KYB in APAC: What Compliance Teams Need to Know in 2026

Financial crime compliance now costs APAC financial institutions $45 billion a year, according to a Forrester Consulting study, with 98% of those institutions reporting rising costs in 2023. A growing share of that pressure falls on business verification. Regulators across the region are demanding clearer ownership maps, verified beneficial owners, and ongoing monitoring that does not stop at the point of account opening. The challenge for compliance teams is that APAC is not one market. Singapore, Australia, Hong Kong, and India each operate distinct frameworks with different rules, different registries, and different enforcement timelines.

Know Your Business (KYB) is the process a regulated entity uses to verify a corporate client’s legal identity, ownership structure, and risk profile before providing financial services. The subject is an entity, not an individual, so compliance teams must trace through layers of ownership to reach the people who actually control the business. For a detailed walkthrough of how KYB compliance in APAC works in practice, the fundamentals are covered in depth separately.

Why APAC is not a single KYB market

The Asia/Pacific Group on Money Laundering (APG), the FATF-style regional body covering 41 member jurisdictions, conducts mutual evaluations that assess each member’s adherence to FATF Recommendations on beneficial ownership transparency and corporate verification. Countries that perform poorly face grey-listing, which raises correspondent banking risk for institutions operating in those markets. That evaluation pressure is a primary driver of the regulatory changes now moving through the region. Ultimately APAC KYB regulations are not the same everywhere and carry regional nuances.

The practical problem for compliance teams is what sits underneath that pressure: four major APAC markets with four different primary regulators, different UBO disclosure thresholds, different levels of public registry access, and different expansion timelines. A KYB programme designed for MAS compliance does not automatically satisfy AUSTRAC, and what HKMA expects from corporate onboarding differs from what RBI requires. Running a unified business verification process across multiple APAC markets means working with those differences explicitly. And many KYB solutions in APAC struggle to accommodate such differences in regulatory approaches, shaped by local regulations.

Singapore: MAS Notice 626 and the risk-based approach

The Monetary Authority of Singapore’s primary instrument for corporate due diligence is MAS Notice 626, which applies to financial institutions operating under MAS oversight. The notice requires a risk-based approach to onboarding. Institutions must identify and verify a business customer’s legal identity, confirm its authorised representatives, map ownership structure, and assess whether the stated business activity matches expected account use.

Singapore applies a 25% ownership threshold for UBO disclosure. A natural person holding 25% or more of shares or voting rights must be identified and verified. Where ownership runs through a chain of entities, compliance teams must trace each layer until they reach the natural person at the top.

MAS amendments published in April 2024 expanded the scope of digital payment token (DPT) service providers subject to these requirements, with user security standards phased in from October 2024. Fintechs holding a Major Payment Institution licence need to factor these changes into their corporate onboarding flows specifically.

Australia: AUSTRAC, Tranche 2, and the 1 July 2026 deadline

Australia’s AML/CTF framework, supervised by AUSTRAC, sets specific KYB requirements for reporting entities. When onboarding a corporate customer, a reporting entity must collect and verify the company’s registered name as listed with ASIC, its Australian Company Number (ACN) or equivalent for foreign entities, the addresses of its principal place of business and registered office, and beneficial ownership information for any person holding 25% or more.

The more significant development is Tranche 2. AUSTRAC tabled the AML/CTF Rules 2025 in Parliament on 29 August 2025, extending AML/KYB obligations to real estate professionals, lawyers, accountants, and dealers in precious stones and metals. These sectors must achieve full compliance by 1 July 2026. For any business that onboards corporate clients from these newly regulated sectors, that change affects counterparty risk classification and third-party due diligence obligations directly.

Hong Kong: HKMA and significant controller mapping

In Hong Kong, KYB obligations for financial institutions sit primarily under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance, supervised by the HKMA and the Securities and Futures Commission. Financial institutions must verify a corporate client’s legal identity, directors and shareholders, filing status, and ownership chain, with enhanced diligence required for complex group structures.

Hong Kong does not use a fixed numerical UBO threshold in the same way as Singapore or Australia. Companies must maintain a Significant Controllers Register listing individuals who hold more than 25% of shares or voting rights, or who exercise significant control by other means. Compliance teams verifying Hong Kong entities need to check not only public registry extracts but the Significant Controllers Register, which is not always publicly accessible and may require direct engagement with the counterparty.

HKMA workshops scheduled for Q1–Q2 2026 are covering supervisory expectations for e-KYB tools, UBO mapping, and corporate risk assessment. The scheduling confirms that regulators expect technology-enabled processes for high-volume corporate onboarding.

India: RBI Master Directions and PMLA obligations

India’s KYB framework operates under two instruments, the Prevention of Money Laundering Act (PMLA) and the Reserve Bank of India’s KYC Master Directions. RBI issued updated KYC Master Directions in November 2025, replacing the 2016 framework and tightening requirements for banks, NBFCs, payment banks, and regulated fintechs.

For corporate customers, regulated entities must verify the company’s legal name, registration details, nature of business, and ultimate beneficial ownership. The PMLA applies a 25% UBO threshold. Any natural person meeting that threshold must be identified, verified, and screened against domestic and international PEP databases, as well as real-time sanctions lists including UNSC, OFAC, and EU designations. Suspicious transaction reports must be filed with the Financial Intelligence Unit India (FIU-IND) within seven days of suspicion arising.

Running KYB verification in multiple Asia Pacific markets

The complexity of multi-market KYB in APAC goes beyond collecting different document sets. Different registries have different data quality standards, different update frequencies, and different levels of public access. A company incorporated in Singapore and operating through a Hong Kong subsidiary creates a verification chain that spans two regulatory regimes with different UBO definitions and different registry access rules. Therefore, one set of KYB checks in APAC can’t satisfy all jurisdictions.

Ongoing monitoring is where regulators across APAC are now directing attention. One-time onboarding checks are no longer enough. The relationship between corporate verification, individual screening, and transaction-level monitoring is examined in this piece on how KYC, KYB, and transaction monitoring work together. For APAC platforms specifically, the onboarding challenges that fintechs face in markets with incomplete registry data are explored in this guide on KYC software approaches in the Indonesian market. AML screening that runs continuously against live watchlists is now the expected standard for any regulated business operating across the region.

Compliance teams running APAC business verification are managing four or more distinct regulatory frameworks at once, each with its own UBO thresholds, registry access rules, and enforcement deadlines. Shufti’s Know Your Business solution connects to business registries, UBO databases, and watchlists across 250+ countries through a single API, so verifying a corporate client in Singapore, Australia, Hong Kong, or India does not require a separate integration for each jurisdiction.

Request a demo to see how multi-market KYB verification works on your own onboarding volumes.