Seven out of ten financial institutions lost clients last year because onboarding took too long.
Not because compliance was too strict. Not because the client was high-risk. Because the process was slow, repetitive, and asked clients for information the institution could have found itself.
That number has climbed every year since 2022, when it sat at 48%. It's getting worse, not better.
Here's what most onboarding guides get wrong: they lump everything together. Retail KYC, digital app signups, corporate due diligence — all in one article. But the real bottleneck isn't verifying a person's passport. It's verifying the company behind them.
That's KYB — Know Your Business. It's harder, slower, and more expensive than individual KYC. And it's where most onboarding failures actually happen.
This guide focuses specifically on corporate client onboarding. Verifying entities. Tracing ownership. Assessing risk. The stuff that takes 100 days when it should take 10.
Consumer KYC vs. Corporate KYB: Why It Matters
When you onboard an individual, you verify their identity and check them against a sanctions list. Many institutions automate this end-to-end. Done in minutes.
When you onboard a business entity, you enter a different world.
You need to confirm the company is legally registered and active. You need to identify who owns it — not just the shareholders on paper, but the natural persons who ultimately benefit from or control it. You need to screen those people against sanctions lists, PEP databases, and adverse media. And you need to do this across potentially dozens of jurisdictions, each with different data availability and different rules.
| Consumer KYC | Corporate KYB | |
|---|---|---|
| Verification target | Individual identity | Entity + ownership structure |
| Timeline | Minutes to hours | Days to weeks |
| Data sources | ID documents, address proof | Government registries, corporate filings, UBO databases |
| Complexity | Fraud detection | Multi-layered ownership across borders |
| Automation | High (STP possible) | Lower — human review usually required |
Why Corporate Onboarding Breaks: 5 Root Causes
Onboarding doesn't fail because compliance teams are careless. It fails because the data infrastructure underneath is fractured, and the process design hasn't caught up.
1. Registry data is incomplete — and wildly inconsistent
Not all countries maintain publicly accessible beneficial ownership registries. And even where they exist, quality varies enormously. Delaware has been called "the world's black hole of information" by KYB practitioners. The UK's PSC register looks comprehensive, but it doesn't actually contain shareholder percentage data as a searchable field — that has to be manually extracted from documents.
In March 2025, the US gutted its Corporate Transparency Act for domestic entities. Only foreign companies registered to do business in the US still need to report beneficial ownership. The global landscape is a patchwork, and it shifts constantly.
2. Clients get asked for data you should already have
Forrester found that the average customer is contacted ten times during onboarding. Each touchpoint is a dropout risk. If you're emailing a client to ask for their certificate of incorporation when it's sitting in a public registry, you're adding friction that didn't need to exist.
3. Your systems don't talk to each other
KYB data in one platform. AML screening in another. Case management in a third. The compliance analyst ends up copy-pasting between tools and maintaining their own spreadsheet to track where each client stands. No single view. No clear status. Just fragmentation.
4. Every client gets the same process
A publicly listed company in Switzerland doesn't need the same due diligence as a multi-layered holding structure domiciled across three offshore territories. But many institutions run every entity through the same pipeline. Low-risk clients wait too long. High-risk clients don't get enough scrutiny.
5. You check once and never look again
The entity you onboard today might look completely different in six months. Directors change. Ownership structures shift. Sanctions lists get updated. If your process only looks at a client once, you're building a gap that widens with every day that passes.
The 7-Step Corporate Client Onboarding Process
Here's a practical framework for onboarding corporate clients. Each step builds on the last. Skip one, and the rest falls apart.
Pre-screening and client intake
Before you commit analyst time, filter out obvious rejections. Collect the basics: legal entity name, registration number, country of incorporation, nature of business, products requested. Run an initial screen against sanctions lists and adverse media.
The goal isn't thoroughness — it's efficiency. A shell company registered in a high-risk jurisdiction requesting complex trade finance doesn't need a 40-day review. It needs a fast no.
Entity verification
Confirm the business is legally registered, currently active, and matches what the client told you. Check official government registries for: registration status, incorporation date, registered address, legal form, and business activities.
In cross-border situations, a single client may have subsidiaries registered in ten or more countries. Each one needs to be verified against its local registry. This is where direct access to primary-source registry data matters — if your database scraped the information six months ago, you might be looking at a company that's since been dissolved or struck off.
Ownership structure and UBO identification
This is the step that stalls everything. And it's the one that matters most.
You need to trace ownership from the entity you're onboarding to the natural persons who ultimately own or control it. Most jurisdictions use a 25% threshold — but India applies 10%, the EU allows member states to go as low as 15% for high-risk sectors, and South Africa uses 5% for certain financial institutions.
