Customer Due Diligence: Types, Stages, and Requirements

Customer due diligence is like detective work in the financial world. This thorough check helps businesses uncover fraud behind account numbers and transactions. Furthermore, effective CDD is an important part that works with other measures, such as Know Your Customer (KYC) and anti-money laundering (AML), to prevent financial crime.

Now, before you start worrying that diving into CDD might turn your brain into financial spaghetti, rest assured that we will keep things easy! In our post, we will discuss customer due diligence, its importance, and how to conduct the procedure.

What is customer due diligence?

Customer due diligence is a regulatory requirement for organizations entering into business relationships with customers. It is also an important part of anti-money laundering and KYC guidelines. 

Fundamentally, the procedure requires firms to collect and record essential information like the customer’s name, address, business details, and intended account usage. To ensure the accuracy and authenticity of this data, companies should cross-check it against official documents, including passports, driving licenses, utility bills, and incorporation papers. 

Types of CDD and stages of customer due diligence process

Three main types of CDD include the following:

• Standard customer or client due diligence. It is a basic level of information companies gather and verify about their customers.
• Enhanced customer due diligence. This check is a more comprehensive evaluation of a customer’s behavior and risk profile — high-risk will be subject to enhanced due diligence processes.
• Ongoing customer due diligence. It is a continuous monitoring process that detects changes or concerns that might indicate an elevated risk of illegal activity on the customer’s part.

More insights: Although CDD and KYC are sometimes used interchangeably, there are some distinctions between the two. For instance, KYC is generally centered on the initial customer onboarding process, whereas CDD entails continuous monitoring and evaluation of a client’s actions.

Next, you can briefly examine the main stages of customer due diligence CDD. Later in this post, we will explore each in detail.

1. Identify a customer
2. Verify a customer’s identity
3. Assess a customer’s risk profile
4. Collect and verify additional information
5. Monitor a customer’s activities
6. Report suspicious activity

Now, we will learn more about how CDD helps mitigate risks and what the risk-based approach of this investigation involves.

What risks can effective customer due diligence mitigate?

The procedure helps businesses establish trust with their customers and minimize the risk of fraudulent activities, including the following:

1. Money laundering. Verification of customer identities using reliable documentation such as government-issued IDs, passports, or utility bills.
2. Terrorist financing. Screening customers against international sanctions lists and watchlists maintained by regulatory bodies.
3. Fraud. Real-time monitoring of customer transactions to detect and flag suspicious activities, such as unusual account access, unauthorized fund transfers, or attempts to exploit loopholes for fraudulent purposes.
4. Sanctions busting. Screening customers and transactions against sanctions lists to identify attempts to conduct business with sanctioned individuals, entities, or countries.

As you can see, CDD processes can help you effectively identify and mitigate various risks. Thus, you achieve enhanced risk management, compliance with regulations, and customer relationship protection.

What is the concept of a risk-based approach to customer due diligence?

CDD is a strategic framework that companies use to assess and manage risks associated with their customers. The main points are as follows:

• Risk assessment

First of all, it is a comprehensive assessment of customer risk profiles. That involves evaluating the nature of the business relationship, geographical location, transactional behavior, and overall risk indicators.

Based on this assessment, customers are categorized into different risk levels, such as low, medium, or high.

• Tailored due diligence measures

Based on the assessed risk level, appropriate due diligence measures are applied to each customer:

• Low-risk customers: Standard due diligence procedures involving basic identity verification and transaction monitoring may suffice.
• Medium-risk customers: Enhanced due diligence is conducted with more thorough verification, background checks, and ongoing monitoring.
• High-risk customers: The highest level of due diligence is applied, involving extensive verification, detailed risk analysis, and continuous monitoring of transactions and relationships.

You may also want to know: How do you successfully operationalize your client risk rating model? | EY – Switzerland

• Resource allocation

Companies allocate resources sensibly by focusing more effort on higher-risk customers and transactions.

