CDD (Customer Due Diligence) is an essential aspect of an AML compliance program. To manage your risks effectively and protect your business from potential involvement in financial, terroristic and other criminal activities or being associated with them.
CDD process is a critical part of KYC (Know Your Customer) policy of a company. For not having a reliable and compliant KYC, financial institutions are obliged to pay penalties and ICOs have to return all the received funds (like in the cases of most Chinese ICOs or Protostarr).
CDD differs a little on a global level; however, ‘reasonable steps’ required by regulators, stay the same. It is a process of identifying each customer and understanding their activities. With the information obtained during identification, you can form the risk profile for each client.
In Enhanced Due Diligence (EDD) additional information is collected, but it is necessary only for high-risk customers. In order to determine what level of due diligence is required, you can use customer risk assessments.
We have prepared a checklist to help you improve Customer Due Diligence procedures.
Some data needed for CDD is only accessible through a reliable third-party provider. Banks, lawyers, auditors or professional databases may help you perform due diligence. But you should know whom to choose — at the end you take the full responsibility for the KYC — not the third party.
A non-comprehensive CDD process can also create a potential risk for your company. Not only do you need to verify your customers, but also to store the collected information in case regulators will have any suspicions regarding some of your clients. Processing and storing personal data digitally is a big issue in the era of GDPR and should be discussed separately. Read the guide on how to stay compliant.
These are the Indicators or “red flags” showing that EDD is necessary for you:
For more details on Enhanced Due Diligence and its indicators, read our article here
Store all the records for each customer in a digital form and be ready to provide it by regulators requests.