The Main KYB Risk Factors You Should Know 

Managing risks and assessing multiple data points in your already complex KYB process can be a hassle. We provide a list of risk factors you should incorporate into your Business Verification flow for a more simplified approach to corporate entity onboarding.

Know Your Business (KYB) checks go beyond regulatory compliance regulations. Many organizations today want to check who they’re partnering with — if the company is legit and if it is transparent in the sense that its financial transactions aren’t linked to crime or money laundering, including that all of the shareholders and related persons aren’t sanctioned, aren’t corrupt and so on. 

While this process may look easy on paper, KYB has many risk factors that need to be considered. So, even though automation has lifted a massive burden, KYB still means that you need to conduct proper due diligence and have a structured risk management strategy, not to mention collect and verify extensive information and documents required for business verification.

In this blog post, we’ll discuss which KYB risk factors you should assess, how certain signals can help you better understand another company, and whether it’s safe to start a business relationship with it. 

What is KYB Compliance?

KYB compliance is one of the key parts of the Anti-Money Laundering (AML) framework. In simple terms, it works as an identity verification mechanism, similar to the Know Your Customer (KYC) process. The key difference is that KYB focuses on the business (corporate client) and its owners, shareholders, as well as suppliers rather than its customers (individual clients) or consumers.

So, when it comes to KYB, it’s a relatively new space, which leaves room for interpretation, especially if the company is global and operates in different countries with different compliance requirements. Additionally, when verifying a customer, partner, or distributor, each new layer of information may reveal further complexities. 

In essence, KYB helps companies:

  • Confirm ownership stakes in a certain company.
  • Check the company’s financial data.
  • Verify company documents to minimize business risks.
  • Assess if an individual is authorized to represent the company.
  • Decide if it’s safe to start a business relationship.

KYB requirements ultimately depend on the jurisdiction and the type of legal entity involved, which makes it vital to assess all KYB risk factors. For example, when expanding into a new market, you’ll require a different approach, as your already existing KYB framework might not apply in another country.

The Key KYB Compliance Requirements 

Before KYB became a thing, KYC/AML legal requirements left a huge gap that didn’t address the issue regarding business-to-business relationships. Major fiascos like the Panama Papers proved that it’s important to end this limitation and address money laundering concerns, especially through opaque corporate structures. So, this all took a turning point when the Financial Crimes Enforcement Network (FinCEN) introduced its Customer Due Diligence (CDD) Rule, or CDD Final Rule, which addressed KYB regulations. 

Now, the KYB process is a mandatory requirement in many regions and requires companies to collect the following information during another company’s onboarding process:

  • Legal company name.
  • Operating address.
  • Business registration status.
  • Taxpayer Identification Number (TIN).
  • Verification of Ultimate Beneficial Owners (UBOs) with 25% or more ownership.

But how does this look in practice? Mandatory measures are required for KYB compliance. For example:

  • Company data collection, such as the mentioned data above. 
  • AML screening, such as PEPs and sanctions, adverse media checks and watchlist screening. 
  • Ownership structure verification, such as beneficial ownership details. 
  • KYC for individuals, such as identity verification for all people who are related to the business. 
  • Ongoing monitoring, such as conducting audits and ensuring that all KYB processes are running smoothly, as well as collecting data for reporting obligations.

However, keep in mind that if a potential business partner has some sort of risk factors that emerge during KYB checks, this doesn’t automatically mean that you shouldn’t work with a business. That’s why conducting these checks and assessing risks is vital — it helps you get a bigger picture of the situation and make an informed decision.

Related: Global KYB Compliance — Top 3 Challenges and Solutions 

Why are Risk Assessments Important for KYB?

A proper risk assessment is the company’s responsibility. Many entities that aren’t under strict regulatory requirements still assess risks as a preventative measure and as a way to make better decisions. This involves evaluating the risk level of clients and considering different risk factors, such as their industry, ownership structure, or location. Since risk management varies by industry, there’s no universal approach. 

However, risk assessments are vital because they help companies identify how their risk factors are connected to each other. A risk-based approach in AML compliance also allows companies to identify and avoid high-risk owners or politically exposed persons (PEPs) who might misuse their services. 

That means low-risk clients may not require due diligence, while medium-risk clients need customer due diligence (CDD), and high-risk entities need enhanced due diligence (EDD) measures. So, when it comes to the context of KYB,  before partnering with another company, you should review multiple data points, including screening against AML databases, verifying the entity’s UBOs, and, at the end of the day, ensuring that you’re partnering with a low-risk business. 

Related: What is the Difference Between CDD and EDD?

What is a KYB Risk Factor?

A KYB risk factor, or a risk signal, is a specific signal that indicates a company’s risk level in a particular category used during the KYB onboarding process. When screening and assessing another business, it’s important to cross-check all risk factors in order to strengthen due diligence measures and protect your company from business-to-business (B2B) fraud. 

KYB risk factors are divided into several categories to help differentiate and assess risks more easily. Here are the main categories:

  1. Financial history risk factors.
  2. Beneficial ownership risk factors.
  3. General risk factors.

We review each category and its related risk factors below. 

