Guide to Know Your Business (KYB) in banking
For most jobs, being younger than five years or older than 100 years would be cause for concern. For more than 30,000 shell companies around the world whose listed directors include preschoolers and centenarians, it’s simply business as usual according to data on shell companies published by Moody’s Analytics.
Age appropriateness, duplicative directors listed at thousands of companies, and the same residential addresses repeatedly being passed off as headquarters are just some of the red flags presented by shell companies, or paper-only businesses, Moody’s wrote.
These are among the many questionable operating practices that make shell companies among the riskiest customers for banks on the front lines of money laundering and other financial crimes like tax evasion. Such risks are also the driving force behind Know Your Business (KYB) compliance. Learn what KYB in banking is and how it can make your operations safer.
What is KYB in banking?
KYB in banking is the primary anti-money laundering (AML) practice used by banks when they have businesses as customers. The primary objective of the due diligence exercise is to confirm ownership and control in order to identify the individuals who are ultimately responsible for the business.
Under KYB, owners with 10-25% or more shares — known as ultimate beneficial owners (UBOs) — then undergo a Know Your Customer (KYC) review to determine and verify the identity of individuals, primarily via screening a standard form of identification as well as screening against lists of sanctions and other watchlists.
The KYB process also includes:
Confirming evidence of the company’s existence and their source of funding,
Understanding the business and its risks
Ascertaining expected transaction size and scope.
Many banks use KYC as the umbrella term for the entire due diligence process at onboarding as well as ongoing monitoring and periodic updating.
Major U.S. KYB regulations for banks
Since 1970, U.S. banks and financial institutions, including mortgage lenders, credit unions, brokers, and more recently, cryptocurrency exchanges, have been regulated under the Bank Secrecy Act (BSA), which is overseen by the Financial Crimes and Enforcement Network (FinCEN) under the U.S. Department of the Treasury. The BSA outlines several KYB and KYC requirements that impacted entities must meet.
The BSA has been amended several times, including most recently in 2016 with the Customer Due Diligence (CDD) Final Rule, which specifically added the following identity and verification requirements:
Identify and verify the identity of customers
Identify and verify the identity of the beneficial owners of companies opening accounts
Understand the nature and purpose of customer relationships to develop customer risk profiles
Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information
The Anti-Money Laundering Act of 2020 (AMLA) further built upon the BSA by expanding the definition of “financial institutions” to formally include cryptocurrency as well as dealers of art and antiquities.
It also increased the penalties for knowingly misrepresenting or falsifying KYB-related due diligence information, like beneficial ownership. The AMLA includes the Corporate Transparency Act (CTA), which creates further obstacles for shell companies and other high-risk entities by requiring many companies to self-report their ownership to FinCEN. Additionally, some U.S. states are now creating beneficial ownership laws and registries.
Beyond regulations, FinCEN also closely monitors money laundering and fraud trends and issues ad hoc advisories. For example, back in 2006, FinCEN first issued a warning on the money laundering risks of shell companies for banks.
How KYB requirements vary around the world
Outside of the U.S., regulated banking security measures are region and country-specific. For example, the European Union’s Anti-Money Laundering Directives (AMLDs) guide what EU jurisdictions must require of their banks and financial institutions to protect against financial crimes.
Since 2015, under the 4th AMLD, banks in EU member states have had to identify UBOs. And in 2018, the 5th AMLD added more due diligence requirements for riskier customers, as well as a central register for beneficial owners.
Keep learning: Global AML compliance: Is your business doing enough?
KYB for banks: C
Banks and other financial institutions are routinely targeted by criminals for the historical ease of placement, the first stage of money laundering, when illegitimate proceeds from illegal activities are deposited into legitimate enterprises. In extreme cases, these funds are used to finance terrorism, human trafficking, and other serious crimes. KYB compliance is one of the best AML tools companies have to protect themselves and the larger global financial system from fraud.
To achieve compliance, the process for completing KYB verifications can seem relatively straightforward:
Verify the business by obtaining evidence of the name and address, proof of incorporation or registration, and ownership.
Verify the key individuals involved in the business, such as owners and key controllers, including the board of directors, legal representatives, trustees, and/or C-suite executives — and collect an ID.
But specific regulations that govern KYB for banks can vary depending on:
Jurisdictions or countries where a customer’s business is operating
Jurisdictions or countries where the customer’s owners and controllers are located
Industry and perceived risk
Past negative news, such as sanctions
Connection to politically exposed persons
When KYB involves non-U.S. countries, there can be notable differences in both requirements as well as available solutions
For example, in KYC in Germany, to complete the KYB portion of the review of a standard corporate entity, an excerpt from a commercial or cooperative register may contain most of what is needed, or comparable official register and incorporation documents. This includes the names of controllers and owners.
Whereas in KYC in India, banks will require a certificate of incorporation, articles of association, business permanent account number (PAN), a current list of directors with biographical information (including full legal name, citizenship, and residential address), resolution from the board of directors, and power of attorney granted to managers, employees, or others designated to handle transactions.
