Why your KYB is only as good as your KYC

While much of the digital KYC (or know-your-customer) process can be automated today, its business counterpart—KYB, or “know your business”—still requires significant manual work for most financial institutions (FIs).

KYB is difficult to automate for two reasons. The first is compliance. To maintain compliance when onboarding new business customers, you must execute several distinct, complex steps depending on the type of business. The second is that your KYB process is directly dependent on your KYC process to verify ultimate beneficial owners and defend against fraud.

We’re here to unpack the delicate relationship between KYC and KYB. A smooth KYC process can keep your team’s KYB workload manageable at scale, even when onboarding businesses of different types and sizes.

What it takes to KYB

Providing financial services to a business isn’t easy. Regulatory requirements become increasingly convoluted as you move up the ladder from LLCs, to S-corps, and C-corps.

But one rule holds true across every business type: you will have to run checks on certain individuals associated with the business as part of the business onboarding process.

This requirement is due to specific provisions of FinCEN’s Customer Due Diligence (CDD) rule regarding beneficial owners (sometimes referred to as “BO”s). The CDD rule requires FIs to identify and verify the beneficial owners of their business customers.

There are two tests for determining who is a beneficial owner: (1) an ownership threshold (25% or more equity interest of the legal entity) and (2) a control threshold (i.e., the ability to exercise substantial control over the company). There will always be at least one BO because at least one individual will always meet the "control" test; however, there can also be multiple additional BOs depending on the ownership structure of the business because more than one individual can own 25% or more of the business. In other words, there will always be between 1 and 5 beneficial owners of a business. If any beneficial owner is an individual, the CDD rules require an FI to identify who each individual is. To do so, the FI must collect their:

• Full legal name

• Date of birth

• Residential address

• Taxpayer Identification Number (e.g., SSN)

The FI must then verify the identity of the individual. This can be conducted through documentary methods (i.e., verifying a government-issued ID) or non-documentary methods.

If the beneficial owner of a business is another business, then the financial institution must identify the beneficial owners of the business that, itself, is a beneficial owner. This can get complicated when there are multiple layers of businesses in the ownership structure of a business that must go through the CDD process. Ultimately, individuals that are identified as beneficial owners must be identified and verified as described above.

Why the focus on beneficial owners? Because as FinCEN notes, fraudsters, human traffickers, and even terrorists use shell companies to hide evidence of their crimes. It’s not enough to be able to identify these shell companies — FinCEN needs to know the individuals involved in order to fight financial crime effectively.

Following these KYB requirements will keep you compliant in the eyes of regulators, but it also directly protects your business from being vulnerable to fraudsters. And it doesn't have to end there — firms can go beyond what is required and build out additional KYB controls to protect themselves further.

Recent changes to KYB

Recent legislative and rulemaking activity has significant implications for beneficial ownership requirements in the U.S. The Anti-Money Laundering Act of 2020, which includes the Corporate Transparency Act (CTA), creates a non-public database of beneficial owner and “applicant” information for covered entities. Under the CTA, an “applicant” is the person who made the decision to form or register a reporting company with the secretary of state, as well as those who actually perform the filing. FinCEN issued the CTA final rule in September 2022. The final rule becomes effective on January 1, 2024. Covered entities that were formed before the effective date will have one year (January 1, 2025) to submit their required information. Covered entities formed after the effective date must submit their information no later than 30 days after they received notice of their creation. Covered entities will have 30 days to submit any changes to the information that has been provided.

FinCEN has noted that it plans to issue additional rulemaking under the CTA, including rules for who may access beneficial ownership information, for what purposes, and what safeguards will be required to ensure that the information is secured and protected, and revisions to the original CDD rule to reduce the burden on financial institutions.

However, at the moment, FIs continue to be responsible for obtaining and verifying beneficial ownership information under the existing CDD rule and for verifying the following details on every new business entity customer:

• Name

• Business address

• Taxpayer identification number

In summary, this means that you need to use KYC processes to verify beneficial owners and separate KYB processes to verify business information. Both processes are necessary to onboard a new business.

What this means for your FI

Verifying beneficial ownership information — including running relevant checks on BOs — is critical to onboarding any business. FIs who can automate these processes where possible will onboard business customers much more efficiently.

Other aspects of the KYB process can also be automated. However, the complexity involved with onboarding a C-corp, as opposed to a sole proprietorship, for example, is significant. Larger entities (not to mention multistate or even multinational ones) will always require more manual intervention than small businesses.

KYC, however, is relevant no matter the business type or size. Lawmakers believe that greater transparency on BOs will act as an effective counter to financial crime, and by the same logic, FIs that run comprehensive KYC and fraud checks on BOs will be better protected from fraud and compliance risk. Effective KYB means more than knowing the business — you really have to know who you’re doing business with.