An Expert Guide on How to Know if a Company is Legit

No matter whether you’re a small venture or a big enterprise, entering into a relationship with a fake company can take away your valuable money, time, and reputation. That’s why it’s indispensable to check the legitimacy and reputation of counterparties before you deal with them.

It’s necessary to know if a company is legit for various reasons, such as compliance with AML laws, fraud prevention, Anti-Bribery and Corruption (ABC) Compliance, and compliance with supply chain due diligence regulations.

Even if a business gives priority to verifying the legitimacy of a company, it could face challenges due to a lack of required expertise in verification, access to data, and supporting tools. In the following sections, we’ll discuss a step-by-step process of how to know if a company is legit.

What Does “Legit Company” Mean for Compliance & Risk?

In the Context of Compliance

For compliance purposes, being legit for a business means that it is fully compliant with the legal, regulatory, and industry standards issued by regulatory bodies. The company must be:

Registered and Licensed: A legitimate business is correctly registered with a government agency and has the appropriate licenses to do business in a specific jurisdiction. For example, financial entities must be licensed by the Financial Conduct Authority (FCA) and registered with Companies House in the UK, or the Securities and Exchange Commission (SEC) in the US.

Adhering to AML/CFT Regulations: A legitimate business must also comply with AML/CFT laws if it operates in an AML-regulated sector. This means it must comply with Anti-Money Laundering (AML) and Counter Financing Terrorism (CFT) laws set by regulators, such as FinCEN, AUSTRAC, or the Anti-Money Laundering Authority (AMLA).

These regulations require businesses to implement due diligence processes such as Know Your Customer and KYB (Know Your Business), which further include PEP screening, sanctions checks, and checking against warnings and regulatory enforcement databases.

In the Context of Risk:

Another key component of being legit involves taking the risk mitigation measures. This means a company works to minimize potential legal, financial, and reputational risks associated with doing business with an organization that is non-compliant, fraudulent, or unethical.

Mitigating Financial and Operational Risk: When a company is legitimate, it conducts its business in a way that reduces the likelihood of financial loss, fraud, and sanctions non-compliance. A legitimate business has a policy against partnering with companies that have been found to be involved in financial crime, tax evasion, or illegal activity in order to avoid possible fines, sanctions, penalties, and negative reputational consequences.

For example, the Sarbanes-Oxley Act in the U.S. requires companies to implement stronger internal controls and audit practices to encourage transparency and reduce the likelihood of fraud.

Adhering to Due Diligence Standards: To reduce risk, legitimate businesses conduct comprehensive background checks, risk assessments, and ongoing monitoring of the entities they do business with (like partners, suppliers, and clients).

Reputation Risk: A legitimate company ensures that it operates ethically to protect its reputation in the market by avoiding associations with fraudulent, corrupt, or high-risk businesses. If a company fails to confirm the legitimacy of its partners, it risks associating with businesses that may damage its brand or cause it to lose customer trust.

Sanction and Regulatory Risk: Legitimate businesses ensure they do not run the risk of inadvertently violating sanctions or engaging with blacklisted entities. Companies involved in international trade or business must comply with sanctions regulations established by regulators like OFAC (Office of Foreign Assets Control) and the UN. Failure to comply could lead to penalties, asset freezes, and business disruption.

What Are the Reasons Behind the Existence of Fake Companies?

Most of the time, the reasons behind the establishment of illegitimate companies are financial motives. Below are some of the reasons why fake companies are made:

• Money Laundering: Under U.S. federal law, businesses and individuals convicted of money laundering can face fines up to $500,000 or twice the value of the property involved and imprisonment for up to 20 years. This fact underscores the seriousness associated with the illegal movement of money. For this type of activity, shell firms are often used.

• Tax Evasion: This is another reason why illegitimate companies are used. This is mostly done through shell corporations to shift income to jurisdictions with relatively lower tax rates, allowing them to conceal ownership structure and move funds across borders.

• Scams and Consumer Fraud: Fraudsters often set up phony companies to deceive consumers into paying for nonexistent products or services. Scams typically sell products at a much lower price than normal or falsely claim unbelievable profit opportunities; however, once the consumer buys, they disappear. Sometimes, fraudsters will create phony companies that appear the same as legitimate businesses to add some sort of legitimacy to the fraud.

• Deceiving vendors and partners: Often leveraging the established trust of legitimate brands, fake enterprises entice investors with promises of high returns and deceive consumers with counterfeit products.

How to Verify the Legitimacy of a Company?

When checking to see if a company is legitimate, you need to conduct a thorough check. This involves looking up multiple data points, as generally, one data point is not enough to prove the company is real. Before entering into an important business transaction or dealing following process can help you check whether a company is legit or fake:

Step 1: Checking Company Registration with the Authority

This is about verifying if a company is substantively registered with a governmental or regulatory body. To know if a company is legit, you have to check if the company is legally established and operating in compliance with the laws of the jurisdiction where it is established. For example, often a company is registered with a national business registry or local chamber of commerce. The data points that are validated to confirm a company’s legal status include the company’s name, the type of business, business registration number, and the legal status.

Step 2: Check Basic Company Information

The next part of corporate due diligence is to verify company information against the publicly available information such as: 

• Company Address

Verify if the address provided by the business is valid and physically exists. This can be done either by physically visiting the location or through Google Maps. Fraudsters commonly rely on incomplete addresses (e.g., only a P.O. Box), residential addresses, or known virtual office hubs for setting up fake companies.

