From KYC to KYB: A Brief History

Know Your Business. These three words – and their friendlier acronym, “KYB,” – seem to pop up everywhere in the financial sector, especially as new, low-friction regtech platforms emerge to serve all types of customers. KYB has evolved from the better known “KYC,” or Know Your Customer, to form a vital part of today’s financial regulatory environment. So how, exactly, did we get from KYC to KYB?

From Drugs to Banks

To really understand the KYB provisions of modern U.S. financial law, we’ll need to go back to the tumultuous year of 1970. By May of that year, the Vietnam War was in full swing, a deadly confrontation had just erupted between Kent State students and the Ohio National Guard, and the Nixon administration was laying the groundwork for the now infamous War on Drugs. As part of this policy agenda, the White House voiced its support for a landmark piece of legislation: the Bank Secrecy Act of 1970 (BSA).

You might think: “What gives? How’d we go from drugs to banks?” The rationale is straightforward and hinges on making it more difficult to launder money from illicit activities such as drug trafficking. The BSA requires U.S. financial firms to report certain kinds of customer activities – such as any transactions totaling $10,000 or more– to FinCEN, the federal Financial Crimes Enforcement Network.

These regulations were intended to make it more difficult for cartels and drug smugglers, as well as other lucrative criminal enterprises, to move money into and through the United States. The goals: starving criminal actors of their profits, and making their transactions more visible to federal law enforcement.

From KYC to KYB

The BSA itself forms the groundwork for a subsequent set of anti-money laundering (AML) regulations, enumerated in the 2001 USA Patriot Act and adopted in 2003 by a joint resolution of federal financial agencies, known as KYC. These regulations were constructed to curb the flow of money to terrorist cells. They require financial firms to maintain a baseline of verifiable identifying information about each customer.

In short: KYC was built upon the BSA and requires financial firms to ensure their private customers really are who they claim to be.

These regulations, though somewhat vague in their prescriptions, led to a broad overhaul of the world’s financial security apparatus. Sweeping ID verification controls have been adopted by the U.S. and global financial sectors in response to KYC regulations, including:

• Maintaining a thorough Customer Identification Program (CIP)
• Matching customer names against lists released by federal and international law enforcement agencies (“name matching”)
• Statistical predictions of a customer’s expected behavior and suspected risk of committing a financial crime
• Ongoing comparison of customers’ actual behavior, compared to their risk profile and the behavior of similar customers

Until June 2016, this was the front line of U.S. AML regulation, and to a layperson, it appears comprehensive. Unfortunately, one major loophole in KYC remained. Banks weren’t required to identify the stakeholders and beneficiaries of the businesses they served. In practice, this meant that seemingly legitimate businesses could shelter bad actors’ identities while performing illegal, high-value transactions on their behalf. Remember the Panama Papers? FinCEN caught on to this loophole and, in 2016, issued a fix: KYB.

Closing the Loophole

The regulatory fix to the loophole in KYC, officially titled “Customer Due Diligence Requirements for Financial Institutions,” is what we know as KYB. It requires firms to verify not only the name of the person to whom a business is registered but also the identities of the acting chief executive and anyone who owns 25 percent or more of the business. Similar legislation has appeared in Europe, and financial firms worldwide have had to adjust to this new reality of transacting with businesses.

KYB compliance comprises an entire industry of consultants who help firms ensure their business customers are properly vetted. Verifying the ultimate beneficial owners of a business requires time-consuming manual research into a firm’s structure and registration documents. To make matters worse, since disclosure requirements vary by jurisdiction, it is sometimes impossible to conclusively establish the identities of a business’s beneficial owners. This is a recipe for disaster for firms hoping to stay compliant with regulations.

Turning to Electronic ID Verification

Increasingly, financial firms are turning to electronic identity verification (eIDV) to automate this puzzling process. As Dun and Bradstreet conclude in their 2017 white paper: “Companies need the ability to instantly calculate the actual ownership by accessing data that pulls together global corporate linkage and personal share ownership. By harnessing data analytics software to automate the identification and verification of beneficial ownership, organizations are able to beat the paradox and makes sense of the opaque nature of ownership.”

In this age of complex compliance, the more data a business can obtain, the better. By automating the ID verification process, lenders can quickly and securely access identifying information about the property owners associated with a business. Above all, forming a trustworthy profile on prospective client firms and ensuring KYB compliance will continue to reign paramount in an evolving – and often confusing – regulatory environment.

Have you seen any recent innovations in KYB compliance? Share them with us on Twitter.

Related Resources:

• Out of Wallet or Out of Touch?
• Who’s Who? Identity Verification in a Digital World
• Defense Against the Dark Arts of Synthetic Fraud in Auto Loans

---

---