Introduction
Digital lending platforms are not just credit businesses. Under Nigerian, South African, and Kenyan law, they are reporting entities with full AML/CFT obligations, and the due diligence required for a business borrower goes significantly further than a director's selfie and a six-month bank statement.
KYB for lending platforms means verifying the legal identity, ownership structure, and risk profile of every business that applies for credit, identifying every individual with beneficial ownership of 25% or more, verifying those individuals as UBOs, and screening the entire structure against sanctions, PEP, and adverse media lists. In 2026, this process must occur before disbursement and continue throughout the loan term.
This guide is written for compliance officers, risk teams, and technology leads at digital lenders operating across African markets. It covers what KYB for lending platforms requires, how it differs from standard business onboarding, the UBO identification framework, the document checklist, EDD triggers, Nigeria-specific rules under the CBN and FCCPC, and how automation resolves the tension between compliance rigor and origination speed.
Why KYB for Lending Platforms Is Different From Standard Business Onboarding
Banks and payments fintechs run KYB to satisfy account-opening obligations. Lending platforms face the same base requirements and several additional ones.
1. Credit Risk Assessment Does Not Replace Regulatory Due Diligence
A common assumption among lending compliance teams is that credit underwriting substitutes for regulatory due diligence. It does not.
Credit assessment determines whether a borrower can repay. KYB due diligence determines whether the borrower is legitimate, whether the stated business purpose is genuine, and whether disbursing the loan would expose the platform to money-laundering or sanctions liability. These are separate questions that require separate processes, and regulators treat them as such during inspections.
2. Loan Products Attract Specific Financial Crime Typologies
Lending platforms are specifically targeted by financial crime actors for reasons that are well-documented in regulatory guidance. FATF's 2023 guidance on professional money laundering and the 2025 FinCEN advisory on business credit fraud both identify loan-back schemes as a priority typology.
In a loan-back scheme, a shell company applies for a business loan, draws down the proceeds, and then repays the loan from criminal proceeds, effectively laundering illicit funds through what appears to be legitimate debt repayment. Nigerian EFCC enforcement actions in 2024 and 2025 include multiple cases where digital lenders were used to layer criminal proceeds through exactly this mechanism.
Digital lending platforms with rapid online onboarding are perceived by financial crime actors as offering weaker due diligence than traditional banks. That perception, where accurate, is an open invitation.
3. The Regulatory Perimeter for Digital Lenders Is Expanding
Digital lenders are increasingly classified as reporting entities under AML/CFT frameworks. In Nigeria, the CBN's Revised Framework for Finance Companies 2023 and the FCCPC's Guidelines on Digital Lending 2022 impose customer due diligence requirements on licensed digital lenders. In Kenya, the Central Bank of Kenya's Digital Credit Providers Regulations 2022 require licensed DCPs to maintain full AML/CFT programs, including business borrower verification. In South Africa, the National Credit Act (NCA) as administered by the NCR intersects with FICA AML obligations for credit providers above the threshold.
What KYB for Lending Platforms Must Cover
A lending platform's KYB program for business borrowers must address six core areas without exception.
1. Legal entity verification confirms the business exists, is in good standing, and matches every detail declared in the loan application. A business that appears active in a customer-submitted document but is listed as dissolved in the national registry is an immediate red flag.
2. Director and Authorised Signatory Verification confirms that the individuals applying for the loan are legally authorized to bind the business and are who they represent themselves to be.
3. Ultimate Beneficial Owner (UBO) Identification and Verification identifies and individually KYC-verifies every person with significant ownership or control of the borrowing entity. This is the step most frequently cited in enforcement actions against lending platforms and the step most frequently abbreviated under operational pressure.
4. Business Activity and Purpose Legitimacy confirms that the declared business activity is genuine, the loan purpose is consistent with the business's operations, and the business is not operating in a prohibited sector or jurisdiction.
