KYB — Know Your Business — is the due diligence process required for onboarding business customers. Here is what it covers, how beneficial ownership verification works, and how to build a compliant KYB program.
What Is KYB (Know Your Business)? Verification Requirements for Fintechs
When your fintech onboards individual consumers, you verify their identity through a KYC process. But when your customer is a legal entity — an LLC, a corporation, a limited partnership, a trust — the verification process is fundamentally different, significantly more complex, and governed by a distinct set of regulatory requirements.
That process is called KYB: Know Your Business.
KYB is how fintechs verify that their business customers are legitimate, understand the ownership and control structure behind the entity, identify the real human beings who ultimately own or control it, and assess the risk that business relationship represents. For B2B fintechs, embedded finance platforms, and any product that serves business customers alongside individuals, KYB is one of the most operationally complex elements of your compliance program — and one of the most commonly done inadequately.
What Is KYB and Why Does It Exist?
KYB is the due diligence process applied to business and legal entity customers at onboarding and on an ongoing basis throughout the customer relationship.
It exists because legal entities — companies, LLCs, trusts, partnerships — can be used to obscure the true owners of funds and to facilitate money laundering, sanctions evasion, tax fraud, bribery, and other financial crime. A shell company with opaque ownership, no real business operations, and a mail-drop address is one of the oldest and most commonly used vehicles for moving illicit funds through the financial system.
KYB is designed to look through the legal entity and identify the real human beings behind it — the individuals who ultimately own the equity and control the decisions.
The regulatory foundation for KYB in the United States comes from two primary sources:
- FinCEN's Customer Due Diligence Rule (2016 and effective 2018) — requires covered financial institutions to identify and verify the beneficial owners of legal entity customers as a formal element of their CDD program. This is the direct operational KYB requirement for fintechs and MSBs.
- The Corporate Transparency Act (2021, effective 2024) — requires most U.S. companies to proactively report their beneficial ownership information to FinCEN's Beneficial Ownership Information (BOI) database. While the CTA applies to companies reporting their own ownership rather than to financial institutions conducting verification, it reinforces and strengthens the broader regulatory environment that makes KYB essential.
What KYB Requires at Onboarding
A complete KYB process at onboarding covers five distinct areas:
Business Identity Verification
Confirming the legal existence and basic details of the entity through document review and registry cross-referencing:
- Legal business name and all operating or DBA names
- Principal place of business address — physical, not a registered agent address only
- Employer Identification Number (EIN) issued by the IRS
- Jurisdiction of formation and date of formation
- Legal entity type — LLC, corporation, limited partnership, general partnership, etc.
Verification is conducted by reviewing formation documents — articles of incorporation, articles of organization, operating agreement, partnership agreement — and cross-referencing against the applicable state secretary of state business registry.
Business Ownership Structure Analysis
Understanding how the business is owned requires mapping the ownership chain from the customer entity up to the ultimate human beneficial owners. For businesses with layered corporate structures — a holding company owning the customer entity, which is itself owned by another entity or trust — you must trace ownership through each layer until you reach individual natural persons.
The depth to which you must trace ownership, and how you document the process when beneficial ownership cannot be fully established, must be defined in your CDD policy before you encounter complex structures.
Beneficial Ownership Identification and Verification
This is the core of KYB and the element most directly governed by FinCEN's CDD Rule. You must identify and verify two categories of beneficial owners:
- Ownership prong — every individual who directly or indirectly owns 25% or more of the equity interests of the legal entity. For an entity with four equal owners, all four must be identified and verified. For an entity where no individual meets the 25% threshold, no individual is identified under this prong — which is itself a documented outcome.
- Control prong — one individual who exercises significant management control over the entity regardless of their ownership percentage. This is typically the Chief Executive Officer, President, Managing Member, General Partner, or equivalent executive — the person who makes decisions for the entity on a day-to-day basis.
For every identified beneficial owner, you must collect and verify:
- Full legal name
- Date of birth
- Residential address — not a business address
- A unique identifying number from a government-issued document — SSN for U.S. persons, passport number for foreign nationals — along with an image of that document
Business Purpose and Expected Activity
Understanding what the business does and why it is using your product or platform. This includes:
- The nature of the business and its primary industry sector
- The products or services the customer sells and to whom
- The geographic scope of the business's operations and customer base
- The expected types of transactions on your platform — payments, payouts, transfers
- The expected volume and frequency of transactions
- The customer's primary source of funds for those transactions
This documented baseline is the foundation for all ongoing monitoring of the business customer relationship. Without a clear baseline, you cannot effectively identify when activity becomes inconsistent or suspicious.
Customer Risk Assessment and Rating
Based on all information collected, assign the business customer a risk rating — low, medium, or high — using documented, objective criteria defined in your CDD policy. The risk rating determines the level of ongoing monitoring applied, whether EDD is required before onboarding proceeds, the frequency of periodic KYB reviews, and the level of transaction scrutiny applied to the relationship.
When Enhanced Due Diligence Applies to Business Customers
Certain characteristics of a business customer or their ownership structure require EDD before the relationship can proceed:
- Complex or layered ownership structures — multiple levels of corporate ownership, offshore holding companies, trust structures as owners, nominee shareholders, or any structure that makes tracing to ultimate beneficial owners difficult or time-consuming.
- High-risk industry sectors — money services businesses, cryptocurrency exchanges, cannabis companies, gambling operators, adult entertainment businesses, arms and defense contractors, and politically sensitive industry sectors.
