As part of the Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, businesses that interact with customers are required to carry out Customer Due Diligence (CDD).

The purpose of CDD is to prevent financial crime and identify any potential risks to your organization that could arise from dealing with certain customers.

This blog covers the basic customer due diligence requirements and what you need to do to stay compliant.

Customer Due Diligence Basics

Customer Due Diligence, or CDD, is the process of performing background checks on potential clients to assess the risk before onboarding. Performed as a part of KYC (Know Your Customer) and AML (Anti-Money Laundering) norms, CDD is intended to help financial institutions prevent illegal activities such as identity fraud, trafficking, money laundering, and terror financing. 

As a part of Client Due Diligence, financial institutions collect and verify information, including name, address, and certain other parameters. While it is true for the onboarding of individuals, businesses are also carrying out CDD. It does not necessarily need to be a bank; it could be a trading platform, a stock-broking platform, a crypto exchange, or a payment gateway. Businesses, especially those dealing with sensitive data, need CDD to ensure that they stay compliant with regulatory rules. Regulators across the world are becoming increasingly stringent in enforcing compliance norms and AML laws, and they are imposing higher fines or penalties on businesses that fail to comply.

Types of CDD

There are two key types of CDD:

Simplified Due Diligence (SDD)

In situations where the risk perception is lower, regulators allow for a simplified procedure of due diligence. This simplified version of CDD is known as Simplified Due Diligence. Prominent examples could be Public Sector Enterprises or High Net-worth Individuals (HNIs) with reliable fund sources.

Enhanced Due Diligence (EDD)

On the other hand, when the risk perception is higher, a more detailed due diligence known as Enhanced Due Diligence is carried out. EDD is especially recommended for prospects who are politically exposed (PEPs) or have high transaction volumes with foreign nations.

Businesses generally decide when to apply SDD or EDD based on a predefined decision matrix – it could be based on transaction value, customer profile, etc. SDD gives businesses the leeway to save time and effort involved in verification processes for prospects that fit into the criteria. EDD, on the other hand, has a lot of additional checks around information or verification of sources of funds, place of business, etc.

Read more: CDD vs EDD: What’s the Difference?

Requirement of CDD

Companies with KYC and AML processes have CDD as a basic requirement for identity verification and risk profile assessment. In general, companies follow a risk-based approach to CDD – most of them have a predetermined matrix identifying risk profiles in potential customers and requirements for due diligence. The majority of clients require Simplified Due Diligence, focusing on customer identification more than verification. On the other hand, when the customer’s risk profile is higher, EDD – focused on identification and verification in equal parts – is carried out.

There are four key scenarios in which companies can opt for a CDD process:

  1. Starting a new business relationship: The rationale is simple. Businesses need to verify the customer’s identity via robust identity verification methods and the customer’s risk profile matches what has been told.
  2. Reliability of documentation: If there is a lacuna in the documentation submitted by the prospect or if they cannot be relied upon, CDD would be required.
  3. Suspicion of illegal activities: A customer profile can sometimes pop up red flags of money laundering or other such activities. CDD becomes exceptionally important in such cases.
  4. Intermittent transactions: If there are transactions of an infrequent or intermittent nature, CDD can prove to be very useful to clear out anything suspicious.

Why is CDD Important?

Customer Due Diligence (CDD) is a process where businesses gather information about their customers to assess the level of risk they pose. It’s crucial in risk management as it helps identify high-risk customers, understand their business activities, and ensure compliance with regulatory obligations. By conducting thorough CDD, businesses can mitigate risk associated with potentially suspicious transactions and activities, thereby safeguarding themselves from financial losses and legal repercussions.

Performing background checks is necessary for AML compliance and to prevent financial crimes of different kinds, including cyber threats with technologies that might go undetected without proper efforts to keep them in check.

Businesses that do not have client due diligence are not only vulnerable to fraud but also fines for failing to comply with AML regulations. Such cases of lack of proper CDD might affect the reputation of a financial institution. 

