Customer Due Diligence is an essential aspect to manage your risks effectively and protect the business from potential involvement in financial, terroristic and other criminal activities or being associated with them. CDD process is critical for KYC. For not having a reliable and compliant KYC financial organisations are obliged to pay penalties and ICOs have to return all the received funds (it happened to almost every Chinese ICO
CDD differs a little on a global level , however reasonable steps, which are asked by regulators, stay the same. It involves identifying each customer and understanding their activities. With this information you can form the risk profile for each client.
Enhanced Due Diligence (EDD) is an additional information. It is necessary only for some cases, when data for high-risk customers should be collected. In order to determine what level of due diligence is required you can use customer risk assessments.
We have prepared a checklist to help you improve Customer Due Diligence procedures.
2. Structure your process while using third parties' databases.
- Decide if a client suits your established risk profile before establishing any kind of relations with him. Collect or ask for:
- Full name of customer
- Genuine photograph of the customer's official document such as a passport
- Residential address of the customer (you can get it from the utility bills, telephone bills or bank statements)
- Confirmation of involvement of the beneficial owner
- In case of involvement, you need to conduct an Identity checking of the beneficial owner (full name, a photograph of official documents, residential address, and the relationship between the beneficial owner and customer
- Confirmation of the business relationships with the customer (purpose of the planned transactions and the source of funds)
- Confirmation of whether the customer is included in PEP lists, sanctions and other watchlists
- Detailed anti-money laundering policies and procedures
Some data needed for CDD is only accessible through a reliable third-party provider. Banks, lawyers, auditors or professional databases may help you perform due diligence. But you should know whom to choose — at the end you take the full responsibility for the KYC — not the third party. 3. Organize secure and compliant data storage.
Comprehensive CDD process can also create a potential risk for your business. Not only you need to verify your customers, but also to store the collected information in case regulators will have any suspicions regarding some of your clients. processing and storing personal data digitally is a big issue in the era of GDPR and should be discussed separately. Read the guide on how to stay compliant
. 4. Determine whether you need to conduct Enhanced Due Diligence (EDD) or not.
These are the Indicators showing that EDD is necessary for you:
5. Keep the data on hand.
- High-risk location of the customer
- Risky type of transactions
- Unexpected pattern of activity (transaction types, frequency of transactions)
- Unexpected method of payment
- Data matching with PEPs or other watchlists
Store all the records for each customer in a digital form and be ready to provide it by regulators requests.