Aug 20, 2022
4 min read

Customer Due Diligence (CDD): The Process and Its Types

To onboard a customer, it's not enough to collect their personal data. You also need to check that this data isn't fake.

What is Customer Due Diligence?

Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. This includes the customer’s name, address, and other personal data.

Businesses must carry out CDD when establishing a business relationship. For example, a bank or trading platform may need to check a customer’s passport before allowing them to create an account and deposit money into it.

Why is CDD important?

Without CDD, businesses leave themselves open to fraud as well as fines for non-compliance with Anti-Money Laundering (AML) requirements. In juridictions like Cyprus, failure to comply with AML regulations can cost businesses more than one million euros.

What is CDD in the KYC process?

CDD and KYC often get confused. “Customer Due Diligence” is a specific legal term that applies to all regulations, while the meaning of “Know Your Customer” can slightly differ from jurisdiction to jurisdiction. In other words, CDD involves a specific list of procedures set by law, while the list of required KYC checks may vary. Learn more about KYC and its importance from our previous article.

Variations of CDD: Simplified Due Diligence and Enhanced Due Diligence

In circumstances posing a low money laundering risk, some regulators allow conducting a simplified check, known as Simplified Due Diligence (SDD). For higher-risk situations, businesses may need to perform more in-depth verification called Enhanced Due Diligence (EDD).

Simplified Due Diligence

Financial regulators don’t always require every consumer to go through the full verification process. SDD is a good solution for low-risk customers, such as well-known public enterprises and individuals with reliable sources of funds.

SDD doesn’t skip over any of the essential CDD steps, but it does allow businesses to reduce the time and extent of the verification process. For instance, SDD can be applied when customers make transactions under 100$. But, if they exceed this amount, they will have to go through the full CDD procedure.

SDD may not be appropriate for certain industries, products, or jurisdictions.

Enhanced Due Diligence

There are plenty of suspicious cases that present a higher risk of money laundering and therefore must be put through Enhanced Due Diligence (EDD). These include customers from high-risk countries, Politically Exposed Persons (PEPs), cross-border correspondent relationships with a third-country, or high transaction amounts.

The difference between CDD and EDD is in the number of checks conducted by companies. Additional assessment within EDD can range from requests for more information to verification of sources of wealth and funds, as well as getting senior management approval before starting the business relationship.

Customer Due Diligence Requirements

The list of information required for collection depends on whether the customer is an individual or a company.

Verifying an individual

The required information can differ across jurisdictions, but here’s a common baseline for verifying individuals:

  1. Full name;
  2. Residential address;
  3. Government-issued identification and tax number.

To verify a customer’s identity, businesses can reference a document issued by an independent and reliable source bearing the customer’s photo. This can be an ID card or a passport.

To verify a customer’s residential address, businesses can use recent (up to six-months old) utility bills, housing insurance documents, or municipal taxes and bank account statements.

If a business onboards customers remotely, automated verification is the way to go. It reduces onboarding time to a couple of minutes and increases conversion rates, without needing to hire additional employees to control the process.

Verifying a company

When establishing a relationship with another company, businesses must request and verify certain information. While the exact list can differ across jurisdictions, here’s a common baseline:

  1. Registered corporate Name;
  2. Trading name;
  3. Registration number;
  4. Full address of registered office and head offices;
  5. Principal place of business operations;
  6. Contact details.

The goal is to establish the beneficial owners of the company. These are the individuals who directly or indirectly own more than 25% of the company or otherwise exercise significant control over it. After the beneficial owners are identified, they must be verified.

Customer Due Diligence Process

We’ve broken down the CDD procedure into three steps.

Step 1: Verifying a customer

Customer Due Diligence begins by obtaining basic information about the customer. The list of required data is provided in the section above. 

To obtain data about a customer that is a company, including information on beneficial owners, original or certified copies of documents that confirm the company’s legal foundation and shareholders must be requested. Among them are certificates of incorporation, memorandum, articles of association, etc.

All copies of documents obtained from conducting Customer Due Diligence on both individuals and companies must be retained.

Step 2: Choosing the right due diligence track

Businesses can choose between regular, enhanced, and simplified due diligence based on what they know about a customer. For instance, if a bank understands that a customer is a government official (a PEP), it can still onboard this person, but an enhanced check is needed.

Step 3: Ongoing monitoring

The story doesn’t end once you’ve onboarded a client and established a business relationship. It continues with ongoing monitoring. Due diligence needs to be continuous as there’s always a chance that a customer’s profile changes over time. For instance, they can land on a PEP list, initiate a high-risk transaction, or their ID can simply expire. Keeping an eye on customer profiles and transactions can help businesses respond to any sudden crisis.

CDD in different industries

While CDD requirements are mostly similar across industries, there are certain nuances. Learn more about CDD specificities by industry, including in banking, in forex, and in fintech.

Ensuring the utmost security of remote verification

Sometimes fraudsters provide real documents or selfies acquired on the darknet. In such cases, even the most reliable verification systems may not detect anything suspicious because no document manipulation has occurred. To stop criminals when onboarding customers remotely, businesses can introduce an additional facial biometric check called liveness. This check ensures that the true document holder undergoes verification.

Looking for helpful tools? Sumsub’s complete toolkit for KYC/AML checks will help protect your business from financial crimes.


  • What is the purpose of CDD?

    The purpose of CDD is to stay compliant with AML regulations and mitigate fraud-related risks by ensuring you know the identity of your customers (in particular, by checking the authenticity of provided documents).

  • What does CDD mean in compliance?

    Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. This may include the customer’s name, address, and other personal data.

  • What is CDD and AML?

    Anti-Money Laundering (AML) is a regulatory framework aimed at combating financial crime (primarily money laundering) by prescribing financial institutions and other regulated entities to implement certain measures and procedures. CDD is one such measure, whereby businesses identify and verify the identity of their customers, define customer risk profiles and perform ongoing monitoring of their activity.

  • What is CDD vs KYC?

    Customer Due Diligence (CDD) is a range of measures aimed at collecting and assessing relevant information about a customer. This term is normally used in AML regulations. KYC is one of the essential elements of CDD, covering identification and verification of the customer’s identity specifically. KYC is also frequently implemented by non-AML-regulated companies that may still need to know who their clients are.

  • What is CIP vs CDD?

    Final Customer Identification Programs (CIPs) are required by the USA Patriot Act, obliging financial institutions to verify their customers’ identity.