- PEP-connected businesses — entities owned or controlled in whole or in part by Politically Exposed Persons or their immediate family members and close associates.
- High-risk jurisdictions — businesses formed in, primarily operating in, or having significant ownership from jurisdictions on the FATF grey or black list, or jurisdictions subject to OFAC comprehensive sanctions programs.
- Opaque or unverifiable beneficial ownership — businesses where the identity of beneficial owners cannot be established through normal means, or where the entity or its owners are unwilling to provide required beneficial ownership information.
EDD for business customers typically involves collecting a corporate ownership structure diagram, audited financial statements, source of business funds documentation, reference checks or third-party business verification, and senior management or compliance officer approval before onboarding is completed.
Ongoing Monitoring for Business Customer Relationships
KYB is not a one-time onboarding exercise. Your CDD program must provide for ongoing monitoring and periodic refresh of business customer information throughout the relationship.
Ongoing monitoring must be calibrated to the business customer's established expected activity profile — monitoring rules configured to flag transaction volumes, frequencies, counterparties, or geographic patterns that deviate from the documented baseline.
Periodic KYB information refresh must occur at intervals defined by the customer's risk rating. High-risk business customers should be reviewed at minimum annually. Lower-risk business customers can be reviewed less frequently, but the review schedule must be defined in policy and consistently executed. Each review must verify that beneficial ownership information remains current — particularly important since businesses frequently change ownership through investment rounds, equity transfers, and corporate restructuring.
Re-screening of business customers and their beneficial owners against sanctions lists must occur whenever those lists are meaningfully updated.
Common KYB Challenges and How to Address Them
Complex multi-layer ownership structures. When ownership chains involve multiple levels of corporate entities, your policy needs to define clearly how deep you trace, how you handle layers where verification documents are unavailable, and how you document the process when full tracing to individual beneficial owners is not achievable.
Uncooperative customers. Some business customers — for legitimate confidentiality reasons or less legitimate ones — resist providing beneficial ownership information. Your CDD policy must specify clearly what happens when a business customer declines to provide required information. The standard answer is that the relationship cannot proceed and, if already established, must be exited.
Keeping information current at scale. As your B2B customer portfolio grows, maintaining current beneficial ownership information across hundreds or thousands of business customers becomes an operational challenge. Build systematic periodic refresh workflows into your KYB program from the start — do not rely on ad hoc customer outreach.
False positive rate management in ownership screening. Beneficial owners will sometimes match watchlist entries as false positives due to common names or similar identifying information. Your program needs a documented, consistently applied process for reviewing and clearing these matches with appropriate documentation.
What Examiners and Sponsor Banks Evaluate
Examiners specifically assess whether your CDD policy addresses business customers distinctly with specific KYB requirements — not just individual customer requirements applied generically, whether beneficial ownership is being collected and actually verified through documentation review — not just through self-certification by the customer, whether the ownership chain is being traced to natural persons at the required ownership threshold rather than stopping at the first layer of corporate ownership, whether risk ratings are applied consistently to business customers using defined objective criteria, whether EDD is being applied and documented for all business customers that meet defined EDD criteria, and whether periodic KYB refresh is occurring on schedule with substantive review and documentation.
The single most common and consequential KYB examination finding is collecting beneficial ownership certifications from business customers without conducting any independent verification of the information provided. Under FinCEN's CDD Rule, collection without verification is not compliant.
Frequently Asked Questions
What is the difference between KYC and KYB?
KYC (Know Your Customer) refers to the identity verification and due diligence process for individual customers — natural persons. KYB (Know Your Business) is the equivalent process for legal entity customers — companies, LLCs, partnerships, and other business organizations. KYB is more complex because it requires looking through the entity to identify the human beneficial owners behind it.
Does KYB apply to all business customers regardless of size?
Yes. FinCEN's CDD Rule does not provide size exemptions for business customers. Whether your business customer is a sole-member LLC or a large corporation, you must collect and verify beneficial ownership information as required under the rule. Complexity and the depth of EDD required may vary based on the customer's risk profile, but the basic KYB requirement applies universally.
What happens if a business customer refuses to provide beneficial ownership information?
Under FinCEN's CDD Rule, covered financial institutions are required to collect beneficial ownership information as part of onboarding. If a business customer refuses to provide required information, the institution should not open the account or, if already open, should consider exiting the relationship. Continuing a relationship without required beneficial ownership information is a CDD compliance failure.
How does the Corporate Transparency Act affect KYB obligations?
The Corporate Transparency Act requires most U.S. companies to report their beneficial ownership directly to FinCEN's BOI database. While this creates a parallel federal registry, it does not eliminate financial institutions' independent KYB obligations under FinCEN's CDD Rule. Financial institutions remain independently responsible for collecting and verifying beneficial ownership from their business customers. Access to the FinCEN BOI database for verification purposes is being developed as a future capability for covered institutions.
How ComplyOne Helps
KYB is one of the most complex elements of a fintech compliance program to build correctly. ComplyOne helps fintechs design KYB programs that satisfy FinCEN's CDD Rule requirements, handle beneficial ownership correctly across complex structures, integrate with onboarding and monitoring operations, and hold up under regulatory examination — through compliance technology, advisory services, or both.
Talk to the ComplyOne team to get started.
The information in this article is for general educational purposes and does not constitute legal or regulatory advice. Consult a qualified compliance professional for guidance specific to your situation.