Four requirements of customer due diligence (CDD) for banks (2024)

Customer due diligence (CDD) is the process by which banks and other financial institutions (FIs) identify and verify individuals before they become customers, and how they then assess risk throughout a customer’s lifecycle. The CDD process helps banks understand and manage their entire client risk base, and prevent financial crimes like money laundering and fraud.

CDD is a process used to verify a person’s identity - usually through documentation or data checks - and to assess any risk associated with them. This review and risk assessment process takes place before a new customer is onboarded and it might happen at intervals throughout the customer’s lifecycle to ensure nothing has changed in their risk profile and no illicit activity has been identified.

Customer due diligence is designed to mitigate risk, and to prevent criminals and terrorist organizations from gaining access to the legitimate financial systems. Bad actors use a variety of methods to disguise the source of funds placed with a bank. Therefore, banks need to take due care to check each customer’s legitimacy. As the international monetary fund (IMF) states “An effective anti-money laundering [AML]/counter financing of terrorism [CTF] framework must address [two] risk issues:;it must prevent, detect, and punish illegal funds entering the financial system and the funding of terrorist individuals, organizations, and/or activities.”

A bank’s approach to prevention, detection, and punishment starts with CDD, aimed at using data to identify and verify a customer to ensure they aren't a criminal. This is the start of a know your customer (KYC) and risk management process that goes on throughout the duration of a customer’s relationship with a bank, fintech, neobank, and other regulated financial institutions.

Due diligence is carried out on every person the FI plans to transact with. This could be a person opening a current account or it could be investigating a person who owns a business the bank will be helping finance. The financial institution wants to understand the individual and their source of funds to ensure they are legitimate and to comply with up to date AML/CTF regulation.

The aim of CDD is to create clarity, so FI's know who they are doing business with and the risks of doing business with them. This means when KYC and AML data checks are carried out, clients will often be given a risk rating from low risk to high risk - helping the bank make decisions about onboarding, off-boarding, and ongoing monitoring.

Fines for non-compliance with anti-money laundering regulations issued by OFAC and other regulatory bodies ran into many billions of dollars in 2023 - the largest, $4.3 billion, issued to a crypto exchange company. Apart from the direct financial loss caused by a fine, the damage to a business’ reputation can be immeasurable. It's essential a FI has an in depth CDD process tailored to the regulatory environment it operates in.

Each country will have its own AML and CTF regulations, requiring different CDD rules to be followed. However there are four core pillars that are similar the world over:

To know who you are doing business with and to assess the risks of doing business with them, data checks are needed. These CDD checks fill in the picture of who the customer is and what kind of risk they might pose. Moody's can orchestrate an end-to-end customer due diligence process. It can automate any data checks with leading sources of identity, fraud, and AML information to build a risk profile for each customer, enabling FIs to understand their risk base and make decisions with confidence about each customer.

A series of automated data checks might include:

CDD activities were previously carried out through manual checks on an individual or corporate customer. This was time-consuming and inefficient, particularly in the world of corporate finance where uncovering company ownership information and identifying UBOs is complex and difficult. Now these processes can be automated using regulatory technology or regtech solutions.

Moody’s KYC solutions can digitize CDD processes; integrate data checks with leading sources of information, including our Orbis, Grid, and Kompany databases; provide a flexible risk engine to automatically build and update a risk profile for each customer; offer a full case management system where profiles can be reviewed and assessed on a perpetual basis; and deliver a platform for direct communication with customers, as well as document collection and storage.

Electronic ID checks, checks for politically exposes persons (PEPs), sanctions, adverse media and other risk factors can be automatically executed in a series of tasks defined by each FI to ensure you know your customers, are complying with AML regulations, conducting ongoing monitoring, and delivering compliance efficiencies as a business.

Moody’s know your customer (KYC) is transforming risk and compliance, creating a world where risk is understood so decisions can be made with confidence.

Our customers create their own unique CDD ecosystem, combining automated workflows with leading data sets for any product in any jurisdiction.

Harnessing our innovative technology and industry expertise, Moody’s automates accurate screening and swift onboarding of customers and third-parties. We continue our support throughout the customer lifecycle by enabling the perpetual monitoring of counterparty risk across global business networks in near real-time.

Talk to us about digital transformation and optimization of your CDD processes – we would love to hear from you.