What are KYB and KYC?
straight to your inbox
Companies were hit with $26 billion in fines between 2008 and 2018 for non-compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.
It’s a reminder that fraud and financial crime are rife. And it’s why businesses need to follow strict rules to verify the identities and activities of potential consumers and corporate customers. Hefty fines show just how costly and seriously non-compliance should be taken.
But what are Know Your Business (KYB) and Know Your Customer (KYC)? Simply put, they are both regulatory requirements that are all about ensuring that you’re doing business with the right people. Let’s dive into what that means.
KYC vs. KYB: understanding the difference
KYB and KYC are built around the idea of verification and due diligence. And it’s KYB that is the bigger deal, given the greater compliance burden it involves. That’s because KYB regulations are designed to prevent fraud and money laundering by the likes of terrorist financiers, drug traffickers, and other international crime groups that concern law enforcement institutions like the CIA, FBI, and Interpol.
Here’s the distinction between KYC and KYB.
What is KYC?
KYC is a regulatory requirement that banks, fintechs, and other financial institutions need to fulfill by identifying their customers before opening an account. KYC verification helps financial services businesses put a face and name to their customers, a central part of preventing online fraud and financial crimes and complying with anti-money laundering (AML) regulations.
What is KYB?
KYB is a much bigger endeavor, as we flagged earlier. Verifying a consumer’s identity can be straightforward enough. But with KYB, businesses often need to vet and verify a range of corporate and business entities that can span across borders, tax regimes, and regulatory environments. In practice, that can involve manually searching legal filings, chasing down documents from ultimate beneficial owners (UBOs), and cross-checking reams of financial statements.
When are KYB and KYC checks needed?
Checks are needed whenever a finance company onboards a new customer. In truth, KYB and KYC should be recurring activities. Businesses must constantly monitor and screen their customers’ transaction activities and the various watchlists published by international regulators.
KYB and KYC regulation and compliance
Many countries have their own KYB, KYC, and AML laws and regulations. This cross-border complexity is why you see such a boom in KYB, KYC, and ID verification SaaS vendors. Here are several rules that you may need to comply with, depending on your own business setup and geographic presence:
- United States: Patriot Act of 2001 and the Customer Due Diligence (CDD) Final Rule.
- Canada: FINTRAC regulations
- Australia: AUSTRAC regulations
- United Kingdom: The Money Laundering Regulations 2017
- European Union: Anti-Money Laundering Directive (5th AMLD).
These regulations are prone to change—and sometimes they even face legal challenges—so it’s wise for financial managers and lawyers to work together to understand how they might affect your business.
How to complete a KYB/KYC check
Let’s put regulatory requirements and definitions aside and take a quick look at what you need to do when performing KYC and KYB compliance checks.
Step #1: Gather personal identifiable information (PII)
First, collect personal information from potential customers during online account registration. This step lays the foundation of the entire KYC verification process. Personally Identifiable Information (PII) includes:
- first name and last name
- date of birth
- phone and email address
- Social Security number
- driver’s license number
- and current credit status.
Collect this data and ensure that it is safely stored under local data protection laws.
Step #2: Collect supporting documents
Ask the applicants to provide supporting documents to verify the PII they have provided. This can be a passport, an ID card, a driving license, or a credit or debit card. The information from this document is extracted after identifying the type of document. This step is crucial as it helps you check that the applicants are who they say they are.
Step #3: Verify the provided data and documents
Verify the PII against the data on the provided document. This step ensures that the user has entered the correct information. The data from records is often extracted using optical character recognition (OCR), a computer program for recognizing typography and signatures in imagery. This data is then verified against the information that the user has entered. If they match, the user is verified.
There will be far more steps for complex financial products and applications with many different people or entities, such as verifying reported earnings, confirming owners with a stake of more than a fifth of the company, and collating any audit documentation.
How to protect your business from fraud and money laundering
Unfortunately, fraud and financial crime are still a daily reality. Businesses of every size face common risks:
- Card-not-present fraud: When a criminal uses a stolen card to buy something online, over the phone, or through mail order.
- Card-present fraud: When a stolen or illegally duplicated card is used in person to make a fraudulent transaction.
- Counterfeit cards: When criminals use fake, ‘cloned,’ or illegally copied cards to make unauthorized payments.
- Card identity theft: Phishing schemes. Scam emails and text messages. And the physical theft of snail mail. These are just some of the means that criminals use to obtain card details and account information.
- Card-not-received fraud: This kind of fraud happens when a new card sent to a customer is stolen.
The types of fraud mentioned above are common in consumer-facing industries such as eCommerce. But money-laundering and corporate fraud can be far more complex. It requires more robust measures by businesses. To fully protect themselves, businesses should:
Automate spend analysis
Use modern expense automation software, like Ramp, to match and block transactions that don’t comply with set spending guidelines. With real-time payments on the rise, great financial software and modern corporate cards with spend analysis and vendor restrictions can boost your security.
Use trusted payment partners
B2B payments are being transformed for the better. While faster and more affordable payments processes are good for businesses, they open up new opportunities for fraud. Ensure your payment processing is integrated with fraud processing to whittle down the risks of established and emerging payment methods.
Use multi-factor authentication
For example, Ramp uses automated systems to prevent account takeover attempts and other malicious requests proactively. We require all accounts to opt into multi-factor authentication and immediately verify suspicious activity with the business owner.
Only use trusted vendors
At Ramp, we verify that any third parties have adopted stringent security. Our legal officer ensures we have a rock-solid contract—and our security team must approve engagements.
Complete due diligence checks
Follow the KYC and KYB process outlined above and call on modern ID verification vendors to help you roll out checks at scale. Consider if they can help you collect, vet, and store customer information in a common repository to cut down the manual burden of compliance.
Knowing your customers
We know what you’re thinking. KYC and KYB sound like work. It’s true; they place a significant burden on financial services businesses, even some of the largest banks in the world. But it’s a necessary evil to ensure your transactions and customer accounts are not connected with money laundering, terrorist financing, or sanctions. As we mentioned at the top, the fines for violating AML and KYC rules are severe.
Ramp helps you limit your exposure to fraud
Ramp takes fraud prevention, security, and protection of your data very seriously. Discover nine of the security measures we take for every account—and find out how we give our customers peace of mind with corporate cards linked to rigorous spend management software.