Know Your Business (KYB)

Know Your Business (KYB) is the process of verifying the legal identity, ownership structure, and operational legitimacy of a business entity before establishing a commercial relationship. For payment service providers, acquirers, and platforms, KYB serves as the foundational risk control when onboarding merchants, ensuring they are transacting with registered, legitimate companies rather than shell entities or fronts for illicit activity.

‍

‍

‍

The "Why": Why KYB Is a Challenge for Companies Today

‍

While KYB shares foundational principles with Know Your Customer (KYC) for individuals, business verification introduces layers of complexity that make it both operationally difficult and critically important:

‍

• Ownership Opacity: Identifying the actual individuals who control or benefit from a business (Ultimate Beneficial Owners, or UBOs) requires navigating multi-tiered corporate structures, trusts, nominee arrangements, and cross-border holdings. In some jurisdictions, ownership data is incomplete, outdated, or inaccessible.

‍

• Data Fragmentation Across Jurisdictions: No single global registry exists for business verification. Risk teams must pull data from local company registries, beneficial ownership databases, tax authorities, trade licensing bodies, and industry-specific regulators. Each jurisdiction has different disclosure requirements, update frequencies, and data formats.

‍

• False Positives and Name Collisions: Common business names, transliteration inconsistencies, and shared addresses between related entities create screening noise. A merchant flagged for sanctions exposure may simply share a name with an unrelated blocked entity, requiring manual disambiguation and slowing onboarding.

‍

• Regulatory Divergence: Anti-Money Laundering (AML) rules, sanctions screening obligations, and UBO disclosure thresholds vary by region and by the type of financial service being offered. Payment facilitators (PayFacs) in the EU face different KYB requirements than acquirers in the U.S. or marketplaces in Asia-Pacific.

‍

• Dynamic Risk Profiles: A business verified at onboarding can change ownership, modify its operating model, or pivot into higher-risk verticals. One-time KYB checks are insufficient. Continuous monitoring is required to detect ownership transfers, address changes, or adverse media signals that alter the risk profile.

‍

‍

‍

The "How": Building an Effective KYB Program

‍

An effective KYB process balances regulatory compliance, operational efficiency, and fraud prevention.

‍

The following steps represent a practical framework for risk and compliance teams:

‍

‍

1. Verify Corporate Registration and Legal Status

‍

Begin by confirming the business is a registered legal entity in good standing. This includes:

• Retrieving the business registration number, tax identification number, and incorporation date from the relevant company registry.
• Validating that the entity is active (not dissolved, struck off, or under administration).
• Checking that the registered address matches operational locations or can be reasonably explained (e.g., registered agent services are common but may require additional due diligence).

‍

In practice, this step surfaces basic red flags: businesses registered days before applying for payment services, entities with no online footprint, or names that closely resemble well-known brands (a potential indicator of impersonation fraud).

‍

‍

2. Identify and Verify Ultimate Beneficial Owners (UBOs)

‍

UBO identification is the most complex component of KYB. Risk teams must:

• Determine who owns or controls at least 25% of the business (the standard AML threshold, though some jurisdictions use 10% or other thresholds).
• Trace ownership through holding companies, trusts, or other intermediary structures to reach natural persons.
• Verify each UBO's identity using government-issued identification and cross-reference against global sanctions lists, Politically Exposed Persons (PEP) databases, and adverse media sources.
• In cases where no individual meets the ownership threshold, identify the senior managing official (the person who exercises day-to-day control).

‍

We see this fail when businesses use nominee directors or shareholders, making it difficult to establish who actually controls the entity. In those cases, risk teams must request additional documentation, such as shareholder agreements or corporate resolutions.

‍

‍

3. Confirm Business Activity and Operating Model

‍

Document what the business does, how it operates, and where it generates revenue. This step includes:

• Reviewing the company's website, marketing materials, and product/service descriptions.
• Mapping the business model (e-commerce, SaaS subscription, marketplace, lead generation, etc.).
• Identifying any third-party platforms or storefronts operated by the same entity or related individuals (the "ecosystem" dimension of merchant risk assessment).
• Confirming that the stated business activity aligns with the Merchant Category Code (MCC) and transaction patterns expected during underwriting.

‍

This prevents scenarios where a business claims to sell electronics but is actually processing payments for unregulated financial products or high-risk digital goods.

‍

‍

4. Assess Licenses, Permits, and Industry-Specific Authorizations

‍

Certain business types require regulatory authorization before they can legally operate. Risk teams should verify:

• Money transmitter licenses for payment processors or crypto exchanges.
• Gaming licenses for online gambling operators.
• Professional licenses for financial advisory, legal, or medical services.
• Import/export permits for international trade businesses.

‍

Failure to verify these credentials can expose acquirers and PayFacs to regulatory enforcement, chargebacks, or reputational risk.

