KYB Onboarding Software: How It Works & What to Look For

Introduction

KYB onboarding software automates how a regulated financial company verifies a business customer, its identity, ownership structure, and risk profile, before a financial relationship begins. It pulls registry data, maps beneficial ownership, screens against sanctions and PEP lists, scores risk, and logs every decision in an auditable record.

For most compliance teams, the problem in onboarding is the same: the required data sits scattered across multiple tools and spreadsheets, analysts switch between tabs to verify it, and decisions are hard to reconstruct when a regulator asks. Slow onboarding costs revenue too: every day a customer waits to go live is a day they might go elsewhere.

This article explains how KYB onboarding software works, what to look for when evaluating it, and what changes when the EU's Anti-Money Laundering Regulation (AMLR) comes into force in July 2027.

Key Takeaways

• What it does: KYB onboarding software verifies a business customer's identity, ownership, and risk, and records every step in an audit trail, before onboarding.

• Why it matters: Manual KYB works at low volume but breaks as customer numbers grow, with analysts gathering data instead of judging risk.

• What to evaluate: Registry coverage per market, UBO determination engine, bring-your-own-vendor support, audit trail quality, whether onboarding, screening, Transaction Monitoring, and ongoing due diligence (ODD) run on one connected record, and readiness for the EU's Anti-Money Laundering Regulation, coming into force in July 2027.

• What AMLR 2027 changes: UBO determination moves to a three-check framework, Transaction Monitoring becomes mandatory and requires onboarding data to comply, ODD intervals become hard ceilings, and Source/Destination of Funds applies to all customers.

• The underlying requirement: All of it only works if compliance data flows across systems on the same customer record. Fragmented stacks become a compliance gap, not just an operational one.

What KYB Onboarding Software Does

KYB onboarding software automates the process of verifying the identity, ownership structure, and risk profile of a business customer and the individuals behind the business before a financial relationship begins. It retrieves registry data, maps beneficial ownership, screens against sanctions and PEP lists, scores risk, and logs every decision into the system.

The alternative is manual onboarding. In practice: one analyst, multiple databases, a spreadsheet to track status, and no audit trail that holds up under inspection. The manual approach works at low volume, but it breaks when the business grows.

The KYB Onboarding Process: Six Steps

A KYB onboarding process covers six steps, whether it runs manually or through software. Understanding each step matters when evaluating whether a potential KYB software solution covers the full scope.

1. Company identification

A KYB platform retrieves the company's basic registration data from the relevant national registry, such as name, registration number, legal form, registered address, and date of incorporation. For companies operating across multiple markets, this means pulling and verifying data from registries in each country: Bolagsverket in Sweden, Companies House in the UK, Handelsregister in Germany.

2. Beneficial ownership mapping

The platform traces who ultimately owns or controls the company. Under the current EU framework, this means identifying anyone with direct or indirect ownership above 25%. Under the new Anti-Money Laundering Regulation (AMLR), coming into force in July 2027, both the calculation method and the scope of who counts as a beneficial owner change. More on this below.

3. Identity verification

The individuals identified as beneficial owners and senior managing officials must have their identities verified, typically through document checks and database matches, with enhanced due diligence for higher-risk cases.

4. PEP and sanctions screening

The company, its owners, and its directors are screened against sanctions lists, politically exposed person registers, and adverse media sources. Automated screening usually handles this in seconds.

5. Risk scoring

Based on the data collected and the company's risk appetite, the platform assigns a risk classification: typically low, medium, or high, which determines the level of due diligence required and sets the parameters for how the customer is monitored going forward.

6. Decision and audit trail

A compliance decision is recorded and linked to every data point that informed it, with a timestamp and a record of who reviewed it. This is what makes the decision reconstructible when a regulator asks, even months or years later.

After onboarding: ongoing monitoring

Onboarding ends with a decision, but the relationship doesn't. Once a company is approved, its risk profile keeps changing: a new director joins, ownership is sold, a name appears on a sanctions list, the company becomes insolvent.

