Form a Strong Defense With Robust Customer Due Diligence

Customer due diligence (CDD) is a critical element in managing risk and shielding an organization from fraud and other financial crimes.

Regulated entities are legally required to verify customer identities, assess their activities and determine if they present risk. CDD helps organizations limit fraud and avoid fines, sanctions and bad publicity.

But CDD comes in different shapes and sizes. Slow, static CDD can create onboarding friction, delay business innovation and stymie growth. Automated, agile and intelligent CDD, on the other hand, can accelerate onboarding while ensuring compliance.

What Is CDD?

Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations are designed to limit criminal access to financial systems. CDD enables organizations to comply with AML and KYC requirements.

Simplified Due Diligence

Simplified due diligence (SDD) can be enough to satisfy legal requirements when the risk for fraud, money laundering or terrorist funding is low.

For example, low-transaction-value accounts present limited opportunities for illegal use and can be exempt from full CDD to reduce friction for customers. The thresholds that trigger CDD vary by region.

Enhanced Due Diligence

If an account type or owner poses a higher risk of money laundering or terrorist funding, it could be subject to the extra scrutiny of enhanced due diligence (EDD).

For example, many regions require EDD for a politically exposed person. Other factors that might trigger EDD include high-transaction-value accounts, those in high-risk countries or others that involve high-risk activities.

While some EDD triggers are enshrined in regional laws, it’s often a regulated organization’s responsibility to assess risk and apply the right diligence.

Brief Overview of CDD Requirements

U.S. CDD Rule

The Financial Crimes Enforcement Network (FinCEN) oversees CDD in the U.S. Regulated entities face requirements to perform due diligence on all customers, including businesses.

FinCEN’s Customer Due Diligence Final Rule establishes four critical elements for due diligence. Under the rule, organizations must have policies and procedures “reasonably designed to” establish:

• Customer identification and verification
• Beneficial ownership identification and verification
• A risk profile based on the nature and purpose of the customer relationship
• Ongoing monitoring for suspicious transactions as well as risk-based updates to customer information

The procedures are similar to customer identification program requirements for individuals, but they extend to an entity’s beneficial owners.

CDD Requirements in Canada

Reporting entities operating in Canada must comply with Canadian KYC and AML regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

The Financial Transactions and Reports Analysis Centre of Canada has published guidance for complying with the act’s reporting obligations.

CDD in the EU

Each EU member state has CDD requirements that conform to EU AML directives. The EU has established the Authority for Anti-Money Laundering and Countering the Financing of Terrorism to supervise financial sector entities at high risk of money laundering.

The authority also supports cross-border case analyses and develops technical and regulatory standards. The EU’s single AML rulebook provides the detailed measures organizations must apply to defend against money laundering.

In general, obliged entities, such as EU financial institutions and money service businesses, must enact Sixth Anti-Money Laundering and Countering the Financing of Terrorism Directive compliance procedures. The directive requires businesses to review their AML monitoring processes and identify areas for improvement in customer onboarding and other business operations.

CDD in the U.K.

The Financial Conduct Authority – the U.K. regulator for financial services firms and financial markets – favors a risk-based approach to CDD.

“Firms must have in place policies and procedures in relation to customer due diligence and monitoring, among others,” according to the FCA, “but neither the law nor our rules prescribe in detail how firms have to do this.”

In terms of performing CDD, the U.K. government has established requirements, including that organizations:

• Identify the customer
• Verify the customer’s identity
• Assess the purpose of the business relationship

Technology and Processes That Fuel Robust CDD

Best CDD practices often blend practical compliance strategies with automated verification to streamline compliance, improve efficiency and reduce risk.

Steps that can lead to a strong CDD program include:

• Verifying customer identities
• Assessing third-party data sources
• Securing the data
• Determining if there is a need for EDD
• Ensuring the process can be audited

Financial accounts and risk profiles vary widely. Many regulatory authorities take those risk profiles into account to create different CDD levels.

A risk-based approach to onboarding continually adapts risk controls to match specific circumstances. It’s a flexible strategy that helps organizations optimize performance for regulatory compliance, market realities, security, growth and onboarding speed.

The process can quickly escalate to EDD by adding, for instance, identity document verification and watchlist screening through a single onboarding workflow.

Risk profiles, regulations and onboarding strategies regularly evolve. Flexibility, automation and market expertise help organizations ensure they quickly adapt to change and apply the right CDD.