How Know Your Business (KYB) Works
KYB is a structured verification workflow, not a single check. Payment providers run businesses through a series of layered controls before approving access to payment infrastructure. The exact steps vary by jurisdiction and risk appetite, but the core sequence is consistent across the industry.
Business Registration Verification
The provider confirms the entity is legally incorporated and in good standing by querying official government registries — Companies House (UK), the SEC or Secretary of State filings (US), the RCS (France), or equivalent. Key data points include registration number, registered address, incorporation date, and current status (active vs. dissolved).
Beneficial Ownership Identification
Regulators require identification of every individual who directly or indirectly owns 25% or more of the business. This step maps the full ownership chain — including parent companies and trusts — to surface the ultimate beneficial owners (UBOs). Complex holding structures may require multiple layers of registry lookups across jurisdictions.
Identity Verification of Beneficial Owners
Each identified UBO undergoes Know Your Customer checks: government-issued ID verification, liveness detection, and sanctions screening. This bridges entity-level compliance with individual-level accountability and is required under both AMLD6 (EU) and FinCEN rules (US).
Sanctions and Watchlist Screening
The business entity, its directors, and its UBOs are screened against global sanctions lists (OFAC SDN, UN Consolidated List, EU Consolidated List), PEP (Politically Exposed Persons) databases, and adverse media. Matches trigger enhanced due diligence or automatic rejection depending on risk policy.
Risk Scoring and Decision
All collected data feeds into a risk model. The output is a risk tier — low, medium, or high — which determines the outcome: approve, approve with enhanced monitoring, request additional documentation, or decline. High-risk verticals (gambling, crypto, nutraceuticals) automatically inherit elevated scrutiny thresholds during merchant onboarding.
Ongoing Monitoring
KYB is not a one-time event. Ongoing monitoring covers changes to company registration, new sanctions matches, adverse media alerts, and shifts in transaction behavior that suggest the business has materially changed. Periodic re-verification — typically annual for high-risk merchants — is required under most regulatory frameworks.
Why Know Your Business (KYB) Matters
Financial crime routed through legitimate-looking business accounts costs the global economy trillions annually. For payment providers and merchants alike, weak KYB is not just a compliance gap — it is a direct liability.
According to the UN Office on Drugs and Crime, an estimated 2–5% of global GDP (roughly $800 billion to $2 trillion) is laundered each year, with shell companies and fraudulent merchant accounts among the most common vehicles. A 2023 KPMG survey of financial institutions found that 56% had experienced a significant compliance failure linked to inadequate business verification in the prior 24 months. Regulators are responding: EU AML fines exceeded €1.6 billion between 2018 and 2023, with a significant share tied to deficient KYB controls.
For merchants, the stakes are equally high. Inadequate KYB by their payment provider can result in being bundled with high-risk counterparties, triggering card network audits, or losing acquiring relationships entirely.
Regulatory Baseline
In the EU, the 6th Anti-Money Laundering Directive (6AMLD) criminalizes aiding and abetting money laundering — meaning a payment provider that knowingly or negligently onboards a fraudulent business can face criminal liability, not just civil fines.
Know Your Business (KYB) vs. Know Your Customer (KYC)
KYB and KYC are often conflated, but they target different subjects and operate at different layers of the compliance stack. In practice, every KYB program embeds a KYC component for the humans behind the business.
| Dimension | KYB | KYC |
|---|---|---|
| Subject | Legal entity (company, LLC, partnership) | Individual person |
| Primary data sources | Company registries, UBO registers, filings | Government-issued ID, biometric liveness |
| Key outputs | Legal existence, ownership structure, risk tier | Identity confirmed, sanctions clear |
| When required | Business account opening, sub-merchant onboarding | Consumer accounts, UBO verification within KYB |
| Ongoing obligation | Annual re-verification, registry change monitoring | Transaction monitoring, periodic re-KYC |
| Regulatory driver | AMLD6, FinCEN CDD Rule, card network rules | AMLD5/6, BSA, FATF Recommendations |
Both processes feed into a broader anti-money laundering framework and are evaluated together during regulatory examinations.
Types of Know Your Business (KYB)
KYB is applied differently depending on the risk context and business relationship. Understanding which type applies helps merchants prepare the right documentation and set accurate timelines.
Simplified Due Diligence (SDD) applies to low-risk entities — publicly listed companies, regulated financial institutions, and government bodies — where ownership and legitimacy can be confirmed through public records with minimal additional documentation.
