TerM

Customer Due Diligence (CDD)

TerM

Customer Due Diligence (CDD)

Introduction

How likely is it that any one customer at a financial institution could become (or already be) involved in financial crime? That depends on several characteristics, such as criminal records, political positions, net worth, citizenship, financial behavior patterns, and more.

This is why financial institutions are required to perform Customer Due Diligence: to be aware of these risk factors and act accordingly to stop financial crime – or even prevent it before it starts.

So what is Customer Due Diligence? How is it performed? And what is its role in preventing financial crime? You can find all these answers below.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is the process of verifying a customer’s identity and performing a risk assessment of conducting business with this individual or business. The purpose of CDD processes is to mitigate the risk of doing business with customers that are a risk of performing criminal activity.

CDD is a key component of Know Your Customer (KYC) procedures, and is an essential component of AML compliance processes. CDD processes are used to identify the customer, establish ultimate beneficial ownership (UBO), and understand the nature and purpose of the proposed business relationship.

CDD is commonly associated with customer onboarding, but it doesn’t stop there. It’s an ongoing process that involves monitoring customer transactions and activity.

The Importance of Customer Due Diligence

So why is Customer Due Diligence, or CDD, important? The main reason is that it helps to weed out people or companies who aim to abuse financial institutions to launder money, finance terrorism, and so on. 

Financial institutions (FIs) can do so with CDD by evaluating the risk of a customer committing financial crime based on aspects such as their wealth, transaction history, political position, criminal record, and more.

The other purpose of Customer Due Diligence is to protect financial institutions themselves from being held liable for enabling financial crime. If someone uses their account at an FI to commit a financial crime, authorities will often also audit the FI’s Know Your Customer and due diligence procedures. If they determine that the FI wasn’t sufficiently compliant, it may face heavy fines and other penalties.

What’s the Difference Between Customer Due Diligence and Enhanced Due Diligence?

Both Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) are types of KYC procedures that involve verifying a customer’s identity.

The main distinction is that CDD is required whenever a new business relationship is being initiated, and EDD is only required for high-risk customers.

A financial customer may be considered high-risk based on a number of factors, including:

  • High overall net worth
  • Status as a politically exposed person (PEP)
  • Negative coverage in credible news outlets
  • Tendency for complex transactions that may hide beneficial ownership
  • Citizenship in a sanctioned, embargoed, or blacklisted/greylisted country
  • Presence on a financial regulatory list
  • Current or previous involvement in (financial) crime

If a customer is deemed to be high-risk, a financial institution will conduct EDD on them. This typically involves obtaining additional identification details and doing further research into the customer’s financial activities, sources of wealth, and – in the case of a corporate account – company structure.

After EDD, a financial institution may sometimes consider a customer to be too high-risk and terminate the business relationship. Otherwise, it will have to develop a comprehensive plan for monitoring the customer’s transactions to ensure they don’t do anything illegal.

How to Perform Customer Due Diligence

In the most basic sense, the customer due diligence process involves collecting information that identifies the customer, assessing the risk of doing business with the customer, and determining if enhanced due diligence (EDD) needs to be performed.

As such, CDD is often associated with onboarding: a customer opening an account for the first time at a particular financial institution. However, it also has to apply after the customer opens the account to assess any changes in their risk profile, and adjust the monitoring of their transactions accordingly.

What is the CDD Final Rule (and Why Is It So Important)?

The Customer Due Diligence Final Rule is an amendment to the Bank Secrecy Act, intended to prevent criminals and terrorists from using companies to disguise (or otherwise obfuscate) sources of illegal funds. 

Specifically, it requires covered financial institutions (such as banks, mutual funds, securities brokers or dealers, and more) to identify and verify the beneficial ownership of entities.

The CDD Final Rule is extremely important, as it enables companies to determine where ownership and control of the business lies. This information is crucial for determining if there is suspicious activity in relation to money laundering.

The CDD Final Rule establishes four main requirements for financial institutions:

  1. Verify the identity of the customer.
  2. Verify the identity of the beneficial owner of the company opening the account.
  3. Determine the nature and purpose of the business relationship with the company and develop a risk profile for the customer.
  4. Perform consistent transaction monitoring to determine changes to a customer’s risk profile and ensure information is accurate and up-to-date.

When is Customer Due Diligence Necessary?

There are times when Customer Due Diligence procedures must (or should) be conducted. Here are five general scenarios that (should) necessitate CDD checks:

  1. Onboarding new customers: Any time a new business relationship is being formed, to verify the customer is who they say they are.
  2. Transactions that exceed AML thresholds: Any time a transaction exceeds certain thresholds of value, according to AML regulations.
  3. Suspicious activity: Any time transactions or customer activity raises suspicions about potential money laundering.
  4. Unreliable documentation: Any time a company suspects that a customer has provided inadequate, unreliable, or potentially false identification documentation.
  5. Intermittent monitoring: Periodically throughout a business relationship with a customer, to check their transaction history and any changes in their ID information for signs of increased financial risk.

The Customer Due Diligence Process Explained

The core elements of a compliant Customer Due Diligence program are as follows:

The customer due diligence process

Step 1: Verify Customer at Time of Onboarding

The first step is to perform adequate customer verification at the time of customer onboarding. It’s extremely important to perform CDD checks when engaging in a new business relationship to ensure the customer is who they say they are, and to perform an adequate risk assessment.

At this stage, the financial institution will collect customer identification documentation such as their name, address, and the purpose of the business relationship. The customer will also be required to present documentation that proves their identity, such as a government ID.

If the customer is a company or other legal entity (such as a trust), the FI must collect ID information regarding the beneficial owners. 

These individuals may not serve as the legal holder of the account, but own, benefit from and can influence decisions regarding significant portions of the assets in the account (or the legal entity that controls it). Examples include corporate shareholders.

Step 2: Create a Risk Profile for the Customer

After the customer’s identity has been confirmed, the company needs to create a risk profile for the customer. 

This will help assess the risk associated with doing business with the customer and can be used to determine if further CDD checks are needed throughout the business relationship with this customer.

For this process, a database check will be performed, corroborating the customer information and examining their history, helping the company determine risk.

Step 3: Determine if EDD is Necessary

Next, the company will need to determine if the customer falls into the high-risk category, and is subject to Enhanced Due Diligence (EDD). If this is the case, EDD procedures must be performed before completing the CDD process.

Step 4: Perform Consistent Transaction Monitoring

After the customer onboarding process, it’s still important for the company to perform CDD checks throughout their business relationship. These can be done intermittently, if the company suspects a transaction or account to be suspicious, or if the legitimacy of identification documents is brought into question.

How Customer Due Diligence Protects Against Financial Crime

The importance of Customer Due Diligence lies in helping to stop financial crime before it starts by weeding out bad actors. It does so through two main processes. 

First, it evaluates if a financial customer's identity is genuine or fraudulent. Second, it assesses the customer’s financial, political, and social history (and current status) to determine how able and likely they are to commit financial crime.

Of course, financial institutions often have thousands of customers with varying risk profiles. So verifying identities, assessing individual risk, and monitoring transactions on that scale is nearly impossible without some sort of automation. That’s why a CDD software solution like Unit21 can help maintain a compliant customer due diligence policy.

To see what Unit21 is capable of, book a demo with us today.