KYB Compliance for Business Onboarding

For banks and financial institutions, onboarding a corporate client is no longer collecting documents. Regulators expect you to understand the business behind the application with the same depth you would a retail customer.

Weak KYB compliance leaves institutions exposed to money laundering risk, sanctions breaches, and reputational damage that can take years to repair. Strong KYB reduces inefficiencies, builds regulator confidence, and protects your institution from fines and regulatory scrutiny.

This article explains why KYB is under closer attention, what makes up an effective KYB program, where institutions often fail, and how to build a KYB process that is both regulator-ready and efficient.

Why KYB is under closer regulatory scrutiny

Shell companies, nominee directors, and complex ownership structures remain some of the most common ways illicit actors move money. Regulators have responded by raising the bar. It is no longer enough to check that a company exists on paper. You must be able to show who ultimately controls it and continue monitoring even after onboarding.

The shift is driven by both global standards and recent enforcement. The FATF Recommendations 10, 24, and 25 require transparency in beneficial ownership. FATF Recommendation 24 specifically states that “countries should ensure that competent authorities can obtain adequate, accurate, and up-to-date information on the beneficial ownership of legal persons”.

The EU’s Sixth AML Directive (AMLD6) obliges banks to verify registry data and make them liable for failures. In the United States, the Corporate Transparency Act introduces reporting duties on beneficial ownership. In Singapore, the MAS AML/CFT guidelines require financial institutions to “identify and verify the identity of beneficial owners or legal persons, and keep records up to date throughout the course of the business relationship”.

These expectations are not theoretical. Regulators have already acted against institutions that fall short. In July 2025, the Monetary Authority of Singapore (MAS) fined nine institutions S$27.45 million for AML and KYB control failures tied to a S$3 billion money laundering case involving online gambling and overseas scam proceeds. MAS found weaknesses in ownership verification, source of wealth checks, and the application of enhanced due diligence. These lapses show that even large institutions with written policies can fall short if KYB files do not capture full ownership transparency and proper evidence.

Building an effective KYB program

A strong KYB program starts with policy. Regulators expect to see clear standards that define what information must be collected, when secondary evidence is required, how ultimate beneficial owners are identified, and what triggers enhanced due diligence.

Policies should also explain how risk is assessed. They need to show how customer type, geography, and product exposure affect the depth of checks, and how data conflicts should be resolved. Without this clarity, reviewers are left to make judgement calls, and regulators will treat the program as weak.

Documentation standards are just as important. Every file should contain an ownership map, screening logs, and a clear case narrative. Regulators often flag incomplete files as failures, even when the decision itself is correct. Clear policy design is the foundation that supports all KYB work.

Where KYB programs often fail in practice

Even with strong policies and clear expectations, many institutions still struggle to execute KYB effectively. One common failure is stopping too early in the ownership chain, especially when structures cross multiple jurisdictions. This leaves hidden controllers undetected and undermines the accuracy of the file.

Another weakness is over reliance on registries. Many are outdated or incomplete, and without reconciliation, institutions end up onboarding clients based on records that no longer reflect reality.

A further challenge lies in jurisdiction with limited or unreliable corporate data. Offshore centres, such as the Cayman Islands and the British Virgin Islands, have historically not maintained publicly accessible ownership registers. This lack of transparency makes UBO discovery difficult and often forces compliance teams to rely on fragmented filings, legal opinions, or third-party intelligence, all of which increase cost and reduce certainty. These gaps show that the problem is not only technological but structural, and they continue to test how defensible a KYB program can be when regulators ask for evidence.

Finally, poor documentation weakens defensibility. If a KYB file cannot show how you moved from documents to decision, regulators will see it as incomplete. Even if the correct outcome was reached, the absence of an evidence trail is treated as a failure. The MAS 2025 enforcement case is a reminder of this. Institutions were penalised not for the absence of policies, but for failing to evidence KYB checks properly in their case files.

A practical KYB process for institutions

These recurring failures show that policy on its own is not enough. Institutions avoid them only when KYB is embedded into a clear operating model that guides daily work.

