If your business has been expanding into European markets, onboarding EU suppliers, merchants, PSPs, distribution partners, or regulated clients is probably not something you expected to be this complicated. On paper, bringing a German GmbH or a Dutch BV on board as a business partner looks like a straightforward verification exercise. In practice, it is one of the most operationally demanding compliance challenges a U.S.-based compliance or operations team can face.

The reason is not just regulatory. It is structural. The European Union is 27 sovereign member states, each with its own company registry, its own documentation standards, its own approach to beneficial ownership disclosure, and in many cases its own language. Add to that a rapidly evolving AML regulatory framework at the EU level, and you have a situation where the goalposts are moving at the same time as the pitch itself is uneven.

U.S. companies are increasingly embedded in European business relationships. Whether you are a fintech platform onboarding EU payment service providers, a SaaS company contracting with EU corporate clients, a payments infrastructure provider working with EU merchants, or a fund administrator dealing with EU-based corporate counterparties, the volume and complexity of cross-border KYB onboarding is only growing. And as Regulation (EU) 2024/1624, the EU's new Anti-Money Laundering Regulation (AMLR), takes direct effect from 10 July 2027, the regulatory floor is rising for everyone in this space, including third-country entities transacting in the EU.

This guide is for the compliance leads, operations managers, and onboarding teams who are living with this complexity every day. We are going to walk through why EU business onboarding is more complex than domestic onboarding, what typically breaks in practice, what a well-structured KYB workflow actually looks like, and how to build something that holds up under audit pressure.

Why EU Business Onboarding Is More Complex Than U.S. Teams Expect

1) There Is No Single EU Company Registry

This is the point that surprises U.S. teams most often. There is a common assumption that the EU, as a unified economic bloc, must have a central company registry you can query once and get back everything you need. It does not work that way.

Each of the 27 EU member states maintains its own national business register. The EU does operate a system called BRIS (Business Registers Interconnection System), which went live in 2017 and allows users to search for basic company information across member states through the European e-Justice Portal. But BRIS is a connectivity layer, not a comprehensive compliance tool. It provides basic harmonised company existence checks, legal form, registered seat, registration number; but does not include full financial statements, beneficial ownership data, or the detailed filings that KYB requires. For that, you need to go to each national register, individually, on each country's terms.

Germany alone runs three separate registers: the Handelsregister, the Unternehmensregister, and the Transparenzregister, each with overlapping but inconsistent data. France's registry portal, Infogreffe, is entirely in French with no English interface, and shareholder data is only accessible by purchasing and reading individual documents per company. A complete KYB pack from the French registry can cost in the region of €73 per entity. Italy, France, and Spain all require payment for most filings and financial statements, while countries like Denmark and Poland provide broader access free of charge.

This is not a minor administrative inconvenience. For a U.S. team onboarding dozens or hundreds of EU business partners across multiple jurisdictions, it means that a standardised, scalable verification process does not exist at the source-data level. You have to build it.

2) Beneficial Ownership Is a Fragmented and Evolving Picture

The second layer of complexity is beneficial ownership, and it matters enormously under both current EU law and incoming AMLR requirements.

Under the EU's 4th Anti-Money Laundering Directive, member states were required to establish central beneficial ownership registers. The 5th AMLD extended this and introduced the concept of public access. But in November 2022, the Court of Justice of the EU (CJEU) struck down open public access to beneficial ownership registers, ruling that it was a disproportionate interference with privacy rights under the EU Charter. Countries including Belgium, the Netherlands, and Luxembourg suspended public access to their UBO registers immediately following that ruling.

This means that UBO data, which sits at the heart of any meaningful KYB process, is now restricted to competent authorities, FIUs, and obliged entities conducting customer due diligence in most EU member states. For U.S.-based companies that are not themselves EU-supervised obliged entities, access to UBO register data may require demonstrating legitimate interest through a country-specific process. That process varies by jurisdiction and is not always straightforward.