‍

‍

5. Screen Against Sanctions, Watchlists, and Adverse Media

‍

Once the business and its UBOs are identified, screen them against:

• Office of Foreign Assets Control (OFAC) sanctions lists.
• United Nations, European Union, and other international sanctions programs.
• PEP databases to identify individuals with elevated corruption or bribery risk.
• Adverse media sources (litigation, regulatory actions, fraud allegations, insolvency proceedings).

‍

Because business names and individual names can produce false positives, this step requires careful review. A flagged match does not automatically disqualify a merchant. The risk team must assess whether the match is accurate (same entity, same individual) or a name collision with an unrelated party.

‍

‍

6. Implement Ongoing Monitoring and Periodic Re-Verification

‍

KYB is not a one-time event. Risk profiles change as businesses grow, pivot, or change hands. We recommend:

• Continuous monitoring of UBO changes, address updates, and adverse media alerts.
• Periodic re-verification (annually or triggered by risk signals such as transaction pattern shifts, customer complaints, or regulatory updates).
• Automated alerts for key events: changes in beneficial ownership, corporate restructuring, legal judgments, or sanction list additions.

‍

This ensures that a business onboarded as low-risk does not become a source of fraud, money laundering, or regulatory exposure six months later.

‍

‍

‍

The "Example": KYB in Action

‍

A PayFac receives an onboarding application from an e-commerce business registered in Delaware selling consumer electronics. The business has a professional website, a functional shopping cart, and realistic traffic projections.

‍

During KYB, the risk team pulls the Delaware business registry record and confirms the entity is active. However, the registered address is a common corporate services provider (a "registered agent" address with no physical operations). This prompts further investigation.

‍

he team identifies the UBOs: two individuals based in Eastern Europe. One UBO appears on a PEP database as a former mid-level government official. Adverse media screening surfaces a lawsuit involving one UBO related to a separate business that allegedly failed to fulfill orders (a pattern consistent with advance-fee fraud).

‍

The team also discovers that the same two individuals operate three other e-commerce storefronts under different company names, all selling similar products. One of those storefronts has a history of chargebacks with another acquirer.

‍

Outcome: The PayFac declines the application. While none of the findings alone would disqualify the business, the combination of nominee-style structures, PEP exposure, litigation, and a network of related entities with chargeback history presents unacceptable fraud risk.

‍

This case illustrates why KYB must go beyond confirming a business is registered. Effective KYB uncovers the broader context: who is behind the business, what is their track record, and what other entities are they operating?

‍

‍

‍

Strategic Context: Why KYB Matters for the Payments Ecosystem

‍

KYB is not simply a compliance checkbox. It is a strategic control that protects acquirers, PayFacs, and platforms from fraud, reputational damage, and regulatory penalties.

‍

Fraud Prevention: Fraudsters use shell companies and nominee structures to obfuscate their identities. KYB exposes these setups before they can process payments, reducing the likelihood of transaction laundering, chargeback schemes, or advance-fee fraud.

‍

Regulatory Compliance: Financial institutions are required to conduct customer due diligence under AML regulations (e.g., the Bank Secrecy Act in the U.S., the 6th Anti-Money Laundering Directive in the EU). Inadequate KYB processes can result in enforcement actions, fines, or restrictions on payment processing licenses.

‍

Risk-Based Underwriting: Not all businesses present the same risk. KYB findings (ownership structure, operating history, industry vertical) feed into underwriting decisions, allowing risk teams to calibrate reserve requirements, transaction limits, and monitoring intensity based on the actual risk profile rather than surface-level data.

‍

Network Integrity: When acquirers and PayFacs onboard high-risk or fraudulent merchants, the resulting fraud and chargebacks affect the broader payments ecosystem. Card schemes (Visa, Mastercard) monitor acquirer performance and can impose fines or terminate sponsorships if fraud rates exceed thresholds. Effective KYB protects not only the individual institution but also the network's reputation and stability.

‍

‍

‍

How Ballerine Supports KYB

‍

Ballerine provides risk and compliance teams with a unified platform for merchant underwriting and KYB verification. The platform automates entity verification, UBO identification, sanctions screening, and ongoing monitoring, reducing manual effort and improving decision accuracy.

‍

Key capabilities include:

• Automated corporate registry lookups across multiple jurisdictions.
• UBO discovery tools that trace ownership through complex structures.
• Real-time sanctions and adverse media screening with disambiguation to reduce false positives.
• Ecosystem mapping to identify related entities, shared UBOs, and networks of storefronts operated by the same individuals.
• Continuous monitoring workflows that alert risk teams to ownership changes, address updates, or new adverse media signals.

‍

For payment service providers managing high volumes of merchant onboarding, Ballerine reduces the operational cost of KYB while ensuring compliance with AML regulations and card scheme requirements. The platform is built for risk professionals who need both automation and the flexibility to handle edge cases that require human judgment.

‍

Learn more about Ballerine's merchant underwriting platform or explore how continuous merchant monitoring supports ongoing KYB compliance.

‍