CDD in banking: What you need to know

In order to meet the demands of AML/CFT regulations, banks must implement suitable Know Your Customer (KYC) measures in order to understand who their customers are, and the nature of the business in which they are involved. With that requirement in mind, CDD in banking is an important compliance consideration and an integral part of a risk-based AML/CFT solution.

What is customer due diligence?

Customer due diligence refers to the measures and controls that firms use to establish and verify the identities of their customers. For banks and other financial institutions, CDD measures and controls help firms ensure they are not doing business with criminals who intend to use their services to launder money or finance terrorist activities. CDD is particularly important for banks since money launderers may use sophisticated criminal methodologies to evade AML/CFT controls or exploit vulnerabilities in the financial system.

CDD in banking is also a foundational component of the risk-based approach to AML/CFT recommended by the Financial Action Task Force (FATF) – which requires banks to deploy a compliance response commensurate with the level of risk that they face. Accordingly, banks should use the information that they collect during the CDD process to perform risk assessments of individual costumes and to build risk profiles in order to judge those customers’ subsequent financial behavior.

CDD in banking: Data collection

With those factors in mind, customer due diligence in banking and other financial services should involve the following data collection requirements:

• Personal identifying documents: Banks should establish the identities of individual customers by collecting their names, dates of birth, and residential addresses. In practice, this means customers should be required to submit personal identification documents (or copies of those documents) such as passports, driving licenses, birth certificates, and utility bills.
• Ultimate beneficial ownership: Criminals often attempt to use corporate infrastructure or shell companies to disguise their identities, transacting anonymously with banks in order to evade AML/CFT controls. With that in mind, when dealing with corporate customer entities, banks should seek to establish ultimate beneficial ownership (UBO), by acquiring incorporation documents and other official company information that asserts the identities of the individuals behind the infrastructure.
• Biometric data: Many banks offer financial products and services over the internet, where criminals may be able to take advantage of online anonymity to evade AML/CFT controls. In this context, the CDD process should include the collection of certain biometric identifying data points, such as face, voice, and fingerprint ID.

Compliance penalties

Failures in CDD, or inadequate CDD measures and controls, may expose banks to significant criminal risks and lead to AML/CFT compliance violations. Penalties for violations vary by jurisdiction but data suggests that governments are increasing their focus on AML/CFT: since 2009, global regulators have issued around $32 billion in AML/CFT compliance fines, while in 2020, the US, regulators extracted $11.11 billion from banking institutions.

When should CDD in banking be applied?

Banks should apply some level of customer due diligence to every customer that they serve. Under the risk-based approach, lower risk customers may be subject to standard levels of CDD scrutiny, while higher risk countries should be subject to enhanced due diligence (EDD). EDD requires banks to implement more intensive identification measures, including obtaining further documentation from customers, or establishing the source of funds and wealth.

A standard CDD in banking process may involve the following steps: 

• Submission of personal details: Customers enter personal details (name, address, etc.) into an online form – or on a physical document if engaging in person. 
• Official documentation: Customers provide official documentation to verify their personal details in the form of a passport, driver’s licence or similar. 
• Biometric verification: Banks may require customers to submit biometric data to support their personal details and then verify their identities to gain ongoing access to their accounts. Biometric data may include a ‘selfie’ photo, fingerprint, or voice print. 
• Screening: Information collected during the CDD process should be used to screen customers against relevant AML/CFT lists and databases, including global sanctions lists, PEP lists, and other high risk customer watch lists. Screening processes should be ongoing throughout the business relationship. 
• Risk profile: Banks should use CDD data, and any relevant screening data, to build a risk profile for their customers. The risk profile will provide the standard by which to deploy AML/CFT compliance measures. Banks should deploy EDD for customers deemed to pose a higher risk.
• Monitoring: After onboarding, risk profiles may be used to judge subsequent financial behaviour. Banks should, for example, monitor customer transactions on an ongoing basis for signs of unusual or suspicious activity which does not correlate with a customer’s established profile.

AML/CFT software solutions for CDD in banking

The customer due diligence process requires banks to collect and analyze large amounts of data, and then store that data for ongoing monitoring purposes. Since CDD takes place at onboarding, customer experiences are also a concern: CDD that is too onerous or invasive may create negative customer experiences, while inadequate CDD in banking may result in them missing AML/CFT risks.

With those factors in mind, banks should seek to automate their CDD process. CDD software not only delivers speed, accuracy, and capacity benefits, and reduces the potential for costly human error, but enables banks to create richer customer risk profiles in order to better detect AML/CFT risks. Further, with the benefit of machine learning systems, banks may be able to enhance their wider AML/CFT process, using CDD data to make predictions and decisions about financial behavior, and factoring in changes to regulation or emergent criminal methodologies.

Further reading on CDD in banking

• • Our AML Guide for Digital Banks explores how digital-first banks can build an effective AML compliance program
  • Or, explore how our transaction risk management and customer screening solutions are helping banks around the world today