Know Your Business (KYB) is a verification standard that confirms the legal status of a company and its compliance with Anti-Money Laundering and other regulations. The KYB process is performed by a regulated organization, such as a bank or insurance company, to protect their interests and determine whether it’s doing business with legal or shell companies.
Knowing what’s behind the business an organization is working with ensures authenticity and protection against corrupt or fraudulent business practices. It also prevents financial crimes, such as money laundering and terror financing activities.
In addition, KYB procedures include ultimate beneficial ownership (or UBO) as a transparency mechanism. Establishing UBO allows revealing who is directly benefiting from the business profits.
In essence, KYB makes it harder for criminals to disguise illegitimately obtained funds as income.
If an organization fails to perform KYB procedures, it may face damage to brand integrity, reputation, decreased profits, and legal penalties for non-compliance.
What Is the Difference between KYB and KYC?
Even though they have similarities, KYB (Know Your Business) should not be confused with KYC (Know Your Customer). KYC is also a verification standard within the finance and other regulated industries used to verify customers’ identities and monitor their profile and background.
The main difference between the two is who they are dealing with. While both involve checks to verify, KYC applies to individuals, while the KYB is for businesses.
KYB is often viewed as an extension of KYC. The reason behind it is that KYB is a much younger regulation. While KYC procedures were set for decades, businesses were not subjected to the same screening until recently, allowing fraudsters to exploit companies for illicit activities.
In Europe, regulators corrected the legal blindspot by specifying KYB in the 4th AML Directive released in 2017. The updated regulation came a year after US Financial Crimes Enforcement Network (FinCEN) included KYB rules in Customer Due Diligence Requirements for Financial Institutions.
Which Organizations Should Perform KYB?
KYB is necessary not only for banks. According to the 5th AML directive, the following organizations, businesses and individuals are subjected to the regulation:
- credit institutions
- financial institutions
- online banking
- asset managers
- external accountants
- tax advisors
- cryptocurrency marketplaces
- estate agents
- gambling services
While not required by law, companies in unregulated industries also perform KYB checks. The reason is that regulatory checks on business partners can secure a company’s reputation and protect it from fraud and misuse of assets.
How KYB Checks Look?
Since KYB is closely tied with the laws of a particular country, jurisdiction is an essential factor. As a rule of thumb, this involves collecting a wide range of data on the involved business. Here is a list of data Ondato provides for efficient KYB checks:
- Basic registration information: company name, registration code, VAT code, registration date, legal status, legal address, share capital, internet address, e-mail, phone, fax.
- Share Capital: complete or incomplete information about the authorized capital. It may contain the amount of authorized capital, capital status (paid/unpaid), and start date.
- Official beneficiaries: information about beneficiaries that comes directly from Business registries.
- Calculated beneficiaries: information about beneficiaries that is calculated through the shareholders.
- Shareholding: information about the relationships of persons (directors and shareholders) who are shareholders in other companies.
- Directorship: information about the relationships of persons (directors and shareholders) who are directors in other companies.
- Shareholders: complete or incomplete information about shareholders. This section may contain the name, registration code or date of birth, residence or location, amount and percentage of shares, and start date.
- Managers: complete or incomplete information about all possible managers (such as members of the board, members of the supervisory board etc.). This section may contain the managers’ role in the company, name, registration code or date of birth, residence or location, and start date.
- Activity field: information about the company’s field of activity. This section contains the following information: classifier (such as NACE, SIC, OKVED etc.), activity code, activity field in text, start date.
- Amount of employees: May include information up to the last ten years.
- Export/Import: revision date, months, export/import countries, and the total amount of export/import.
- Real estate: a list of real estate objects that belong to the company or are leased.
- Movable assets: a list of vehicles that belong to the company or are leased.
- Subsidiaries: Name of a subsidiary, registration code, residence/location, the amount and percentage of shares, start date.
- Pledges: Name of the pledgee, registration code, country, amount of pledge, start date
- Litigations: the content of legal action, defendant’s name, claimant’s name, the debt amount, case number, court hearing date, status.
- Debts To Third Parties: debt amount, debt remainder, claimant, payment status, start date.
- Tax debts: debt amount, debt remainder, payment status, start date.
Financial institutions and other regulated organizations turn to public government registries and other record holders to obtain such data. In other cases, it may require employees to provide IDs to prove that the company does exist. A successful KYB check ensures that you’re dealing with an actual company that isn’t a front for criminal operations.
How to Comply with KYB Rules
KYB regulations around the world typically require a regulated business to evaluate the level of risk associated with its business relationships. As a result, companies should implement an appropriate AML strategy involving the following procedures:
- Due-Diligence: unlike customer due diligence, during which you need to verify if a customer is who they say they are, the due-diligence for businesses means establishing the company’s ultimate beneficial owner (UBO). Determining the UBO of a business allows for assessing the level of risk. If UBO poses a greater level of risk, an organization might need to perform enhanced due diligence before proceeding with business relationships or implementing ongoing monitoring.
- PEP screening: a regulated organization should screen business relations for involvement with politically exposed persons (PEP). Businesses with positive PEP status can pose a higher level of risk due to the potential of political corruption.
- Sanctions screening: the restrictions on economic flows imposed by one country on another should be screened and adhered to. Organizations should perform checks on both the company and its employees.
- Adverse media screening: A business reputation can be assessed by monitoring adverse news pieces written about it. The ongoing motoring gives frequent updates as soon as the business’s reputation faces adversities in the media.
- Transaction monitoring: analyzing a business’ transaction activity may provide important information about its risk status. For instance, large volumes of transactions made to high-risk countries may indicate possible money laundering.
KYB in a Digital Age
Business entities’ verification requires a lot of data, which can be a burden if done manually. This significantly increases the risk of human error and makes the process longer. For this reason, there are quite many automated KYB solutions. They allow human employees to use digital tools to skip the tedious onboarding process, as this can be done in seconds with automation.
Some solutions like electronic identity verification (or eIDV) use public records and private databases to verify an individual quickly. This can be cross-referenced with the company’s employee list looking for false data.
Moving forward, it’s likely that the digital tools and legal verification procedures will continue to coincide. Ondato offers smart tools for businesses to stay compliant with current regulations and mitigate risks associated with fraud. It’s a way to delegate heavy lifting to smart tools, save time, and increase performance.