Blog
Customer due diligence (CDD) is the process of verifying a customer's identity, assessing the risk of doing business with them, and then monitoring that risk level throughout the lifecycle of the relationship. The goals of CDD are to establish trust and prevent crimes such as money laundering and terrorist financing.
Customer due diligence
Customer due diligence (CDD) is carried by regulated firms to comply with anti-money laundering (AML), counter-terrorist financing (CTF), and anti-bribery and corruption (ABC) laws. Typically, a CDD process involves collecting data to verifying someone's identity and any potential risks of working with them as a customer. CDD happens before a new customer is onboarded and then at regular intervals throughout the lifecycle of the relationship.
During CDD, compliance teams might check documentation, such as a passport or driving license, to prove someone is who they claim to be. If a significant risk factor is identified, additional checks might be run, known as enhanced due diligence (EDD).
EDD goes beyond verifying someone's identity and into a wider risk assessment, which might happen because an individual has been flagged as a higher risk. Risk factors can vary from a customer being identified as a politically exposed person (PEP) to perhaps holding a passport from a sanctioned country. EDD would also typically be performed as part of any corporate onboarding process when the customer is an entity with potentially multiple ultimate beneficial owners or UBOs who need to be assessed for risk.
Due diligence processes are designed to meet compliance standards dictated by law, and to protect regulated businesses from transacting with criminals, like money launders and fraudsters.
Important elements in CDD
Verifying identity
There are many ways to verify someone's identity - one way is to ask them for government-issued identification like a birth certificate or passport. Another way is to set upautomated ID checkswith leading solutions providers like Moody’s Analytics KYC.
Address verification
Organizations performing CDD might ask a customer to scan or produce in person a bank statement or utility bill as proof of address or integrate an automated check to look for proof of address and return that to the compliance team via an online customer profile.
Identifying ultimate beneficial owners
When onboarding and monitoring corporate customers, UBO discovery is crucial. UBOs are people who ultimately own or control a legal entity. To comply with AML and CTF laws, regulated businesses must understand corporate structures and screen UBOs. This typically involves EDD, uncovering the ownership framework and collecting data on the UBOs - screening for PEPs, sanctions, and adverse media to gauge risk exposure.
Understanding a customer's business
Again, when onboarding corporate customers, regulated businesses want to understand the nature of a customer's business. This includes its line of business, the transactions they typically conduct, and the expected frequency and volume of those transactions. This information adds to the customer's risk profile and dictates whether they are onboarded and what kind of monitoring levels are required. Ongoing monitor identifies changes in a company's risk profile, andperpetual KYChelps uncover risk on a continual basis.
Ongoing monitoring
Regulated businesses are required to have procedures in place for ongoing customer monitoring, whether individual or corporate customers. Monitoring can include rerunning know your customer (KYC) data checks to update risk information and see whether anything material has changed. If there are concerns about a customer raised through this review process, appropriate action can be taken to mitigate the risk. The outcomes could be terminating a relationship, conducting enhanced due diligence, resetting the review process, reporting the matter to the relevant authorities, or continuing with business as usual.
How do you conduct CDD?
There are different ways to go about conducting customer due diligence. Some companies rely on manual methods but the downside to this is they are time-consuming and prone to human error - plus it can be a sub-optimal experience for the customer. Manual CDD can cause onboarding to be slow and inconvenient, and it can cause failures in risk monitoring later in the lifecycle. Additionally, manual KYC processes are costly, as businesses must invest in staff to manually verify customer information and add to the compliance team as the business grows.
It's best practice to use automation to create smoother, more seamless CDD processes, which minimize errors and maximize efficiency. Automated KYC can be used to gather customer data from trusted sources, bringing results back into one platform to create a 360-degree view of customer information and to maintain a risk profile. This is a more accurate and consistent way of performing CDD, which avoids human error and creates better experiences for customers. Additionally, automation helps speed up KYC processes, increasing efficiency, and ensuring economies of scale i.e., if a business wants to onboard more customers, they don’t have to employ more compliance staff to do it.
When onboarding and monitoring corporate customers, digital KYC solutions help simplify the process of understanding a corporate structure, identifying UBOs, and screening through EDD. Integrated data checks take place, with documentation and decisions stored in one place. Reports on decisions are available to share and can be presented to internal stakeholders or auditors.
While automation is powerful in a CDD process, it is important to bring compliance professionals in where they add value for judgement, analysis, and decision-making. There are scenarios and nuances associated with risk analysis that automation alone can’t handle. Compliance professionals are irreplaceable when it comes to the “sniff test” for example - when an experienced professional senses something doesn’t seem right, they probably know best.
How often should you undertake CDD?
There is no definitive answer to the question of how often you should undertake customer due diligence. Regulation requires risk management and risk monitoring take place to prevent money laundering, conflicts of interest, and other types of financial crime, but the frequency of CDD is not mandated.
CDD typically happens before onboarding a customer, and then review periods are often proportionate to a customer's risk level. For low-risk customers, reviews may only happen once every three years, every two years for customers considered medium risk, and every year for high-risk customers.
Ultimately, it is up to each organization how often CDD is performed. However, as the world of compliance and risk management becomes increasingly digital, firms are adopting perpetual KYC or pKYC for continual risk assessment across a business network.
pKYC involves continuous monitoring of risk events and factors, which help organizations keep up with material changes to a risk profile. By using a continuous approach to maintaining accurate records, organizations can provide better customer support and better protection from financial crime.
Conclusion
Customer due diligence is a key part of compliance with anti-financial crime laws for regulated businesses. Verifying a customer's identity and assessing the risk they may pose to a company is essential. How and when CDD is conducted is down to each organization, and what level of risk it is willing to accept is also down to the individual organization.
Using an automated KYC solution, means CDD can be completed at onboarding and then throughout the customer lifecycle in a more efficient way. It can lead to better experiences for customer while avoiding potential risks and non-compliance issues.
Get in touch
Moody’s Analytics KYC is transforming risk and compliance. Enabling organizations to understand risk and make decisions with confidence about whom to work with.
To discuss your approach to CDD or a process of perpetual KYC, please get in touch, we would love to help.
