KYB, Broken and Accepted

KYB, Broken and Accepted

Article

Liam Chennells

October 17, 2024

10
Min Read
Min Read

Article Summary:

You've sat in over 2000 meetings about KYB? ...unlucky mate

Yes, this article will take you around 25 minutes to read, but it will be worth it because there isn't another like this about KYB. Yes, it sells the benefits of Detected as the verified challenger in the space but only based on the industry context provided within.

Since starting Detected in the summer of 2020, I have learned a lot. I talk often about my journey as a first-time CEO, but not often about the industry Detected is changing - so here we are.

KYB is a topic I previously knew absolutely nothing about. To quote the title of my podcast, this is 'Not What I Expected' to be doing with my life but I am glad I am.

On an average week, I do between 8 and 10 meetings about KYB either with potential customers or partners which means that I have sat in around 2000 meetings where the topic of conversation has been focussed on KYB exclusively.

So I suppose, to a certain extent, I have a level of expertise: whether that makes me an expert or not is a different matter.

Over the course of those few thousand meetings, a few things have become clear.

In this article, I’ll share:

  1. Why KYB is ripe for disruption
  2. The impact of KYB being done so badly
  3. Why it is so resistant to change
  4. How to fix it including a project plan with examples of it being done well and badly
  5. The truth about different types of KYB vendors
  6. Regulation and how it shapes KYB both today and tomorrow

Of course, I should define what KYB is:

It's a process companies use to verify the identity and legitimacy of other businesses they interact with.

The process is full lifecycle, from initial onboarding through to ongoing monitoring.

It includes KYC of Directors and Ultimate
Beneficial Owners.

We didn’t set out to fix KYB

The original strapline for Detected was ‘The Mark of trust for eCommerce’. We wanted to validate businesses who were selling products online and for the Detected icon to be displayed alongside their profile as a symbol of trust on those online marketplaces.

Both Pete (Detected co-founder & CTO) and I had only ever worked in eCommerce previously so the concept felt like a good fit for our knowledge. As we worked on the platform in the early days we realised pretty quickly how difficult it is to ‘verify’ a company and all the people in it and then monitor it for any changes, especially internationally.

Important to consider is that ‘Verify’ means different things for different use cases. The amount of data required for an investment bank to onboard a client is very different to the amount of data a marketplace needs to onboard a seller of kids' toys. This difference is driven by a combination of what is mandated by regulation and a company's risk appetite.

When you want to fix any problem, you have to work out why the problem exists in the first place, so that's what we did.

Fundamentally it boils down to 3 key points:

1. All 195 countries have different levels of information a new business has to provide when they are incorporated. Here is the difference between the UK and the USA for example:

  • Incorporation Level: In the UK, incorporation is centralised through Companies House, while in the US, it's done at the state level, leading to variations across different states.
  • Registered Agent: In the US, businesses must appoint a registered agent in their state of incorporation, which is not a requirement in the UK.
  • Shareholder Information: The UK requires detailed shareholder information during incorporation, while in the US, this information is generally not required until the business files its annual report.
  • EIN: US businesses must apply for an EIN separately from the state incorporation process, while in the UK, business tax registration (including VAT or Corporation Tax) is done through HMRC after incorporation.

2. There are then different intervals with which the information about the business has to be updated, using our US and UK examples again:

  • UK: Businesses must file a Confirmation Statement annually, Annual Accounts, and promptly report changes within strict deadlines. Tax filings are tied to the company’s fiscal year-end.
  • US: Businesses generally file Annual Reports (or biennial/triennial reports) and must report changes promptly but typically have longer deadlines. Tax filings are more frequent and vary by state and federal requirements.

3. Individuals in the form of Directors and Ultimate Beneficial Owners (which can also be other companies) then add to the complexity as they are protected by different regulations in our UK and US example:

  • UK: Access to director and UBO information is highly transparent, though GDPR limits how personal information can be used outside of compliance purposes.
  • US: Director and UBO information is much more protected and difficult to access. Even with the introduction of the CTA, UBO data is only available to law enforcement and not the public, making the US far more private than the UK when it comes to corporate governance transparency.

I’m sure there are hugely complex and intricate documents which explain the details behind all of this, but for now, those 3 points give you an insight into why there is such a challenge in verifying businesses internationally. There is also variance domestically based on different company types (Sole Trader/Proprietor V PLC for example).

What this means is that the business owner is the forgotten but critical source of information, you need them to plug the gaps. The best time to secure that information is in a sign-up journey which is personalised to them and asks them for as little information as possible. That was our theory, and it stands today.

