Customer Due Diligence Basics

Customer Due Diligence, or CDD, is the process of performing background checks on potential clients to assess the risk before onboarding. Performed as a part of KYC (Know Your Customer) and AML (Anti-Money Laundering) norms, CDD is intended to help financial institutions prevent illegal activities such as fraud, trafficking, money laundering and terror financing. 

As a part of CDD, financial companies collect and verify information, including name, address, and certain other parameters. While it is true for the onboarding of individuals, businesses are also carrying out CDD. It does not necessarily need to be a bank; it could be a trading platform, a stock-broking platform, a crypto exchange, or a payments gateway. Businesses, especially those dealing with sensitive data, need CDD to ensure that they stay compliant with regulatory rules. Regulators across the world are becoming increasingly stringent in enforcing compliance norms and laws, and they are imposing higher fines or penalties on businesses that fail to comply.

Types of CDD

There are two key types of CDD: Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD).

In situations where the risk perception is lower, regulators allow for a simplified procedure of due diligence. This simplified version of CDD is known as Simplified Due Diligence. Prominent examples could be Public Sector Enterprises or High Net-worth Individuals (HNIs) with reliable fund sources.

On the other hand, when the risk perception is higher, a more detailed due diligence known as Enhanced Due Diligence is carried out. EDD is especially recommended for prospects who are politically exposed (PEPs) or have high transaction volumes with foreign nations.

Businesses generally decide when to apply SDD or EDD based on a predefined decision matrix – it could be based on transaction value, customer profile, etc. SDD gives businesses the leeway to save time and effort involved in verification processes for prospects that fit into the criteria. EDD, on the other hand, has a lot of additional checks around information or verification of sources of funds, place of business, etc.

Requirement of CDD

Companies with KYC and AML processes have CDD as a basic requirement for identity verification and risk profile assessment. In general, companies follow a risk-based approach to CDD – most of them have a predetermined matrix identifying risk profiles in potential customers and requirements for due diligence. The majority of clients require Simplified Due Diligence, focusing on customer identification more than verification. On the other hand, when the risk profile is higher, EDD – focused on identification and verification in equal parts – is carried out.

There are four key scenarios in which companies can opt for a CDD process:

  1. Starting a new business relationship: The rationale is simple. Businesses need to know that the potential customer has a genuine identity, and the risk profile matches what has been told.
  2. Reliability of documentation: If there is a lacuna in the documentation submitted by the prospect or if they cannot be relied upon, CDD would be required.
  3. Suspicion of illegal activities: A customer profile can sometimes pop up red flags of money laundering or other such activities. CDD becomes exceptionally important in such cases.
  4. Intermittent transactions: If there are transactions of an infrequent or intermittent nature, CDD can prove to be very useful to clear out anything suspicious.

Why is CDD important?

CDD is a very essential step for any business in order to protect the company from any potential threats. Performing background checks is necessary for AML compliance and to prevent financial fraud of different kinds, including cyber threats with technologies that might go undetected without proper efforts to keep them in check.

Businesses that do not have CDD are not only vulnerable to fraud but also fines for failing to comply with AML regulations. Such cases of lack of proper CDD might affect the reputation of a financial institution. 

Steps involved in Customer Due Diligence

The CDD process is divided into three parts.

Part 1: Customer Verification

This part of Customer Due Diligence is about customer information. The purpose of this step is to acquire all the necessary information about a prospect and to verify if the provided information is true.

If you are looking to conduct a CDD of an individual, you would need information for at least three fields: full name, address of residence and government-issued identification. These are the baseline requirements; they might vary between jurisdictions. All the above information can be verified against a document issued by an independent and reliable source like the government. It could be a passport or a PAN card for IDs and electricity bills, water bills or bank account statements for residential addresses.

If you are looking to conduct a CDD of a company, the list is a little more expansive. You would need information for at least six fields: legal name of the entity, registered trading name, corporate registration number, complete address of registered office and head offices, principal place of business operations, and contact details of the company. Again, the list is not exhaustive and may vary from institution to institution.

The general purpose of CDDs is to establish beneficial ownership of the company – individuals who exert significant control over the company (generally 25% ownership, direct or indirect). Once beneficial owners are established, their identification and verification need to be done. All the stated information needs to be substantiated by original and certified copies of documents such as Certificate of Incorporation, Memorandum and Articles of Association, etc.

Part 2: Choosing the type of due diligence

Depending on the requirement – what is already known about the prospect and what needs to be known – you can choose between simplified or enhanced due diligence. You might want to factor in the potential customer’s profile, source of funds and political exposure.

Part 3: Continued Monitoring

Due diligence is part of a dynamic process. It does not stop at establishing a business relationship. Since client profiles are dynamic, due diligence needs to be conducted periodically or needs to be triggered on specific change events. Transaction monitoring and profile change responses are important to ensure that you are a step ahead of your prospects.

The future of due diligence

Many organisations, especially banks and fintech companies, are looking to automate KYC, AML and CDD processes to improve customer experience, increase process efficiency, and reduce errors. HyperVerge’s Fintech suite can prove to be the next step in due diligence and streamlining the customer experience.


Are CDD and KYC the same?

KYC checks are performed as soon as potential clients are screened for potential business relationships. At the same time, CDD (Customer Due Diligence) is an ongoing investigation of suspicious activities to prevent money laundering. Both are essential components of an anti-money laundering programme but are not the same.

What are the varieties of CDD?

Customer due diligence is divided into three categories: standard, simplified, and enhanced.

Why is CDD Vital?

It begins to make sense why financial institutions such as banks are spending so much money on AML compliance if you take into account what’s at risk. These steps are intended to resist the rising threat of laundering money, which is regrettably no longer only a strategy employed by drug cartels but by a wide spectrum of criminal businesses.