5. Sanctions, PEP, and Adverse Media Screening covers the entity, its UBOs, and its directors against global and domestic lists before any disbursement occurs.
6. Ongoing Monitoring Through the Loan Lifecycle tracks ownership changes, registry status changes, and sanctions developments while the loan is active, not only at origination.
INTERESTING READ: Why KYB verification is important for AML compliance.
UBO Identification: The Core of Business Borrower Due Diligence
UBO identification for lending platforms means tracing the ownership chain of every borrowing entity until natural persons are identified at every branch, then verifying each person who holds 25% or more aggregated ownership. Where a director or linked individual is a PEP, the threshold drops to 10% under CBN AML/CFT Regulations 2022. Individuals who exercise significant control without meeting ownership thresholds must also be treated as UBOs.
1. The 25% Threshold and When It Drops Lower
The standard UBO threshold under FATF Recommendation 10 and most national AML frameworks is 25% direct or indirect ownership of the borrowing entity. Any individual at or above this threshold must be identified and individually verified.
Several circumstances require a lower threshold:
1. Where a director, shareholder, or linked individual is a Politically Exposed Person, the CBN AML/CFT Regulations 2022 require identifying beneficial owners at a 10% threshold.
2. Where a borrowing entity is incorporated in a FATF high-risk or monitored jurisdiction, enhanced due diligence typically requires applying lower ownership thresholds as part of the overall risk-based approach.
3. Where the ownership structure uses trusts, nominee arrangements, or multi-layer offshore holding companies, the lending platform must look through the structure regardless of any apparent threshold. The obligation is to identify the controlling natural person, not merely to complete a form.
4. An individual who exercises significant control through contractual rights, board appointment rights, or de facto management must be treated as a UBO even if their formal ownership stake falls below 25%.
2. UBO Threshold Reference by Jurisdiction
Jurisdiction | Standard UBO Threshold | Regulatory Instrument |
| Nigeria | 5% (PSC/CAMA 2020); 25% (AML/CFT UBO) | CAMA 2020 s.119; CBN AML/CFT Regs 2022 |
| South Africa | 25% or significant influence | FICA as amended; FIC Directive 5/2023 |
| Kenya | 10% (Beneficial Ownership Register) | Companies (Beneficial Ownership) Regs 2020 |
| United Kingdom | 25% | PSC Register, Companies Act 2006 |
| European Union | 25% | AMLD6 and national transpositions |
| United States | 25% beneficial ownership + one control person | FinCEN Beneficial Ownership Rule 2024 |
| UEMOA Zone | 25% | BCEAO Regulation 02/2015/CM/UEMOA |
Note: Nigeria's CAMA 2020 imposes a 5% PSC disclosure threshold on companies themselves. Lending platforms should use PSC register data as the starting point and then apply their own AML/CFT verification obligations under the CBN's 25% (or lower, for PEP-adjacent) threshold.
3. Resolving UBOs Through Corporate Chains
When the borrowing entity is owned by other companies rather than natural persons, the lending platform must resolve the ownership chain upward until only natural persons remain at every branch. The steps are:
1. Obtain the complete shareholder register of the borrowing entity.
2. For each corporate shareholder, obtain that entity's shareholder register from the relevant national registry.
3. Continue recursively until only natural persons appear at every branch of the ownership tree.
4. Map all natural persons with 25% or more aggregated ownership across all levels of the chain.
5. Identify any individual with significant control even if they fall below the 25% direct ownership threshold.
6. KYC-verify and screen each identified UBO as an individual using a government-issued ID, proof of address, and biometric verification.
In practice, this process across multiple jurisdictions takes days when performed manually and introduces dangerous inconsistency. Automated KYB platforms with multi-registry integration and UBO resolution algorithms resolve this in minutes.