KYB’s Ripe Potential for Disruption

What we encountered next is what surprised me the most. The way that online marketplaces, which is where we started our research but then payments businesses soon after, were trying to work their way around the issues that I have outlined.

I’m simplifying it for the sake of brevity, but this is what we consistently saw the end to end to end journey as:

  • One size fits all customer sign-up form with 30+ questions
  • Application received in back back-end system
  • Analyst reviews the application and uses various tools to investigate
  • Analyst emails customer and asks them to fill in the blanks
  • Manual analyst approval and then periodically review by following steps 2-4 again.

It is at this point that we knew we had an opportunity to fix a much bigger problem than validating sellers on marketplaces. Banks, insurers, supply-chain, crypto, travel - you name it, KYB was being done in almost the same way across the world and across industries.

To illustrate the point: There is a global bank I have been working with this year that sends customers a spreadsheet to complete and return when they want to sign up, and their product is competitive with Stripe: it doesn’t take a genius to realise that potential customers are not returning that spreadsheet, they are just going to head to Stripe’s website and sign up in 5 minutes.

Of course, in some cases 1 or 2 of the steps in that journey were optimised but there was no single provider who fixed all 5.

So there is a business-critical process which takes too long, is too expensive and has an awful customer experience. The fact that is the case with so many companies who provide ‘solutions’ meant that we were confident that there was space for a challenger with the ability to build best-in-class technology to disrupt the status quo.

So that is exactly what we did.

What is the impact and why is there resistance to change?

From the very first line of code, we had the impact of the problems our potential customers were facing at the centre of everything we were doing. This is different from just trying to fix problems, and it is what has catapulted us towards the top table of an industry dominated by legacy players more quickly than we otherwise would have. The impact of this being done badly was and still is:

Decreased revenue due to:

  • Onboarding time. If a customer generates £1m for a payments business in a year, that equates to £2739 per day. If it takes 5 days to onboard a customer rather than 80 days, that is over £200,000 more revenue realised in year 1.
  • High customer drop off. If a customer generates £8000 for a payments business in a year and 15,000 of those potential customers arrive at the website and want to sign up, there is £1.2m of potential revenue. If 50% of the customers drop out of the application process because of a slow, cumbersome and complex onboard process £600,000 is lost.

Increased costs due to:

  • Manual team effort. With technology and processes that don’t scale, increasing teams dealing with KYB is the only option because of the data challenges I outlined above. In one large-scale crypto platform, each analyst was only onboarding 1.6 businesses per week. At a £50,000 salary, that is a cost of well over £500 per onboard. The compound impact of scale is huge here and does not include hiring costs and management burden.
  • Multiple data providers. One for business data, one for ID Verification, one for screenings: the internal cost of managing all of those providers coupled with not benefitting from any economies of scale means some businesses are spending £m’s when they could be spending 50% less.

Throughout my time doing this, the thing that I have been most confused about is why this hasn’t been solved. It has enormous implications and, let’s face it, if we can build the solution in 4 years with zero experience from scratch then it isn’t technically impossible.

Part of the reason I am writing this article now is because I have a level of understanding having completed thousands of meetings with companies who are feeling the impact of the problems this causes, but importantly haven’t fixed it to know why. So to bring to life the key question in this industry: Why is there so much resistance to change? I am going to use a fictional case study: ‘GLOBEPAY’.

GLOBEPAY is an aggregate of the conversations I’ve had on this topic. It takes the best and worst from companies around the world who find fixing KYB so difficult and creates an overview.

GLOBEPAY is a 10-year-old B2B payments business with £300 million in revenue and 1,000 employees around the world, including 150 focused on compliance. Specialising in secure, efficient cross-border payments, GLOBEPAY ensures businesses can transact globally with confidence and regulatory peace of mind.

Responsibility for delivery is different from responsibility for improvement. There is no single executive who is responsible for the performance of KYB at GLOBEPAY which in turn means it just carries on as normal, bad but accepted:

  • The 150-strong compliance team ultimately reports to the COO. Their mandate is to protect the business from any risks which come from AML or any other Financial Crime. Due to the manual work required, the team continues to grow as the business grows.
  • The CCO is increasingly frustrated with the time it takes to onboard new customers and when raised at board meetings the answer is to hire into the compliance team which appeases the CCO short term.
  • The CPO thinks that product teams can deliver improved systems to support KYB - but it isn’t a focus and tends to shift down the priority list with improved UX, API upgrades and Automation as well as implementing AI (of course) taking priority.
  • The CFO knows that the current processes are expensive, but without domain expertise in the financial crime space assumes that the compliance team is running the process as efficiently as possible.

