Know Your Business (KYB)

KYB is the merchant onboarding backbone for any payment business that processes on behalf of other businesses. PSPs, payment facilitators, and marketplace operators are required to conduct KYB on the merchants or sellers they board — failure to do so exposes the platform to regulatory sanctions and facilitates financial crime.

KYB vs. KYC

KYC addresses individual identity verification: confirming that a person is who they claim to be, screening them against sanctions and PEP lists, and assessing their risk profile. KYB applies the same logic to legal entities, but with additional complexity:

• Companies have layered ownership structures that can span multiple jurisdictions
• Ultimate beneficial owners (UBOs) — individuals who ultimately own or control the entity — must be identified and verified through the ownership chain
• Shell companies and nominee structures can deliberately obscure true ownership
• Business activity must be assessed to confirm alignment with stated purpose

Core KYB Components

Entity verification: Confirming the company is legally registered in the stated jurisdiction, checking company registries, registration numbers, and legal status (active vs. struck off).

UBO identification: Mapping ownership to individuals who own more than a threshold percentage (typically 25% in EU frameworks, though thresholds vary by jurisdiction). Each identified UBO then requires KYC verification.

Sanctions and watchlist screening: Screening the entity, its directors, and UBOs against OFAC, UN, EU, and other sanctions lists. This must be performed at onboarding and on an ongoing basis.

Business verification: Confirming the business operates in the stated vertical, reviewing website and product, and assessing whether the transaction volumes requested are plausible for the business size. Mismatches between stated business and actual activity are high-risk signals.

PEP screening: Identifying whether any directors or UBOs are politically exposed persons, which triggers enhanced due diligence requirements.

KYB in Payment Facilitation

Payment facilitators (PayFacs) that sub-board merchants under a master MID bear full KYB responsibility for their sub-merchant population. The card networks (Visa, Mastercard) publish merchant monitoring requirements that include KYB standards. Failure to conduct adequate KYB on sub-merchants can result in network fines and loss of the PayFac registration.

For high-volume platforms processing on behalf of SMEs — e-commerce enablers, SaaS platforms with embedded payments, logistics companies — KYB at scale requires automation. Manual review of every merchant is not operationally feasible, and risk-based approaches (simplified due diligence for lower-risk merchants, enhanced due diligence for high-risk ones) are the standard.

Ongoing Monitoring

KYB is not a one-time exercise. Ongoing monitoring obligations include:

• Periodic refresh of KYB documentation (typically annually or triggered by significant changes)
• Transaction monitoring to detect behavior inconsistent with the onboarded business profile
• Re-screening against sanctions lists when lists are updated
• Trigger-based reviews when news or adverse media flags arise

Southeast Asia Context

KYB complexity in Southeast Asia is elevated by several factors: company registries have variable accessibility and reliability, UBO disclosure requirements are inconsistently enforced, and nominee directorship structures are common in several jurisdictions. For PSPs onboarding SEA merchants, supplementary data sources (local business registries, bank statement analysis, site visits for high-risk merchants) are often required where automated verification falls short.

Singapore’s ACRA registry and Malaysia’s SSM provide reasonably accessible business verification data. Indonesia, Thailand, and Vietnam registries are more opaque, requiring local agent networks or specialist data providers to complete reliable KYB.