Guides
KYB verification best practices for non-bank lenders
The core KYB checks for SMB lending
A thorough KYB process for MCA and small business lending covers six areas: (1) Entity registration — confirm the business is registered and in good standing in the state of formation, using the secretary of state's database. (2) EIN verification — confirm the EIN matches the legal business name. (3) Beneficial ownership — identify the principals named on the application and confirm their ownership percentage matches what is stated. (4) Principal identity — verify government-issued ID for each principal, confirm the ID is not expired, and check that the photo and data match. (5) Sanctions screening — screen the business and principals against OFAC and other applicable watchlists. (6) Physical verification — confirm the business has a real, verifiable address and operating presence consistent with the stated business type and bank statement activity.
Each check should be performed against an authoritative source, and the result — pass, fail, or requires-review — should be recorded in the case file with the source consulted and the timestamp of the check.
Common fraud patterns KYB should detect
KYB verification is the first line of defense against application fraud. Common patterns that KYB checks surface include: shell businesses formed weeks before the application with no operational history; entities using a real EIN assigned to a different business name (identity theft or error); principals providing IDs that belong to other individuals or are fabricated; businesses claiming to operate in industries inconsistent with their stated revenue or bank statement activity; and addresses that resolve to mailbox services, vacant lots, or residences not consistent with the claimed business type.
When KYB checks produce conflicting signals — the entity is registered but the principals do not match, or the EIN exists but the business name does not — the case should be escalated for human review rather than auto-approved. The specific conflict and its disposition must be in the case file.
Documenting KYB in the case file
KYB documentation in the case file should capture: the source of each check, the result, the timestamp, and the reviewer's disposition. A third-party KYB provider report attaches to the case evidence graph. Manual checks (secretary of state search results) should be recorded with a note of what was searched and what was found, not just a checkbox marked 'verified.'
In fraud investigations and collections proceedings, the quality of KYB documentation determines whether the funder can demonstrate it performed reasonable due diligence. A case file that shows KYB was checked, what was found, and how the reviewer responded is materially stronger than one that just marks a field 'verified.'
FAQ
KYB verification best practices — common questions
Are MCA funders required to conduct KYB?
Formal BSA/AML KYB requirements apply to regulated financial institutions. Non-bank MCA funders are not always directly subject to the same rules, but KYB is standard practice for underwriting integrity and fraud prevention — and capital partners, ACH processors, and state regulators increasingly expect documented verification. Operating without KYB creates both fraud exposure and counterparty risk.
Should KYB be repeated for returning merchants?
Best practice is to run a fresh KYB check on each new advance, even for returning merchants. Business circumstances change: ownership can transfer, the entity can be dissolved and reformed, or a new principal can be added. A check that passed 18 months ago may not reflect the business's current status.
The institution around the intelligence
See Hadrian run your case lifecycle — intake to close, every decision audited.
Governance-native case processing for lenders and regulated teams.