The incoming AMLR (Regulation EU 2024/1624), which takes effect in July 2027, significantly strengthens and harmonises beneficial ownership requirements across the EU. Crucially, it also mandates that foreign entities, register beneficial ownership information in EU member states' central registers before conducting business transactions. Non-compliance can restrict operations in the EU. The AMLR also standardises the 25% ownership threshold for identifying a beneficial owner across all EU member states, though the European Commission retains the ability to lower this to 15% for high-risk sectors. Whenever entering into a new business relationship with a legal entity under the AMLR, obliged entities must collect valid proof of registration or a recently issued excerpt of the register confirming validity of registration.

What this means practically: if your EU business partner has a complex ownership structure involving holding companies, trusts, or cross-jurisdictional shareholding chains, resolving beneficial ownership is not a checkbox exercise. It requires document-level analysis, sometimes in multiple languages, and the legal frameworks governing what you need to collect and verify are currently in a state of transition.

3) Documentation Standards Vary Significantly by Country

There is no standardised EU onboarding document pack. A compliance team in the U.S. building a single KYB checklist and applying it uniformly across EU partners will encounter immediate friction. What constitutes an acceptable incorporation document, what information it is required to contain, whether financial statements are publicly available, and how often filings must be updated all vary by country and legal form.

Company types themselves are not uniform. Germany uses GmbH, France uses SARL, Spain uses SL, the Netherlands uses BV, and each carries different structural implications for how ownership and control are evidenced. These distinctions are not just nominal. They affect which documents exist, what they contain, and how they need to be interpreted.

Add the language dimension to this, and you have a significant operational challenge. A set of Polish incorporation documents, a German Handelsregister extract, or a French statuts constitutifs will need either certified translation or a compliance team member who can read and verify the relevant language. Neither is cheap or fast at scale.

The Operational Problems That Actually Cause Onboarding to Break

It would be easy to attribute cross-border KYB failures to regulatory complexity alone. But in practice, a significant share of the operational damage happens not in the regulatory layer but in the internal infrastructure layer. Here is what that typically looks like in U.S. teams.

Documents Scattered Across Email Threads

The most common starting point for KYB onboarding at growth-stage companies is the inbox. A counterparty emails over their incorporation documents, a shareholder list, and a UBO declaration. Those files land in an email thread. They may get forwarded to a compliance reviewer. They may be downloaded into a shared folder. They may not make it past the inbox at all.

When an auditor asks for evidence of KYB at the point of onboarding for a relationship that started 18 months ago, the answer is often a long, uncomfortable search through historical email. What was collected? When? By whom? Was it complete? Has it been refreshed? The documentation trail is either absent or unreliable, and neither answer is acceptable in a regulated context.

Expiry or Renewal Tracking

Documents expire. A certificate of good standing, a UBO declaration, a PEP screening result, a company registration extract — all of these have either a formal or a practical shelf life. EU regulators and auditors expect that your verification remains current, not that you verified once and assumed nothing changed.

Under the AMLR's ongoing monitoring obligations, obliged entities are required to keep customer due diligence documentation up to date. Article 26 of Regulation (EU) 2024/1624 specifically addresses ongoing monitoring of the business relationship. But without a system that tracks document expiry dates and triggers renewal requests, this obligation gets missed. Teams find out a document has expired when an auditor flags it, not before.

Inconsistent Standards Between Teams

In companies where compliance and operations sit in different departments — or where different business units manage their own partner relationships — onboarding requirements will drift unless there is a formal, enforced standard. One team asks for articles of association and a UBO declaration. Another asks for a certified registry extract and proof of registered address. A third accepts a scanned copy of whatever the counterparty sends. The result is a patchwork of files with no common baseline, which creates both compliance gaps and audit risk.

Delayed Approvals and No Visibility Into Status

Without a structured workflow, approvals are ad hoc. A compliance reviewer may not know that an onboarding submission is waiting for their input. A relationship manager may not know whether their new partner has passed KYB. Senior management has no dashboard view of how many partners are in progress, how many are approved, and how many are overdue. The absence of visibility creates both business friction and risk exposure. Relationships get started before KYB is complete. Revenue is delayed because onboarding is stuck. And when things do go wrong, there is no audit log to demonstrate that proper process was followed.

