CDD (Customer Due Diligence) is an essential aspect of an AML compliance program. To manage your risks effectively and protect your business from potential involvement in financial, terroristic and other criminal activities or being associated with them.
CDD process is a critical part of KYC (Know Your Customer) policy of a company. For not having a reliable and compliant KYC, financial institutions are obliged to pay penalties and ICOs have to return all the received funds (like in the cases of most Chinese ICOs or Protostarr).
CDD differs a little on a global level; however, ‘reasonable steps’ required by regulators, stay the same. It is a process of identifying each customer and understanding their activities. With the information obtained during identification, you can form the risk profile for each client.
In Enhanced Due Diligence (EDD) additional information is collected, but it is necessary only for high-risk customers. In order to determine what level of due diligence is required, you can use customer risk assessments.
We have prepared a checklist to help you improve Customer Due Diligence procedures.
The Ultimate CDD Checklist
1. Decide if a client suits your established risk profile before establishing any kind of relations with him. Collect or ask for:
- Full name of customer
- Genuine photograph of the customer’s official document such as a passport
- Residential address of the customer (you can get it from the utility bills, telephone bills or bank statements)
- Confirmation of involvement of the beneficial owner
- In case of involvement, you need to conduct an Identity checking of the beneficial owner (full name, a photograph of official documents, residential address, and the relationship between the beneficial owner and customer
- Confirmation of the business relationships with the customer (purpose of the planned transactions and the source of funds)
- Confirmation of whether the customer is included in PEP lists, sanctions and other watchlists
- Detailed anti-money laundering policies and procedures
2. Structure your process while using third parties’ databases.
Some data needed for CDD is only accessible through a reliable third-party provider. Banks, lawyers, auditors or professional databases may help you perform due diligence. But you should know whom to choose — at the end you take the full responsibility for the KYC — not the third party.
3. Organize secure and compliant data storage.
A non-comprehensive CDD process can also create a potential risk for your company. Not only do you need to verify your customers, but also to store the collected information in case regulators will have any suspicions regarding some of your clients. Processing and storing personal data digitally is a big issue in the era of GDPR and should be discussed separately. Read the guide on how to stay compliant.
4. Determine whether you need to conduct Enhanced Due Diligence (EDD) or not.
These are the Indicators or “red flags” showing that EDD is necessary for you:
- High-risk location of the customer;
- Risky type of transactions;
- Unexpected pattern of activity (transaction types, frequency of transactions);
- Unexpected method of payment;
- Data matching with PEPs or other watchlists.
For more details on Enhanced Due Diligence and its indicators, read our article here
5. Keep the data on hand.
Store all the records for each customer in a digital form and be ready to provide it by regulators requests.