Customer due diligence is just one of the procedures that certain businesses are required to conduct on their customers in the ongoing fight against money laundering and other financial crime.
As well as meeting regulations, CDD is essential for avoiding reputational damage, maintaining good relationships with customers and partners, and helping to combat the consequences of global criminal activity.
In this article, we explain what CDD is, when it’s required, your key CDD requirements, and why CDD is so important.
What is customer due diligence (CDD)?
CDD is a process used by businesses to verify their customers’ identities and to determine what level of risk they represent.
CDD is a legal requirement and is integral to meeting Anti Money Laundering (AML) and Know Your Customer (KYC) regulations, which aim to prevent financial crime, terrorist financing, fraud, and ensure compliance with global sanctions requirements.
At the basic level of CDD, you are required to collect information in order to verify customer’s identities, assess their business activities and the sector they operate in, and conduct ongoing monitoring of their risk profile.
When is customer due diligence required?
If your company falls within the scope of AML regulations, you must conduct CDD checks as soon as you begin a business relationship with a new or potential customer.
This is the case whether you are entering into an ongoing relationship or even if the relationship constitutes only a single transaction.
Financial businesses, accountancy firms, estate agencies, high-value art dealers, and any business that handles large cash payments are likely to fall under AML, though the rules and specific financial thresholds can vary depending on your jurisdiction. If you’re unsure whether they apply to your business, make sure to check with the authority responsible for supervising AML regulations in your country or region.
If the customer poses a particularly high risk, is considered a politically exposed person (PEP), or engages in transactions with entities in high-risk regions, enhanced due diligence checks may be necessary.
What are the 4 customer due diligence requirements?
There are four main CDD requirements. They are:
- Determining and confirming customer identities - this could include collecting the name, address, date of birth, phone number, email, occupation, tax ID, and official identity documents (driver’s license, passport or government-issued ID card) of any new or potential customer. Proof of address can come from a bank statement or utility bill. This information should be corroborated through third party sources.
- Establishing and authenticating the ownership structure of businesses - including identifying and verifying the identity of any person who has a stake of 25% or more in a legal entity, as well as anyone who owns, controls or profits from that entity. You should also seek additional information about the customer’s business model and the source of their funds.
- Grasping the essence and intent behind customer or client relationships to create risk profiles - risk assessment is at the core of due diligence. It’s important to understand the extent to which the activities the customer is involved could present a risk to your business. For that reason, you should consider conducting an analysis of their activities, the sectors they operate in, and any other entities they do business with, and screen them against government sanctions or PEP lists. You can then assign them a risk level, which will determine whether further due diligence is necessary.
- Continuously observing for unusual activities or transactions and regularly updating customer data in line with perceived risks and their severity - ongoing monitoring is the final element of CDD, which should continue for the duration of the customer-business relationship. You should consider establishing a system to monitor your customers, which could include the use of automated systems to flag anomalies like suspicious transactions or unusual behavior. A customer’s risk rating should be updated throughout the relationship if there’s any relevant change in their status or activities.
CDD & money laundering
CDD plays a vital role in the fight against money laundering.
Money laundering is any attempt to disguise the origins of money obtained through illicit means, often by transferring funds through legitimate financial institutions. For example, a common tactic is to break up large deposits into much smaller chunks in order to avoid triggering alerts for unusually large transactions.
By conducting CDD, organizations have a better chance of identifying any suspicious activity that could be evidence of money laundering and, if necessary, alert supervising authorities or law enforcement.
CDD is just one of the procedures, alongside various laws, rules, and processes, that fall under the umbrella of AML regulations.
CDD & KYC
CDD and KYC are closely related. KYC refers to the application of CDD in order to verify new and potential clients, understand their activities and the source of their funds, and screen them against lists of criminal suspects or government sanctions lists.
Why is customer due diligence important for businesses?
There are a number of reasons why it is so important for businesses to conduct CDD including:
- Preventing criminal activity - One of the key aims of CDD is to prevent crimes such as fraud and money laundering.
- Avoiding fines - regulators levy significant fines for non-compliance with AML, with billions of dollars levied since 2009.
- Avoiding reputational damage - an AML incident resulting from failing to take your CDD responsibilities seriously could result in significant reputational damage, which could impact your relationships with customers and other businesses.
- Staying ahead of cybercrime - CDD involves thorough identity verification processes. By verifying the identity of customers through various means such as document checks and biometric authentication, businesses can ensure that they are dealing with legitimate individuals and that they stay ahead of the ever more sophisticated techniques used by cybercriminals.
- Maintaining trust - Trust is paramount in the payments industry. Customers expect their financial information to be handled securely. CDD helps businesses ensure that they are dealing with legitimate customers, which in turn builds trust.
Customer due diligence tips for businesses
Now we know when CDD is needed, the four requirements, and why it’s so important, let’s look at some tips to help your business implement your own approach to CDD:
- Confirm the identity of customers - at the very start of the business-customer relationship, regardless of whether it will be ongoing or just involve one transaction, you must confirm your customer’s identity by gathering personal information and verifying documents (e.g. passports or driver's license for ID, and bank statements or utility bills for address), which are required by KYC regulations. You must also assess their business activities and relationships.
- Evaluate external information sources - you should also recruit the services of trusted third parties in order to verify this information. These could be lawyers, regulators, or a digital identity verification provider, which can help with the efficiency and accuracy of your checks.
- Safeguard your data - as well as monitoring transactions, you’re legally required to keep records of all transactions for a minimum of five years, including any information you’ve collected on your customers, and any communication you’ve had with them. This information is extremely sensitive, so you must implement robust security measures to safeguard it from hackers.
- Implement required supplementary actions - if the customer is labeled high risk, you may have to conduct EDD checks, which involves a more thorough investigation of their activities. You should also continually monitor their activities to look for suspicious transactions and to update their risk profile if there is any change in their activities or circumstances. For example, if there is a change in business ownership.
- Be prepared for audit evaluations - it’s important to conduct internal audits on the effectiveness of your CDD procedures. This could include performing walkthroughs to assess the competence of any staff that are responsible for CDD, reviewing high risk accounts and processes, and reviewing management’s response to violations. This will help you prepare for external audits, which can help to discover any limitations in your CDD process that you can then address before they create problems that require involvement from regulators.
How Checkout.com can help you verify your customers properly
Checkout.com’s identity verification tools provide a fast and accurate way to fight online fraud, verify new users, and support your compliance obligations, all while offering a streamlined user experience that will boost your conversions.
Video verification, which uses AI-powered prompts to guide users, continually learns to optimize performance and minimize mistakes. It’s twice as fast as photo-based methods and can improve conversions by 30%. You can also combine automated and human review procedures, which drive efficiency and reduce costs while helping you remain vigilant to multiple threats.
What’s more, the user flow is entirely customizable, allowing you to tailor the experience to your brand and to personalize instructions, which helps to improve trust with users.
Finally, results are delivered in seconds, and you receive detailed identification information via your client dashboard, making it easy to see the status of checks and extract vital data.
Find out more about identity verification with Checkout.com.
The contents of this blog post do not constitute legal advice and are provided for general information purposes only.