The Core Documents Typically Required for EU KYB

While requirements will vary by your regulatory context, the jurisdiction of the entity being onboarded, and your risk-based assessment, the following represents the baseline document set that most KYB processes for EU companies will require. This is not an exhaustive legal checklist, your compliance programme should define your specific requirements, but it reflects the common practice in regulated business onboarding across EU jurisdictions.

Company registration and incorporation documents are the foundation. These include the certificate of incorporation (or local equivalent), the articles of association or memorandum of association, and any amendments to those founding documents. The FATF requires institutions to obtain a certificate of incorporation and provisions regulating the power to bind the legal person. You should always extract registration numbers, date, status, and registered office from official business registries.

A recent extract from the relevant national company registry confirms current status, legal form, and registered address. Because update frequencies vary between member state registries, "recent" matters here, a registry extract from 18 months ago has limited assurance value.

Beneficial ownership documentation is required to evidence who ultimately owns or controls the entity. This includes a completed UBO declaration, supported by documentary evidence of the ownership chain where the structure involves intermediate holding companies or nominee shareholders. Under the incoming AMLR, obliged entities must collect valid proof of registration or a recently issued register excerpt every time they enter a new business relationship with a legal entity.

A shareholder register or shareholder list showing current ownership percentages is typically required alongside the UBO documentation. Where shareholding is held through other legal entities, the chain needs to be traced to the natural persons at the top.

Proof of registered address, often in the form of a utility bill, lease agreement, or recent bank statement in the company's name, confirms that the registered address is genuine and current.

Tax identification documentation, including VAT certificates and national tax numbers where applicable, supports verification of legitimate business activity and regulatory standing.

Where the entity operates in a regulated sector — payments, e-money, financial services, gaming, crypto assets — licensing documentation from the relevant national competent authority is required. This should include evidence that the licence is current and in good standing, not simply that one was issued at some point in the past.

For higher-risk relationships or enhanced due diligence cases, you may also need management accounts or audited financial statements, board resolution authorising the business relationship, and evidence of the nature of the business including website, business description, and source of funds.

How to Build a KYB Onboarding Workflow That Scales

The difference between a KYB process that holds up at scale and one that collapses under audit pressure is not primarily about which documents you collect. It is about how you collect them, how you store them, how you track them over time, and how you evidence the decisions you made and when you made them.

Here is what a scalable, audit-ready KYB workflow looks like for cross-border EU business onboarding.

Centralised Document Collection With Structured Request Workflows

Rather than collecting documents through email or shared drives, a compliant onboarding process uses a centralised platform that sends structured document requests to counterparties and collects submissions in a controlled, trackable environment. This achieves two things simultaneously: it ensures consistency in what is requested, and it creates a timestamped record of what was submitted, when, and by whom.

For cross-border EU onboarding, this means your document request templates need to account for jurisdiction-specific requirements. A request sent to a Spanish SL will have slightly different requirements than one sent to a German GmbH, and your workflow needs to reflect that without creating a manual customisation burden every time.

Risk-Based Review With Defined Approval Hierarchies

Not all business relationships carry the same risk profile, and your KYB workflow should reflect that. A risk-based approach means that counterparties assessed as lower risk move through a streamlined verification process, while higher-risk relationships trigger enhanced due diligence, additional documentation requirements, and senior sign-off. The AMLR and preceding AMLD framework both require that obliged entities calibrate their due diligence measures to the risk presented by the customer, the business relationship, and the relevant transaction.

Risk factors relevant to EU business onboarding include the jurisdiction of incorporation and operation, the industry sector, the complexity of the ownership structure, whether the entity is active in sectors subject to enhanced scrutiny under the AMLR (crypto assets, high-value goods, professional football), the nature of the intended business relationship, and the results of sanctions and PEP screening.

Approval hierarchies should be defined in your compliance policies, with clear rules about which risk tiers require which level of sign-off. This documentation matters at audit: you need to be able to show not just that a decision was made, but that it was made by the right person with the right authority.

