When the Panama Papers scandal broke in April of 2016, it revealed a glaring lack of oversight in financial institutions (FIs) regarding accounts registered to businesses instead of individuals. New regulations were needed to ensure businesses applying for financial accounts were genuine and operating legitimately, as opposed to just shell corporations being used to hide or covertly move money.
The new rules also required pinpointing which individuals had ultimate financial and decision-making power over the businesses that opened and maintained these accounts.
These rules have collectively become known as the “Know Your Business” framework. So what is “Know Your Business”? Why do financial institutions need to know about it and follow it? How does an FI conduct a KYB check, and what information does it need to collect for one? This article will explain the answers in brief.
What Does KYB Stand For?
“KYB” stands for “Know Your Business”.
What is Know Your Business (KYB)?
Know Your Business, or “KYB”, is the process of a financial institution verifying the legitimacy of a company it wishes to onboard as a client. This involves checking that the company itself is genuine, as well as knowing who owns the company and determining what level of risk they represent.
What’s the Difference Between KYC and KYB?
The difference between KYC—or Know Your Customer—and KYB is that KYB is an extension of KYC designed to be applied to businesses. KYC is about verifying the identity, and assessing the risk level, of an individual person wanting to become a company’s customer.
In contrast, KYB involves verifying the identity of a business and making sure it’s in good standing. In addition, it requires performing KYC checks on all beneficial owners of the business to ensure they are truthfully representing themselves and aren’t overly risky to do business with.
In short, KYC is a version of KYB focused exclusively on business verification.
The Importance of KYB Compliance
Know Your Business compliance is critical for a number of reasons. Like KYC, it helps to protect financial institutions from being defrauded, exploited for money laundering purposes, or victimized by other forms of financial crime. It does this by ensuring all parties to a business relationship are who they say they are and indicates whether they are in good standing or not.
But KYB doesn’t just protect FIs from financial crime itself. KYB also protects them from being held liable for failing to follow regulations meant to prevent financial crimes—particularly money laundering and terrorist financing. If one of these crimes happens at an organization, and regulators determine that it didn’t have sufficient preventative controls in place, the organization can face penalties that include fines, increased compliance supervision, jail time for the company’s leaders, and even loss of certification.
Finally, Know Your Customer verification helps to protect an organization’s reputation as a trusted business partner. If the organization lets financial crime happen on its watch, is found to be non-compliant with industry regulations, or is revealed to be dealing with disreputable businesses and business owners, its credibility will suffer. Potential customers may avoid starting business relationships with the organization, and existing customers may end their relationships and take their business elsewhere. Both of these scenarios can severely impact a company’s ability to be successful.
What is a KYB Check?
A KYB check is a risk management process undertaken by a financial institution when it plans to onboard a business as a client or partner. It involves verifying the company’s registered information to determine if it’s operating legitimately. It also includes verifying the identities of the company’s beneficial owners in order to ensure these individuals aren’t sanctioned, wanted for crimes, or otherwise suspected to be engaged in risky activity.
How Does the KYB Process Work?
The Know Your Business process is similar to the one for KYC, but involves a few extra steps. This is because a financial institution has to first find out if the company it’s onboarding is properly registered and licensed to operate lawfully. Then it has to establish who has beneficial ownership of the company and perform a KYC check on them—which may need to be done multiple times, as companies often have more than one beneficial owner.
Step 1: Verify that the company itself is legitimate
First, a financial institution has to look into the company it’s onboarding to see if it’s properly registered to operate within its jurisdiction. That includes information such as its legal name, incorporation documentation, tax identification number, any special licensing requirements, and an operating address.
A company without an address may be a shell corporation—a business with no physical presence and no active business operations. Though they can have lawful uses, shell corporations are often associated with illicit money movements. So if it’s not evidence of outright illegitimacy, a company lacking an address is definitely a heightened risk indicator to be aware of.
Step 2: Identify the company’s beneficial owners
Next, the financial institution has to find out who ultimately owns the company they’re onboarding. This can sometimes be tricky because some companies may use opaque corporate structures with obscure titles such as “nominees,” “corporate directors,” or “bearer shareholders.” Intentionally or not, this can make it difficult to tell who actually owns the company versus who is just helping to run it.
A beneficial owner is someone who owns a significant enough portion of a company’s shares, profit rights, or direction-setting vote influence. The exact amount varies by location, but a common benchmark is 25%.
Step 3: Subject all identified beneficial owners to KYC checks
The next step is for the financial institution to perform identity verification and customer due diligence on all people identified as beneficial owners of the company being onboarded. On one hand, this means checking each person’s identity credentials to ensure they correspond to a real person (and aren’t a fake or synthetic ID) and that they match the actual person under scrutiny.
On the other hand, it means checking for information that it could be risky—or even illegal—to do business with these people. That includes screening sanctions lists, politically exposed persons (PEP) lists, criminal wanted lists, and even credible news outlets for negative press coverage.
Step 4: Create an overall risk profile for the company being onboarded
Once a financial institution has subjected a company being onboarded—including its beneficial owners—to identity verification and due diligence, it has to take stock of the overall risk they would present as a client or partner.
How much are they worth? What is the purpose of their relationship with the FI? How much credible identifying information about them is available? Are there any other indicators that they could be high-risk, such as unfavorable press coverage or presence on regulatory lists? These are some questions that should factor into measuring the company’s risk level.
If it’s determined that the client (including its owners) is particularly high-risk, an FI may want—or in some cases, be required—to conduct enhanced due diligence (EDD). This involves a deeper dive into the identity and history of the company and its owners.
What other organizations do they have relationships with, and what is the nature of those relationships? What does their transaction history look like? Does the value of their physical assets match up with that of their intangible assets? Is it possible to visit their headquarters in person and talk with someone in charge?
Step 5: Monitor the information and risk status of onboarded companies
If it’s determined that the client company presents an acceptable level of risk, the financial institution can continue the onboarding process. However, KYB isn’t a “one and done” deal. A company’s risk profile can change depending on its performance and other activities, as can changes in the statuses of any of its beneficial owners. Such changes can warrant re-evaluating a business relationship to implement tighter (or sometimes looser) monitoring controls, or even ending the relationship altogether in extreme cases.
Know Your Business (KYB) Requirements to Follow
In the US, Know Your Business requirements are by and large governed by FinCEN’s CDD Final Rule. Under this rule, the following information regarding companies and their beneficial owners needs to be verified in order to constitute a satisfactory KYB check.
- Formal name
- Any alternative trade names and “doing business as” names
- Street address
- Documentation related to creation or registration in a state or tribal jurisdiction
- Industry-specific licensing documentation
- A unique identification number such as an EIN, TIN, or LEI
- Full name
- Date of birth
- Country of residence
- Home address
- ID number and scan from a government-issued ID document
Simplify KYB with Unit21’s infrastructure
KYB is essential for financial institutions to ensure that bad actors aren’t hiding behind fake companies to cover up their illegal money moves. But it’s a more involved process than KYC because it requires verifying the identities and assessing the risks of both a business and the people who own it. That’s why it can be useful to employ digital Know Your Business solutions as part of a complete anti-fraud and AML compliance solution.