrid approaches account for the complexity of certain company structures and industry specifics.
How Sumsub’s KYB solution works
Sumsub combines automated and manual KYB and KYC checks into one solution that fully automates company verification and AML screening. The full KYB flow involves manual intervention by legal experts, who scrutinize all the documents submitted by applicants and perform required registry checks.
Before proceeding with the full KYB verification flow, the company’s representative fills out a special KYB questionnaire to ensure compliance with their internal procedures. This includes questions such as: “should corporate documents be in English?” or “should documents be provided as certified copies?” This way, Sumsub works to understand the specific requirements of each business to offer a tailored solution.
There are three ways to collect required data from companies and UBOs:
- Widget—This is the Web SDK that customers use to collect required data. Customers can embed the widget on their website, or simply send the user a link to the widget where they can fill in all required information.
- Dashboard—where customers can create applicant profiles and upload all information they already have about users.
- API integration—creating the applicant profile through API integration when customers can send required data using API requests.
The following basic KYB data is mandatory for automatic checks:
- company name;
- registration number;
According to this basic KYB data, the following automatic checks are performed:
- Registry checks. Additional information about the company is extracted from global and local registries:
- company name;
- registration number;
- whether the company is active;
- company type;
- nature of business;
- the company address;
- the corporate structure;
- shareholders and beneficiaries.
- AML screening. This includes screening of legal entities and individuals against global sanctions and watchlists, PEP lists, adverse media, etc. AML screening is applicable in more than 190 countries. If nothing suspicious is found, the status of the company will be green; otherwise, all suspicious matches will be indicated as full or potential.
Applicants can add additional levels of verification and make them mandatory for users if needed.
KYB verification steps
There are 5 steps to effective KYB verification:
Step 1: Collecting company data
Customers set the required levels of verification and determine the types and quantity of required documents. This step can be basic (company name, registration number, country) or may include additional fields such as company website, register location, legal address, postal address, etc. The customer can also set customized fields for UBOs, shareholders, and representatives.
Step 2. Using Questionnaires
The customer can prepare and send questionnaires to their counterparts in order to:
- determine the risk level of the verified company;
- collect additional information from the verified company, if needed.
The customer may use questionnaire templates or customize their own. The questions can be made optional or mandatory.
Step 3. KYC verification of Ultimate Beneficial Owners (UBOs)
UBOs, shareholders, and representatives are required to undergo KYC verification in the system. A wide range of automated KYC checks can be set for each of them. In addition to identity verification, UBOs, shareholders, and representatives can be required to undergo a liveness check, as well as screening against sanctions lists, global watchlists, PEPs lists, adverse media, etc. It depends on the particular KYB flow determined by the customer.
There are various ways for users to proceed with identity verification:
- The user copies a link and sends it to the beneficiary via messenger or email;
- If there is no liveness check in the flow, an authorized representative of the company can provide appropriate documents on behalf of the beneficiaries to complete verification. An authorized representative is an individual whose legal authority to act on behalf of the customer is confirmed by power of attorney.
All verification statuses are updated automatically and the system allows the applicant to re-upload documents and pass checks again. Also, the applicant can see the reasons provided for document resubmissions, pending applications, and incomplete document submissions by beneficiaries
The applicant can see the company structure in the dashboard, including all verified individuals, percentage of ownership, and verification statuses. All this information can be submitted to the regulator in the form of a report.
Step 4. Uploading documents
Companies should upload documents that confirm their legal existence and identify/verify shareholders and beneficiaries. Users may set mandatory documents such as:
- certificate of incorporation/registration;
- memorandum/articles of incorporation/association/ registration;
- excerpt from a state company registry;
- shareholder registry;
- director registry, etc.
The types and number of documents required may vary depending on the business specifics, jurisdiction, etc. The company can check the applicant’s uploaded documents and perform AML and registry checks themselves, or delegate this function to Sumsub’s KYB specialists.
Step 5. Obtaining a company report
The applicant can download the report with the following information:
- all manual and automated checks performed;
- all information from registries, documents, and questionnaires;
- company structure and officers;
- UBOs and corporate documents;
- links to the sources used during the checks (local and international government records, watchlists, sanctions lists, etc).
To sum up, Sumsub’s all-in-one KYB verification solution makes life a lot easier for businesses. Companies obtain all the data they require ( corporate structures, registry documentation, identified ultimate beneficial owners, etc.) in one straightforward window, with enhanced due diligence KYC available.
As a result, this KYB solution helps businesses confidently onboard counterparts while enabling continuous and automated data re-checks and monitoring services to mitigate risk within existing business relationships.