
AML/CFT regulations, particularly in the financial sector, are evolving at an unprecedented pace and require increased rigor. This rigor involves, among other things, the onboarding of clients and their ongoing monitoring throughout their lifecycle. The goal is to gather as much information as possible about their identity (whether they are individuals or legal entities). Why is this in place? What are the similarities and differences between KYC and KYB?
Regulatory context
The very first explicit law aimed at combating money laundering was introduced in the early 1970s in the United States: the Bank Secrecy Act. This marked a turning point in the financial world because, from that moment on, money of suspicious origin faced its first major barrier to entry at banking institutions.
Money has evolved and now exists in a dematerialized form around us: with a single click, money can be sent to the other side of the world. The types of financial institutions have diversified, business structures have become more complex, and holding companies can weave their webs across continents. Consequently, compliance professionals face a constant need to adapt and to monitor the criminal underworld.
Consumers and businesses alike must now identify themselves when depositing or investing their capital in a financial institution. On the other side, financial institutions thoroughly profile their clients and continuously monitor any suspicious financial activities. The entire process is overseen by a national regulatory body (for example, ACPR or AMF in France).
Two categories of procedures have emerged: KYC and KYB.
KYC: definition and context
KYC, or Know Your Customer, is a set of measures and procedures implemented by a financial player to verify the identity of its individual clients in order to comply with the requirements of the regulator and applicable regulations.
The key element of KYC is verifying the identity of individuals. You typically see this procedure when opening a bank account or during an investment process (savings plans, investment funds, stock savings plans, shares, insurance, etc.). A crucial step in KYC is identity verification via an ID document; a number of specialized providers have developed expertise in this area (e.g., IDNow, Veriff, or Netheos – see the Ondorse Marketplace, filter: “ID Verification”).
KYB: definition and context
KYB, or Know Your Business, is a set of measures and procedures implemented by a financial player to verify the identity of its corporate clients in order to comply with the requirements of the regulator and applicable regulations.
The key element of KYB is verifying the identity of legal entities. You typically see this procedure when opening a bank account or during an investment (savings plans, investment funds, stock savings plans, shares, insurance, etc.). A crucial step in the KYB procedure is verifying the company’s identity (registration number, date of incorporation, industry, etc. via a company certificate or proof of incorporation) along with the ultimate beneficial owners (UBO)—in English: Ultimate Beneficial Ownership—which can be accessed through registers (when access is allowed). These registers are often automatically checked if the onboarding platform is directly connected to the relevant registries. Some countries do not grant public access to these registers, in which case the information must be obtained through a service provider who has access to them. This provider can be integrated into the onboarding platform to maintain a smooth onboarding process.
Common challenges between KYC and KYB
Streamlining client onboarding
For any organization subject to regulatory requirements, aligning compliance mandates with an optimal client experience is critical to sustainable business success. This “sweet spot” maximizes client conversion by making onboarding faster and less burdensome for the client. Ondorse offers a registration portal that combines compliance with customer retention. According to McKinsey, more than 50% of organizations do not have a dedicated client portal to facilitate these types of interactions. A KYB onboarding can take up to 100 days to finalize, which can be tedious for all parties involved.
Ensuring data quality
Information manually entered by clients or operators can often be incorrect due to typos, outdated data, etc. Compliance departments face the significant challenge of maintaining accurate and up-to-date data, as required by their regulators. To guarantee high-quality, accurate data, operators used to verify client-provided data manually, creating an additional step in the compliance process. By automating the pre-entry of client data and the data verification process within a verification workflow (the sequence of tasks representing your compliance procedure), the workload for analysts can be significantly reduced.
Maintaining real-time compliance
Another time-consuming task, often part of an analyst’s routine, is ensuring that client files remain compliant after onboarding. If data is not centralized in one place, the task becomes even more complicated. Having a centralized solution that lists all client files and flags any required or urgent actions provides clear guidance and complete visibility of the entire client base for compliance stakeholders.
.png)
Differences between KYC and KYB
Onboarding complexity
The volume of data needed to verify individuals is typically limited to their personal details (usually an ID document and a screening). This is not the case for companies, which can be owned by multiple other companies, which in turn may be owned by individuals. All these individuals with signing authority in the onboarded company must be verified, in addition to verifying the company’s identity. In the best-case scenario, there is only one individual, but often there are multiple beneficial owners, directors, and/or shareholders.
Moreover, there are sometimes additional conditional procedures specific to each business:
- When a company’s type of activity involves high risk and large volumes of cash transactions, e.g., hairdressing salons, plumbing, restaurants, etc.