Step-By-Step Customer Due Diligence Checklist

The CDD process is divided into three parts.

Part 1: Customer Verification

This part of Customer Due Diligence is about customer information. The purpose of this step is to acquire all the necessary information about a prospect and to verify if the provided information is true.

Basic Customer Due Diligence involves collecting information for at least three fields: full name, address of residence and government-issued identification. These are the baseline requirements; they might vary between jurisdictions. All the above information can be verified against a document issued by an independent and reliable source like the government. It could be a passport or a PAN card for IDs and electricity bills, water bills or bank account statements for residential addresses.

If you are looking to conduct a client due diligence of a company, the list is a little more expansive. You would need information for at least six fields: legal name of the entity, registered trading name, corporate registration number, complete address of the registered office and head offices, principal place of business operations, and contact details of the company. Again, the list is not exhaustive and may vary from institution to institution.

The general purpose of CDDs is to establish beneficial ownership of the company – individuals who exert significant control over the company (generally 25% ownership, direct or indirect). Once beneficial owners are established, their identification and verification need to be done. All the stated information needs to be substantiated by original and certified copies of documents such as Certificates of Incorporation, Memorandum and Articles of Association, etc.

Related read: The complete process of customer identity verification.

Part 2: Choosing the type of due diligence

Depending on the requirement – what is already known about the prospect and what needs to be known – you can choose between simplified or enhanced due diligence. You might want to factor in the potential customer’s profile, source of funds and political exposure.

Part 3: Ongoing Monitoring

Due diligence is part of a dynamic process. It does not stop at establishing a business relationship. Since client profiles are dynamic, due diligence needs to be conducted periodically or needs to be triggered on specific change events. Continuous monitoring and profile change responses are important to ensure that you are a step ahead of your prospects.

Check out our comprehensive Customer Due Diligence Checklist.

The Future of Due Diligence for Financial Institutions

Many organizations, especially banks and fintech companies, are looking to automate KYC, AML, and CDD processes to improve customer experience, increase process efficiency, and reduce errors.

HyperVerge AML solution

HyperVerge’s Fintech suite can prove to be the next step in the due diligence process and streamlining the customer experience.

FAQs

1. How does the diligence process differ for high-risk and low-risk customers?

The diligence process varies depending on the perceived risk level of customers. For high-risk customers, businesses typically conduct more extensive investigations, including gathering additional identification documents, monitoring transactions more closely, and utilizing private data sources or adverse media checks. In contrast, for low-risk customers, the process may be less intensive, focusing on basic verification and periodic review. Tailoring the diligence process based on risk levels ensures that resources are allocated efficiently and compliance standards are met effectively.

2. What are some effective strategies to continuously monitoring customer risk profiles?

Effective customer due diligence solutions incorporate ongoing monitoring mechanisms to keep track of changes in customer activities and risk levels. This involves continuously monitoring transactions, conducting periodic reviews of customer information, and utilizing tools such as adverse media screening, sanctions screening, PEP screening, and transaction monitoring systems. By implementing this AML software, businesses can maintain a deeper understanding of their customers’ behavior and promptly identify any suspicious activity, thereby meeting regulatory requirements and mitigating risks associated with higher-risk activities.

3. What are the regulatory obligations associated with conducting customer due diligence?

Businesses are obligated to adhere to regulatory requirements set forth by authorities such as the Financial Action Task Force (FATF) and other financial institutions. These obligations include verifying customer identities, performing AML risk assessment for customer profiles, monitoring transactions for suspicious activity, and complying with anti-money laundering (AML) and counter terrorist financing (CTF) regulations. Failure to meet these obligations can result in severe penalties, legal consequences, and reputational damage. Therefore, it’s essential for businesses to implement a robust due diligence process and ensure compliance staff are well-trained in regulatory standards.