The Essential Distinction
KYC (Know Your Customer) and KYB (Know Your Business) are both cornerstones of modern compliance programmes — but they address fundamentally different questions.
KYC asks: Who is this person? KYB asks: What is this business, and who ultimately controls it?
The confusion between the two is understandable — both involve identity verification, both are mandated by financial regulators, and both are often handled by the same compliance team. But the data sources, risk models, and ongoing monitoring requirements are quite different.
KYC: Verifying Individuals
KYC is the process of verifying the identity of an individual customer. In India, the regulatory framework is anchored in the RBI's KYC Master Direction and the PMLA Rules.
What KYC Verifies
- Identity — Name, date of birth, and ID document (PAN, Aadhaar, passport, voter ID)
- Address — Current residential or business address
- Photograph — Face match with identity document
- PEP/sanctions status — Whether the individual appears on any watchlist
KYC Risk Levels
RBI mandates different KYC depths based on customer risk:
| Level | Requirements | |---|---| | Simplified KYC | One OVD (Officially Valid Document); for low-risk, low-value accounts | | Full KYC | Two OVDs + address proof + photograph | | Enhanced Due Diligence | Additional source-of-funds documentation; for high-risk customers and PEPs |
Digital KYC
Video KYC and Aadhaar eKYC (via OTP or biometric) have largely replaced physical verification for retail onboarding. The consent, liveness check, and document capture happen in under 3 minutes — dramatically reducing drop-off compared to in-person KYC.
KYB: Verifying Businesses
KYB extends the identity verification logic to legal entities — companies, partnerships, LLPs, trusts, and other structures. The fundamental challenge: a business is not a person. It's a legal construct, often owned by other legal constructs, which may themselves be owned by yet more entities.
What KYB Verifies
Entity-level checks:
- CIN (Company Identification Number) — Confirms the company is registered with MCA
- GST registration — Active GSTIN status and filing compliance
- Udyam registration — For MSMEs
- MCA21 filings — Annual returns, financial statements, and event-based filings
- Charge registry — Outstanding loans secured against company assets
- Director/officer details — Active directors and their DIN (Director Identification Numbers)
Ownership and control:
- Beneficial ownership — Who ultimately owns ≥10% or controls the entity?
- UBO identification — Piercing through holding structures to reach natural persons
Compliance and risk signals:
- ROC status — Active, struck off, under liquidation?
- NCLT proceedings — Insolvency or dissolution actions
- GST cancellation — Revoked GSTIN
- Litigation history — Court records linked to the entity or its directors
The UBO Challenge
Identifying Ultimate Beneficial Owners is the hardest part of KYB. A company may be owned by a holding company, which is owned by a trust, which is controlled by a natural person — across multiple jurisdictions.
The FATF (Financial Action Task Force) recommends that financial institutions look through corporate structures to identify UBOs and apply PEP/sanctions screening to each one.
Where KYC and KYB Overlap: Director Verification
When onboarding a corporate client, you must:
- Verify the entity (KYB)
- Verify the directors and authorised signatories (KYC for individuals)
- Identify and verify the UBOs (KYC for the beneficial owners)
This intersection is where many compliance programmes have gaps. Businesses focus on one or the other — either checking the company but not its directors, or checking the person presenting the documents without verifying the company actually exists.
Ongoing Monitoring: Where Most Programmes Fail
Both KYC and KYB are point-in-time checks unless they're connected to ongoing monitoring.
For KYC: Monitor for PEP status changes, sanctions additions, and adverse media. A customer who wasn't a PEP when onboarded may become one after a political appointment.
For KYB: Monitor for ROC status changes, GST cancellations, director changes, and new litigation. A business that was active and compliant when onboarded may be struck off or face insolvency proceedings six months later.
Automated monitoring — where alerts are generated when a customer or counterparty's status changes — is the only practical way to maintain compliance at scale.
Practical Implementation
For retail financial services (banks, NBFCs, fintechs): Lead with digital KYC for individuals. Add KYB triggers when customers cross thresholds that suggest business activity (large inflows, multiple beneficiaries).
For B2B platforms and corporate onboarding: Start with KYB to verify the entity and its directors. Use API-driven checks for CIN, GST, and MCA data. Layer individual KYC on each director/UBO.
For trade credit and supply chain finance: KYB is critical for counterparty risk. Combine entity verification with financial health signals (GST filing regularity, charge status, NCLT checks) to build a risk score before extending credit.
VerifyAll's Business Verification suite covers CIN lookup, GST verification, Udyam registration, director KYC, and UBO mapping — enabling you to complete both KYC and KYB through a single integration.
