In order to understand the compliance risks that they face, financial institutions must validate the identities of their customers and ensure that they are being truthful about their business interests by performing suitable customer due diligence (CDD). A critical foundation of any Know Your Customer (KYC) process, CDD is recommended by the Financial Action Task Force (FATF) as part of a risk-based approach to anti-money laundering and is required by financial regulators in jurisdictions around the world.
To achieve regulatory compliance, firms should understand why customer due diligence is an important part of the regulatory process and how to deploy it as part of their risk management solution.
What is Customer Due Diligence (CDD)?
Customer due diligence refers to the process of identifying customers and ensuring that they are being truthful about who they are and how they are using an organization’s services. In a financial context, banks and financial institutions must perform CDD in order to inform their risk-based compliance solutions, using the information they gather to make important compliance decisions.
Accordingly, CDD requires organizations to collect and analyze a variety of data and documentation and verify that data to a sufficient level of confidence. The effectiveness of many critical compliance processes, such as sanctions list and adverse media checks, is predicated on the verification of customer identities during the due diligence process.
Why is CDD important?
CDD is an important tool in the fight against money laundering and the financing of terrorism. Criminals that are seeking to transform illegal funds must find ways to introduce those funds into the legitimate financial system by concealing their identities as a way to avoid AML/CFT controls. CDD provides organizations with a way to identify those customers and deploy suitable compliance measures against them in order to prevent financial crimes.
CDD is especially important in complex or higher risk financial service environments such as the digital platforms provided by challenger banks. In these environments, money launderers take advantage of the inherent speed and anonymity of online financial services to better conceal their identities, submitting false or incomplete identifying information or even using proxies to access financial services.
What does CDD involve?
Effective CDD involves the following key considerations:
Identifying information: The data that organizations collect to establish a customer’s identity should include name, address, date of birth, business incorporation number, and any other documents that are relevant to their risk profiles. That data must be sourced from official documents, such as passports and driving licenses, and verified by the collecting institution.
Beneficial ownership information: In some cases, it may be difficult to perform CDD because a transaction involves a commercial entity rather than an individual customer. In these situations, organizations must work to establish ultimate beneficial ownership (UBO) to ensure that criminals are not using shell companies or corporate infrastructure to evade compliance controls.
What is risk-based CDD? And what is EDD?
Following Financial Action Task Force (FATF) guidance, an organization’s CDD process should form part of a risk-based compliance solution. Risk-based compliance requires firms to assess their customers individually to establish the risk level and then deploy a compliance response commensurate with that risk. In addition, risk-based compliance is a way for organizations to balance their regulatory obligations with their budgetary needs by ensuring that AML resources are directed towards worthwhile targets. With that in mind, higher risk customers may be subject to more intensive compliance measures, while lower risk customers may be subject to simplified measures.
n a CDD context, higher risk customers should be subjected to enhanced due diligence (EDD) measures which go beyond the level of scrutiny required by standard CDD. EDD is generally more rigorous than standard CDD and might require a customer to provide a greater amount of identifying information or provide a greater degree of verification – such as copies of personal bank statements. In some cases, organizations may engage a third-party to investigate their customers and the identifying information that they have provided. EDD might also integrate peripheral screening considerations more extensively: adverse media stories, for example, may be regarded as a more significant additional check when deployed as part of EDD measures.
How can technology enhance CDD?
Since CDD can represent a significant compliance burden, organizations should seek to integrate suitable compliance technology to help facilitate the process. The speed and accuracy of software automation not only helps firms handle their CDD data collection and analysis obligations but enhances customer experiences at onboarding and reduces the potential for costly compliance errors.
With the benefit of smart technology, firms may also use data collected during the CDD process to create deeper and more informative customer risk profiles, and to make better compliance decisions when customers diverge from expected financial behaviors or generate AML/CFT alerts. Similarly, smart technology can help firms adjust quickly to changes in AML/CFT legislation or adapt to emergent criminal methodologies, such as novel methods of avoiding identity verification.