AML Compliance

What is Customer Due Diligence and How Does It Work?

Customer Due Diligence (CDD) is a Know Your Customer (KYC) and Anti-Money Laundering (AML)/Countering Terrorism Financing (CTF) regulatory requirement for banking and financial services. CDD aims to uncover, assess, and mitigate financial crime risks associated with potential and existing customer relationships, including individuals and businesses.

CDD enhances the reputation and integrity of banks and other financial institutions by safeguarding against financial crimes such as money laundering and terrorist financing.

This blog explores vital facets of CDD, including its meaning, core requirements, types of customer due diligence, and applications in the banking and financial services industry.

What is Customer Due Diligence?

Customer Due Diligence is foundational to AML/CTF efforts in terms of:

  1. Verifying the identity of prospects and customers
  2. Understanding their financial activities
  3. Assessing the risks they pose to the bank or financial institution

This process enables companies to detect and prevent financial crimes, safeguard their reputation, and comply with legal and regulatory obligations.

CDD prevents criminals from exploiting financial institutions for money laundering and terrorism financing. It also enables businesses to understand customers and their financial behaviors better, thus managing risks more effectively.

The following KYC principles are key to effective CDD:

  1. Collecting and verifying customer identity information, such as name, address, date of birth, and identification numbers.
  2. Ongoing monitoring to maintain up-to-date customer information and scrutinize transactions for suspicious activities.
  3. Risk-based assessment to tailor the depth and breadth of the CDD process according to the level of risk associated with a customer, with higher-risk customers undergoing more stringent scrutiny – Enhanced Due Diligence (EDD).

Types of Customer Due Diligence (CDD) Measures

There are four types or levels of CDD measures that banks and financial institutions use. These include:

Infographic on types of customer due diligence (CDD) measures

1. Standard Due Diligence (SDD)

SDD is a more rigorous process applied to most customers. It requires gathering, analyzing, and verifying a customer’s identity based on documents, data, and information from third-party sources, including the beneficial owner. It also involves understanding the nature of customer’s or entity’s business activities and assessing their risk profile. This level of due diligence is sufficient for customers who present a normal risk level.

2. Simplified Customer Due Diligence (SCDD)

Simplified due diligence is a less rigorous process for lower perceived risks. It involves verifying the identity of low-risk customers, without the need for more details or ongoing monitoring. SCDD allows financial institutions to verify customers’ identities and onboard them quickly and efficiently. Examples might include government bodies, listed companies, etc.

3. Enhanced Customer Due Diligence (ECDD) or Enhanced Due Diligence (EDD)

Enhanced Due Diligence (EDD) is required for high-risk customers and it includes:

  • Individuals or entities from high-risk jurisdictions, such as countries with high levels of corruption or inadequate AML/CFT measures
  • Politically exposed persons (PEPs)
  • Correspondent banking accounts
  • Charitable organizations.
  • Customers involved in industries or businesses prone to financial crimes.

It involves a deeper look into the customer’s risk profile through investigating the customer’s background, closer scrutiny of transactions, and ongoing monitoring.

4. Ongoing Customer Due Diligence (OCDD) or Ongoing Due Diligence (ODD)

ODD refers to a risk-based approach for managing the KYC information to protect the organization from reputational damage, sanctions, legal penalties or regulatory scrutiny, and operations. The ODD is a continuous process based on the risk events and triggers rather than a traditional scheduled periodic refresh. The aim is to identify the changes in the status, behavior, activities, or anything else relevant to the customer or entity during the financial institution’s entire relationship with them. It includes:

  1. Regular review of the customer information
  2. Transaction monitoring
  3. Risk re-assessment
  4. KYC documents, such as proof of identity, business agreements, etc., updates

The Customer Due Diligence Process

The CDD process is a meticulous approach that financial institutions and other obligated entities follow to comply with regulatory requirements and mitigate risks. It involves the following key steps:

infographic on the customer due diligence process

1. Customer Identification

This initial step in the CDD process involves identifying the customer by collecting basic information, such as name, address, date of birth, and identification numbers to determine their risk profile. It may also involve collecting documents or information about the business and financial history of the customer.