- When the corporate structure is highly complex, with numerous subsidiaries and corporate shareholders.
- When the jurisdiction is considered higher risk (for example, countries on FATF black or gray lists).
KYC onboarding is generally “straight-through” since smaller amounts of money are involved and fewer checks are required. However, with the right tools, it is also possible to run KYB onboarding just as quickly.
Frequency of monitoring and updates
Individuals often undergo ongoing monitoring for suspicious transactions, with periodic updates (such as re-checking their ID) required at more spaced-out intervals. However, high-risk corporations are subject to more frequent updates with a greater number of documents and more thorough checks. Client due diligence does not end at onboarding but continues throughout the client’s lifecycle.
A company’s structure and sector can evolve over time (mergers, acquisitions, expansions into new markets, etc.), and KYC analysts must keep these changes in mind. Some solutions on the market allow for automated client due diligence renewals, reducing the workload for analysts who otherwise have to manually verify each client file. When tools do not offer automation, you may end up with lengthy email chains requesting updated documents and then manually verifying those documents with specialized service providers who authenticate their legitimacy.
Additional costs
Generally, for individuals, few documents are required during onboarding (ID, proof of address, or proof of income).
These documents can be automatically verified by specialized software that detects fraudulent documents, such as Finovox or other solutions. By integrating these tools into your central client file management platform, they can be automatically triggered to verify the uploaded documents.
This also applies to legal entities. However, more documents are typically needed: a company certificate (Kbis in France), proof of beneficial owners, balance sheets, etc. Additionally, you may want direct access to documents from a national registry (e.g., Kbis or its equivalent in other countries). Some service providers allow you to retrieve these documents and information directly from national registries so that you don’t have to ask your clients for them. These different documents and data retrieval processes often entail significant costs that do not apply to individual onboarding.
Access to these registries is rarely free or public; it often requires manual research or an API connection. However, with providers who have privileged access to worldwide registries, compliance departments can still gather the information they need.
By selecting a centralized platform for your KYC/KYB process, you can benefit from pay-per-use pricing and avoid paying for verifications you never actually use (i.e., pay-as-you-go). Because the time spent per KYB file is higher, it is essential to reduce the bandwidth devoted to tasks that can be automated and redirect your team’s expertise to higher-value tasks.
Legal and criminal risks
In theory, failure to comply with KYC and KYB obligations can lead to the same types of sanctions:
- Administrative fines
- Criminal prosecution
- Loss of operational license
These sanctions harm an organization’s prosperity and reputation, directly impacting profitability due to:
- Unexpected fines
- Unforeseen legal costs in the event of prosecution
- Temporary or permanent interruption of your services
In general, KYB involves larger sums of money and is often the primary avenue used by major criminal networks to launder money: the risk is higher and demands greater vigilance. Criminals favor this method because it allows them to create extensive corporate structures in which the source of funds can be concealed. A shell company, usually based in a tax haven (requiring Enhanced Due Diligence), serves as the first entry point for laundering money. It receives suspicious funds and then transfers them to banks/investment funds, etc. To further obscure the source of the funds, this operation can be repeated multiple times. Such companies provide criminals with an opaque shield, enabling them to hide their identity behind multiple business names.
Individuals generally do not have the same degree of flexibility to move large sums across various corporate entities, making AML measures especially critical at the business onboarding level. (See ACPR Report)
How to choose the right KYC and KYB solution
If your needs are limited to identifying individuals, solutions such as Onfido or IDNow (formerly AriadNext) may be sufficient. However, if you need to verify both individuals and legal entities with complex relationships (clients, funds, service providers, merchants), Ondorse is the B2B (KYB) equivalent of Onfido. Ondorse allows you to verify all stakeholders you do business with, whether for AML/CFT, Sapin II, or DORA compliance. Thanks to the solution’s modularity, you can address all your compliance challenges on a single platform.
AML/CFT compliance is a strategic issue for financial players and businesses in every sector. With the right approach and tools, you can reduce onboarding delays, minimize fraud risks, and maintain client trust.
- KYC: Focused on individuals, less complex but equally crucial to comply with anti-money laundering laws.
- KYB: Applies to legal entities, more complex and often more expensive, yet indispensable for effectively combating international criminal schemes.
By choosing a centralized and scalable solution, you optimize your compliance efforts while staying focused on your core business.
Discover our latest guide
Everything you need to know about this subject
Heading
Subtextt