At its core, KYB seeks to answer three questions. Is the entity valid? Who ultimately controls it? Do those individuals or entities create risk? To answer these reliably, institutions need more than a checklist of documents. They need structured evidence, clear reasoning, and case files that can stand up to regulatory review.

1. Verifying legal entities and registry data

The first step is to confirm that the company is legally registered and active. Incorporation numbers, directors, and addresses should be matched against official registries. Where registries are incomplete or slow to update, secondary evidence should be obtained and discrepancies documented. This not only ensures accuracy but also demonstrates to regulators how conflicts were addressed.

2. Identifying ultimate beneficial owners (UBOs)

The next step is to trace ownership through every layer until the ultimate beneficial owners are identified. Stopping at the first shareholder level is not enough. Voting rights, shareholder agreements, or other forms of control that may not appear in registers must also be reviewed. For more detail, see our guide to UBO discovery.

3. Screening companies and controllers for risk

Once entities and owners are identified, both must be screened against sanctions, politically exposed person (PEP) lists, and adverse media. Screening cannot be a one-time exercise at onboarding. It needs to be ongoing, with logs showing which lists were used, when they were updated, and how potential matches were resolved.

4. Verifying source of wealth and source of funds

Where risk increases, regulators expect enhanced checks. This means confirming source of wealth and source of funds through evidence such as audited financial statements, contracts, or proof of sale proceeds. A statement without supporting documents will not satisfy regulators. Files must clearly link evidence to the customer profile and the risk rating outcome.

5. Applying risk-based review and escalation

Files should move through different levels of review based on their risk. Routine cases can be cleared at the first review layer, while high-risk cases – such as those involving complex ownership structures, PEPs or sanctions matches must be escalated for second-level review. This creates a clear path of accountability and ensures sensitive cases receives the right level of scrutiny.

6. Maintaining ongoing monitoring and event-driven triggers

Once onboarding is complete, customer profiles must be kept current. Review cycles should be set according to the client's risk rating, with high-risk clients reviewed more frequently. Event-driven triggers, such as ownership changes or new adverse media, must prompt immediate re-verification. This keeps the KYB files accurate and shows regulators that risks are managed throughout the lifecycle.

7. Documenting evidence and reasoning clearly

Each decision must be supported by both evidence and explanation. Files should include case narratives, ownership charts, and screening logs that link documents to the final decision. This makes the reasoning transparent and allows regulators to retrace the process without gaps.

Applying these seven steps consistently makes KYB files reliable and transparent. The next challenge is proving to regulators that the process works across the institution, not just on paper. This is where assurance and testing provide the necessary validation.

Assurance and independent testing

Policy and process needs to be supported by evidence that they work in practice. This is where assurance and testing plays a role.

Quality assurance teams should regularly review completed files to confirm that evidence is complete and reasoning is sound. Findings should be tracked, scored, and used to improve both training and processes.

Independent testing provides an additional safeguard. Whether carried out by internal audit or external reviewers, the results should include scope, method, sample, finding and remediation steps. Reports like these give management confidence that controls are working as intended and assure regulators that the institution is serious about enforcement.

Using automation to strengthen KYB

As onboarding volumes increase, automation has become essential. When applied correctly, it reinforces rather than weakens the program. Ownership graphs make relationships clearer, while automated registry refresh and watchlist updates keep information current.

Properly implemented automation reduces false positives, speeds up reviews, and minimises back and forth with regulators during inspections. It allows compliance officers to focus on higher risk cases while giving managers clearer oversight of how resources are used.

When assessing technology providers, institutions should look beyond surface features. A defensible KYB solution should show registry coverage across jurisdictions, demonstrate proven ownership look through, support robust ongoing screening, and maintain audit trails that can withstand regulatory review. Tools that provide results without context may seem efficient in the short term, but rarely hold up under scrutiny.

When choosing a provider, test more than surface features. A defensible KYB solution should demonstrate registry coverage across jurisdictions, proven ownership look-through, robust ongoing screening, and audit trails that can withstand regulatory review. Tools that deliver results without context may appear efficient, but rarely withstand regulatory scrutiny.

