KYB for boarding Sub-Merchants
If you are a direct customer that plans to board businesses as customers for a specific use case on individual sub-client IDs, you should have a Know-Your-Business (KYB) policy even if you are just a startup.
KYB best practices affords your customers the privilege of expedited boarding because TabaPay, the Sponsor Bank and the networks have all given your KYB policy and processes a nod. This means you don't have to ask the bank each time to get your customer approved. Banks always reserve the right to audit, however, and typically ask for information collecting in the normal course of KYB.
What is Know-Your-Business ("KYB") and why does it apply to my company?
KYB policies entail establishing risk-based procedures for verifying the identity of each customer to the extent reasonable and practicable, forming a reasonable belief that the Sponsor Bank can trust the true identity of each customer and validity of the agreement with the customer. See below for more details on minimum expectations.
KYB, KYC, CIP...what's the difference?
KYB appears as a lot of different acronyms - Know Your Customer (KYC) or Customer Identification Process (CIP), which encompass authenticating consumers as well as businesses. KYB is different from KYC or CIP procedures that more specifically refers to validating a business existence, good standing, and verifying that the true business is sanctioning the commercial engagement with you. A business may be your customer (business-to-business, B2B) or it may be the one to offer your services to its own vetted audience of consumers (business-to-business-to-consumer, "B2B2C"). Because this section is dedicated to customers enabling a single use case for multiple businesses to reach consumers, we refer to it as KYB.
It starts for U.S. companies with the Bank Secrecy Act (BSA) / Anti-Money Laundering (AML) - a series of laws and regulations by which all U.S. Financial Institutions must comply and obligates them to establish a BSA/AML compliance program. By statute, individuals, banks, and other financial institutions are subject to BSA record-keeping requirements. (Source: FDIC Website). Canadian companies sponsored by Canadian banks have comparable requirements under FINTRAC and Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Source: Government of Canada Website)
Minimum KYB Procedures Performed on Sub-Merchants
My customer is already heavily regulated! Why should I have to go back and do the work regulators are already doing?
We understand that many entities using TabaPay's services - banks, MSBs, exchanges, lenders - are licensed, heavily regulated, and subject to a constant stream of audits of every type under the sun.
But regulated or not, the KYB is to ensure that the the individuals you are engaged with represent the true company and true identity of individuals who can agree to business on the company's behalf.
1. Your customers should complete a basic application about the business, signers, and its UBOs
What information is collected?
- Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any UBO.
- Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any authorized signers
- Legal business name, legal business address (no P.O. boxes), URL to functioning website, Customer Service Number, Tax Identification Number ("TIN"), Business Type, Business Vertical,
- Written description of the purpose or nature of the relationship between you and your customer
- If your customers are non-financial institutuions yet licensed entities - Money Service Businesses ("MSB"), exchange platforms, lenders - they are subject to enhanced due diligence and you should also be thoroughly reviewing the status of their licensing, operations, registrations with state and federal agencies, AML/KYC policies, and audits of those policies.
What if all my customers are Financial Institutions ("FI")?
You should at a minimum collect:
- Full legal name(s), date(s) of birth, social security number(s), phone number(s), residential address(es), and government-issued ID(s) for any authorized signers
- Legal FI name, legal FI address (no P.O. boxes), URL to functioning website, Customer Service Number, Tax Identification Number ("TIN"), FDIC or NCUA number
2. You must verify the information that was given to you on the company, its signers, and any UBOs, including making sure there are no bad actors or material threats to the company's ability to operate besides those incurred in the normal course of business
What does this mean I have to do at onboarding?
- Establish a checklist of minimum documentation you require to help verify the business or individual's existence. Examples include business licenses, corporate documentation, proof of address of business or individuals
- Confirm the address given on application is verified by the secretary of state website, Google search, or a third party verification tool
- Confirm the customer is in good standing at secretary of state website
- Confirm IRS registration to ensure accurate merchant taxID number
- Confirm there are no regulatory or administrative enforcement actions, or class action lawsuits against the business or any UBOs through FDIC, NCUA, OCC, CFPB, FTC, SEC, FinCEN, or Treasury websites, Google search or or a third party verification tool
- Check business entity, beneficial owners and principals, and authorized representatives against sanctions and watchlists
- Check beneficial owners and account signers against any history of financial fraud
- Confirm the customer as reasonable user reviews (checking different consumer rating databases, like BBB, CFPB complaints database, Trustpilot)
- Confirm the customer has not been reported as a bad actor by an Acquirer for previously sponsored activities (i.e. run a MATCH check)
What if my customers are FIs? Aren't they already heavily regulated?
- Confirm the FI is in good standing by visiting wither the NCUA or FDIC website to 1) verify status of its licenses and 2) confirm there are no regulatory enforcement actions against the bank (Hint: you can use the links shared below to manually conduct the searches yourself)
3. Now make sure the business you plan to conduct with your customers is in fact sanctioned by the individuals you're doing business with. This means ensuring that at least one of the signers of your agreement and application is authorized to enter into agreements on the company's behalf
You can take one of a handful of approaches:
- Only have executive officers of the company sign
- Confirm their names are listed on their website next to a photo
- Confirm their names are listed as executive representative in the Secretary of State's website
- Conduct an onsite visitation or audit through services like Trendsource
- When the company is an FI you have two other options:
i. For credit unions only, names(s)appear on NCUA website
ii. Obtain a copy of the Corporate Resolution appointing the signers of the application as authorized signers of the bank
4. Plan for ongoing monitoring
As your customer engagement grows, you should:
- Account for any changes in your customers' business operations, UBO ownership, organizational structure, or other basic business information
- Ensure that your customer is still in good standing
- Record any changes to the nature and scope of their business arrangement with you which might also impact changes to funds flow or your agreement.
This is typically managed through periodic check-ins determined by the level a risk a customer presents.
Third-party KYB Vendors can do the trick
There are a host of third party vendors that can conduct the KYB you need for your business. Feel free to reach out to [email protected] if you would like to learn more about appropriate third party vendors.
Links to help you get started
If your customers are financial institutions, here are some helpful tools:
OCC Enforcement Actions**
Credit Unions
- NCUA Research a Credit Union
- NCUA Conservatorships and Liquidations
Banks: - FDIC Find Institutions
- FDIC Enforcement Decisions and Orders
If your customers are brokerages or publicly held:
General financial services:
- OFAC Sanctions
- Politically Exposed Persons
- FTC Cases and Proceedings
- Better Business Bureau
- Consumer Financial Protection Bureau
What's a UBO? What's an Authorized Signer?
UBO stands for Ultimate Beneficial Owner, and it's any individual that owns 25% or more of a company. UBO's cannot be on any PEP, sanctions, or watchlists in particular if they are active principals and considered employees of the company.
An Authorized Signer is the individual that signs the agreement and application with your business. They may not necessarily own a controlling stake in the company, but are authorized to represent the business in commercial engagements.
Updated about 16 hours ago