Standard Due Diligence (CDD) is the default level for most business applicants. It covers full entity verification, UBO identification, and sanctions screening as described in the process steps above.
Enhanced Due Diligence (EDD) is triggered by high-risk signals: jurisdictions on the FATF grey or black list, complex multi-layer ownership structures, PEPs in the ownership chain, or high-risk business verticals. EDD adds source-of-funds documentation, senior management sign-off, and more frequent re-verification cycles.
Ongoing/Perpetual KYB refers to continuous, event-driven monitoring rather than periodic reviews. Changes to company registration, new adverse media hits, or transaction anomalies automatically trigger a re-verification workflow without waiting for the next scheduled review.
Best Practices
Good KYB practice differs depending on whether you are a merchant going through the process or a developer building a platform that runs it.
For Merchants
Prepare your document pack before applying. Gather your certificate of incorporation, proof of business address, and ID documents for all beneficial owners holding 25% or more equity before initiating onboarding. Incomplete submissions are the single most common cause of delays.
Be transparent about your ownership structure upfront. Hidden holding companies or nominee shareholders will surface during registry checks and will trigger EDD, not accelerate approval. Disclose complex structures proactively with an organizational chart.
Keep your registered information current. If your registered address, directors, or shareholders change after onboarding, notify your payment provider. Discrepancies discovered during routine monitoring are far more disruptive than proactive updates.
Understand your risk tier. If your business operates in a higher-risk vertical — subscription billing, digital goods, international sales — expect more documentation requests and factor EDD timelines into your go-live planning. Work with your provider's risk team early.
For Developers
Integrate directly with government registry APIs where available. Real-time data from Companies House (UK), the GLEIF database, or Open Corporates is more reliable and audit-friendly than document uploads alone. Automate the registry lookup step to remove manual latency.
Build a document orchestration layer. KYB requires collecting, validating, and storing multiple document types from multiple parties (entity docs + UBO IDs). A purpose-built document request flow with status tracking reduces applicant drop-off significantly compared to generic file upload forms.
Design your risk model as a configurable ruleset, not hardcoded logic. Thresholds for sanctions match confidence, ownership percentage, and jurisdiction risk shift as regulations evolve. Externalizing these parameters means you can update compliance rules without code deployments.
Maintain a complete, immutable audit trail. Regulators expect to see exactly what data was checked, when, against which database version, and what decision was made. Every KYB check should write a timestamped, signed record to an append-only log.
Common Mistakes
Treating KYB as a one-time gate. Onboarding approval is the beginning of the compliance relationship, not the end. Businesses change — they add shareholders, expand into new markets, or restructure. Without ongoing monitoring, a clean KYB at onboarding provides no protection against post-approval risk accumulation.
Ignoring indirect beneficial ownership. Regulatory requirements target ultimate beneficial owners — the real humans at the top of the ownership chain — not just direct shareholders. Stopping at the first layer of a holding structure and missing a sanctioned individual two levels up is a significant compliance failure.
Inconsistent thresholds across jurisdictions. The standard 25% ownership threshold for UBO identification is not universal. Some jurisdictions use 10%, others apply "control" tests that go beyond equity ownership. Applying a single global threshold without jurisdiction-specific logic creates compliance gaps.
Over-relying on document uploads alone. Self-certified documents can be forged. Best-in-class KYB corroborates document data against live registry sources. A business registration certificate that matches no government registry record should fail verification regardless of how professional the document looks.
Failing to screen on an ongoing basis. A merchant who was clean at onboarding can appear on a sanctions list six months later. Without automated screening that runs against updated watchlists continuously, providers discover these matches only when a regulator or card network does.
Know Your Business (KYB) and Tagada
Tagada's payment orchestration layer sits between merchants and multiple acquiring banks and payment processors — which means KYB data collected during underwriting feeds directly into routing, risk, and approval logic across the entire connected network.
How Tagada Handles KYB
When you onboard through Tagada, your KYB verification is shared with the relevant acquiring partners in our network — you submit once, not separately to each processor. Our risk engine maps your verified entity profile to the optimal acquiring route based on your business type, geography, and transaction profile, reducing both onboarding friction and ongoing compliance overhead.
Because Tagada is not a bank or direct acquirer, KYB is a collaborative process: Tagada performs initial entity screening and beneficial ownership checks, and the downstream acquiring partner completes their own underwriting layer. Merchants with clean, well-documented KYB profiles move through both layers faster and access a wider range of acquiring options within the platform.