KYB vs KYC: what EU neobanks actually need for business onboarding
Two acronyms get used interchangeably in onboarding conversations, and they should not be. Know Your Customer (KYC) and Know Your Business (KYB) overlap, but treating KYB as "KYC with a company attached" is how onboarding teams end up under-screening their riskiest customers.
What KYC actually covers
KYC is the identity layer for a natural person: confirm the individual is who they claim to be, confirm they are not on a sanctions or PEP list, and form a view of their risk. For a consumer account that is most of the job. The subject is one person, the documents are standardised, and the verification path is well-trodden.
Why KYB is a different problem
KYB asks the same questions of a legal entity — and a legal entity does not have a passport. To know a business you have to answer a chain of questions that simply do not arise for an individual:
- Does the company legally exist, and is it in good standing?
- What does it actually do, and does that match what it claims?
- Who are its directors and officers — and are they clean?
- Who ultimately owns or controls it — the beneficial owners — once you unwind holding companies and nominee arrangements?
- Is the entity, any director, or any owner sanctioned, politically exposed, or the subject of adverse media?
KYC is a sub-problem of KYB. Verifying each director's identity is KYC — but it is one layer inside a larger structure.
Where KYB is genuinely harder
Registries are fragmented. A consumer's identity document is comparable across borders. A company is not. UK data comes from Companies House, Norway from Brønnøysundregistrene, Denmark from CVR, Estonia from the Äriregister, France from INPI's RNE — each with its own format, coverage and access model. A pan-EU onboarding team is integrating a dozen registries, not one.
Ownership is layered. The customer-facing entity is often owned by another company, which is owned by another, with the natural-person beneficial owner two or three hops up. EU anti-money-laundering rules require you to identify the beneficial owner — the person, not the holding company. That means walking the chain, not stopping at the first layer.
The data goes stale. A person's identity is stable. A company's directors, owners, status and address all change. KYB is not a one-time check at onboarding; it is a position you have to keep current.
What an EU onboarding team needs in place
Under the EU AML framework, an obliged entity onboarding a business customer needs, at minimum: confirmation the entity exists and is active; identification and verification of beneficial owners; screening of the entity and its associated persons against sanctions and PEP lists; and a record of all of it that an auditor or regulator can follow later.
The last point is the one tooling most often gets wrong. A verdict with no trail is not defensible. Every signal needs to point back to the authority that issued it — the registry record, the specific sanctions list, the dated news article.
How Veritas frames it
Veritas treats KYB as the whole structure and KYC as a layer inside it. One screening pulls the company registry, runs sanctions and PEP screening across consolidated EU, US, UN, UK and Swiss lists plus the OpenSanctions PEP dataset, checks adverse media, and cross-validates each declared director's identity — then scores the result with a deterministic, versioned methodology and emits a single sourced dossier.
See exactly what runs, stage by stage →
Related reading: Shell company red flags — a 9-point checklist and PEP screening without a paid feed.