KYC is no longer just a bank problem

Written By Daniel ZHANG

For years, “KYC” (Know Your Customer) lived in the world of banks, regulated financial institutions and specialist compliance teams. If you weren’t a bank, you could largely ignore it.

That’s over.

Today, more and more non-financial companies are being pulled into the KYC universe – not because regulators suddenly love them, but because risk has started to flow through supply chains, platforms and ecosystems in new ways.

This shift is quiet, but it’s big. And most businesses are not prepared for it.

Why KYC is spreading beyond finance

There are a few big forces converging:

1. Sanctions and geopolitics

Sanctions are no longer a theoretical concern for a handful of global banks. They have become a very real operational risk for any organisation buying from, selling to or partnering with counterparties across borders.

If a supplier, distributor or marketplace seller ends up on a sanctions list, it’s no longer enough for a company to say, “We didn’t know.”

Boards, investors and the public now expect that basic screening and checks are in place.

2. Reputational and ESG expectations

Large corporates are being held accountable not only for what they do, but for what their suppliers and partners do:

  • Human rights and labour standards

  • Environmental practices

  • Anti-corruption and fraud

To manage these risks, companies are building third-party risk frameworks. At the core of those frameworks?

A simple question: “Who are we really dealing with?”

That’s KYC.

3. Platform and marketplace models

If your business is a platform – a marketplace, a SaaS product with a financial component, a network that connects buyers and sellers – you’re now in the position banks used to be in:

  • You onboard lots of SMEs or merchants.

  • You don’t know most of them personally.

  • Your brand is on the line if something goes wrong.

Again: you need a way to verify who your counterparties are. That’s KYC, even if you don’t call it that internally.

The problem: non-FIs are being told to “do KYC” without tools

Banks at least have:

  • Dedicated compliance and KYC teams

  • Established policies and standards

  • Vendor relationships with data providers

  • CLM / workflow tools (even if they’re clunky)

Most non-FIs don’t have any of that.

What happens instead?

  • Someone in risk, legal or procurement creates a home-grown questionnaire in Word or Excel.

  • Supplier/customer data is collected by email and stored in shared drives.

  • A junior person does manual checks in registries and Google.

  • There’s no consistent scoring, and no clean audit trail.

It’s better than nothing, but as volumes grow, it becomes unmanageable.

Every business is becoming both a KYC subject and a KYC requester

This is the real pivot point.

You are:

  • A KYC subject for your banks, PSPs, insurers, law firms and platforms.

  • A KYC requester for your suppliers, distributors, merchants, agencies and partners.

That dual role is new for many organisations. It creates duplicated work, fragmented data and repeated questions:

  • You fill out multiple KYC packs for different banks – all asking for versions of the same information.

  • You then turn around and ask your own suppliers very similar questions – but with your own format and logic.

The result is a messy, inefficient KYC ecosystem where everyone is repeating everyone else’s work.

What a better approach looks like

A modern approach accepts that:

  1. KYC is networked. Information moves between banks, corporates, platforms and professional firms.

  2. Every organisation plays both roles. Sometimes you provide KYC; sometimes you collect it.

  3. The core data doesn’t change that often. Legal entity, ownership, directors, core documents – these are stable with occasional events.

That suggests three building blocks:

  1. A shared collaboration space

    Where institutions and counterparties work through KYC together, instead of in parallel email threads.

  2. A reusable corporate KYC profile

    A maintained profile you can share with multiple banks and partners, and reuse when you KYC your own counterparties.

  3. Right-sized automation for KYC-light sectors

    A service that provides sensible standards and automated checks for sectors that don’t need a full banking-style compliance department.

That’s the direction we’re building towards with Veridable. Not KYC as a one-off chore attached to a relationship, but KYC as a reusable identity layer that works across relationships.

KYC is no longer just a bank problem. The question is whether your organisation keeps improvising with spreadsheets and email, or builds a structured way to handle this new reality.

Daniel ZHANG
Next

Why Corporate KYC Feels Broken