With the history of how the KYB function at GLOBEPAY has developed, moving to a new solution, whether build or buy, would require significant change management. This is caused by a combination of a compliance team which is accepting of their manual processes and dependence on a variety of providers, a product team that likely believes they can build the solution themselves and commercial teams that are likely the believe that new compliance means stricter controls and slower customer approvals.

As the scoping for a new approach to KYB begins, so does the build V buy conversation. Naturally, Product teams lead this and their first step is capturing requirements from the business. See above the summaries of the executives' involvement which are then compounded by their misaligned objectives. The COO wants to keep their team, CCO doesn’t really care as long as it's fast and the CFO wants cheap with no risk but is ok with just the latter.

With a high-level understanding of how the current onboarding journeys work and not much more, they then decide that perhaps speaking to 3rd party vendors might be the right approach. A circus of pitches about the magic of AI in compliance, the most comprehensive business data API’s on earth to supercharge the manual carnage and process improvement tooling a Swiss watchmaker would be proud of begins. Within this review, Compliance teams are consulted for their opinion and in the vast majority of cases they lean towards subtle improvements rather than wholesale changes, in part because of the magnitude of the promises made by the vendors.

12 months have passed since the beginning of this scoping and GLOBEPAY is no closer to improving KYB than at the start, but they have wasted a lot of time and resources.

Let me now ask the question again: Why is there so much resistance to change? The answer is almost always because there is no single executive responsible for the performance of KYB. Which when you think about what KYB is and the impact of not being done well, is astonishing. To bridge this gap we need to think about which performance metrics this person, whoever they are, should be focussed on improving and to do this, we need to go back to the impact the problems have but this time flip them:

Increased revenue as a result of:

  • Decreased onboarding time. Find out how long this takes, and aim to reduce it by 50%.
  • Decreased customer drop-off. Find out how many businesses drop off, and aim to reduce it by 50%.

Decreased costs due to:

  • Decreased manual team effort. Find out what level of manual effort is required, and aim to reduce it by 50%
  • Consolidation of data providers. Find out how many data providers are being used, and aim to reduce it by 50%

It is here that my simple guide to delivering a KYB improvement project begins, this of course just a high-level framework and as you read it I do not doubt that you will summarise it as obvious. However, I have seen these steps followed in less than 10 companies of the hundreds I have spoken to - and guess what, they delivered a KYB improvement project and realised the enormous benefits.

The simple guide to delivering a KYB improvement project

Without following these steps, KYB is not going to improve. It is that simple. The great news is that with a little focus the solution is also simple:

  • Assess Current State: Conduct a thorough analysis of existing processes and identify bottlenecks or inefficiencies. In this phase, you must speak to everyone affected, which includes end customers.
  • Define Objectives: there are 4. Decreased onboarding time, decreased customer drop-off, decreased manual team effort and consolidation of data providers. Improve all of these by 50% and calculate the impact this will have on the business overall, subtract the costs (when you get them) and you have a business case.
  • Confirm Gaps: Ensure that the current team and processes cannot meet the defined objectives.
  • Engage Stakeholders: Involve other key executives early to secure buy-in and alignment that using 3rd party technology is the right approach.
  • Send RFP in Two Phases: Phase 1 to gather high-level cost estimates and timelines which helps to secure budget, followed by Phase 2 for detailed vendor analysis.
  • Vendor Due Diligence: Ensure vendors can deliver a solution which achieves the objectives of the project whilst adhering to regulatory requirements.
  • Select Vendor and Implement: Choose the vendor that best aligns with your goals and implement the technology with their support.
  • Change Management: Prepare a strategy for training and onboarding teams to ensure smooth adoption of the new system. The vendor must support this.
  • Monitor and Optimise: Track key performance indicators post-implementation and regularly optimise processes to achieve long-term success.

Here are two real-world examples of the difference following this process has, we started speaking to both in October 2023:

Payments Company A:

  • We got in touch with this business, they said that the timing was great as they were looking at KYB solutions and wanted to have a solution in place to go live at the end of Q1 2024.
  • Between October 2023 and March 2024 8 meetings took place. We presented to compliance, product, revenue operations, and technology at least once.
  • In April, we were told that the project was put on hold and that Payments Company A was looking into optimising their own processes rather than working with a 3rd party.
  • In September, we were contacted again as they want to reconsider which route they want to take.

Summary: a complete waste of everyone's time and a year later nothing has changed.

