24th June 2019
Customer Due Diligence (CDD)
What is Customer Due Diligence (CDD)?
Customer due diligence, at its most basic level, involves verifying a customer’s identity and the business in which they are involved, to a sufficient level of confidence. The process involves a number of regulatory obligations:
- Customer Identification: Companies must identify their customers by obtaining personal information, including name, photographic ID, address, and birth certification, from a reliable, independent source.
- Beneficial Ownership: Due diligence measures should identify beneficial ownership of a company in situations where this is not the client. Identifying beneficial ownership should include understanding the control structure of the company.
- Business Relationship: Following customer and beneficial ownership identification, companies must also obtain information on the nature of the business relationship they are entering into, and its purpose.
The application of Customer Due Diligence (CDD) is required when companies with AML processes enter a business relationship with a customer or a potential customer to assess their risk profile and verify their identity.
Financial institutions must carry out KYC and CDD measures in the following circumstances:
- New business relationship: Companies must perform due diligence measures prior to establishing a business relationship to ensure the customer matches their risk profile and isn’t using a fake identity.
- Occasional transactions: Certain occasional transactions warrant CDD measures. These might involve amounts of money over a certain threshold or entities in high-risk foreign countries.
- Money laundering suspicion: If a customer is suspected of money laundering or financing terrorism, companies must implement CDD checks.
- Unreliable documentation: When the identification documents that customers have provided are unreliable or inadequate, companies should apply further CDD scrutiny.
Risk-Based Approach: KYC and CDD measures should be risk-based. Companies should assess the AML/CFT risk each client poses and adjust their due diligence scrutiny accordingly. The majority of clients will be subject to standard CDD measures which require customer identification and verification, and an assessment of the business relationship. In lower-risk scenarios, simplified due diligence may be appropriate, requiring only the identification of customers and no need for verification.
CDD is an important part of managing the risk that your company may face. There may be cases where CDD is not enough, and so Enhanced Due Diligence (EDD) would have to be performed in these instances to gain a deeper understanding of who your customers are.
Here are the ways in which you can perform CDD:
- Establish the identity and business activities of your potential customer before entering a business relationship with them to screen for bad actors early on
- Categorize your customers’ risk type before storing this information so it is in a digitally secure place and can be more easily accessed for potential future regulatory checks
- Determine whether Enhanced Due Diligence (EDD) is needed or not
What is Enhanced Due Diligence (EDD)?
Certain customers, such as politically exposed persons (PEPs), pose a much higher money laundering risk and so require enhanced CDD measures, which may involve:
- Obtaining additional customer identification materials
- Establishing the source of funds or wealth
- Closer scrutinization of the nature of the business relationship or purpose of a transaction
- Implementing ongoing monitoring procedures
Ongoing monitoring refers to the continuous scrutiny of business relationships. This process matters because, while occasional transactions may not initially present as suspicious, they may form part of a pattern of behavior over an extended period of time which reveals a change in a risk profile or business relationship. Ongoing monitoring involves:
- Monitoring transactions throughout the course of a business relationship to ensure a client’s risk profile matches their behavior.
- Maintaining responsiveness to any changes in risk profile, or any factors which might raise suspicion.
- Keeping relevant records, documents, data, and information that may be needed for CDD purposes.
Ongoing monitoring should apply to all business relationships but, like other CDD measures, may be scaled to reflect the customer’s risk profile.