Penalties for non-compliance with KYB in banking
When banks and other financial institutions fail to perform KYB on their corporate clients and account holders, it increases the likelihood that the bank’s platform or services will be used to finance terrorist activity or launder money. It also means the bank may unwittingly engage with customers that it shouldn’t be engaging with — such as sanctioned individuals, businesses, and other entities. If any of these come to pass, the bank could be subject to:
Financial penalties based on the scope and severity of the KYB failure
Prison time for executives or employees who willfully failed to implement appropriate measures of KYB in banking
Restrictive measures, such as asset caps, make it more difficult for a bank to expand and grow
Banking license revocations, typically reserved for the most egregious cases
And that’s not to mention the damage that non-compliance can cause to your reputation and brand, should consumers become aware of your shortcomings.
Automating the verification process in KYB for banks
Manually performing KYB on each corporate client can be a time-consuming process, involving steps like:
Collecting and authenticating business documentation and government IDs for the business’s UBOs
Searching authoritative and issuing databases for data and filings supporting the information provided by the business
Looking for mention of the business or its UBOs in sanctions lists, watchlists, politically exposed persons (PEP) databases, and adverse media
Analyzing all of the information, documentation, and other signals collected from the business to calculate its risk profile and make a final decision about whether or not your institution should engage with it
In addition to costing your business significant resources in the form of manpower, it also increases the amount of time it takes you to onboard corporate clients — potentially hurting conversions and driving clientele elsewhere.
The good news? With the right tools, virtually every step in KYB for banks can be either fully automated or otherwise supported by automation to streamline compliance and reduce decisioning time from hours or days to minutes.
Keep learning: Onboard businesses faster with Persona's automated Know Your Business (KYB) solution
Make KYB in banking as easy as KYC with Persona
If you are a bank or financial institution looking to improve your banking due diligence workflow, automate redundant steps, and eliminate repeat customer requests, you need an identity infrastructure that’s flexible enough to adapt to your unique requirements.
Here at Persona, we’ve designed our identity infrastructure to be configurable so you can build the verification workflows that best fit your needs for AML and KYC compliance. For example, Persona KYB can centralize research results and documentation for ease of access or segregate as necessary to adhere to compliance requirements.
With our expansive library, you can quickly and easily perform:
Running reports, such as watchlist screenings, PEP scans, adverse media reports, and other database queries, allows you to build out a fuller picture of entities and the individuals associated with them. If you have phone numbers and email addresses provided by prospective customers, our products can also assess their reputation in the background to provide you with a richer picture of phone or email risks.
Keep your team organized by using Workflows to align KYB with KYC, automatically send links to customers to complete KYC after UBOs are identified, and uncover and proactively block questionable customers with Graph.
Interested in learning more? Start for free in as little as a day or two, or contact us to get a demo today.
FAQs
Why is KYB important for banks?
Toggle description visibility
Banks are required to perform KYB on their corporate clients and account holders by law. The goal is to make it harder for criminals to use shell companies to engage in money laundering, terrorist financing, and other forms of financial fraud.
When banks fail to implement appropriate KYB protocols, it can lead to penalties, legal and regulatory action, and reputational harm for the institution.
How does KYB differ from KYC in banking?
Toggle description visibility
KYC and KYB are related — but different — concepts. Banks are required to perform both, depending on the type of customer or client they are engaging with. The table below highlights some of the differences between KYB and KYC in banking:
Aspect | Know Your Business (KYB) | Know Your Customer (KYC) |
|---|---|---|
Purpose | To ensure that a business actually exists and that its owners are real and safe to do business with | To ensure that a person is who they say they are and that they are allowed to access your services |
Target customers | Corporate clients and account holders | Individual customers, UBOs for business accounts |
Common documents | Ownership documents (ownership agreements, shareholder agreements); tax documents (Form W-9, Form W-8 ECI, IRS 147C Letter); corporate documents (articles of incorporation, articles of organization, business licenses) | Government-issued ID (driver's license, passport) and proof of address (such as a utility bill or other mail) |
Regulatory driver | Customer Due Diligence (CDD) Final Rule, Anti-Money Laundering Act (AMLA) of 2020 |
Keep learning: KYB vs. KYC: What's the difference?
How often should KYB checks be performed?
Toggle description visibility
Before a bank allows a business to open an account, it must first complete an initial KYB screening to determine whether or not the business is real, who the business’s ultimate beneficial owners are, and whether or not it is safe to engage with the business.
After this initial check, businesses should be routinely reevaluated to determine whether or not their risk profiles have changed — for example, if new KYB risk factors are present that were not present during onboarding.
What documents are typically required for KYB in banking?
Toggle description visibility
The laws and regulations requiring banks to perform KYB do not specify which documents the bank must collect and verify. That is left largely up to the bank to decide. Usually, the business documents collected will fall into three main categories:
Ownership documents: These are documents that detail the ownership structure of a business, and can include ownership agreements, partnership agreements, trust agreements, shareholder agreements, and more
Tax documents: These contain financial information about the business, as well as relevant tax IDs, and can include Form W-9, Form W-8 ECI, Form W-8-BEN-E, IRS 147C Letter, IRS CP565 Letter, IRS CP575 Letter, and more
Corporate documents: These establish a record of the company and its activities and can include things like articles of incorporation or organization, business registration certificates, operating agreements, annual reports, business licenses, and more
Keep learning: Business document verification: What it is, why it’s important, and how it fits into your broader KYB strategy
Is KYB required for fintech companies and neobanks?
Toggle description visibility
Yes. Fintech companies and neobanks are defined as “financial institutions” under the Bank Secrecy Act and are therefore subject to its AML requirements, including the requirement to perform KYB on corporate clients.