The KYB compliance checks no fintech can afford to miss
Scaling quickly shouldn't come at the expense of strong controls—we break down the common checks all B2B fintechs need in their onboarding process.
Every startup is in a race to get customers quickly and grow as fast as possible. But fintech startups operate in a highly regulated environment, where growing too fast without the right checks in place can potentially harm their customers, their business and even the financial system as a whole. As fintechs start out, It’s essential that they appreciate the depth of regulatory requirements that apply to them—including the requirement to know their customers inside and out from day one.
For B2B fintechs, it can be challenging to understand and implement the right onboarding checks for new customers, given the often complex structure of corporate entities. But complexity shouldn’t be a barrier to running thorough checks on a new customer - fintechs need to ensure they are only onboarding companies that are in compliance with all relevant regulations and fall within their risk appetite. That’s where strong KYB processes come in.
What is KYB?
KYB stands for Know Your Business. In simple terms, KYB is the act of identifying or verifying a company and the people associated with it, such as directors and people with significant control (PSCs), and assessing their risk profile so you can decide if you want to onboard them as a customer. After onboarding, KYB should be ongoing and customer risk profiles should be reassessed at regular intervals.
A brief history of KYB
In 2016, the Panama papers revealed that many prominent and powerful individuals around the world were using loopholes and shell companies to launder money, avoid taxes and hide their true earnings. These findings ultimately led to enhanced financial regulation globally and more scrutiny on financial institutions and their KYB processes. The European Union introduced a directive that forced firms to reveal their true and beneficial owners. The United Kingdom also carried out a risk assessment and subsequent reviews which led to enacting the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (usually simply called the Money Laundering Regulations) to cover anti-money laundering (AML) processes in organisations, including KYB and KYC.
Today in the UK, the Financial Conduct Authority (FCA) monitors and enforces compliance with AML and counter-terrorist financing (CTF) regulations by requiring companies to verify the identity of their customers (both individual and businesses). The FCA’s remit is all financial institutions, including fintechs. The major regulations that provide direction of implementing customer due diligence, KYC, and KYB are the Money Laundering Regulations, the Terrorism Act 2000 and the Proceeds of Crime Act 2002.
The Joint Money Laundering Steering Group (JMLSG), a private sector body made up of the top UK financial services trade associations, also provides guidance on how companies can comply with AML/CTF laws and regulations and the procedures they need to set up in order to do this.
Why your fintech needs KYB
You are required by law to ensure that you are not providing services to criminals. If you fail to run adequate KYB processes, your company could be judged to be non-compliant with regulations, which could potentially result in fines, sanctions, or revocation of your operating licence. But embedding great KYB processes in your fintech isn’t just a matter of compliance—effective KYB also protects and sustains your business by ensuring that you are only dealing with genuine companies and not taking on customers outside your risk appetite.
Important KYB checks for fintechs
In most organisations, KYB will at minimum involve KYC, customer risk assessment and where needed, enhanced due diligence (EDD). Several factors will determine the level of EDD that needs to be carried out, such as the operating jurisdiction and the nature of the business.
Here are some examples of the basic KYB checks that fintechs need to carry out to ensure compliance with regulations. This is not an exhaustive list and fintechs may be required to carry on additional checks outside of these.
A. Business identity verification
You will need to verify the identities of directors and PSCs with an independent source to ensure that the business is real and its owners are who they say they are. The identity documents of directors and PSCs also need to be reviewed against biometric databases.
- Politically exposed persons (PEP): A politically exposed person is someone who holds or has recently held a prominent political or public function, either in the UK or abroad. This also covers the families and associates of PEPs, known as Relatives and Close Associates (RCAs). PEPs hold important decision-making positions that put them at higher risk of being offered bribes or corrupt funds. They are also more likely to have potential conflicts of interest. If a director or PSC is a PEP, it must be disclosed in the company's report to the regulatory authorities. While you may decide to onboard a PEP after assessing the risks involved, continuous enhanced due diligence and reporting is required.
- Sanctions: Financial sanctions are put in place to protect a country's financial integrity and security, and sanctions breaches and associated offences are extremely serious. That’s why checking the individuals within a company for potential matches against sanctions lists is a key regulatory obligation. Sanctions lists are collated and maintained by institutions such as the Office of Financial Sanctions Implementation (OFSI) in the UK, Interpol, UN sanctions, and Her Majesty’s Treasury (HMT). These bodies also provide additional watchlists which can be used to lower your risk of doing business with people known to have an increased financial crime risk and those that have been black listed by various governments.
- Adverse media: Also known as negative news screening, this involves checking whether the company and its associated individuals have had reported involvement in any controversial activity or obvious wrongdoing, such as forced labour, environmental damage, or bribery and corruption. This check is very important for safeguarding your reputation, and is conducted on the company and its directors and PSCs using dynamic open source searches.
C. Fraud screening
Fraud screening is a series of checks performed on customers (both business and consumer) to identify traits which are commonly or occasionally displayed by criminal entities. For example, these checks will reveal if the company or any of its directors or PSCs has a history of committing fraud. This is done using databases curated by organisations such as Credit Industry Fraud Avoidance System (CIFAS).
Regulatory compliance is not a one-off affair. The PSCs and directors of a company you onboard today may change tomorrow. A company that was previously considered low risk may carry out certain transactions that put it in the high risk category. Fintechs are required to implement controls to stay one-step ahead of these fluctuations in risk profiles at all times, with a KYB framework that is continuous and ongoing. Ultimately, the goal of KYB can only be achieved if these checks are carried out in an efficient, easy to understand and rigorous way. This is where automation comes in.
Automating the KYB process
Companies often transcend locations and regulatory frameworks, making them far more difficult to verify than people. You may need to manually search for data in various public and private databases and continuously request information from the company. Manually chasing and vetting information is inefficient and potentially error-prone, which poses challenges for businesses looking to scale. This is why most fintechs will seek to automate their KYB processes.
At Griffin, our customer onboarding solution, Verify is integrated with multiple data sources to streamline your KYB process and manage your onboarding risks.