2. Customer Verification

After collecting the information, the bank or the financial institution needs to verify this information, such as the passport or driving license, using reliable, independent sources such as private (third parties) or public records. However, for corporate clients, this process involves understanding the nature of their business, and its ownership structure, and identifying the beneficial owners.

3. Customer’s Risk Profile Assessment

After verifying customer information, banks, and financial institutions must assess their potential customers’ risk profile based on the information collected and consider other relevant factors that can help them assess the customer’s risk profile. This may include criteria such as:

  1. Country of origin
  2. Business activities
  3. Types of transactions
  4. The volume of funds being moved

Based on this risk assessment, financial institutions can determine the due diligence measures for the particular customer.

4. Collection and Verification of Additional Information

Based on the customer’s risk assessment, financial institutions may need to collect and verify additional information about the customer, their business activities, and financial statements from references, public records, or other financial institutions and sources. For high-risk customers, banks or financial institutions may want to further understand:

  1. Why the customer is opening an account or starting a relationship with the institution
  2. Types of transactions they expect to conduct
  3. Source of their funds or wealth

This information provides a baseline for assessing future transactions.

5. Ongoing/Continuous Monitoring

CDD is an ongoing and continuous process, and monitoring is a crucial part of customer due diligence (CDD). After customer onboarding, banks and financial institutions need to continuously monitor their transactions to ascertain that the pattern reconciles with the institution’s knowledge of the customer, their business, and their risk profile. This includes:

  1. Scrutinizing transactions for signs of financial crimes, such as money laundering or terrorist financing
  2. Regularly reviewing and updating customer records, such as documents, data, and risk assessment findings

6. Suspicious Activity Reporting (SAR)

While monitoring if the bank or financial institution detects any red flags or detects any illegal or suspicious activity, they must report it to the appropriate authorities according to the customer due diligence regulatory compliance requirements and laws, such as Anti-Money Laundering/Countering Financing of Terrorism Act (AML/CFT) and Bank Secrecy Act (BSA). Failing to report suspicious activities may attract legal penalties and sanctions and cause reputational damage to the institution.

Challenges in Implementing Customer Due Diligence

Banks and financial institutions may encounter several challenges while implementing effective CDD processes for regulatory compliance. These challenges necessitate robust strategies and technologies to ensure effective CDD implementation.

1. Data Accuracy and Verification

Verifying the accuracy of customer information, especially in jurisdictions with less reliable data sources, can be difficult.

2. Beneficial Ownership Identification

Identifying the beneficial owners of corporate entities can be complex, particularly when ownership structures are designed to obscure relationships such as by using shell companies.

3. Lack of Expertise and Adequate Resources

Applying EDD to high-risk customers requires significant resources, technologies, and skills. The lack of technical expertise and skills can pose a significant challenge for banks and financial institutions that can lead to inefficiencies and false positives.

4. Technological Integration

Keeping up with advancements in technology for data collection and monitoring can be costly and require continuous adaptation.

5. Regulatory Compliance

Navigating the myriad of evolving regulatory requirements across different jurisdictions adds to the complexity and cost of compliance efforts.

Streamline KYC and Customer Due Diligence

The KYC regulatory environment is evolving quickly making the tedious manual process for KYC, due diligence, and screening irrelevant. Banks and financial institutions also struggle with hiring and onboarding the right talent and expertise. In addition, it’s expensive to recruit, skill, and reskill the workforce.

Anaptyss offers managed KYC services that help financial institutions meet compliance, improve customer experience (CX), and co-create digital solutions to streamline customer due diligence and ongoing due diligence processes, while minimizing operational costs. These include financial crime solutions, anti-money laundering and terrorist financing monitoring and investigations, and customer screening services with reduced false positives.

Tasneem Abdulrahman

Manager - AML Compliance

Tasneem is an accomplished professional with 15+ years of experience in the global financial crime compliance industry. Her expertise spans Regulatory Compliance, AML Risk and Governance, Project Management, and Control Testing and Remediation, including audits and strategic management of operational risk events.

Leave a Reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.