Case Study: MAS enforcement and lessons learned

The July 2025 MAS enforcement case shows how quickly KYB weakness can quickly turn into regulatory penalties. Nine financial institutions, including UBS, Citibank, UOB, Credit Suisse, and Julius Baer, were fined a combined S$27.45 million for AML and KYB shortcomings tied to a S$3 billion money laundering scheme. MAS highlighted gaps in beneficial ownership checks, source of wealth verification, and inconsistent application of enhanced due diligence as key failings.

In response, these institutions strengthened their KYB processes with automated registry look-through, event-driven re-verification, and clearer ownership mapping. MAS follow up inspections confirmed measurable improvements in file quality and greater ownership transparency. The lesson is clear. Regulators place more weight on clarity of ownership and disciplined review cycles than on the number of documents collected.

Key lessons for compliance teams

The central lesson is that KYB must be maintained as a continuous control, not treated as a one-time file check. Regulators expect oversight throughout the full customer lifecycle.

Strong KYB begins with confirming that the entity is valid, but only holds up when ownership is traced fully to the individuals in control. Continuously screening of these parties demonstrates that risks are actively managed.

Escalation rules should be objective and consistently applied. High-risk jurisdictions, adverse media, or sudden ownership changes should automatically trigger enhanced checks. Risk-based review cycles ensure that higher-risk clients are reviewed more often, and that every file contains a complete evidence trail.

Technology can support this process, but it must be explainable. Registry refresh and ownership graphs make files clearer and faster to review, but defensibility comes from transparency. The strongest programs are those where every decision can be retraced and every change monitored with confidence.

Turning KYB into an operational advantage

KYB compliance sits at the centre of safe onboarding. When every decision is traceable from document to customer to associated risk, your program is not only regulator-ready, but also operationally efficient. By building workflows that are easy to follow, making reasoning visible, and applying reviews on a risk-sensitive basis, you can show regulators that your controls are both effective and reliable.

Regulators worldwide are moving toward greater ownership transparency. More jurisdictions are opening registers and penalties for inaccurate reporting are increasing. Institutions that adapt now by embedding strong, efficient KYB processes will not only meet compliance standards but also create a competitive advantage in customer onboarding.

See Artemis in action

The most effective way to evaluate a KYB program is to see how it performs on real cases. With Artemis, you can map and explore ownership structure, monitor customers and their related persons continuously, and generate time-stamped audit trails and reports that provide immutable evidence for regulators – all without adding extra work for your team.

Most compliance teams still rely on spreadsheets or fragmented tools, which makes ownership tracing and ongoing monitoring difficult to defend. Artemis consolidates these steps into one workflow, giving you a single platform that is regulator-ready from day one.

Request a personalised demo of Artemis to see how your team can:

• Trace ultimate beneficial ownership with clear, visual mapping

• Reduce time wasted on false positives with smarter screening logic

• Apply consistent KYB checks across every onboarding file

• Generate audit trails that regulators can review without challenge

Book a demo today and see how Artemis helps you transform KYB from a compliance burden into an operational advantage.

Frequently asked questions about KYB compliance

What is KYB compliance?

KYB (Know Your Business) compliance refers to the process financial institutions follow to verify the legitimacy of corporate clients. It includes checking company registration, identifying beneficial owners, screening entities and individuals against sanctions and PEP lists, and verifying source of wealth and source of funds.

What are the KYB requirements in Singapore?

The Monetary Authority of Singapore requires financial institutions to identify and verify beneficial owners of legal persons, conduct risk based reviews, and maintain up to date records throughout the relationship. These requirements are aligned with FATF standards.

How is KYB different from KYC?

KYC (Know Your Customer) applies to individuals, while KYB applies to companies and other legal entities. KYB involves verifying corporate registration, ownership, and control structures, which are not part of standard KYC.

Why does KYB compliance matter?

Strong KYB programs protect financial institutions from money laundering, sanctions breaches, and reputational damage. Weak programs have led to billions in fines globally, including MAS’s 2025 enforcement where nine institutions were penalised for KYB failures.