KYB
Overview
To issue commercial cards or make ACH transactions on behalf of a business entity, regulations require us to verify basic data about the business. We call these business verification requirements the “Know Your Business” (KYB) process. Since every business is operated by at least one individual, regulations require us to gather identifying information from at least one senior leader of the business.
The verification process for individuals is known as the Know Your Customer (KYC) process. If the business is operated as a legal entity, such as a C-Corp, regulations require us to gather KYC information about certain individual owners of the business entity, as described in the Authorized Person Requirements. The federal government wants us to gather and confirm information about the people who control the business, in order to assess its fraud and money laundering risk, and we appreciate your assistance with this process.
KYB Information Security Standards
Clients using our KYB services must adhere to the Federal Reserve's guidance on information security outlined here: www.federalreserve.gov/supervisionreg/interagencyguidelines.htm.
Business Requirements
Every business end-user must:
-
Be created as an organization, this includes sole proprietors.
-
Have at least one authorized person associated with the organization (see below Authorized Person Requirements section for more details)
-
Have the following fields filled out:
Field | Description |
---|---|
Business Structure Type | The official tax reporting structure of the business entity. Possible types are as follows: Cooperative, C-Corp, S-Corp, LLC, Partnership, Sole Proprietorship, Unincorporated Associations |
Doing Business As (DBA) (if applicable) | Also known as a trade name, fictitious name, or assumed name. This field is only applicable if the business entity operates under a name different from its legal business name. |
Company Address | The primary physical address of the business’ operations or headquarters. This cannot be a PO Box. |
Company Name | The official legal business name. In the case of a sole proprietor, this may be their full legal name. |
Company Phone Number | The company's phone number or phone number of the business point of contact. |
Formation Date | The official formation date of the company. |
Industry Classification | A short text description of the primary business activity or industry associated with the business entity. |
Taxpayer Identification Number (TIN) | The tax id for most business entities is an EIN (Employer Identification Number). A sole proprietor may use their personal SSN. |
Website URL (if applicable) | The official website of the business entity. |
- Attest to not engaging in high risk activities Productfy is unable to support (see Step 3 of the Organization Workflow below):
- Marijuana or cannabis related businesses (MRB or CRB)
- Casinos, internet/online gambling or other gaming establishments
- Pawnbrokers
- Dealers in precious metals, stones or jewels
- Private ATM owners
Authorized Person Requirements
At least one authorized person must be associated with the business to pass KYB. This authorized person must go through the full KYC process for the business to pass KYB. In the case of a sole proprietorship, the sole proprietor must be the authorized person. All other types of businesses need at least one designated Controller and may have zero to four Beneficial Owners.
- Controller is defined as an individual with significant responsibility for managing the business entity (i.e. CEO, COO, Managing Member, President, General Partner, Treasurer, President, etc.).
- Beneficial Owners are defined as any individuals who, directly or indirectly, own 25% or more of the business entity.
All of these individual entities are referred to as authorized persons and must pass KYC if they exist in the business structure.
This is summarized in the table below:
Role | Needs KYC? | KYC Requirements | When Does Role Apply? |
---|---|---|---|
Sole Proprietor | Yes | Full KYC | Only for a sole proprietorship and this will be the only role for that business structure type. |
Controller | Yes | Full KYC | When a business is not a sole proprietorship, it needs a controller listed and there may only be one individual identified as a controller. |
Beneficial Owner | Yes | Full KYC for each Beneficial Owner | When a business is not a sole proprietorship and has one or more people who directly or indirectly own 25% or more of the business. Each individual who owns 25% or more of the business entity must be listed and verified through the KYC process. |
NOTE: The individual listed as the business entity’s Controller may also be a Beneficial Owner. See the role table in the KYB Workflow for more details on the role options.
KYB Workflows
You must complete three distinct workflows to satisfy the full KYB verification process. The Organization and Authorized Person workflows can be completed simultaneously, but the final KYB workflow depends on the previous two.
Step 1 - Organization Workflow
Complete these workflow steps before or after creating the authorized person(s).
