To onboard a customer, it's not enough to collect their personal data. You also need to check that this data isn't fake.
Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. This includes the customer’s name, address, and other personal data.
Businesses must carry out CDD when establishing a business relationship. For example, a bank or trading platform may need to check a customer’s passport before allowing them to create an account and deposit money into it.
Without CDD, businesses leave themselves open to fraud as well as fines for non-compliance with Anti-Money Laundering (AML) requirements. In juridictions like Cyprus, failure to comply with AML regulations can cost businesses more than one million euros.
CDD and KYC often get confused. “Customer Due Diligence” is a specific legal term that applies to all regulations, while the meaning of “Know Your Customer” can slightly differ from jurisdiction to jurisdiction. In other words, CDD involves a specific list of procedures set by law, while the list of required KYC checks may vary. Learn more about KYC and its importance from our previous article.
In circumstances posing a low money laundering risk, some regulators allow conducting a simplified check, known as Simplified Due Diligence (SDD). For higher-risk situations, businesses may need to perform more in-depth verification called Enhanced Due Diligence (EDD).
Financial regulators don’t always require every consumer to go through the full verification process. SDD is a good solution for low-risk customers, such as well-known public enterprises and individuals with reliable sources of funds.
SDD doesn’t skip over any of the essential CDD steps, but it does allow businesses to reduce the time and extent of the verification process. For instance, SDD can be applied when customers make transactions under 100$. But, if they exceed this amount, they will have to go through the full CDD procedure.
SDD may not be appropriate for certain industries, products, or jurisdictions.
There are plenty of suspicious cases that present a higher risk of money laundering and therefore must be put through Enhanced Due Diligence (EDD). These include customers from high-risk countries, Politically Exposed Persons (PEPs), cross-border correspondent relationships with a third-country, or high transaction amounts.
The difference between CDD and EDD is in the number of checks conducted by companies. Additional assessment within EDD can range from requests for more information to verification of sources of wealth and funds, as well as getting senior management approval before starting the business relationship.
The list of information required for collection depends on whether the customer is an individual or a company.
The required information can differ across jurisdictions, but here’s a common baseline for verifying individuals:
To verify a customer’s identity, businesses can reference a document issued by an independent and reliable source bearing the customer’s photo. This can be an ID card or a passport.
To verify a customer’s residential address, businesses can use recent (up to six-months old) utility bills, housing insurance documents, or municipal taxes and bank account statements.
If a business onboards customers remotely, automated verification is the way to go. It reduces onboarding time to a couple of minutes and increases conversion rates, without needing to hire additional employees to control the process.
When establishing a relationship with another company, businesses must request and verify certain information. While the exact list can differ across jurisdictions, here’s a common baseline:
The goal is to establish the beneficial owners of the company. These are the individuals who directly or indirectly own more than 25% of the company or otherwise exercise significant control over it. After the beneficial owners are identified, they must be verified.
We’ve broken down the CDD procedure into three steps.
Customer Due Diligence begins by obtaining basic information about the customer. The list of required data is provided in the section above.
To obtain data about a customer that is a company, including information on beneficial owners, original or certified copies of documents that confirm the company’s legal foundation and shareholders must be requested. Among them are certificates of incorporation, memorandum, articles of association, etc.
All copies of documents obtained from conducting Customer Due Diligence on both individuals and companies must be retained.
Businesses can choose between regular, enhanced, and simplified due diligence based on what they know about a customer. For instance, if a bank understands that a customer is a government official (a PEP), it can still onboard this person, but an enhanced check is needed.
The story doesn’t end once you’ve onboarded a client and established a business relationship. It continues with ongoing monitoring. Due diligence needs to be continuous as there’s always a chance that a customer’s profile changes over time. For instance, they can land on a PEP list, initiate a high-risk transaction, or their ID can simply expire. Keeping an eye on customer profiles and transactions can help businesses respond to any sudden crisis.
While CDD requirements are mostly similar across industries, there are certain nuances. Learn more about CDD specificities by industry, including in banking, in forex, and in fintech.
Sometimes fraudsters provide real documents or selfies acquired on the darknet. In such cases, even the most reliable verification systems may not detect anything suspicious because no document manipulation has occurred. To stop criminals when onboarding customers remotely, businesses can introduce an additional facial biometric check called liveness. This check ensures that the true document holder undergoes verification.
The purpose of CDD is to stay compliant with AML regulations and mitigate fraud-related risks by ensuring you know the identity of your customers (in particular, by checking the authenticity of provided documents).
Customer Due Diligence (CDD) is the process of collecting and verifying information about a customer during onboarding. This may include the customer’s name, address, and other personal data.
Anti-Money Laundering (AML) is a regulatory framework aimed at combating financial crime (primarily money laundering) by prescribing financial institutions and other regulated entities to implement certain measures and procedures. CDD is one such measure, whereby businesses identify and verify the identity of their customers, define customer risk profiles and perform ongoing monitoring of their activity.
Customer Due Diligence (CDD) is a range of measures aimed at collecting and assessing relevant information about a customer. This term is normally used in AML regulations. KYC is one of the essential elements of CDD, covering identification and verification of the customer’s identity specifically. KYC is also frequently implemented by non-AML-regulated companies that may still need to know who their clients are.
Final Customer Identification Programs (CIPs) are required by the USA Patriot Act, obliging financial institutions to verify their customers’ identity.