Ongoing monitoring keeps the customer's risk picture current after onboarding:

• Continuous screening against updated sanctions, PEP, and adverse media lists

• Real-time alerts when a company's status or risk profile changes

• Periodic re-verification at intervals set by risk level, and re-running the relevant onboarding checks when a trigger event occurs

• An audit trail that extends across reviews, not just the initial decision

This is also where AMLR raises the bar. Today, review intervals are set on a risk-appropriate basis. From July 2027, they become hard legal ceilings: one year for higher-risk customers, five years for everyone else, with event-driven reviews mandatory. A KYB setup that handles onboarding but not monitoring won't meet that standard.

Manual vs Automated KYB Onboarding

Manual KYB onboarding is common in early-stage teams that have grown faster than their tooling. Doing the process manually itself isn't an issue, although resource-intensive, if you're onboarding only a handful of companies per month, but it becomes a bottleneck as volume grows.

Replacing the manual steps with multiple separate tools is an improvement, but it is not the same as replacing them with one connected system, where KYB onboarding feeds the rest of the process automatically. Automation doesn't remove the compliance decision or the human in the loop, but it removes the work around them.

Swedish fintech Qliro moved merchant onboarding to Bits and onboarded 2x as many merchants with no added headcount, and achieved 50% faster SME onboarding and 4x faster approvals.

What to Look For When Evaluating KYB Onboarding Software

Not all KYB onboarding software covers the same scope. The differences that matter most for regulated financial companies, such as payment institutions and fintechs, come down to five areas.

Registry coverage per market

If you operate in multiple countries, your software needs to pull data from the relevant registries in each one automatically, preferably without manual fallbacks.

This sounds straightforward, but data coverage and quality vary considerably around Europe. When evaluating a provider, ask specifically which registries are covered and whether retrieval is fully automated or requires manual intervention in certain cases.

UBO determination engine

The way the software maps and calculates beneficial ownership directly affects your regulatory position.

From July 2027, the EU's new AML regulation requires a three-check framework: ownership assessed via the accumulation method, control assessed separately, and a combination rule for multi-level structures. This requirement replaces the single-chain ownership mapping most platforms use today, and sole reliance on ownership registers, commonly used by Nordic regulated financial companies.

If you're evaluating software right now, it is worth asking directly whether the UBO mapping is being designed to what AMLR requires.

Bring-your-own-vendor compatibility

Many compliance teams have already invested in long-standing contracts with data providers, or have built in-house solutions covering parts of the onboarding process.

Good KYB onboarding software orchestrates above the data providers and tools that already exist rather than requiring a full vendor swap. For enterprise buyers navigating DORA concentration risk, this is particularly relevant.

Building a solution in-house is also a common path, but not always the most effective answer. Additionally, the legal requirements for the solution, self-built or bought, are becoming increasingly demanding due to AMLR.

As an example, the Finnish crypto platform Coinmotion evaluated the in-house build route and chose Bits Technology instead. Ensuring end-to-end coverage via a single system was more practical than maintaining their own build.

Audit trail quality

The audit trail is what you show a regulator, and the standard it needs to meet is high. Every decision needs to be linked to the data that informed it, with a timestamp and a clear record of who reviewed what.

Under AMLR, compliance decisions need to be reconstructable on demand. This implies that the trail needs to be live and up-to-date, not a one-time snapshot from the day of onboarding.

End-to-end approach: onboarding, screening, Transaction Monitoring, ODD, and case management in one platform

KYB does not end at one-time onboarding.

Business customers change over time: ownership structures shift, risk profiles evolve, sanctions exposure emerges. This means that ongoing due diligence should run in the same system with KYB onboarding, on the same customer record, rather than in a separate tool.

The same is true for Transaction Monitoring. Under AMLR, transaction monitoring becomes mandatory and it needs to be informed by the customer's onboarding data and risk profile. A system that cannot access that record when an alert fires does not meet this standard.

