The Due Diligence Process Explained

To understand the money laundering and terrorist financing risks financial institutions face, firms must verify their customers’ identities and the account relationship’s intended purpose. Compliance officers the world over know this as the customer due diligence (CDD) process. As a foundational element of any sound anti-money laundering (AML) program, new starters and compliance veterans alike should ensure their knowledge is fresh and up-to-date.

Part 2 of The Compliance Team’s Guide to Customer Onboarding highlights the core components of CDD and discusses best practices for conducting the process based on a risk-based approach across varying scenarios. 

When is CDD Required?

The CDD process encompasses the entire lifecycle of the account, beginning as early as possible and usually before a business relationship has been established with a client. While approaches vary between jurisdictions, ideally, firms can verify the identity of the client, the person purporting to act on their behalf, or the ultimate beneficial owner before any transaction is conducted.

Due diligence also needs to be conducted throughout the life of the transaction. Institutions should implement CDD measures under the following circumstances:

Levels of due diligence

The extent of due diligence performed on customers should depend on the risk of money laundering or terrorist financing they pose. The level of due diligence and the processes compliance staff must follow should be set out in their organization’s policies.

In some situations, if the risk of money laundering or terrorist funding is very low, a simplified due diligence (SDD) process may be enough to satisfy legal requirements. However, not all jurisdictions permit SDD and, where it is permitted, numerous restrictions exist on when it may be used.

When reaching a determination that a reduced degree of money laundering or terrorist financing threat is presented in a particular scenario, the following factors can be considered relevant:

• Life insurance policies where the premium is low
• Where the client is resident, established, or operates in a country that has effective anti-money laundering and counter-terrorist financing systems
• Where the client is a publicly owned enterprise
• Where the individual is regulated by a recognized regulatory authority

This level of due diligence needs to be constantly reassessed to determine whether the factors permitting its implementation are still relevant.

Standard due diligence is the level that will most likely apply to any client. Involving a detailed analysis of the new client, standard due diligence recognizes that there is a potential risk of criminal money laundering or terrorist financing, but it is considered unlikely that such risks will be realized.

According to the Financial Action Task Force’s (FATF) Recommendation 10, standard due diligence for client onboarding should include:

• Identifying and verifying the customer’s identity using reliable, independent source documents, data, or information
• Identifying and verifying the identity of the beneficial owner
• Conducting ongoing due diligence throughout the business relationship and scrutinizing transactions undertaken throughout the relationship
• Verifying that any person claiming to act on behalf of the customer is adequately authorized

Enhanced due diligence (EDD) is the highest level of due diligence, involving the decision to investigate particular clients more thoroughly after they have been deemed high risk. Such clients could include politically exposed persons (PEPs) or businesses from high-risk jurisdictions. 

Following FATF guidance, companies should implement risk-based EDD measures that reflect the specific anti-money laundering and counter-terrorist financing risk that individual customers present. These should include:

• Obtaining additional customer identification materials
• Establishing the client’s source of funds or wealth
• Applying enhanced scrutiny to the nature of the business relationship or purpose of a transaction
• Implementing ongoing monitoring procedures

Uncover more risk management best practices throughout each section of The Compliance Team’s Guide to Customer Onboarding, including understanding ultimate beneficial ownership structures and reporting potentially suspicious behavior.