Expiry Tracking and Automated Renewal Alerts

Every document in your KYB file has either a formal expiry date or a practical refresh requirement. Your workflow needs to track both and trigger renewal requests before expiry, not after. This is operationally straightforward if it is built into your document management system. It is nearly impossible to maintain reliably through spreadsheets or manual calendaring across a portfolio of dozens or hundreds of EU business relationships.

Renewal cadence should be calibrated to risk. Higher-risk relationships should be subject to more frequent periodic review. Changes in risk profile, for example, a change of ownership at a counterparty, a news item flagging regulatory action, or a sanctions screening alert, should trigger out-of-cycle review regardless of when the last scheduled review occurred.

Immutable Audit Logs and Timestamped Records

For every KYB decision, approval, rejection, escalation, periodic review, document expiry, there needs to be a clear, timestamped, immutable record. This is what "audit-ready" actually means in practice. Not just that you can produce a document file for a counterparty, but that you can produce a chronological, attributed record of every action taken on that file from initial onboarding through to the present date.

Under the AMLR, Article 24 requires that obliged entities report discrepancies they find between information in central registers and information they have collected as part of their own CDD process, without undue delay and within 14 calendar days of detection. Without a system that logs document collection and review in real time, meeting this kind of requirement is guesswork.

Why Spreadsheet-Based Processes Fail at Scale

It is worth spending a moment on spreadsheets specifically, because they remain the most common KYB infrastructure at companies that have not yet invested in purpose-built tooling. They are free, familiar, and flexible. They are also structurally inadequate for cross-border KYB compliance at any meaningful scale.

The core problem is not that spreadsheets cannot hold the right data. It is that they offer no version control, no accountability framework, no workflow enforcement, and no meaningful audit trail. When a cell is updated in a shared spreadsheet, who made that change? When? Based on what evidence? The answer is that you cannot reliably know, because spreadsheets are not designed to record that information.

For a regulated business onboarding EU partners, this creates several specific failure modes. There is no reliable way to track document expiry across a large portfolio. There is no mechanism to enforce consistent standards across different team members. There is no workflow to route approvals through the right hierarchy. And when an auditor asks for evidence of your onboarding process and decision-making trail, a spreadsheet does not answer that question.

As the number of EU business relationships grows, and as the regulatory expectations under the AMLR raise the bar for what "adequate" CDD looks like the gap between spreadsheet-based processes and compliant onboarding infrastructure widens. The transition from spreadsheets to a purpose-built system is not an IT upgrade. It is a compliance risk reduction exercise.

What Audit-Ready KYB Infrastructure Should Looks Like

An audit-ready onboarding infrastructure is not defined by any single technology. It is defined by the controls it enforces and the evidence it produces. In practical terms, for a U.S. company onboarding EU business partners, this means the following things need to be true.

There is a central, secure repository for all KYB documentation, with controlled access permissions that limit who can view, edit, or approve files based on their role. This is not a shared drive. It is a structured system where documents are filed against specific counterparty records and can be retrieved instantly in their complete, current form.

Every document has a recorded collection date, a recorded reviewer, and a recorded review outcome. Every change to a document file is logged with a timestamp and attributed to a named user. This log cannot be edited. It is the record of your compliance decision-making, and it needs to hold up under forensic examination.

Renewal alerts are automated and proactive. You are not relying on someone remembering to check when documents expire. The system knows when each document is due for refresh and initiates the renewal process with enough lead time to collect updated documentation before the existing version lapses.

Onboarding templates are standardised and jurisdiction-aware. A team member onboarding a new EU counterparty does not need to construct a document request from memory or prior experience. The system generates the appropriate request based on the counterparty's jurisdiction, entity type, and risk classification.

Reporting and dashboards give compliance leadership real-time visibility into the state of the entire EU partner portfolio: how many are fully onboarded, how many have pending items, how many have documents approaching expiry, and how many have been flagged for enhanced review.

Best Practices for Cross-Border Compliance Teams Managing EU Onboarding

A few practical principles for teams managing EU onboarding at scale across multiple markets.

1. Standardise your baseline requirements globally, then localise only where the law requires it. The temptation is to create a custom checklist for every country. The result is unmanageable. A better approach is to define a single global baseline that covers the core KYB requirements, and then apply country-specific overlays only where local law demands something different.

