Do you know who you’re doing business with? Sure, you may have Googled the company and name of the person you’re dealing with to distinguish the business’s legitimacy. But do you really know who runs the business, pulls the strings behind the scenes and profits from your dealings?
Do you know if proceeds from your business are being directed into bank accounts of corrupt business owners/shareholders, or used for laundering money or financing terrorism? If you’re a regulated entity (for example, a financial institution), finding out this information is a legal compliance requirement.
Besides legal considerations, there are also social and ethical responsibilities for knowing the Ultimate Beneficial Owners (UBOs) of companies you are doing business with. Consider all the corruption uncovered by the FinCEN Files, which revealed global banks moved more than $2 trillion in suspicious payments. These hidden funds go into the hands of people who already have wealth and power and create a larger tax burden for society. Doing business with these people opens your business up to a host of questions about your business morals and reputation.
KYB checks and onboarding processes
Similar to Know Your Customer (KYC) laws for verifying people’s identities during the onboarding process, Know Your Business (KYB) requires regulated entities to verify a company’s:
- Business registration number
- Legal name
- Operational status
- Key management personnel
- Date of incorporation
Additionally, investigating the UBO structure and performing KYC checks on UBOs to verify their identities and screening the company and its owners against global watchlists and sanctions lists is part of the Customer Due Diligence (CDD) process.
KYB in Europe
In Europe, KYB requirements were set out in 4AMLD and include:
Identifying the beneficial owner and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer.
Under 6AMLD, employees and officials of organizations — and entities working on behalf of those organizations — can now be held criminally liable. Negligence or irresponsibility when it comes to enabling the flow of illicit funds can result in individuals and corporations being criminally charged and/or fined.
Note, a UBO in the EU is defined as owning more than 25% of the corporate entity. Currently, the EU Customer Due Diligence requirements are:
- Identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source
- Identifying the beneficial owner and taking reasonable measures to verify that person’s identity so that the obliged entity is satisfied that it knows who the beneficial owner is, including, as regards legal persons, trusts, companies, foundations and similar legal arrangements, taking reasonable measures to understand the ownership and control structure of the customer
- Assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship
- Conducting ongoing monitoring of the business relationship, including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the obliged entity’s knowledge of the customer, the business and risk profile, including where necessary the source of funds and ensuring that the documents, data or information held are kept up to date
KYB in the U.S.
Other jurisdictions have similar requirements. In the U.S., the Customer Due Diligence (CDD) Final Rule states:
Covered financial institutions must identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted).
Covered financial institutions (FIs) include banks, brokers or dealers in securities, mutual funds, futures commission merchants and brokers in commodities.
In 2022, the Corporate Transparency Act comes into effect and U.S. companies will have to report their Ultimate Beneficial Owner (UBO) information to the Financial Crimes Enforcement Network (FinCEN). Any new incorporation or significant UBO change will need to be reported and any company formed before the effective date of the Act will have two years to report to FinCEN.
Different jurisdictions have different requirements, and even within the same jurisdictions, other regulations are applicable. For example, besides the Bank Secrecy Act (BSA), which covers the CDD rules, U.S. FIs also have to consider Dodd-Frank, SEC disclosure rules, Office of Foreign Assets Control (OFAC), and Foreign Account Tax Compliance Act (FACTA).
Problems of KYB
Unfortunately, onboarding business customers is often a manual process that is slow, costly and rife with errors. According to an article in Finextra, it takes 3-4 months to onboard a corporate banking customer.
Beneficial ownership information is often difficult to find. Nominee shareholders can hide true ownership. Shell companies or trusts can obscure information within filings and in different jurisdictions. These registrations can, in turn, be registered by other shell companies or trusts in yet other jurisdictions. The percentage of ownership is potentially obfuscated by complex paper trails that make identifying true beneficial ownership complex and costly.
There might not even be paper trails. There are no documentation requirements for beneficial ownership in some jurisdictions, so there is no shareholder information to investigate. Note, this goes against Financial Action Task Force (FATF) global Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) recommendations.
Compliance professionals need to look at multiple reports and different data sets. They work in one location, but the data could be in another office or another country. Data is often old or inaccurate, in a variety of different formats that are hard to reconcile. Each company structure is different and can change over time, making the data challenging to gather and difficult to interpret.
As Dun & Bradstreet notes in its report, Smoke and Mirrors: The Opaque Nature of Ownership, applying a traditional resource-intensive manual approach and relying on self-certification isn’t sustainable. The report states companies that want more robust and effective compliance can:
Automate the identification and verification of beneficial ownership.
Just as with KYC, KYB (business verification) processes dramatically improve by adding automated verification systems. Electronic identity verification (eIDV) provides proper analysis on any name of a beneficial owner or director that KYB brings up. eIDV also points the way forward for KYB, pointing to the use of APIs to ease integration and smooth out data capture processes. With the power of APIs and data-driven machine learning and artificial intelligence systems, workflows quickly retrieve real-time information, share it with the appropriate parties, coordinate response and flag cases for manual review.
To avoid costs, headaches and potential non-compliance, effective KYB solutions can use similar processes to automated KYC solutions. While the complexity for KYB demands more from compliance, technology that determines who is behind a business will allow for greater scrutiny and better compliance.
This post was originally published on July 11, 2017. It has been updated to reflect the latest industry developments and best practices.