Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. This includes the customer’s name, address, and other personal data.
Businesses must carry out CDD when establishing a business relationship. For example, a bank or trading platform may need to check a customer’s passport before allowing them to create an account and deposit money into it.
Without CDD, businesses leave themselves open to fraud as well as fines for non-compliance with AML requirements. In juridictions like Cyprus, failure to comply with AML regulations can cost businesses more than one million euros.
Variations of CDD: Simplified Due Diligence and Enhanced Due Diligence
In circumstances posing a low money laundering risk, some regulators allow conducting a simplified check, known as Simplified Due Diligence (SDD). For higher-risk situations, businesses may need to perform more in-depth verification called Enhanced Due Diligence (EDD).
Simplified Due Diligence
Financial regulators don’t always require every customer to go through standard verification. SDD is a good solution for low-risk customers, such as well-known public enterprises and individuals with reliable sources of funds.
SDD doesn’t skip over any of the required CDD steps, but it allows businesses to reduce the time and extent of the verification process. For instance, SDD can be applied when customers make transactions under 100$. But, if they exceed this amount, they will have to go through the full CDD procedure.
Note: SDD may not be appropriate for certain industries, products, or jurisdictions.
Enhanced Due Diligence
There are plenty of suspicious cases that present a higher risk of money laundering, and therefore must be put through Enhanced Due Diligence (EDD). These include customers from high-risk countries, Politically Exposed Persons (PEPs), cross-border correspondent relationships with a third-country, or high transaction amounts.
The additional checks within EDD can range from requests for more information to verification of sources of wealth and funds, as well as getting senior management approval before starting the business relationship.
Customer Due Diligence Steps
We’ve broken down the CDD procedure into three steps.
Step 1: Verifying a customer
Customer Due Diligence begins by obtaining basic information about the customer. The list of required information depends on whether this customer is an individual or a company.
- Verifying an individual
The required information can differ across jurisdictions, but here’s a common baseline for verifying individuals:
- Full name;
- Residential address;
- Government-issued identification and tax number.
To verify a customer’s identity, businesses can reference a document issued by an independent and reliable source bearing the customer’s photo. This can be an ID card or a passport.
To verify a customer’s residential address, businesses can use recent (up to six-months old) utility bills, housing insurance documents, or municipal taxes and bank account statements.
If a business onboards customers remotely, automated verification is the way to go. It reduces onboarding time to a couple of minutes and increases conversion rates, without needing to hire additional employees to control the process.
- Verifying a company
When establishing a relationship with another company, businesses must request and verify certain information. While the exact list can differ across jurisdictions, here’s a common baseline:
- Registered Corporate Name;
- Trading name;
- Registration number;
- Full address of registered office and head offices;
- Principal place of business operations;
- Contact details.
The goal is to establish the beneficial owners of the company. These are the individuals that directly or indirectly own more than 25% of the company or otherwise exercise significant control over it. After the beneficial owners are identified, they must be verified.
To obtain data about the company and its beneficial owners, businesses must request original or certified copies of documents that confirm the company’s legal foundation and documents revealing all of the shareholders. Among them are certificates of incorporation, memorandum, articles of association, etc.
Note: Businesses must keep copies of documents obtained from conducting Customer Due Diligence on both individuals and companies.
Step 2: Choosing the right due diligence track
Businesses choose between regular, enhanced, and simplified due diligence based on what they know about a customer. For instance, if a bank understands that a customer is a governmental official (a PEP), it can still onboard this person, but an enhanced check is needed.
Step 3: Ongoing monitoring
The story doesn’t end once you’ve onboarded a client and established a business relationship. Due diligence is ongoing, as there’s always a chance that a customer’s profile changes over time. For instance, they can land on a PEP list, initiate a high-risk transaction, or their ID can simply expire. Keeping an eye on customer profiles and transactions can help businesses respond to any sudden crisis.
Ensuring the utmost security of remote verification
Sometimes fraudsters provide real documents and even selfies acquired on the darknet. In this case, even the most reliable verification systems won’t detect anything suspicious because no document manipulation has occurred. To stop criminals when onboarding customers remotely, businesses can introduce an additional facial biometric check called liveness. This check ensures that the real holder of the documents undergoes verification.