A Guide to Optimizing Your KYB Process: In-House, Single Provider, or Waterfalled Data
Compare the three approaches to KYB compliance — building in-house, one provider, or waterfalling data — and choose the right fit for your institution.
Know Your Business (KYB) requirements have only existed since 2016, but they’ve already proven to be one of the more operationally demanding compliance obligations that financial institutions face. The rules require verifying each business customer’s identity, confirming who owns and controls that business, and monitoring risk over time — all while regulations continue to evolve.
The question isn’t whether to do KYB. It’s how to do it well without letting compliance overhead eat your growth margins.
Financial institutions generally have three options: handle the process fully in-house, work with a single outsourced service and data provider, or waterfall multiple data providers through an orchestration platform. Each has genuine trade-offs, and the right answer depends on your institution’s risk profile and business objectives.
Option 1: Fully in-house KYB
Many smaller financial institutions build their KYB processes entirely in-house rather than relying on a specialized provider. Internal KYB teams build the technology infrastructure and hire compliance staff to approve or deny businesses according to company policy.
The process
Invest. An institution uses its engineering team to build a bespoke approval infrastructure, or hires an operations or compliance team to manually review applications. Most end up investing in both: an automated layer and a manual team to handle what the automation can’t.
Collect identifying information. As part of the Customer Identification Program (CIP), institutions must collect basic information: business name, address, and Tax ID number (TIN). For legal entity customers, they must also collect information on beneficial owners and at least one control person. A beneficial owner for KYB purposes is anyone with at least a 25% ownership or voting stake — these individuals are sometimes called ultimate beneficial owners (UBOs).
Verify businesses. Internal teams or data infrastructure pull data needed to verify identity: names, addresses, and filing details from Secretary of State (SoS) filings for basic verification, plus risky activity or financial information for more sophisticated programs. The KYB process also requires screening against OFAC watchlists.
Verify beneficial owners. In addition to verifying the entity itself, institutions must verify and screen all beneficial owners and control persons against OFAC watchlists.
Monitor over time. The CDD Rule expects KYB to be a continuous process. In-house KYB requires bespoke methods to update customer information and re-verify or re-screen businesses over time.
Pros
- Control. You know your business and risk profile better than any third-party provider. Building in-house lets you deeply customize the process for your needs.
- Good for simple programs. If you have a limited risk profile and only need to verify a small number of customers, the cost of setting up an external partnership may not be justified.
Cons
- Lack of expertise. Building KYB infrastructure often falls to engineering teams without compliance backgrounds — or compliance teams without data infrastructure experience.
- Limited auto-approval coverage. Specialized data providers build their entire engineering capability around matching and approving businesses. An in-house system will typically be slower and less accurate, which can lead to customer drop-off when applicants choose faster alternatives.
- Costly. Whether you build internal infrastructure, hire a large manual review staff, or both, the overhead for internal KYB is significant.
- Time-consuming. The operational investment required to build and run an in-house program comes at the expense of building core financial products.
As Liam Chennells, CEO of end-to-end KYB platform Detected, noted in a recent Enigma webinar, while many institutions aim for 100% automation as a north star, small improvement attempts across a KYB process can also make an impact. Internal KYB makes sense for institutions that can develop a semi-automated process meeting their compliance goals — but broader automation and using KYB as a driver for client growth and retention may require a partner.
Option 2: Single outsourced service and data provider
Some institutions work with one outsourced service and data partner — either to supplement an existing in-house program or to build their onboarding process from scratch.
The process
Invest. The institution partners with a single provider, paying a setup fee and annual licensing fees to access the provider’s data on an ongoing basis. The provider typically handles auto-approvals, removing the need to build that infrastructure in-house. The institution still needs to handle manual approvals for businesses the provider can’t auto-verify — either in-house or through an additional manual review service the provider offers.
Verify businesses. The provider auto-approves businesses and flags others for manual review: businesses without an SoS filing, those with mismatched name or address, businesses in high-risk industries like cannabis or adult entertainment, and potential OFAC matches.
Verify UBOs. The provider pulls the data needed to verify UBOs and screens them against the OFAC list.
Monitor over time. The provider and institution work together to update customer information, periodically re-check SoS registration statuses, re-screen for risky activities, and re-screen against the OFAC list.
Establish trust. Institutions can validate their provider’s accuracy by periodically sampling a set of auto-approved businesses to confirm the approvals are correct.
Pros
- The middle path. A single provider partnership maintains some internal control while delivering a customized solution with one dedicated partner.
- Focus on core competencies. Outsourcing compliance data work lets your team focus on your actual product and services.