The real challenge: ownership is rarely simple. Company A is owned by Company B (Netherlands), which is owned by a trust (Jersey), whose beneficiaries are three individuals — one of whom is also a director of Company C. Tracing these chains across jurisdictions is where the bulk of analyst time gets consumed.
Automated UBO tracing that pulls ownership data directly from government registries can compress weeks into hours. But even with automation, complex structures need human judgment. The question isn't whether analysts are needed. It's whether they're spending time on analysis or data collection.
Risk assessment and due diligence tiering
Not every client needs the same scrutiny. Assign a risk tier based on: jurisdiction risk, industry risk, ownership complexity, PEP exposure, and sanctions proximity.
Simplified due diligence — publicly listed companies, regulated entities, government bodies. Fast-track these.
Standard due diligence — the majority of your pipeline. Standard checks, standard timelines.
Enhanced due diligence — complex ownership, opaque jurisdictions, PEP involvement, adverse media. Deeper investigation, senior sign-off.
The goal isn't to eliminate risk. It's to put analyst effort where it actually changes the outcome.
Document collection and verification
Collect supporting documents — but only what the risk tier requires. Don't ask a low-risk public company for the same document set as a complex multi-layered structure.
Two things accelerate this dramatically. First, pre-populate as much as possible from registry data before asking the client for anything. If you already have their directors, registered address, and filed financials from the source registry, don't ask them to provide what you already know. Second, use a secure digital portal — not email. It creates an audit trail, cuts security risk, and gives both sides visibility on what's been received and what's outstanding.
Compliance review and approval
Consolidate everything into a single case file. Entity verification. Ownership structure. Risk assessment. Screening results. Supporting documents. The file needs to tell one clear story: who is this entity, who controls it, what risk does it present, and what evidence supports the decision.
This matters because regulators don't just evaluate your outcome. They evaluate your evidence trail. The 2025 MAS enforcement cases were explicit: institutions were penalized for failing to evidence their KYB process, even when the underlying decision was correct. A correct answer with no documentation is treated the same as a wrong answer.
Ongoing monitoring and periodic review
Onboarding doesn't end at approval. The regulatory direction globally is toward perpetual KYC — continuous, event-driven monitoring instead of annual calendar reviews.
Set up automated alerts for: ownership changes, director appointments, company status changes (dissolved, struck off), financial health shifts, new sanctions designations, and adverse media. Catch material changes as they happen, not twelve months later when someone remembers to check.
Real-time data feeds from government registries make this practical. Instead of manually re-checking each client on a schedule, you get flagged when a filed document shows a new shareholder, a director resignation, or a status change.
The Role of Government Registry Data
Every step above depends on one thing: accurate, current, authoritative data about the entity being onboarded.
The problem is that company data is scattered across hundreds of government registries worldwide. Each one has different formats, access methods, update schedules, and coverage. Some are free. Some are paid. Some require in-country access or local language capabilities.
Many compliance teams rely on data aggregators that scrape or license registry data and store it in their own databases. This creates a lag. The data you're looking at might be weeks or months old. For a compliance decision that depends on whether a company is currently active or who its current directors are, stale data is a material risk.
First-party registry data — pulled directly from the issuing government registry at the time of your query — solves this. You get the same information the registry holds, at the moment you need it.
Platforms like Global Database connect directly to over 400 government registries worldwide, providing first-party company data across more than 200 countries — including registration details, ownership structures, financial statements, and director information.
The point isn't that technology replaces compliance. It's that when analysts spend less time hunting for data and more time evaluating it, onboarding gets faster without getting thinner.
5 Compliance Pitfalls That Keep Showing Up
These aren't theoretical risks. They come from enforcement actions and audit findings.
❌ Relying on what the client tells you
Clients fill in what's convenient. That doesn't make it accurate. They might simplify their ownership structure, omit inactive subsidiaries, or provide outdated director names. Always verify against official registry sources. Self-declared information is a starting point, not evidence.
❌ Treating onboarding as a one-time gate
Perpetual KYC is the direction regulators are moving — continuous monitoring, not annual check-the-box reviews. The EU's AML package is tightening this. FATF guidance is explicit: customer due diligence is a continuous obligation. Annual reviews are the minimum, not the standard.
❌ Audit trails that live in email
Can you reconstruct exactly what data you checked, when, and how it informed your decision — for any client, at any time? If the answer requires searching through inboxes, that's a failure waiting to happen. MAS penalized institutions for this exact gap: correct decisions with no documentation trail.
❌ Applying one UBO threshold globally
The 25% threshold isn't universal. India uses 10%. South Africa goes to 5%. The EU allows 15% for high-risk sectors. The US has largely exempted domestic entities. Your process needs to account for these differences — otherwise you're over-compliant in some jurisdictions (burning analyst time) and under-compliant in others (creating exposure).
