In any customer relationship, financial institutions must take steps to verify their client’s identities and the nature of their business.
Performing customer due diligence (CDD) is one of the most important components of any AML/CFT regime. In order to identify and address money laundering and terrorism financing risks, companies must be able to establish that their clients are who they say they are and have been transparent about the nature of their business. Customer due diligence sometimes referred to as Know Your Customer (KYC), is a process of background checks run in accordance with legislation and in relation to the level of risk presented by the customer.
Customer Due Diligence Basics
Customer due diligence, at its most basic level, involves verifying a customer’s identity and the business in which they are involved, to a sufficient level of confidence. The process involves a number of regulatory obligations:
- Customer Identification: Companies must identify their customers by obtaining personal information, including name, photographic ID, address, and birth certification, from a reliable, independent source.
- Beneficial Ownership: Due diligence measures should identify beneficial ownership of a company in situations where this is not the client. Identifying beneficial ownership should include understanding the control structure of the company.
- Business Relationship: Following customer and beneficial ownership identification, companies must also obtain information on the nature of the business relationship they are entering into, and its purpose.
When is CDD Required?
Financial institutions must carry out KYC and CDD measures in the following circumstances:
- New business relationship: Companies must perform due diligence measures prior to establishing a business relationship to ensure the customer matches their risk profile and isn’t using a fake identity.
- Occasional transactions: Certain occasional transactions warrant CDD measures. These might involve amounts of money over a certain threshold or entities in high-risk foreign countries.
- Money laundering suspicion: If a customer is suspected of money laundering or financing terrorism, companies must implement CDD checks.
- Unreliable documentation: When the identification documents that customers have provided are unreliable or inadequate, companies should apply further CDD scrutiny.
Risk-Based Approach: KYC and CDD measures should be risk-based. Companies should assess the AML/CFT risk each client poses and adjust their due diligence scrutiny accordingly. The majority of clients will be subject to standard CDD measures which require customer identification and verification, and an assessment of the business relationship. In lower-risk scenarios, simplified due diligence may be appropriate, requiring only the identification of customers and no need for verification.
What is Enhanced Due Diligence (EDD)?
Certain customers, such as politically exposed persons (PEPs), pose a much higher money laundering risk and so require enhanced CDD measures, which may involve:
- Obtaining additional customer identification materials
- Establishing the source of funds or wealth
- Closer scrutinization of the nature of the business relationship or purpose of a transaction
- Implementing ongoing monitoring procedures
What is Ongoing Monitoring?
Ongoing monitoring refers to the continuous scrutiny of business relationships. This process matters because, while occasional transactions may not initially present as suspicious, they may form part of a pattern of behavior over an extended period of time which reveals a change in a risk profile or business relationship. Ongoing monitoring involves:
- Monitoring transactions throughout the course of a business relationship to ensure a client’s risk profile matches their behavior.
- Maintaining responsiveness to any changes in risk profile, or any factors which might raise suspicion.
- Keeping relevant records, documents, data, and information that may be needed for CDD purposes.
Ongoing monitoring should apply to all business relationships but, like other CDD measures, may be scaled to reflect the customer’s risk profile.
Technology and Expertise
Ultimately, effective CDD and KYC measures are built on a combination of technology and expertise. As risk profiles and criminal threats evolve, financial institutions must be prepared to be as flexible and innovative with their approach to CDD as any other aspect of their AML/CFT policy. While technology provides useful tools to facilitate CDD processes, human vigilance remains vital to spotting and addressing new threats.