   
   

2. Create documented onboarding playbooks that your team can follow without relying on institutional knowledge held by one or two experienced compliance professionals. Playbooks should cover what documents are required, what constitutes an acceptable version of each document, how to handle incomplete submissions, and when to escalate. This matters especially for EU onboarding because the documentation landscape is genuinely complex, and teams turn over.

   
   

3. Align your compliance and operations teams on the same onboarding workflow. One of the most common sources of onboarding delay and inconsistency is a disconnect between the relationship management team (who want to get the partner live quickly) and the compliance team (who need complete documentation before approval). Clear workflow design, shared visibility into onboarding status, and defined SLAs for each stage reduce this friction significantly.

   
   

4. Reduce manual review dependency wherever you can without compromising risk assessment quality. This means using automated registry data retrieval where available, building sanctions and PEP screening into the workflow rather than treating it as a separate manual step, and using risk scoring to route cases to the appropriate review tier automatically.

   
   

5. Finally, document your decisions not just your document collection. The question an auditor asks is not "did you collect this document?" It is "why did you make the onboarding decision you made?" Your records need to answer that question for every counterparty in your portfolio.

Conclusion: Onboarding Infrastructure Is Operational Risk Management

There is a tendency to frame KYB onboarding as a compliance cost, something you do because you have to, in order to keep regulators satisfied. That framing misses the point, and it leads to under-investment in the infrastructure that actually matters.

Cross-border KYB onboarding, done well, is how you know who you are in business with. It is how you protect your company from being used as a channel for financial crime. It is how you build the kind of counterparty relationships that hold up when things get difficult. And as the EU's regulatory framework evolves under the AMLR — requiring broader coverage, higher evidential standards, and more robust ongoing monitoring; it is increasingly how you demonstrate operational fitness to regulators, banking partners, and institutional clients.

About SpeedyDD

SpeedyDD is a KYB and due diligence platform built for regulated businesses that need to maintain compliance without operational chaos. Our mission is to help complex, regulated businesses stay audit-ready across every business relationship, across borders, across sectors, and across the full lifecycle of a partnership.

SpeedyDD connects with over 3000 corporate registry data sources across more than 200 countries and territories, so your team is working from current, registry-sourced company data rather than self-declared documents alone.

If your team is managing EU business onboarding across multiple jurisdictions and you are relying on spreadsheets, email chains, or manual tracking to stay compliant, we would be glad to show you what audit-ready infrastructure actually looks like. Book a call here

Frequently Asked Questions

What is KYB onboarding and why does it apply to EU business relationships?

KYB (Know Your Business) onboarding is the process of verifying the identity, ownership structure, legal status, and compliance standing of a business counterparty before establishing a formal business relationship. Under EU AML legislation, including the current 5th and 6th Anti-Money Laundering Directives and the incoming AMLR (Regulation EU 2024/1624) obliged entities are required to conduct Customer Due Diligence on all business customers and counterparties. KYB is the specific process that satisfies this obligation for legal entities. It applies to any regulated business, including banks, payment service providers, e-money institutions, crypto asset service providers, and others onboarding EU business partners or clients.

Do U.S. companies have to comply with EU KYB requirements?

U.S. companies that operate in the EU market, provide services to EU-regulated entities, or are themselves subject to EU AML regulation (for example, through a licensed EU subsidiary or by providing services that fall within scope of the AMLR) will have KYB obligations under EU law. Additionally, Regulation (EU) 2024/1624 specifically requires foreign entities including third-country legal entities to register beneficial ownership information in EU member states' central registers before conducting business transactions in the EU, with non-compliance potentially restricting their ability to operate in the EU market.

What is the AMLR and when does it take effect?

The Anti-Money Laundering Regulation (Regulation (EU) 2024/1624) is the EU's new directly applicable AML rulebook. Unlike the previous AML Directives, which required transposition into national law by each member state (leading to significant national variation), the AMLR applies directly and uniformly across all EU member states from 10 July 2027. It raises the floor for CDD requirements, harmonises beneficial ownership rules including the 25% threshold, expands the scope of obliged entities, and mandates stricter ongoing monitoring.