For a detailed overview, check our Address Verification 2025 Guide.

•  Contact Number

Verify the company’s contact number. This can include phone verification and even calling the company and checking if representative respond in a professional manner. If the only contact number provided is a mobile phone number, this may be a cause of concern, but not an automatic negative red flag. Regardless, you should contact the company and ask direct questions to verify that the number is correct and the company is legitimately established.

• Social Media and Website

Examine the company’s website and its social media profiles. A reputable business usually has a polished and professional website, a symbol of actively managing their brand. Their social media profiles should show activity associated with the operations.

• Licenses and Certifications

Look for certifications and/or licenses that are specific to the industry. Companies in regulated sectors that include insurance, healthcare, or finance are required to have valid licenses from regulators. You should cross-check with the relevant regulatory agency to confirm its legitimacy.

Step 3: Match and Verify Company Data

After collecting the essential risk information related to a company, confirm and corroborate the information with independent sources. This will help you to spot any deviation from stated claims or signs of possible fraud.

• Online Reviews

Online reviews provide information that can help in verifying a company’s data. Websites such as Google, Trustpilot, or Yelp can offer critical information. A genuine business has good reviews and some bad ones. However, if the reviews seem all overly positive or only vague and repetitive, it may be the result of automation.

• Word of Mouth

Speak to your network of contacts, as informal word-of-mouth information tends to be most reliable, especially if you are asking someone who has worked with the company or knows the company in the same industry.

Step 4: Official Check

You can verify the legal standing of a company by thoroughly searching the official registries and trusted data sources:

• Company Data on Portals

You can find the official company registration on public datasets, such as Companies House records (for companies based in the UK) or the Secretary of State’s business search (for companies based in the US). These databases provide information you need to check the legitimacy, such as its legal status, directors and managers, active status, registration number, and financial filings.

• Registers and Reports

To get a full context about the company, you can use either the private databases or the Financial Services Register (for financial firms) for an even broader overview of a company’s credit rating, stability, and industry compliance.

• Sanctions, & Warnings/Enforcement Lists

It is also critical to check whether the business or its owners are included on any enforcement or sanctions lists. These lists provide identification of persons and entities that governments prohibit others from doing business with based on their sanctioned criminal behavior, money laundering, and other illegal acts. By checking all sanctioned lists, you ensure you are not dealing with someone accused of any wrongdoing or illegal actions.

• Director’s Probity and Fitness Check 

The next critical step is to review the background of a company’s directors. Investigate the directors of a company and see if they appear on a regulatory watchlist and/or fitness and probity list, which measures an individual’s suitability for a statutorily regulated role. Director’s due diligence is particularly critical in high risk sectors. Director’s due diligence is particularly important in high-risk areas where the integrity of senior leaders is critical.

Step 5: Enhanced Due Diligence (For Higher Risks)

If you’re dealing with a company whose ownership is opaque, jurisdictions are high risk, data points conflict, or you face pressure to rush, you should consider escalating to EDD. Collect certified corporate documents, verify UBO identities, conduct PEP, enforcement, sanctions screening, and obtain proof of operating history or funds.

Step 6: Trust Your Intuition

If something doesn’t feel right, don’t ignore it. Trust your instincts, and if the organization is rushing you to decide, or if it appears to dodge your questions, then step back and think. You are looking for a clear and professional relationship, where both parties are willing to exchange information and show their cards.

How To Do the Corporate Due Diligence?

The most effective method of ensuring that a company is legitimate is to complete a Know Your Business (KYB) check. The Know Your Business process check is an in-depth process that verifies both the business entity and the owners. It involves validating the business registration status, ownership information, viability of the business, and any evidence of criminal activity tied to the business or business ownership.

How the Know Your Business (KYB) Process Works:

• Business Verification: Companies that conduct Know Your Business checks collect data on the legal registration status of the business, tax filings, operational history, and licenses of the business. 
• Beneficial Owner Verification: The Know Your Business (KYB) check also verifies the identity of the business owners, or Ultimate Beneficial Owners (UBO), and directors to identify if the owners have a history of fraud.

• Risk Assessment: The Know Your Business process generates a risk assessment profile for the business, which indicates if it is safe to move forward with the business or if additional diligence is warranted.
• Due Diligence: An important component of the enhanced KYB process is screening the company or its directors against sanctions or enforcement lists. Checking against these lists often helps identify businesses engaged in illegal activities,  financial crime, and any Environmental, Social, and Governance (ESG) violations of regulatory obligations. 

It is important to rule out that your business partners are not the subject of sanctions by the government or experiencing substantial legal issues that could be a risk to your business.

How Shufti Helps Verify Company Legitimacy

Shufti simplifies and expedites the process of conducting Know Your Business (KYB) checks by automating the verification of company details, Ultimate Beneficial Owners (UBOs), and ownership structure, enabling you to easily verify the legitimacy of any business.

Important Shufti’s Features include:

• Company Verification: Retrieve and verify company registration data against official sources. This includes company legal status, officers, and registered addresses.
• Sanctions and PEP Screening: Conduct screening against global sanctions lists, PEPs, warnings and regulatory enforcements, criminal watchlists, and adverse media.
• Risk Scoring: Shufti provides a risk score for each company, enabling you to consider whether you want to continue the business relationship.

You can quickly verify the subject business, reduce effort, and ensure engagement with a legitimate company through Shufti’s KYB solution . Get started – Book a demo today!