Create an Organization
The first step in getting the business ready for the KYB process is to create it in the Productfy system. Supply all fields, except for Company Address, to the Create Organization API
call to create your business in the Productfy system. Please see the above Business Requirements section for more information on the specific fields and their descriptions.
Add Address to Organization
Add the address of the organization via the API call below that accepts a standard street address, street name, city, and postal code. Alternatively, it also accepts a google places id, if applicable.
Obtain Attestation Of Activity
Due to Productfy and our partner bank's risk tolerance, we are unable to support business customers that operate in certain high risk businesses. To manage this, you must present the customer with a screen that asks the following question:
Does the company engage in, or operate as, any of the following (check all that apply):
- Marijuana or cannabis related businesses (MRB or CRB)
- Casinos, internet/online gambling or other gaming establishments
- Pawnbrokers
- Dealers in precious metals, stones or jewels
- Private ATM owners
- Adult content or adult entertainment
I, (name of natural person opening account), hereby certify, to the best of my knowledge, that the information provided above is complete and correct.
Positive responses to any of these industries should result in the application being declined ahead of collecting any more information. Additionally, you must maintain records of each customer that has been presented with the attestation, and when they have filled it out, in case bank auditors would need to see it.
Step 2 - Authorized Person Workflow
These workflow steps must be completed for the business’s Controller and each Beneficial Owner, or in the case of a sole proprietorship, the sole proprietor will be the only authorized person.
Create Authorized Person(s)
At a minimum each authorized person must have the following fields filled out:
- Name
- SSN
- Date of Birth
Add Address to Authorized Person(s)
Add the person's address via a separate API call which accepts a standard street address, street name, city, and postal code. Alternatively, it also accepts a google places id, if applicable.
Execute KYC on Authorized Person(s)
Once the above prerequisite information is saved in the system the authorized person can go through the standard KYC waterfall.
See the KYC guide for more details on the specifics of the KYC process.
Step 3 - KYB Workflow
This is the final step where we link the verified Authorized Person(s) to the organization and kick off the KYB verification.
Associate Authorized Person(s) with Organization
At this point, we have verified all authorized person(s) through the KYC process and created an organization in the Productfy system. Now it is time to link the two. To create this link provide the organization id, person id, a CRUD mode, and a role for the associating person. Set the CRUD mode to C_F which will create the association if it does not currently exist. If it does exist an error will return indicating the link is already created.
Finally, fill the role field with one of the preset enum values indicating the relationship the associated person has with the business.
Role | Description |
---|---|
Beneficial Owner | Person with a 25% or more, direct or indirect, ownership stake in the business entity. |
Both Beneficial Owner and Controller | Person performs the duties of the controller while also having a 25% or more ownership stake. |
Controller | Person who has significant responsibility for managing the business entity. |
Employee | Person is a regular employee of the company. Use this role when an employee will be issued a card or makes ACH transactions but is not an authorized person. See the Business Signers section below for more details. |
Sole Proprietor | Person is the sole owner of an unincorporated business. |
Execute KYB on the Organization
As a final step, call the Execute KYB API on the Organization ID of your business customer. This API will perform 3 functions on the Organization outlined below:
1. Data Validation
This step ensures all the data on the Organization and associated Person IDs described in this guide above are done correctly. The API will immediately return errors if any of the data is not set up correctly.
2. OFAC Watchlist Check
Per banking regulations we must verify that the business (including Sole Proprietorships) is not on a watchlist. If the Organization has a DBA name (the dba field is filled out), then we will send both the Organization name and Organization DBA through a watchlist check, and both must pass for the Organization to be considered passed for the watchlist check. If a watchlist check fails, it will be manually reviewed by Productfy compliance, and may result in being overridden into a pass. Any watchlist pass will trigger the KYB webhook.
3. Business Identity Check
For Organizations that aren't Sole Proprietorships (e.g. LLCs, or C-corps, etc.) or for Sole Proprietorships that have a DBA (the dba field is filled out), we must verify that the business data is legitimate based on government records and other sources. This process will usually be completed within a day but may take longer. The result of this check will be communicated in the KYB webhook.