Why is beneficial ownership verification so difficult in the EU?

Beneficial ownership verification in the EU became significantly more complex after the November 2022 ruling of the Court of Justice of the EU, which struck down open public access to beneficial ownership registers as a disproportionate interference with privacy rights. Since that ruling, most EU member states have restricted public access to UBO register data to competent authorities, FIUs, and obliged entities conducting customer due diligence. For U.S.-based companies that are not themselves EU-supervised obliged entities, demonstrating legitimate interest in accessing this data can be a country-specific, non-trivial exercise. The incoming AMLR is designed to address some of this fragmentation, but the transition is ongoing.

What is BRIS and does it make EU company verification straightforward?

BRIS (Business Registers Interconnection System) is a European Commission infrastructure that allows users to search for basic company information across EU member state registers through the European e-Justice Portal. It covers more than 20 million companies registered across Europe. However, BRIS provides only a basic set of harmonised data including company name, legal form, registered seat, and registration number. It does not provide full financial statements, ownership structures, or the detailed filings required for a complete KYB verification. For comprehensive due diligence, teams need to go directly to each national register.

What documents are typically required for EU business KYB?

While requirements vary by jurisdiction, entity type, and risk profile, a standard EU business KYB pack will typically include: certificate of incorporation or local equivalent; articles of association; a recent extract from the relevant national company registry; beneficial ownership documentation including a UBO declaration and supporting evidence; shareholder register; proof of registered address; tax identification documentation; and where applicable, licensing documentation from the relevant regulatory authority. For higher-risk relationships, management accounts, audited financial statements, and board resolutions may also be required.

How does the EU KYB process differ across member states?

Significantly. Germany requires notary involvement in company registration and operates three separate registers with overlapping but inconsistent data. France's registry portal is in French only, with shareholder data requiring the purchase of individual documents per company. The Netherlands, Belgium, and Luxembourg suspended public access to their UBO registers following the 2022 CJEU ruling. Some countries (Denmark, Poland) provide broad registry access free of charge, while others (Italy, France, Spain) charge for most filings and financial statements. There is no single EU-wide company identifier, and legal forms carry different structural implications in different jurisdictions. These differences mean that a single, undifferentiated onboarding checklist applied across all EU markets will generate both compliance gaps and operational friction.

Why do spreadsheets fail for cross-border KYB onboarding?

Spreadsheets lack version control, workflow enforcement, and meaningful audit trail functionality. When compliance decision-making needs to be evidenced — who reviewed what document, when, based on what assessment — spreadsheets cannot reliably answer those questions. They offer no mechanism for tracking document expiry across a large portfolio, no enforcement of consistent standards across team members, and no structured approval hierarchy. As regulatory expectations under the AMLR require higher evidential standards for ongoing monitoring and due diligence records, the gap between spreadsheet-based processes and compliant onboarding infrastructure becomes a direct compliance liability.

What does ongoing monitoring mean in an EU KYB context?

Ongoing monitoring refers to the obligation under EU AML law to keep customer due diligence documentation current and to monitor the business relationship on an ongoing basis for changes in risk profile. Article 26 of Regulation (EU) 2024/1624 specifically addresses this requirement. In practice, it means that documents collected at onboarding need to be refreshed on a risk-appropriate schedule, that changes in ownership structure, sanctions status, or regulatory standing at a counterparty need to trigger review, and that the evidence of this ongoing monitoring needs to be maintained in your compliance records. Article 24 of the AMLR also requires obliged entities to report discrepancies between information in central registers and their own collected CDD data within 14 calendar days of detection.

What is the difference between BRIS and BORIS?

BRIS (Business Registers Interconnection System) provides company registration data including legal form, address, and directors, and is publicly accessible across all EU member states. BORIS (Beneficial Ownership Register Interconnection System) is a separate, more restricted system designed to interconnect national beneficial ownership registers. Unlike BRIS, BORIS has restricted access and incomplete coverage. For a full KYB verification, compliance teams typically need data from both systems, company registration details from BRIS and ownership details from BORIS or national UBO registers.