• Continuous monitoring and review

Customer risk profiles are continuously monitored to ensure that the level of due diligence remains appropriate over time. Any changes in customer behavior, transaction patterns, or risk indicators require adjustments to maintain effective risk management.

• Flexibility and responsiveness

Organizations can adapt due diligence procedures based on evolving risks and regulatory changes. Specifically, they can respond promptly to emerging threats and vulnerabilities by adjusting risk assessments and enhancing due diligence measures accordingly.

To put it simply, CDD enables businesses to prioritize their efforts, allocate resources effectively, and manage risks associated with customer relationships in a targeted and efficient manner. 

Who is the CDD process applicable to?

Banks and other financial institutions must implement CDD measures. However, customer due diligence is not exclusively limited to the financial sector. Any organization vulnerable to exploitation for money laundering or other illegal activities can benefit from the procedure. It includes industries such as gaming, legal, real estate, and non-profit and charitable organizations.

Why are CDD measures important?

Through the prism of the risks we have mentioned earlier, we will now describe the importance of conducting the procedure.

• Money laundering

Lack of due diligence allows criminals to use businesses to conceal the origins of illegally obtained funds. In particular, they can disguise the source of money to make it appear legitimate.

Failure to identify and report suspicious transactions can lead to legal consequences for businesses, including fines, penalties, or even criminal charges.

Source: Money Laundering Statistics By Country, Demographic, Issues and Causes 

• Terrorist financing

Terrorist organizations may use funds for financing illegal activities, including acts of terrorism. Thus, facilitating terrorist financing can expose businesses to severe reputational damage and legal liabilities, as well as jeopardize public safety.

Learn more: COVID-19-related Money Laundering and Terrorist Financing – Risks and Policy Responses 

• Fraud

Fraudsters impersonate legitimate customers, leading to identity theft and financial fraud. So, effective customer due diligence can prevent fraudulent transactions and economic losses to businesses and customers.

Real-life example! Wells Fargo employees opened millions of unauthorized accounts on behalf of customers to meet aggressive sales targets. Millions of customers, including a disproportionate number of non-English speaking Americans, had their identities stolen and credit scores impacted.

• Sanctions busting

Neglecting to screen customers against sanctions lists can lead to unintentional violations of international trade embargoes. As a result, businesses may face legal actions, hefty fines, and reputational damage for breaching sanctions laws and regulations.

Real-life example! Standard Chartered Bank faced penalties for violating U.S. sanctions against Iran by processing transactions for Iranian entities.

Our next step is to explore due diligence requirements and practices that businesses must follow to verify the identity of their customers, assess the risks associated with their business relationships, and monitor transactions to detect and prevent illicit activities, including money laundering risks.

What are the customer due diligence requirements for financial institutions?

Financial institutions in the United States must create and uphold policies related to four specific activities as per the FinCEN Customer Due Diligence Rule. Specifically, they have to do the following:

1. Identify and verify customer identities

The process typically includes obtaining government-issued identification documents (such as a driver’s license or passport) and verifying the accuracy of the information about customers. Verification processes may involve comparing customer-provided information with reliable public and private data sources.

2. Identify and verify the identity of companies’ ownership

Financial institutions identify and verify the beneficial owners of legal entity customers, such as corporations, partnerships, or trusts. Beneficial ownership refers to individuals who ultimately own or control the legal entity. Financial institutions must obtain information about these beneficial owners, including their names, addresses, and ownership percentages, and verify their identities using reliable documentation.

✔️Pro tip: Consider powering the CDD procedure with online customer due diligence solutions. They simplify the process, reduce errors, and improve risk assessment efficiency.

3. Understand the nature and purpose of customer relationships

Here, a financial institution can develop risk profiles to evaluate the risk associated with each customer. It helps determine the appropriate level of due diligence and monitoring required for ongoing compliance.