❌ Over-engineering it for low-risk clients
If a publicly listed, regulated entity in a transparent jurisdiction takes three weeks to onboard, your process is broken. Risk-based tiering means low-risk clients move fast. That's not cutting corners — that's directing resources where they're actually needed. The 70% of institutions losing clients aren't losing complex, high-risk cases. They're losing straightforward clients who expected a process that matched their risk profile.
The Bottom Line
Client onboarding for financial institutions is a compliance obligation, a risk management function, and a client experience problem — all at once. Most institutions solve for one and let the other two suffer.
The institutions that get it right share a few things in common. They separate individual KYC from corporate KYB and build dedicated processes for each. They use first-party government registry data as the foundation for entity verification and UBO identification. They apply risk-based tiering so simple cases move fast and complex cases get real scrutiny. And they treat onboarding as continuous — not a gate to walk through once and forget about.
The data infrastructure behind your onboarding process determines how fast you move, how thorough you can be, and how well your decisions hold up when a regulator asks to see your work.
Get the data right. The rest follows.
See how first-party data from 400+ government registries can reduce onboarding time and strengthen your compliance posture.
Explore Global Database →Client onboarding is the process of bringing a new customer into a financial institution while meeting regulatory requirements for anti-money laundering (AML), counter-terrorist financing (CTF), and Know Your Customer (KYC) or Know Your Business (KYB) compliance. For corporate clients, this involves verifying the entity's legal existence, identifying its ultimate beneficial owners, assessing risk, collecting supporting documentation, and establishing ongoing monitoring.
KYC (Know Your Customer) verifies individual clients — confirming they are who they claim to be using identity documents and sanctions screening. KYB (Know Your Business) verifies corporate entities — confirming a company is legally registered, tracing its ownership to identify ultimate beneficial owners, and assessing entity-level risk. KYB is significantly more complex because it involves multi-layered ownership structures spanning multiple jurisdictions with different disclosure requirements.
It varies widely. McKinsey's research puts the average at up to 100 days. Fenergo's 2025 data shows UK corporate banks averaging over six weeks. However, institutions with automated entity verification, digital portals, and risk-based tiering can onboard low-risk entities in days. The biggest time sink is usually UBO identification — tracing ownership chains across jurisdictions. Automating that step alone can compress the overall timeline dramatically.
An Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a legal entity. Most jurisdictions set the threshold at 25% ownership or voting rights, though India uses 10%, the EU allows as low as 15% for high-risk sectors, and South Africa applies 5% for certain entities. UBO identification is a regulatory requirement because financial institutions must know who is behind the corporate structures they do business with — to prevent money laundering, terrorist financing, and sanctions evasion.
Requirements vary by jurisdiction and risk tier, but typically include: certificate of incorporation, articles of association, shareholder register, proof of registered address, director and officer details, recent financial statements, and proof of identity for identified UBOs. Institutions applying risk-based tiering should match document requirements to the risk level — a publicly listed company doesn't need the same documentation as a complex multi-layered holding structure.
Fenergo's 2025 data shows 70% of institutions lost clients to slow onboarding. The main causes: excessive document requests (asking for information available from public registries), long processing times from manual data collection, poor communication about status, and one-size-fits-all processes that subject low-risk entities to the same treatment as high-risk ones. Most clients don't complain. They just leave and go to a competitor with a faster process.
Perpetual KYC (or continuous monitoring) replaces the traditional model of annual reviews with ongoing, event-driven monitoring. Instead of checking a client's status once a year on a calendar reminder, the institution monitors for material changes — ownership shifts, director changes, new sanctions designations, adverse media, company status updates — as they happen. This is increasingly expected by regulators, since annual reviews miss changes that occur between cycles.
Three changes deliver the fastest results. First, use government registry data to pre-populate entity information instead of asking the client for data you can obtain yourself. Second, implement risk-based tiering so low-risk entities flow through a streamlined path. Third, replace email-based document collection with secure digital portals. These reduce manual effort and processing time without reducing compliance rigor.
Global AML fines totaled $4.6 billion in 2024. In July 2025, MAS fined nine institutions S$27.45 million for KYB failures linked to a S$3 billion money laundering case. The UK's FCA imposed over £49.1 million in fines across sectors in 2024, more than triple the prior year. Critically, institutions are penalized not for lacking policies but for failing to document their verification process. Regulators evaluate both the decision and the audit trail behind it.
Government registries are the authoritative source for company information. Connecting directly to them — rather than relying on cached third-party data — ensures the information is current when you need it. This accelerates entity verification, enables automated UBO tracing across jurisdictions, reduces the number of document requests sent to clients, and powers real-time monitoring through registry change alerts. Platforms like Global Database provide direct access to over 400 registries across 200+ countries for this purpose.