🔴 Financial History Risks 

Financial risks are a big part of the KYB landscape. In practice, assessing such signals involves reviewing financial reports, statements, and other related documents to better understand the other company’s financial health, and if it’s safe to partner with them. For example, a payment service provider (PSP) should always check their e-commerce vendors: if they don’t have debt, if their transactions are legitimate, if they don’t have any potential red flags that lead to poor management, etc.

Otherwise, failure to recognize money laundering and other financial crimes can lead to the loss of merchants, frozen accounts, and non-compliance fines. 

Other key factors that you should remember when assessing financial risks: 

  • The BBB rating, or the Better Business Bureau rating that provides insights acting like a reputation rating, helping you decide whether you’d like to start a business relationship with that company. 
  • Credit reports, which show the main information about the company, such as its credit score, name, and address, are all essential data points that you need to assess the entity’s financial risk. 
  • Existence on the stock exchange, such as NASDAQ, is a good sign because you need proper documentation to prove your legitimacy and be publicly listed as a credible business. 
  • Record of financial transactions, such as third-party transaction data from credit card companies, that can serve as a confirmation of legitimate corporate activity.

🔴 Beneficial Ownership Risks

UBOs, or ultimate beneficial owners, are considered people who hold at least 25% of the legal entity’s capital, own a minimum 25% stake, or possess at least 25% of the voting rights in the general assembly. For KYB compliance, this means assessing the people behind the business and reducing unwanted consequences like partnering with shell corporations that are purely built “on paper” and used for money laundering purposes. 

In this sense, the main factors that you shouldn’t miss when conducting UBO verification in KYB are:

  • Document collection and verification, which includes collecting and authenticating government-issued ID documentation, proof of address (PoA) and legal ownership record in order to confirm that all people with high ownership states aren’t involved in criminal activity. 
  • Database verification, as well as cross-referencing the collected UBO information with reputable sources, including government registries and public records, to ensure that all of the UBOs are legitimate. 

The KYB compliance requirements mandate regulated entities to collect UBO information along with the company’s name, address, and business registration number. Additionally, according to FinCen, regulated entities must submit the identities of their UBOs to relevant registries and consult these registries to identify UBOs before engaging with a customer. The company can create a form or exchange PDF files via email to gather this data and verify the legitimacy of the other business. In practice, UBOs undergo standard KYC checks like document verification or selfie verification

🔴 General Risks

There are other general risk factors that need to be assessed during KYB checks, which are particularly important for regulated entities that are subject to KYB/AML regulations. However, non-financial entities in unregulated environments also voluntarily assess these risks as a way to safeguard their reputation and maintain secure business relationships. This “general” category consists of other fraud prevention measures, which aim to collect extra verifiable information about a company, helping to make that final decision regarding the other entity’s legitimacy. 

In this category, the risks that you should consider include the following components:

  • Registration status, which should explain if the business is actively registered or inactive, which in most cases means that it failed to meet the legal requirements. 
  • TIN, or Taxpayer Identification Number, which is required for US-based businesses and indicates that the company is registered with the Internal Revenue Service (IRS). Other risks should be identified here, such as high-risk industries and recent incorporation data. 
  • VAT, or a Value-Added Tax number, is known to have a working principle similar to the US Employer Identification Number (EIN), which shows business legitimacy in the EU. Otherwise, it comes up as a red flag that shouldn’t be left unnoticed. 
  • Sanctions and global watchlists that both signal criminal behavior, such as money laundering, terrorist financing, war crimes, human trafficking, etc. It doesn’t matter if the client is a business or an individual, such as a UBO on a sanctions list. That means there’s a risk of partnering with such an entity.

Connecting all of the dots in KYB compliance isn’t the easiest task, especially when compliance teams need to verify data and ensure its accuracy. At the same time, for auditing purposes, this data should be securely stored and kept up-to-date in order to maintain reliable client profiles after the onboarding stage. This involves reviewing documents in multiple languages and understanding the specifics of each market you operate in.

Related: AML Red Flags — Complete Breakdown

What are the Risks of Not Conducting a KYB Check?

Lacking accuracy in your risk assessment or conducting poor KYB checks can negatively affect your organization and result in major consequences, such as:

  • Adverse media and lost customer trust. 
  • Legal fees and costly damages due to fines. 
  • Poor reputation and minimized interest from investors. 
  • Financial losses from fraud due to improperly detected financial crimes.
  • Unknowing facilitation of money laundering or other inadequate actions, like partnering with sanctioned entities.

At iDenfy, we can help you manage various risk factors with a built-in customer risk assessment tool specifically designed to ensure automated KYB compliance. Our Business Verification platform offers multiple custom rule variations that can be customized to your specific use case. 

What are you waiting for? Book your free demo for a personalized, hands-on experience. 

Frequently asked questions

1

Why is KYB Compliance Challenging?

Arrow

There are different documents that need to be inspected and verified, and, at the same time, onboarding another business means that compliance officers need to break down the whole ownership structure, verify all related persons, and ensure ongoing due diligence afterwards. This means using trusted sources only and maintaining clear communication with the other businesses to resolve data discrepancies.

2

Is it Possible to Conduct KYB Checks Manually?

Arrow

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.