READ ALSO: KYB Verification for Cross-Border B2B Payments in Africa
Real-World Scenario: When a Loan-Back Scheme Passes Undetected
In early 2025, a digital lending platform in Nigeria approved a business loan of ₦45 million to a limited liability company that had been incorporated eight months earlier. The company presented clean-looking CAC documents, a TIN, a six-month bank statement showing regular inflows, and a director with a valid BVN.
What the platform's manual KYB process did not surface: the company's shareholder register, which CAC held on file, listed a single corporate shareholder incorporated in the British Virgin Islands. The BVI company had no UBO registry entry. The real controlling individual, who was later identified in an EFCC investigation, had been designated under the UN Security Council Consolidated Sanctions List three weeks before the loan was approved.
The disbursement was made. Repayment came in full within 90 days from a third-party account with no connection to the declared business. An automated KYB platform with real-time registry integration, UBO resolution across BVI structures, and continuous sanctions screening would have blocked this application at three separate checkpoints before funds left the account.
The EFCC investigation classified the lender as a facilitating institution. The compliance cost, legal fees, regulatory response, remediation, and reputational damage significantly exceeded the face value of the loan.
The Document Checklist for Business Borrowers Across African Markets
Core Entity Documents
Document | Nigeria | South Africa | Kenya |
| Certificate of Incorporation | CAC Certificate | CoR 14.3 / CoR 15.1 (CIPC) | Certificate of Incorporation (BRS) |
| Registration Number | RC Number (CAC) | Company Registration Number (CIPC) | Company Number (BRS) |
| Constitution / Articles | Memorandum & Articles of Association | Memorandum of Incorporation | Memorandum & Articles of Association |
| Tax Registration | TIN (FIRS) | Tax Clearance Certificate (SARS) | KRA PIN Certificate (KRA) |
| Ownership Register | Shareholder Register + CAC Status Report | Beneficial Ownership Register | CR12 + BO e-Register |
| Good Standing / Status | CAC Active Status Confirmation | CIPC Status Print | BRS Good Standing Certificate |
| Proof of Business Address | Utility bill or lease agreement | Utility bill or lease agreement | Utility bill or lease agreement |
1. Director and UBO Documents
For each identified director and UBO, the following must be collected and independently verified:
1. Government-issued photo ID: national ID card, international passport, or driver's license
2. Proof of residential address dated within three months (utility bill, bank statement, or equivalent)
3. BVN (Bank Verification Number) in Nigeria, cross-referenced against the NIBSS database
4. NIN (National Identification Number) in Nigeria where available
5. Source of wealth declaration for UBOs owning 25% or more is required under enhanced due diligence.
6. PEP status self-declaration, cross-checked against independent PEP databases
2. Additional Documents Required for Enhanced Due Diligence
When a business borrower triggers EDD (see criteria below), the compliance file must also include:
1. Audited financial statements for the last two to three years
2. Bank statements for the last six to twelve months
3. Evidence of the source of capital and equity investment
4. A complete group structure chart showing all entities and their ownership percentages
5. Board resolution authorising the loan application and specifying authorised signatories
6. A written explanation of any complex or offshore ownership structures
When Enhanced Due Diligence Is Mandatory for Business Borrowers
Standard CDD applies to low-to-medium-risk business borrowers. EDD is mandatory wherever any of the following risk factors are present, and the platform must document the triggering factors explicitly.
EDD Trigger | Why It Matters for Lending Platforms |
| Offshore or multi-jurisdiction incorporation | Opacity on UBO and beneficial control; harder registry verification |
| PEP-connected UBO, director, or significant controller | Elevated corruption and bribery risk; heightened sanctions exposure |
| Cash-intensive business (restaurants, retail, logistics, fuel) | Loan proceeds harder to trace; business cash flows mask illicit origins |
| Crypto-related business activity | High AML/CFT risk per FATF Virtual Asset guidance |
| New incorporation (less than 12 months old) | Limited operating history; elevated risk of front company |
| Loan purpose inconsistent with declared business activity | Potential indicator of loan-back money laundering scheme |
| Complex ownership structure (four or more layers; nominee involvement) | Deliberate opacity to evade UBO identification |
| FATF high-risk or monitored jurisdiction | Per FATF Public Statement, updated three times per year |
| Prior adverse media, regulatory action, or EFCC involvement | Direct financial crime indicator requiring immediate escalation |
| Disproportionate loan amount relative to business size and age | Inconsistent credit request relative to apparent operating capacity |
EDD must include senior management approval documented before credit is disbursed, a written risk assessment retained on file, verification of source of wealth for principal UBOs, and an accelerated re-verification cycle every six months rather than annually.
