Get your due diligence process in order by following this CDD checklist.
Customer Due Diligence is a multi-step process that involves collecting and verifying information about a customer during onboarding. We’ve compiled a checklist to help companies streamline this process while ensuring full compliance with regulations. Read on to learn more.
CDD helps companies minimize the number of illegal activities conducted through their platform, including identity fraud or money laundering.
In case a company fails to implement efficient CDD procedures, criminals may abuse it for money laundering and other crimes. And if this occurs, the company may be held liable.
To stay safe and compliant, companies need to ensure they perform essential CDD procedures, which are covered in the list below:
A company should decide whether a client suits an established risk profile before establishing any kind of relationship with them. Most jurisdictions require the following information to be collected during the onboarding process:
If identifying a business, regulators usually require companies following to collect:
After collecting personal information, the company should verify it through comparison with government-issued documents.
How: Companies can conduct verification manually or with an automated solution. Manual solutions can allow companies more control over the verification process, while automated solutions can process large amounts of data and onboard more customers. Sumsub’s experience shows that automated approaches can save up to 40% on verification.
Suggested read: Managing KYC Dilemmas: In-house vs. Outsourced Solutions.
Some data needed for CDD is only accessible through reliable third-party sources, such as banks, lawyers, or auditors. These can improve a company’s ability to verify customer information and determine their involvement in criminal activity.
How: It should be noted that companies need to ensure that their third-party providers are trustworthy and that the shared information is reliable. This is because companies can be held liable for mistakes made by third parties. Therefore, it’s essential to check the third-party data provider’s certification prior to hiring them.
Based on the customer’s risk level, companies should choose between two types of due diligence: Simplified Due Diligence (SDD) for low-risk clients and Enhanced Due Diligence (EDD) for high-risk clients.
How: When a company implements the EDD process, it should include the following steps:
If using SDD, companies can loosen the checks by adjusting:
More information about detecting and dealing with low- and high-risk customers is available in our complete guide to the UK (which also applies elsewhere).
Not only does a company need to verify its customers, it also needs to store the collected information in case regulators request it.
How: Each country sets a timeframe during which all information about customers and their transactions must be kept. The minimum period recommended by the FATF is five years.
For example, in the US, India, and China, companies are obliged to retain information about clients for five years after the end of the customer relationship or five years after the completion of an occasional transaction. Other countries, such as Saudi Arabia and Qatar, have established a period of ten years. In El Salvador it’s even longer, at 15 years under the Bitcoin Law.
It’s a list of steps that a company needs to implement as part of its internal controls to simplify identification and verification processes and ensure compliance with regulations.
CDD requirements include:
Customer Due Diligence (CDD) is a range of measures aimed at collecting and assessing information relevant to a customer.. KYC is one of the essential elements of CDD, specifically covering identification and verification of the customer. KYC is also frequently implemented by non-AML-regulated companies that may still need to know who their clients are.
Customer Due Diligence (CDD) is an essential aspect of an Anti-Money Laundering (AML) compliance program. The CDD process is a critical part of a company’s Know Your Customer policies. Companies have to implement CDD procedures to effectively manage risks and protect them from potential involvement in criminal activities and stay compliant with the regulations.