Payments Company B:

  • We received a notice that we were on the long list for a KYB RFP. Initial responses were required by the end of 2023 with the first pitches for those shortlisted to happen in January and February of 2024.
  • Following successful pitches, we were asked to submit pricing and told there would be a final presentation in March 2024.
  • Decision made in April and we moved into contract negotiations and building out delivery/implementation timelines.
  • Went live in August and the metrics in the first 8 weeks are all tracking positively towards the objectives outlined at the start of the project.

Summary: without rushing, Payments Company B efficiently ran a due diligence process which allowed them to hit their objectives.

Over 90% of the meetings I have had have been with companies like Payments Company A. Should I have bothered, maybe not - but the only reason I can spot a company that doesn’t want to improve KYB from a distance is because I’ve done these hard yards.

KYB is complex, and now feels like a good time to revisit the definition:

It's a process companies use to verify the identity and legitimacy of other businesses they interact with.

The process is full lifecycle, from initial onboarding through to ongoing monitoring.

It includes KYC of Directors and Ultimate
Beneficial Owners.

Due to the impact of getting this so badly wrong, there is a massive opportunity for whoever solves it and this leads me to something else which makes this all much more complicated. ‘KYB Vendors’

The different types of KYB vendors, the truth

This is a wild west at the minute, not a fun and exciting wild west either - a boring, frustrating one full of cowboys (and cowgirls) with false promises and exaggerated claims.

I will probably come across as bitter here, and that’s because I am. I was talking to someone in the team recently and said - “I know the answer to this and we will never change but I do wonder if we are just too honest, all we ever do is say exactly what we have hope that’s what is needed.” I get told often how a Vendor ‘now offers X or Y’ when I know for a fact they don’t, I’m well aware of how exaggeration happens in sales processes, but I feel like in this space it is almost at crisis point. We are currently working on the KYB RFP. A template for companies to send to KYB Vendors which makes it crystal clear who has what.

Broadly speaking, there are 5 different types. Some in the industry split it in 2 with ‘workflow vendors and data vendors’ but I think that’s too vague.

  • KYC businesses who are pretending they have KYB. It is usually nothing more than their KYC offering with the addition of a call to a business data provider. I saw one of these which had an ‘enhanced KYB solution’ which cost $79 and took 2 weeks - should asking someone in the Philippines to research on the internet cost $79? I’m not sure.
  • Business Data providers. An important part of the ecosystem, but they are not KYB providers. They mirror the manual processes most businesses have today as they. Someone in a compliance team types in the company they want to find info about and a result comes back, it's worked for years so why change it? Well, because you need to ask business owners for information fundamentally. They are the trusted institutions, but KYB today isn’t what it was 15+ years ago - the world has moved on.
  • Data Orchestrators. By connecting to a range of different data sources, these organisations provide business data via an API. So they are solving ‘KYB’ in the same way but provide more coverage than the Business Data providers, albeit at a higher cost because they aren’t the source of the information.
  • ‘All in one’ solutions. Notice the inverted commas. These are the vendors who say they offer a complete all-in-one solution. Look at their website and you’ll be blown away by their comprehensive feature set, but when you scratch under the surface you’ll see that the ‘no code drag and drop onboarding flow’ is just a questionnaire, their ‘comprehensive case management’ is just an approvals dashboard and even better - they will just charge a client to build a feature they don't have and rely on their 'brand name'.
  • All in one solutions. Companies who actually offer a full KYB solution with everything needed to do KYB now and in the future. This includes a centralised platform which brings global data into one place with automation driving instant decisions and has all the tools compliance teams need to review, action, monitor and analyse as well as a white labelled front-end customer portal for sign-up and reaccreditation with embedded KYC. There has to be the flexibility to consume some of the services via headless APIs - for example, the dynamic front end must be able to enhance customers' existing UX.

Let's go back to what the process looks like today briefly:

  • One size fits all customer sign-up form with 30+ questions
  • Application received in back back-end system
  • Analyst reviews the application and uses various tools to investigate
  • Analyst emails customer and asks them to fill in the blanks
  • Approve and then continuously monitor the business for any changes.

The only viable option here is the genuine all-in-one solution. I’m not even going to address the KYC companies who say they have KYB. Business data and Data Orchestrators do have a place and some companies want to continue to keep their processes the same and find better data so there will always unfortunately be a place for this. The pretend all-in-one solutions look like they do what is required, but always fall short in one of the areas.

Clearly I am biased towards Detected and I do try to stay as objective as I possibly can. The thing is, with Visa, GB Group and now ComplyAdvantage selecting to partner with us we have something unique and with KYB’s critical regulatory importance partnering with the best is essential.

