KYB Verification.

Business name, registration number, tax identification, incorporation date, and jurisdiction, validated against the corporate registry where machine-accessible (all 50 US states, UK, EU member states, major LATAM jurisdictions). For non-registered entities, uploaded proof-of-incorporation documents are machine-read and validated for format + consistency before a human reviewer.

Every individual or entity holding ≥25% of the org is disclosed in an ownership structure diagram, identity-checked at the individual level, and screened through the sanctions and PEP lists. For entities with complex ownership (VC-backed, PE-backed), the chain is walked up to the ultimate natural-person owners — or, where regulation permits, stopped at a regulated investor entity with its own KYB in good standing.

OFAC's Specially Designated Nationals (SDN) list, OFAC sectoral sanctions, the EU consolidated sanctions list, the UN Security Council Consolidated List, HM Treasury's financial sanctions targets, and 40+ national watchlists. Screening uses fuzzy name matching tuned to minimise false negatives — any hit triggers manual review before the org is admitted, never autopassed.

PEP screening on every disclosed director and UBO against a licensed PEP database covering heads of state, ministers, senior military, senior judiciary, diplomatic corps, and state-owned-enterprise senior management — plus immediate family members and close associates. PEP status does not automatically disqualify an org; it routes the application to enhanced due diligence.

Open-source intelligence scan for material negative coverage — fraud allegations, regulatory enforcement, criminal indictments, material litigation, executive-level misconduct. The scan is time-bounded (default 60 months) and severity-graded so that trivial PR events do not flag.

Uploaded incorporation documents (certificate of incorporation, equivalent jurisdiction instrument) OCR-extracted and validated against the legal entity data. Expected to match; discrepancies are flagged for manual resolution before verification completes.

An authorised admin of the org kicks off KYB from SHIELD. TECH creates a Persona inquiry tied to your org id, generates a signed one-time-use URL, and redirects the admin to Persona's hosted flow. A webhook URL is registered for Persona to call back with results.

The admin uploads incorporation proof, fills in beneficial ownership (with an interactive structure builder), provides director details, and identity-verifies themselves as the submitter (ID document + selfie liveness via Persona's hosted flow). Persona handles the actual capture, OCR, identity binding, and PII processing — TECH never sees raw documents.

Persona runs the six checks in parallel and returns a pass, fail, or manual-review outcome per check. Most orgs complete all six checks within 8–12 minutes. Edge cases (complex UBO chains, non-US jurisdictions, name collisions on sanctions lists) route to a human reviewer with up to 24-hour turnaround.

Persona's webhook posts the results to TECH. We HMAC-verify the payload, write a KYBResult row per check, transition the org's kyb_status to verified/failed/pending, and recompute the SHIELD Trust Score. All state transitions are logged to ComplianceLog with timestamps.

After initial verification, SHIELD does not stop checking. Every night at 03:15 UTC, a Celery beat task re-runs sanctions + PEP + adverse media against every verified org and writes the results. A new hit triggers a SHIELD alert, a Trust Score recomputation, and — if the hit severity is critical — an automatic freeze on the org's matches pending a human review.