- A tight partnership. Working closely with one team builds communication and trust over time.
- Reduce overhead and costs. With more auto-approvals, you onboard more clients with less effort. Companies using Enigma as their sole KYB provider are estimated to reduce KYB costs by 80%.
Cons
- The middle path. You give up some of the control that comes with fully in-house KYB, and access to a narrower data set than you’d have with multiple waterfalled providers.
- Onboarding time. Any new partnership requires time to integrate the platform and train your team on new tools and data.
Option 3: Waterfalled data providers via orchestration platforms
Many institutions work with multiple data providers through a third-party orchestration platform, sequentially passing business applications through multiple data sources until a match is found. Platforms like Alloy or Oscilar integrate multiple providers into one KYB decisioning endpoint. The waterfall sequence is typically designed around cost and approval time (latency), on the assumption that provider accuracy is roughly equivalent.
The process
Invest. The institution invests in the data aggregation platform, which uses multiple sources for auto-approvals. Manual approval still needs a separate solution.
Verify businesses. The platform attempts to verify a business using the first data provider in the sequence. If that provider can’t match the business, it passes to the next, and so on. This approach typically produces higher match rates and more data on risky activities than any single provider alone. Businesses that can’t be auto-approved go to manual review.
Verify UBOs. The platform auto-approves UBOs using data from multiple providers. KYB rules allow institutions to trust self-reported UBO information unless they have specific reason to doubt it — for example, when an owner name on the application doesn’t match the owner name in SoS filings. The platform also screens UBOs against the OFAC list.
Monitor over time. The platform checks SoS registration statuses, re-screens for risky activities, and re-screens against the OFAC list on a periodic basis.
Establish trust. Similar to single-provider monitoring, institutions can conduct monthly checks on individual sources to confirm auto-approval accuracy.
Pros
- Maximum coverage. More data sources means more coverage for auto-approvals.
- Further reduced overhead and costs. Like a single provider, waterfalling lets you auto-approve more businesses and onboard faster. The effect multiplies across providers. Enigma, for example, cuts costs an extra 50% for institutions already using another provider.
- Adaptable. A platform built for multiple providers can accommodate new data sources as legislation or needs change.
- Goes beyond KYB. A data waterfall infrastructure that’s already set up for KYB can also support fraud checks, risk checks, and underwriting.
Cons
- Multiple parties to manage. Waterfalling multiple sources means establishing trust and communication with each provider. You may lose some customization as you incorporate more vendors.
- Overkill for simple programs. If you only need one or two data sources to meet your requirements, a full waterfall architecture may be more complexity than you need.
Heidi Hunter, CPO of identity verification data provider IDology, praised the data waterfall approach for “smaller organizations looking to move quickly into the [identity and KYB] space,” adding: “layering those capabilities, you are able to get information from many different sources to give you a clearer view [and] drive ROI.”
How to choose the right approach
The decision comes down to your institution’s risk profile, growth objectives, and operational capacity.
- Want absolute control? Keep the process fully internal.
- Want one close partner who handles the complexity for you? A single service and data provider is the middle path.
- Want maximum auto-approval coverage and flexibility for future growth? Waterfall multiple providers.
Alloy CPO Parilee Wang put it well: “We’re getting access to new types of data that can change how you make decisions. There are new vectors of fraud coming daily at this point. There are new technologies that folks can take advantage of. So the one thing I advocate for very strongly is the value of flexibility, and cheap flexibility.”
Choosing the right solution now may not be the right solution in six months — especially given the pace of change in KYB regulation. In 2022, FinCEN established a beneficial ownership registry requiring certain corporations, LLCs, and similar entities to report their ultimate beneficial owners to the federal government. The INFORM Consumers Act extended identity verification requirements to online e-commerce platforms as well. Legislation in this space continues to evolve.
A quick comparison
| In-House | Single Provider | Waterfalled | |
|---|---|---|---|
| Control | High | Medium | Lower |
| Auto-approval coverage | Limited | High | Highest |
| Cost | High overhead | Up to 80% savings | Additional 50% savings |
| Time to implement | Long | Medium | Medium |
| Flexibility | Limited | Medium | High |
| Best for | Simple, limited-volume programs | Most financial institutions | High-volume, complex programs |
If you’re working toward a single provider or waterfall approach, see our KYB Requirements Checklist for the full list of data points you need to collect. And for a closer look at what instant approval rates actually look like in practice, read How Enigma KYB Cuts Compliance Costs by Up to 80%.
Thinking about where Enigma fits in your KYB process? Learn more about Enigma KYB or get in touch with the team.