Regulation is what shapes KYB today and tomorrow.

At its most basic, the reason companies have to complete KYB is if they are regulated. It is not a nice to have, it is a must. The company also doesn't have to be directly regulated for example even though someone like PayPal isn't a bank, they still have to perform KYB and KYC checks because their partners (such as acquirers and card networks) are regulated entities.

If we take a UK payments business for example, here is the list of what it must adhere to:

  • AML and CTF Compliance: Adherence to the Money Laundering Regulations 2017 and reporting to the National Crime Agency (NCA).
  • FCA Authorisation: Must be registered or authorised by the FCA, complying with prudential, safeguarding, and operational rules.
  • Payment Services Regulations 2017 (PSRs): Compliance with PSD2 provisions like Strong Customer Authentication (SCA) and open banking.
  • Electronic Money Regulations 2011 (EMRs): If issuing e-money, safeguarding customer funds and ensuring redemption rights.
  • Financial Crime and Data Protection: Complying with GDPR, managing fraud, and ensuring data security.

Not all of these areas are tied directly to KYB of course, so let's focus on a further breakdown of one that is - Money Laundering:

  • Customer Due Diligence (CDD): Payment providers must verify the identity of the business (legal entities), its owners, and its beneficial owners (individuals who own 25% or more). This includes obtaining documentation such as business registration certificates and verifying the owners' identities.
  • Enhanced Due Diligence (EDD): For higher-risk merchants, such as those based in high-risk countries or involved in high-risk industries (e.g., real estate, precious metals), enhanced due diligence is required. This involves gathering additional information, such as the source of funds and more in-depth background checks.
  • Ongoing Monitoring: Businesses must continuously monitor the transactions of merchants after onboarding. This includes reviewing the merchant’s activities, ensuring they align with their stated business model, and identifying suspicious behaviour that could indicate money laundering.
  • Suspicious Activity Reports (SARs): If a payment business suspects that a merchant is involved in money laundering, they must file a Suspicious Activity Report (SAR) with the National Crime Agency (NCA).

These requirements change typically every 24-36 months. Let’s keep it simple and just say that within point 1 how ‘verifying the owners' identities’ changes from ‘ID verification’ of UBOs to ‘submission of documentation which validates proof of ownership + ID Verification’.

Now think back to the KYB Vendors I outlined previously, the only one which can address this subtle change in regulation is the one which has a centralised platform which brings global data into one place with automation driving instant decisions and has all the tools for compliance teams need to review, action, monitor and analyse as well as a white labelled front end customer portal for sign up and reaccreditation with embedded KYC.

In meetings with potential customers, I talk about ‘forward facing infrastructure’. Having technology that supports what is needed today and what might be needed tomorrow. Every single day our team are building the features and flexibility into the platform to make sure our customers can quickly adapt to changes in regulation whilst growing at the speed they need to.

We remain a challenger, for now…

After thousands of meetings, endless conversations, and building a platform from the ground up, we have learned a lot. KYB is complex, slow to change, and full of gaps that have been overlooked for far too long. But that’s exactly why it's ripe for disruption.

KYB isn’t going anywhere, and neither are its challenges. The vendors promising the world, but delivering half-baked solutions, aren't helping anyone either.

The thing is, one of the inhibitors to action is self-preservation. For so many companies it is so inefficient that leadership roles will completely change if they implement a good solution

It is only now that we are so far into the journey that we can confidently say that we’ve created something that allows the:

  • Chief Operations Officer to have a highly efficient Compliance team that has all the right tools to do their work
  • Chief Commercial Officer to have their customers sign up quicker and with a better experience than ever before.
  • Chief Product Officer to have confidence in a best-in-class technology provider which seamlessly integrates with existing systems across the application estate.
  • Chief Financial Officer to reduce both the risk of regulatory fines and the cost of compliance.

As I said earlier in this article, from the very first line of code we have had the impact of the problems our potential customers were facing at the centre of everything we do.

So here we are, with plenty more to do but a clear sense of where things are headed. Whether this journey makes me an expert or not, I’ll let you decide.

But one thing’s for sure: KYB is changing, and I plan to keep pushing it forward.

Thanks so much for taking the time to read this and thanks as always for the support.

Liam Chennells (KYB enthusiast)

Keep Learning:

How Detected’s Customer Portal drives new KYB industry standards

Shopify for KYB?

The Future of KYB: Why Companies Must Move to an All-in-One Solution

Experience the Detected difference,
talk to one of the team.

Experience the
Copilot difference,
talk to one of the team.

Keep LearningContact