KYB screening: what it checks, when it runs & Re-Screening Triggers

Most compliance teams run a registry lookup, collect a formation document, and call the business verified. That single-pass approach is not what regulators mean when they require Know Your Business screening. The UNODC estimates that between 2% and 5% of global GDP, roughly $800 billion to $2 trillion, is laundered annually, a substantial portion channelled through corporate entities that appear legitimate on paper.

What is KYB screening?

KYB screening is the layer that runs on top of document collection. It cross-references a business against sanctions lists, watchlists, PEP registries, adverse media feeds, and ownership databases, and then keeps doing it after onboarding ends. This article explains what the screening layer checks, how it differs from onboarding verification, and what events are supposed to trigger a re-screen.

What KYB screening actually checks

KYB screening starts where company registration ends. A formation document confirms that a business exists in a legal sense. The screening layer asks the harder question: who controls it, is it clean, and has anything changed?

Company registry and legal status

The first pass checks whether the business is currently active, in good standing, and registered at the address it claims. This step pulls from official commercial registries, cross-referenced in real time where APIs are available. Dissolved entities, suspended licences, and mismatched jurisdictions surface here.

That pass also validates whether the registered director or authorised representative is who they say they are, tying document verification directly to the corporate record.

UBO discovery and ownership mapping

This is where most manuals know your business processes stall. Tracing ownership through holding companies, trusts, and nominee arrangements requires checking multiple registers in sequence, then verifying the identity of any natural person who ultimately holds a controlling stake.

A 2023 Moody’s analysis of 472 million companies found nearly 20 million with shell company characteristics, prompting FATF to call such structures the “getaway car” for global money laundering. Finding the real human controller behind layered entities is the operational challenge the screening layer is designed to address.

Sanctions, PEP, and adverse media screening in KYB

Once the structure is mapped, every person and entity in the chain goes through a screening pass.

Sanctions screening checks the business name and its known controllers against OFAC’s SDN list, the UN Consolidated Sanctions List, EU restrictive measures, HM Treasury, and dozens of national regimes. A sanctioned subsidiary buried three layers deep in an ownership chain counts as exposure for the onboarding institution.

PEP screening looks for politically exposed persons in the ownership or management layer. A director who holds a senior government role may not be sanctioned today but carries a risk profile that demands enhanced due diligence under FATF standards. PEP status does not automatically block onboarding; it triggers additional review.

Adverse media screening adds a fourth data stream: negative news, enforcement coverage, and financial crime associations that do not yet appear on official lists. Regulatory actions often generate press months before they generate a formal sanction. For a well-explained breakdown of how AML screening works across sanctions and adverse media, the KYB and AML functions increasingly share the same data layer.

KYB onboarding vs. KYB screening: what’s the difference?

KYB onboarding is the process of collecting, verifying, and validating the information a business provides when it first applies to work with you. You gather incorporation documents, director IDs, UBO declarations, and proof of address, then verify that those documents are genuine and consistent.

KYB screening is what runs against that verified information once it exists. Onboarding is a one-time act. Screening is a continuous programme that checks verified entities and individuals against live watchlists, news feeds, and registry updates.

The distinction matters practically. A business that passed onboarding two years ago may have added a sanctioned investor last quarter. The Know Your Business obligation does not end at onboarding, and regulators are increasingly clear on this point.

What triggers a re-screening in KYB compliance?

Two models govern re-screening: calendar-based and event-driven.

Calendar-based schedules set a fixed review interval by risk tier. The EU’s Anti-Money Laundering Regulation, which applies fully from July 2027, formalises this in Article 26 of the AMLAR: high-risk customers must be reviewed at least annually, while low-risk customers require review at a maximum five-year interval. The EU AML package also lowers the beneficial ownership identification threshold from “more than 25%” to “25% or more” of shares or voting rights, which means some ownership structures that previously fell below the threshold will need to be re-examined on that basis alone.

Event-driven triggers are what most mature compliance programmes now layer on top of calendar reviews. Common triggers include the following:

• A new person appears in the company’s filing with the corporate registry.
• The business is mentioned in an adverse media story involving financial crime.
• A sanctions list update adds a name that matches an existing UBO or director.
• The entity changes its registered address to a jurisdiction with a higher risk rating.
• Unusual transaction patterns flag a change in the business’s apparent activity.

Calendar-only reviews mean you will often learn about a material change months after it occurred. Event-driven re-screening is what bridges that gap.

Suggested Read: KYB Compliance Guide

How corporate screening differs from individual screening

Individual KYC screens a single person against a defined set of checks: document authenticity, biometric match, sanctions, and PEPs. The subject of the check is a human being with a fixed identity.

Corporate screening is structurally more complex. The entity itself changes over time through ownership transfers, director appointments, new subsidiaries, and licensing changes. Every change can alter the risk profile of the initial screen.

Corporate screening also involves multiple check subjects simultaneously. A company with three directors and two ultimate beneficial owners requires five individual screening passes plus an entity-level sanctions check on the company name itself. That number multiplies in group structures.

The practical implication is that business verification cannot be treated as a single check with a fixed outcome. It is a living record that requires maintenance.

At scale, tracking which corporate clients have changed ownership, which UBO identities have hit a watchlist, and which re-screen deadlines are approaching is not feasible with manual workflows. Shufti’s KYB solution runs company registry checks, UBO discovery, sanctions and PEP screening, and adverse media monitoring through a single API across 250+ countries, with ongoing re-screening built into the same pipeline. Request a demo to see how the screening flow maps to your current onboarding volumes.