The question to ask any provider is direct: do KYB onboarding, AML risk scoring, Transaction Monitoring, ongoing due diligence, and case management all operate on the same customer record? If they don't, what used to be a sheer operational headache becomes a legal compliance gap.

KYB Onboarding and AMLR 2027

The EU AML Regulation (Regulation (EU) 2024/1624) enters into force on 10 July 2027 and replaces the core of national AML laws with a single, directly applicable EU standard. For compliance teams at regulated financial companies, such as European payment institutions and fintechs, AMLR introduces four requirements that force structural changes to how KYB onboarding software works, and to what information it needs to connect to.

1. UBO determination: three checks, not one

AMLR replaces national beneficial owner mapping methods with a three-check framework. Ownership will need to be calculated using the accumulation method (Art. 52), and ownership through control has to be assessed alongside it (Art. 53).

In short, AMLR requires companies to:

1. Follow every ownership chain to the end, however small the holdings in between.

2. Multiply the ownership percentages down each chain.

3. Add up each person's holdings across all chains, unless ownership and control mix within the same chain, in which case the combination rule applies instead.

4. Identify anyone at exactly 25% or above as a beneficial owner.

5. Assess control too, not just ownership.

Control under AMLR means that a person can qualify as a beneficial owner through majority voting rights, board-appointment rights, veto rights, profit rights, or asset-disposition rights, regardless of how much equity they hold.

If no beneficial owner can be identified, AMLR requires identifying and verifying all of the company's senior managing officials.

More named individuals per company means more identity verification, screening, and monitoring. A UBO process built to AMLR works when every identified person automatically flows into screening and ongoing monitoring, on the same customer record.

For Nordic compliance teams, AMLR introduces another big shift. Using the beneficial ownership register as the verification step, which has been common practice across the Nordics, is no longer enough under AMLR. You need to determine ownership through your own means first, then compare against the register, and report any discrepancy within 14 calendar days (Art. 24).

2. Transaction Monitoring: a legal obligation requiring onboarding data

Art. 26(1) requires all obliged entities to monitor business relationships and transactions in a way that is consistent with the customer's risk profile, declared business activity, and where necessary, information about the origin and destination of funds.

In practice, this means that Transaction Monitoring rules need to know what normal looks like for each customer, and that context lives in the onboarding record, not in the transaction history alone. Monitoring that looks only at transaction patterns cannot meet this standard.

3. Ongoing due diligence: hard legal ceilings replace risk-based flexibility

Under Art. 26(2), enhanced due diligence customers must be reviewed at least every 12 months; all other customers, at least every 5 years.

Event-driven triggers (an ownership change, a sanctions hit, a Transaction Monitoring alert) become an additional mandatory obligation under Art. 26(3), running alongside the periodic review cycle rather than replacing it. Calendar-based monitoring that waits for the next scheduled review will not be AMLR compliant.

4. Source and Destination of Funds: mandatory for all business relationships

Under Art. 25, Source of Funds and Destination of Funds collection applies to all business relationships where necessary, not only high-risk customers as today. Destination of Funds is entirely new, with no equivalent in current law.

Onboarding questionnaires that display these fields only for high-risk customers need structural redesign. Collecting it at onboarding without feeding it into ongoing monitoring covers only half the requirement. Under the regulation, it needs to be visible and usable at the point of a monitoring alert.

The requirement underneath all four: connected data

All four changes share the same constraint: they only work if compliance data flows between systems on a connected customer record.

Most compliance stacks today are built the other way. KYB onboarding sits in one tool, AML screening in another, Transaction Monitoring in a third, and case management in a fourth. AMLR makes that fragmentation a compliance gap, not just an operational one.

For a detailed breakdown of why the regulation is fundamentally a data architecture problem, see this article.

How Bits Handles KYB Onboarding

Bits Technology is an end-to-end compliance platform for regulated financial companies in Europe.

