Both B2C and B2B companies subject to AML laws must have a compliant client onboarding process in place.
Often, financial crime hides behind complex and opaque corporate structures. Therefore, if your customer is a business, you need to gain a clear understanding of its internal arrangements and ownership layout. To this end, you need to perform a KYB process and identify the ultimate beneficial owner (UBO).
This article aims to simplify AML compliance by answering some frequently asked questions about the KYB process and ultimate beneficial owners.
What is Know Your Business (KYB)?
Know Your Business, also known as corporate KYC, refers to the KYC process when it applies to legal entities instead of individuals. Companies that provide services to other companies (B2B) need to perform a KYB process to identify the organization they are doing business with and the persons who own or control it (UBOs).
How does the KYB process work?
The KYB process is no different from the KYC process, except for the type of information one needs to collect.
Since the object of the identification is a legal entity, you should collect the following data:
Company name, type, status, address
Date and place of incorporation, registration number, country of operation
Board resolution on authorized signatories
Company control structure (directors, senior management)
Company ownership structure
Note that the information to gather about the customer may vary across jurisdictions.
What is meant by company ownership structure?
The concept of owning a company is slightly more complex than general proprietorship since it overlaps with the diverse legal forms a business can take and the different distribution of legal responsibilities and financial results.
Besides, the company can have multiple owners with different rights and liabilities - such as greater decision-making power or higher economic benefits.
Without digging too much into the legal concept, we can distinguish between:
businesses owned by private owners (just one person or a small group of people);
publicly traded companies (owned by a large number of shareholders);
organizations owned by charitable foundations or trusts, and
What is the difference between legal ownership and beneficial ownership?
The same person can simultaneously be both the legal and the beneficial owner of a company. Hence, the two types of ownership are not mutually exclusive. They do, however, describe different aspects of ownership:
The legal owner is the official or formal owner of the business on paper. They can be either a natural person or a legal entity.
A beneficial owner is a person who derives any benefit from the business and has overall control over it. They are always a natural person.
Usually, the legal owner is also the beneficial owner (and vice versa), but this is not always the case.
In some situations, the beneficial owner wants to remain anonymous and, therefore, uses a broker. For example, prominent or famous persons (like politicians or celebrities) who want to keep their personal information from becoming public knowledge or wealthy people who want to manage their estates in a way that better protects them against potential legal claims.
Although such practices are legitimate - as long as they meet relevant tax laws - they could leave room for bad actors who intend to conceal illicit activities from law enforcement agencies. To prevent ill-intentioned individuals from committing financial crimes, regulators introduced the Beneficial Ownership Rule - the requirement of identifying both legal and beneficial owners.
What is the Beneficial Ownership Rule?
The Beneficial Ownership Rule, also known as the FinCEN CDD Rule, is one of the guidelines released by the Financial Crimes Enforcement Network - a bureau of the US Department of the Treasury in charge of fighting domestic and international money laundering, terrorist financing, and other financial crimes.
The CDD Rule contains the first prescriptive regulatory obligation to identify the beneficial owners of companies and verify their identities. In particular, the Rule states that obliged organizations must establish and maintain written procedures that are reasonably designed to identify and verify beneficial owner(s) of legal entity customers and to include these procedures in their anti-money laundering compliance program.
The requirement makes it harder for lawbreakers to hide their presence and have high-value transactions conducted on their behalf by a figurehead.
After the publication of the FinCEN CDD Rule, EU laws (PSD2, 4AMLD, and 5AMLD) established the same requirement for obliged entities operating in the EU.
The 4th AML Directive requires each EU country to hold registers of company incorporation and ownership and to make them accessible to all companies. Additionally, the 5th AML Directive requires EU member states to maintain interconnected and publicly available national UBO registries.
What is an ultimate beneficial owner (UBO)?
The Financial Action Task Force (FATF) defines an Ultimate Beneficial Owner as the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted.
What are the types of UBOs?
There are two different types of UBOs based on:
ultimate ownership and
The threshold for determining ultimate ownership and control is 25% of capital or voting rights.
However, each jurisdiction and even individual institutions can establish stricter thresholds that define beneficial ownership.
How can I identify the UBO of a company?
After collecting data from the company, you should check the accuracy of the information provided by consulting the National Business and UBO register.
This verification is crucial to evaluate whether you have identified all the people who need to be involved in the client onboarding process.
What information should I collect about UBOs?
The information to gather about UBOs should always include:
Name (and title, if applicable)
Date of Birth
ID Number (social security number, tax ID number, national ID number, or passport number)
Make sure to check whether you are required to collect additional information under national legislation.
Besides, each company can collect supplementary data such as percentage of ownership, information about wealth and income, etc. Additionally, businesses need to provide a detailed description of all documents or other methods used for the identity verification of UBOs in their internal written documentation (policies, procedures, and controls).
What comes next?
Once you have gathered the information about UBOs, you should proceed with the next steps of the Customer Due Diligence (CDD) process:
assessing their risk level,
implementing appropriate due diligence measures, and
performing all the activities needed to comply with AML requirements when onboarding new clients.
How can Penneo help you with the KYB process and the identity verification of UBOs?
Our AML-compliant client onboarding solution can assist you in the KYB process from start to finish. With Penneo, you can:
Collect information from your clients digitally with intuitive web forms:
Customize the fields that need to be filled and send the form to your customer;
The customer can type and upload their information whenever they want and from any device;
Receive the completed form in your Penneo account;
Redistribute the collected information wherever you need it and minimize manual data entry;
Reuse the form template for other customers.
Gain insight into the company’s ownership structure by:
Consulting official databases to make sure that the right people are involved in the process;
Checking the accuracy and truthfulness of the information provided by screening it against national registers.
Collect documents securely via end-to-end encrypted channels.
Assess the risk level of the customer and request additional information if needed
Maintain records of the KYB process by:
Automatically storing the information about UBOs in the cloud
Having the data automatically deleted after 5 years from the end of the relationship with the customer to ensure compliance with both the AML data retention requirement and the GDPR data deletion requirement
Get notified of any changes in the information about customers so you can promptly update your KYB and UBO records (and possibly perform a new risk assessment)
Receive automatic reminders to periodically review the data of each client