AML Obligations That Digital Lending Platforms Must Maintain
1. The Core Programme Requirements
A digital lending platform's AML program, as required by applicable law, must include a written AML policy covering business borrower onboarding, risk rating, and ongoing monitoring. A designated compliance officer with a board-level reporting line is mandatory. Staff training must cover KYB, AML typologies specific to lending, and EDD procedures. A customer risk rating system must be applied to all business borrowers at onboarding and refreshed periodically.
Transaction monitoring must cover loan drawdowns, repayment patterns, and any behavior inconsistent with the stated loan purpose. Suspicious Transaction Report (STR) filing timelines are mandatory: seven days in Nigeria under MLPPA 2022, 15 days in South Africa under FICA. Record retention of all KYB documents and due diligence decisions is required for a minimum of five years in Nigeria, five years in South Africa, and seven years in Kenya. Internal audit of the AML program must occur at least annually.
2. Sanctions Screening Before Disbursement and Throughout the Loan Term
No loan should be disbursed without first screening the borrowing entity, all directors, all identified UBOs, and any guarantors.
Screening is not a one-time event. OFAC adds new designations with immediate effect. A borrower who was clean at origination can be designated while the loan is still active. Lending platforms must run continuous or at minimum weekly screening against updated lists throughout the loan term.
2. Transaction Monitoring for Repayment Anomalies
Lending compliance teams must monitor for repayment patterns that are inconsistent with legitimate business operations.
KYB Red Flags That Loan Officers Must Recognise
The most significant KYB red flags in lending include businesses incorporated less than six months ago seeking large credit amounts; loan proceeds requested for disbursement to a third-party account; directors or UBOs reluctant to provide ownership information; and repayment patterns inconsistent with the declared business, such as accelerated repayment from unrelated third-party accounts. Each of these warrants immediate escalation to the compliance team.
Compliance teams should train loan officers to recognize these indicators during the KYB process:
How Youverify Supports KYB for Lending Platforms
For lending platforms operating across African markets, Youverify's KYB verification platform is built with the specific compliance requirements of African financial institutions, including the regulatory expectations of the CBN, FCCPC, FIC, and FRC.
Lending platforms that have implemented Youverify's KYB platform has reduced business borrower onboarding from five to ten business days to under minutes for standard cases, while producing regulator-ready compliance documentation at every step of the process.
To get started, book a demo today.
Conclusion
KYB for lending platforms is not a compliance overhead; it is the first line of defense against loan-back money laundering, sanctions exposure, and the regulatory consequences that follow both. In 2026, the legal obligation to conduct rigorous business borrower due diligence is unambiguous across Nigeria, South Africa, Kenya, and globally, and regulators have signaled that enforcement against digital lenders will continue to intensify as the sector grows.
The compliance obligation is fixed. The efficiency of meeting it is entirely within the platform's control.
About The Author
Victoria is a compliance writer at Youverify covering KYB, AML, and identity verification across African financial markets. She specializes in the intersection of digital lending regulation and financial crime compliance, with a focus on Nigeria's CBN and FCCPC regulatory framework and the practical challenges facing fintech credit platforms operating at scale. Her analysis draws on primary sources including CBN circulars, FATF guidance publications, FCCPC registration frameworks, and EFCC enforcement records.