KYB for boarding Sub-Merchants

If you are a direct customer that plans to board businesses as customers for a specific use case on individual sub-client IDs, you should have a Know-Your-Business (KYB) policy even if you are just a startup.

KYB best practices affords your customers the privilege of expedited boarding because TabaPay, the Sponsor Bank and the networks have all given your KYB policy and processes a nod. This means you don't have to ask the bank each time to get your customer approved. Banks always reserve the right to audit, however, and typically ask for information collecting in the normal course of KYB.

What is Know-Your-Business ("KYB") and why does it apply to my company?

KYB policies entail establishing risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable, forming a reasonable belief that the Sponsor Bank can trust the true identity of each customer and validity of the agreement with the customer. See below for more details on minimum expectations.


KYB, KYC, CIP...what's the difference?

KYB appears as a lot of different acronyms - Know Your Customer (KYC) or Customer Information Process (CIP), which encompass authenticating consumers as well as businesses. KYB is different from KYC or CIP procedures that more specifically refers to validating a business existence, good standing, and verifying that the true business is sanctioning the commercial engagement with you. A business may be your customer (business-to-business, B2B) or it may be the one to offer your services to its own vetted audience of consumers (business-to-business-to-consumer, "B2B2C"). Because this section is dedicated to customers enabling a single use case for multiple businesses to reach consumers, we refer to it as KYB.

It starts for U.S. companies with the Bank Secrecy Act (BSA) / Anti-Money Laundering (AML) - a series of laws and regulations by which all U.S. Financial Institutions must comply and obligates them to establish a BSA/AML compliance program. By statute, individuals, banks, and other financial institutions are subject to BSA record-keeping requirements. (Source: FDIC Website). Canadian companies sponsored by Canadian banks have comparable requirements under FINTRAC and Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Source: Government of Canada Website)

Minimum KYB procedures for Aggregators


My customer is already heavily regulated! Why should I have to go back and do the work regulators are already doing?

We understand that many entities using TabaPay's services - banks, MSBs, exchanges, lenders - are licensed, heavily regulated, and subject to a constant stream of audits of every type under the sun.

But regulated or not, the KYB is to ensure that the the individuals you are engaged with represent the true company and true identity of individuals who can agree to business on the company's behalf.

1. Your customers should complete a basic application about the business, signers, and its UBOs

What information is collected?

  • Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any UBO.
  • Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any authorized signers
  • Legal business name, legal business address (no P.O. boxes), URL to functioning website, Customer Service Number, Tax Identification Number ("TIN"), Business Type, Business Vertical,
  • Written description of the purpose or nature of the relationship between you and your customer
  • If your customers are non-financial institutuions yet licensed entities - Money Service Businesses ("MSB"), exchange platforms, lenders - they are subject to enhanced due diligence and you should also be thoroughly reviewing the status of their licensing, operations, registrations with state and federal agencies, AML/KYC policies, and audits of those policies.

What if all my customers are Financial Institutions ("FI")?

You should at a minimum collect:

  • Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any authorized signers
  • Legal FI name, legal FI address (no P.O. boxes), URL to functioning website, Customer Service Number, Tax Identification Number ("TIN"), FDIC or NCUA number

2. You should now verify the information that was given to you on the company, its signers, and any UBOs, including making sure there are no bad actors or material threats to the company's ability to operate besides those incurred in the normal course of business

What does this mean I have to do?

  • Confirm the address given on application is verified by the secretary of state website, Google search, or a third party verification tool
  • Confirm the customer is in good standing at secretary of state website
  • Confirm IRS registration to ensure accurate merchant taxID number
  • Confirm there are no regulatory or administrative enforcement actions, or class action lawsuits against the business or any UBOs through FDIC, NCUA, OCC, CFPB, FTC, SEC, FinCEN, or Treasury websites, Google search or or a third party verification tool
  • Check business entity, beneficial owners and principals, and authorized representatives against sanctions and watchlists
  • Check beneficial owners and account signers against any history of financial fraud
  • Confirm the customer as reasonable user reviews (checking different consumer rating databases, like BBB, CFPB complaints database, Trustpilot)
  • Confirm the customer has not been reported as a bad actor by an Acquirer for previously sponsored activities (i.e. run a MATCH check)

What if my customers are FIs? Aren't they already heavily regulated?

  • Confirm the FI is in good standing by visiting wither the NCUA or FDIC website to 1) verify status of its licenses and 2) confirm there are no regulatory enforcement actions against the bank (Hint: you can use the links shared below to manually conduct the searches yourself)

3. Now make sure the business you plan to conduct with your customers is in fact sanctioned by the individuals you're doing business with. This means ensuring that at least one of the signers of your agreement and application is authorized to enter into agreements on the company's behalf

You can take one of a handful of approaches:

  • Only have executive officers of the company sign
  • Confirm their names are listed on their website next to a photo
  • Confirm their names are listed as executive representative in the Secretary of State's website
  • Conduct an onsite visitation or audit through services like Trendsource
  • When the company is an FI you have two other options:
    i. For credit unions only, names(s)appear on NCUA website
    ii. Obtain a copy of the Corporate Resolution appointing the signers of the application as authorized signers of the bank


Third-party KYB Vendors can do the trick

There are a host of third party vendors that can conduct the KYB you need for your business. Feel free to reach out to [email protected] if you would like to learn more about appropriate third party vendors.

Links to help you get started

If your customers are financial institutions, here are some helpful tools:
OCC Enforcement Actions**
Credit Unions

If your customers are brokerages or publicly held:

General financial services:


What's a UBO? What's an Authorized Signer?

UBO stands for Ultimate Beneficial Owner, and it's any individual that owns 25% or more of a company. UBO's cannot be on any PEP, sanctions, or watchlists in particular if they are active principals and considered employees of the company.

An Authorized Signer is the individual that signs the agreement and application with your business. They may not necessarily own a controlling stake in the company, but are authorized to represent the business in commercial engagements.