KYB onboarding is the core of the platform, and it runs alongside AML risk scoring, Transaction Monitoring, ongoing due diligence, and case management on the same customer record.

The platform covers the full KYB process: company identification from European registries, UBO mapping (built to AMLR requirements), sanctions and PEP screening, risk scoring, and a unified case management layer with a full audit trail.

When a Transaction Monitoring alert fires, the analyst has immediate access to the complete onboarding record, including ownership structure, risk classification, and declared business activity, without switching systems or stitching data together manually.

For mid-market and scale-up companies, the full stack replaces the fragmented and partly manual multi-tool setup. For companies with existing vendors, Bits supports a flexible model that orchestrates above them.

Bits has recorded zero regulatory remarks across all client engagements to date. The platform runs in production with regulated financial institutions across the Nordics and Europe.

Swedish fintech Qliro moved their merchant onboarding to Bits and doubled the number of merchants onboarded, with a 50% reduction in SME onboarding time and 4x faster approvals, without adding compliance headcount. The Finnish crypto platform Coinmotion chose Bits over building in-house, specifically for the end-to-end module coverage in a single system.

See how Bits handles KYB onboarding

Frequently Asked Questions

What is KYB onboarding?

KYB onboarding is the process a regulated financial company runs before entering into a business relationship with a new customer. It covers verifying the company's identity and registration, mapping who ultimately owns or controls it, screening the company and its owners against sanctions and PEP lists, assessing risk, and recording the steps in an auditable trail. The goal is to confirm that the business is who it says it is and that the relationship does not pose an unacceptable financial crime risk.

What is KYB onboarding software?

KYB onboarding software automates the process of verifying a business customer's identity, ownership structure, and risk profile before a financial relationship begins. It retrieves company registry data, maps beneficial owners, runs sanctions and PEP screening, assigns a risk score, and logs every decision in an auditable case record.

How long does KYB onboarding take with software vs manually?

Manual KYB onboarding can take several business days per case, depending on company complexity and the markets involved. Automated KYB onboarding compresses standard cases to hours. Qliro reduced SME onboarding time by 50% after moving to Bits, while doubling the volume of merchants onboarded with the same compliance team.

What does AMLR 2027 change for KYB onboarding?

Four things change directly:

1. UBO determination moves to a three-check framework from simple ownership tracing: ownership via the accumulation method, control assessed in parallel, and a combination rule for multi-level structures. If no beneficial owner can be identified, AMLR requires identifying and verifying all of the company's senior managing officials. Beneficial ownership registers can no longer serve as the verification step: you establish ownership independently first, then compare and report discrepancies within 14 calendar days.

2. Transaction Monitoring becomes a legal obligation requiring access to onboarding data and risk profiles, not just transaction patterns.

3. Ongoing due diligence intervals become hard legal ceilings: 12 months for high-risk customers, 5 years for all others. Event-driven triggers become mandatory alongside the periodic cycle.

4. Source and Destination of Funds collection becomes standard for all business relationships (where necessary), not just high-risk cases.

Underlying all four is a data architecture requirement: KYB onboarding, AML screening, Transaction Monitoring, and case management need to operate on the same customer record for the business to be AMLR compliant.

Does KYB software work across multiple countries?

The best KYB onboarding solutions pull from national registries across multiple countries, so the same compliance workflow applies whether a business customer is incorporated in Sweden, Germany, or the Netherlands. Coverage quality varies considerably by provider, so it is worth asking specifically which registries are automated versus requiring manual fallback.

Can I keep my existing data providers?

Yes, if the software supports a BYOV (bring your own vendor) model, meaning the KYB platform orchestrates above your existing providers, such as sanctions screening, identity verification, and registry data, rather than replacing them. This matters especially for enterprise buyers managing vendor concentration risk under DORA, where adding a compliance platform that replaces critical providers can trigger outsourcing classification concerns.

—

Last updated: June 2026.

This article is published by Bits Technology, a compliance infrastructure platform for regulated financial companies in Europe.