Customer Due Diligence: the Process and It’s Types

What are Customer Due Diligence and Enhanced Due Diligence?
Customer Due Diligence: the Process and It's Types

What is Customer Due Diligence?

Customer Due Diligence or CDD, is the process where relevant information about the customer is collected and evaluated for any potential risk for the organization or money laundering/terrorist financing activities.

CDD is essential for KYC, and although these processes differ around the globe, they have a single aim—to identify your customer and their activities. Then customer’s risk profile is assessed and followed by basic Customer Due Diligence, Enhanced Due Diligence (EDD) or Simplified Due Diligence (SDD).

Before addressing what determines SDD and EDD, let’s see the steps of our standard CDD flow.

Step 1: asking for essential user data 

Every customer due diligence begins by obtaining basic information about the client. These are not necessarily equal across jurisdictions.

  1. Full name;
  2. Residential address;
  3. Contact number and an email address;
  4. Place and date of birth;
  5. Gender;
  6. Nationality;
  7. Marital status;
  8. Government-issued identification and tax number;
  9. Occupation;
  10. Specimen signature.

Once these basic data are submitted, a business can analyze it and figure out which way to go next. 

Step 2: data screening 

Data screening is the next stage of performing CDD. Here, it all about risk evaluation. Customer data is checked via name-screening databases used to evaluate the risk category. In other words, here we decide whether customer due diligence checks should remain standard, eased to simplified due diligence, or reinforced to enhanced due diligence.

Perhaps, the country of residence of a person is considered a high-risk region or the individual’s data is already registered and constantly monitored in the public domain. Both of these scenarios will require special treatment. Let’s see what goes next.

Step 3: following the right due diligence track (SDD, CDD, EDD)

There are different levels of CDD to evaluate and check different users. For example, a politically exposed company executive might require EDD, while CDD will be enough for an account-holder with low transaction values.

1. What if customer due diligence is enough

The most standard and frequently practiced user verification and onboarding flow is CDD.

  • CDD triggers

Any onboarding flow that didn’t find simplified or enhanced due diligence needed.

  • CDD measures

A basic KYC process with customer background checks to measure the risk they pose, before dealing with them.

Note: CDD is the requirement in many jurisdictions and applies to financial institutions as well as to crypto business (ex. European 5AMLD).

2. What if you need simplified due diligence

Financial regulators don’t necessarily require each user to go through CDD, a simplified flow might be just right for low-risk customers. SDD is a minimum check that can be carried out on a user. 

  • SDD triggers

Usually, if the client is a well-known public authority (the UK), listed on a regulated market or their transaction is below a certain amount, to remove unnecessary friction, they are exempt from tougher CDD checks.

  • SDD measures

Unlike in standard or enhanced due diligence, SDD doesn’t require verifying your customer’s identity.

Note: Each jurisdiction will set their own rules and thresholds as to when SDD would be enough to check a client.

3. What if you need enhanced due diligence

Looking the other way, there are plenty of suspicious cases that require careful examination across data sources. Users with higher-risk of money laundering (ML) or terrorist financing (TF) must be put through EDD.

  • EDD triggers

Factors that trigger enhanced due diligence are beneficial ownership, politically exposed person (PEP) identifier, connections with high-risk countries, high transaction amounts, involvement in high-induced activities.

  • EDD measures

The additional checks within EDD can be anything from requests for more information to the verification of identity or source of income. As a part of the EDD, the business relationship with a risky customer starts only once there is an approval from the senior management.

Note: Check in with the regulatory rules and thresholds in your jurisdiction to be certain of when a client will have to go through EDD.

EDD and SDD are not only something that can be demanded by certain legislation, but it is also an adequate measure that companies implement to benefit their platform. You can be getting rid of extra questions to your low-risk clients or implementing extra checks to keep your platform safe from criminal actors and any money laundering related activity.

Step 4 (ongoing): customer monitoring

The story doesn’t end once you have onboarded a client and established business relationships. Due diligence keeps going as there is always a chance of your client’s profile changing — getting into a PEP list, involving itself in high-risk transactions, or straight up committing fraud.

Again, keeping an eye on the client’s transactions and their risk-rating of their profiles guarantees that a business can promptly react to any crises, or rather, prevent it and stay compliant with the regulator they are registered with. 

Staying manual vs. going automated

It is safe to say that automation would be a better choice in every considerable aspect.

Automated checks 

  • Quick to verify, onboard customers (0.30-2 min) and good at increasing conversion;
  • Cost-efficient and don’t require to hire many people to control the process;
  • Show extensive coverage as clients can be precisely checked and screened across dozens of databases within seconds.

Manual checks

  • Inaccurate and slow (~10 min) as people are more error-prone and need more time to review data manually. It also won’t be possible to reach many of the available data sources;
  • Expensive as it needs a big team of compliance professionals to do the job.

While manual checks can potentially work for small local businesses, for big corporations it is highly impossible to onboard thousands of users manually. Nowadays, when businesses are looking for better, faster, more efficient solutions, modern KYC/AML software is the answer to all of the most burning ML and TF risk-related needs.

Looking for helpful tools?

KYC/AML tools are your perfect allies when it comes to building your own due diligence flow. Functionality-wise it can take over the whole process rendering it completely automated.

  • Automatically check a customer’s background against various databases and sanction lists;
  • Make the onboarding process easier for your team and your client;
  • Respond to any changes in regulatory laws faster.

Sumsub complete toolkit for KYC/AML checks will help you protect your business from financial crimes.

Frequently Asked Questions about CDD

What is Customer Due Diligence (CDD)?

CDD is a process, where relevant information about a customer is collected and subsequently evaluated to determine the risk of money laundering.

The three levels of Customer Due Diligence

Simplified, customer, and enhanced due diligence.

Why does a bank have CDD procedures?

Banks apply CDD checks to verify their clients’ identities and ensure that none of the clients are involved in financial crimes.

Where can I learn about CDD?

CDD is a standard due diligence check that many businesses are required to use. Get some insights on how to conduct this procedure by reading Sumsub's blog.

Sign up for our Newsletter