Customer Due Diligence

Published on :

21 Aug, 2024

Blog Author :

N/A

Edited by :

N/A

Reviewed by :

Dheeraj Vaidya

What Is Customer Due Diligence (CDD)?

Customer due diligence (CDD) refers to processes utilized by businesses, including financial institutions, to collect and assess information concerning new and existing customers. Its main purpose is to uncover potential risks of carrying out business with a particular individual or organization.

Customer Due Diligence

CDD involves analyzing key information from multiple sources, such as sanction lists, the customer, and different private and public data sources. It is a regulatory requirement for an organization to start a business relationship with a customer. Typically, the information accumulated by businesses depends on customers’ risk profiles. Mainly, CDD is of three types – standard, ongoing, and enhanced.

Table of contents
  • Customer due diligence refers to the act of gathering and evaluating specific information to verify the identity of customers and assess the degree of criminal risk presented by them.
  • A key difference between KYC and customer due diligence in banking is that the former is a continuous procedure while the latter is a process carried out only once for every new customer.
  • There are various advantages of carrying out customer due diligence processes. For example, CDD improves risk management and reduces the possibility of illicit activities, including money laundering.
  • CDD can be of three types – enhanced, ongoing, and standard.

Customer Due Diligence Explained

Customer due diligence refers to the analysis or audit of individuals or businesses carried out by organizations, mainly at the time of onboarding them as customers. It aims to prevent financial crime and eliminate financial risks that may arise from forming a business relationship with certain customers. Besides being a company’s risk management strategy, CDD is a big part of know your customer (KYC) and anti-money laundering (AML) directives.

CDD requires businesses to collect their customers’ addresses and names, details concerning the business they are involved in, and how they want to utilize their accounts. Companies must verify specific information by referring to official documents like passports, incorporation documents, and more to ensure the customers are providing correct information.

Apart from the time of onboarding, businesses conduct CDD in the following scenarios.

  • Businesses may need to carry out CDD if a transaction a customer performs exceeds the regulatory limits or when a transaction involves organizations or individuals in foreign nations associated with high risk.
  • Organizations must do additional CDD scrutiny to address discrepancies if customers offer insufficient identity documents.
  • When individuals are suspected of terrorism financing or money laundering, businesses must execute more CDD checks.
  • Firms should consider performing client due diligence from time to time as long as the business relationship exists to ensure the transactions performed by the customers are in line with their established risk profiles.

Checklist

Let us look at the CDD process checklist.

#1 - Carry Out Basic CDD

The first step involves conducting a straightforward investigation, for example, verifying a customer’s identity. Usually, businesses need to conduct CDD during or prior to the beginning of their relationship with customers. This requirement applies to every customer as part of KYC regulations. Online verification of documents is one of many ways to verify customer identity.

#2 - Choose A Third Party

Often, organizations choose to work with one or multiple third parties when carrying out CDD. Such third parties may include auditors, lawyers, or persons offering CDD solutions like digital identity verification. That said, organizations must ensure third parties are trustworthy and reliable before choosing to work with them.

#3 - Decide Whether There Is A Need For Enhanced Due Diligence

If an organization finds the risk associated with a customer is high, it must conduct enhanced client due diligence checks. Also, one must remember that EDD is mandatory if organizations start a business relationship with politically exposed persons (PEP) or if a transaction involves any individual or organization from a nation associated with high risk. Moreover, it is necessary in the case of a situation associated with high money laundering risk.

#4 - Maintain All Records Securely

Businesses must maintain records of every financial transaction for a minimum of five years. This includes all details accumulated via account files, CDD measures, business correspondence, or any related analysis.

Organizations must safely document and store information acquired during the steps mentioned above.

#5 - Ensure The Records Are Up-To-Date

If the situations of customers change, businesses must amend their risk assessment and conduct additional due diligence if required.

When competent authorities request records, businesses must comply efficiently and quickly, allowing them to reconstruct individual transactions.

Requirements

Let us look at the requirements of CDD.

#1 - Customer Information

Organizations must collect customers’ government-issued identification documents, full name, tax number, email address, phone number, residential address, and other details to verify customers’ identity.

#2 - Customer Risk Profile

Based on customers’ location, identity, and business type, the business conducting CDD must sort customers into separate risk levels to determine the money laundering risk level posed by them. The risk profile of a customer determines the extent of CDD required. Low-risk customers do not require an in-depth CDD process, unlike high-risk customers.

#3 - Ongoing Monitoring

One must note that CDD does not stop after onboarding is complete. Businesses must take client due diligence measures that involve an ongoing tracking or monitoring system to keep an eye out for suspicious transactions, higher-risk customers, changing customer profiles, and more.