4. Conduct monitoring to pinpoint suspicious activities and maintain and update customer information regarding risks

Ongoing monitoring of customer transactions and account activities helps detect unusual activities or illicit behavior. This monitoring may involve establishing baseline behavior for each customer and using automated systems or manual reviews to identify deviations from expected patterns.

Learn more: CDD Final Rule | FinCEN.gov 

As the final step of our CDD exploration, we invite you to learn our checklist. You can use it as a roadmap for the procedure.

Customer due diligence checklist: Main steps and best practices

Before we get to the point!

Let’s review some example cases when CDD is required:

1. Conducting high-value transactions (to mitigate the risk of money laundering or terrorist financing)
2. Establishing a business relationship (to assess the customer’s risk profile and the purpose of the relationship)
3. Dealing with politically exposed persons (to manage the heightened risk associated with these individuals)
4. Opening a new bank account (to verify the customer’s identity, assess the nature of the business relationship, and understand the source of funds)
5. Suspicious activity reporting (to investigate the source and purpose of the transactions and file Suspicious Activity Reports if necessary)
6. Changes in customer circumstances (to reflect the latest status and conduct appropriate risk assessments)

Customer due diligence checklists may vary based on the industry, jurisdiction, type of institution, and specific regulatory requirements. However, the main steps of CDD remain consistent, which are as follows:

Identify a customer	Identify a potential customer and define their risk profile. This step may involve reviewing identification documents and gathering business and financial history data.  CDD type: Basic customer due diligence Best practices: Ensure that the information about the customer is complete, accurate, and up-to-date Be alert to red flags indicating potential identity theft, fraud, or misrepresentation
Verify a customer’s identity	Verify your customer’s identity by checking identification documents, public records, and other sources of information. CDD type: Standard CDD (with potential for enhanced verification if risk factors exist) Best practices: Collect identity documents from reputable and independent source Verify the authenticity of identity documents through electronic verification tools or trusted databasesImplement automated solutions that can detect potential data inconsistencies or discrepancies
Assess a customer’s risk profile	When evaluating the customer’s risk profile, consider all the data gathered during the verification process. This evaluation is essential since it helps you accurately determine the appropriate CDD measures required. CDD type: Enhanced due diligence (based on risk level) Best practices: Consider the customer’s industry, geographic location, transactional behavior, and beneficial ownership Assign risk ratings to determine the appropriate level of due diligence Use risk scoring models to dynamically adjust risk assessments
Collect and verify additional information	If needed, collect additional information regarding the customer’s financial and business-related undertakings. It may involve financial statements, references from other financial institutions, and public records. CDD type: Standard CDD or EDD (based on risk assessment) Best practices: Validate the accuracy of beneficial ownership details through documentary evidence and background checks Implement enhanced due diligence measures for customers classified as high-risk
Monitor a customer’s activities	Regularly monitor and revise CDD procedures to incorporate all changes related to customers’ situations and actions. CDD type: Ongoing monitoring Best practices: Regularly review transaction monitoring alerts and conduct in-depth analyses of flagged activities Employ automated transaction monitoring systems to detect unusual patterns or suspicious activities
Report suspicious activity	If red flags or suspicious activity are identified throughout the customer lifecycle, report it to the appropriate authorities. CDD type: Standard CDD leading to Suspicious Activity Reporting Best practices: Ensure staff members are trained on recognizing and reporting suspicious behaviors or transactions promptly Maintain detailed records of SAR filings and follow-up actions taken in response

Key takeaways

• Customer due diligence is a set of measures that help you verify your customers’ identities and evaluate their risk profiles.
• CDD mitigates risks such as money laundering, terrorist financing, fraud, and sanction busting.
• Key CDD requirements include customer identification and verification, companies’ ownership identification, determining the purpose of business relationships, and conducting ongoing monitoring.
• The customer due diligence process involves six steps: customer identification, identity verification, risk profile evaluation, collecting additional data (if necessary), customer’s activity monitoring, and suspicious activity reporting.