#4 - Business Information

Before starting a relationship with another organization, businesses must request certain information and verify the same. The exact list of details may vary across jurisdictions. That said, given below is a common baseline:

  • Trading name
  • Registration number
  • Registered corporate name
  • Office address
  • Contact details, etc.

The aim is to establish the organization’s beneficial owners. Once that is done, the company needs to verify them.

Types

The main types of client due diligence in banking are as follows:

  • Enhanced CDD: This involves a more detailed review of customers’ risk profile and activities. Companies might need to conduct it for a high-risk transaction or a transaction involving a substantial amount.
  • Standard CDD: It refers to a CDD process of accumulating basic-level information concerning customers and verifying the same.
  • Ongoing CDD: Ongoing client due diligence involves continuously tracking customers’ activities to spot red flags or changes indicating a high risk of illicit activities.

Examples

Let us look at a few customer due diligence examples to understand the concept better.

Example #1

Suppose Matthew filled out an application form to open a bank account at ABC Bank, Inc. Before opening the account and forming a business relationship, the bank conducted customer due diligence. As part of the CDD process, the bank collected Matthew’s personal information, like name and address, in addition to income-related details. Then, the bank collected income documents and government-issued identity documents to verify whether the details provided by Matthew were accurate.

Examples #2

In January 2023, Coinbase, a renowned cryptocurrency exchange, announced that it reached an agreement to make a payment of $50 million to resolve an investigation into the lapses concerning its KYC and AML practices. Moreover, the organization said that it will allocate $50 million more to enhance those programs.

As per New York regulators, by the time 2021 ended, the company had a backlog of over 100,000 transaction tracking alerts, while 14,000 clients required enhanced customer due diligence procedures.

According to the superintendent of the New York State Department Of Financial Services (NYSDFS), Adrienne Harris, Coinbase could not ensure the maintenance of a compliance program that could keep up with the rate of the organization’s growth. That failure exposed Coinbase to the risk of criminal activity, thus requiring the NYSDFS to take immediate measures.

Importance

One can go through the following points to understand the importance of customer due diligence.

#1 - Mitigating The Risks Associated With Financial Crimes

Businesses can reduce the risks of money laundering and other financial crimes by accumulating information regarding customers and monitoring their activities continuously.

#2 - Enhancing Risk Management

Client due diligence is a central element of the safety measures taken by businesses to mitigate risks for their customers and themselves.

#3 - Improving Compliance And Reputation

Besides allowing organizations to demonstrate their commitment to ethical business practices and compliance, CDD can help build trust with regulators, partners, and customers and enhance its reputation.

Customer Due Diligence vs Enhanced Due Diligence vs KYC

The concepts of customer due diligence, Enhanced due diligence, and KYC can confuse individuals new to the world of finance. Understanding their key characteristics can help them know how they differ. So, let us look at some of their noteworthy differences in the table below.

Customer Due DiligenceEnhanced Due DiligenceKYC
CDD is the key to the KYC procedure. In other words, it is a vital component of client due diligence. It is a type of CDD that businesses must conduct for higher-risk customers, requiring thorough investigation. KYC involves verifying customers' identity, risk level, and financial profile.
It is a continuous process that involves assessing a client’s risk profile throughout the business relationship. Considering it is a type of CDD, it is a continuous process, unlike KYC. Companies carry out the KYC process before starting a business relationship with new customers. 

Frequently Asked Questions (FAQs)

1. Can customer due diligence (CDD) compliance be outsourced?

Individuals must remember that companies can choose to outsource the mechanics of client due diligence. However, they will not be able to outsource the risk.

2. Who issued the customer due diligence rule?

FinCEN, or Financial Crimes Enforcement Network, issued the client due diligence rule, amending the regulations of the Bank Secrecy Act. The rule aims to prevent terrorists and criminals from exploiting organizations to carry out illicit activities and enhance financial transparency.

3. How often should customer due diligence be carried out?

There is no mandate regarding the frequency of CDD. Typically, businesses carry out CDD before CDD before or when onboarding a new customer. According to Moody’s Analytics, CDD may occur once in three years for low-risk customers, twice a year for medium-risk customers, and once a year for high-risk clients. Note that the frequency can vary from one firm to another.

4. What is a customer due diligence form?

It is a document that financial institutions create to accumulate information when carrying out CDD procedures.

This article has been a guide to what is Customer Due Diligence. We explain its checklist, types, importance, example, & comparison with KYC & enhanced due diligence. You may also find some useful articles here -