Customer due diligence (CDD) is the process by which banks and other financial institutions (FIs) identify and verify individuals before they become customers, and how they then assess risk throughout a customer’s lifecycle.
CDD is a process used by financial institutions to verify a persons identity and to assess any risk associated with them. This might be a process that takes place before a new customer is onboarded or it might happen at intervals throughout the customer’s lifecycle with the bank to ensure nothing has changed in their risk profile.
Customer due diligence is designed to prevent criminals and terrorist organizations from gaining access to the legitimate financial system to move and launder money acquired through illegal means. Bad actors use a variety of methods to disguise the source of funds being placed with a bank. Therefore, banks need to take due care to check each customer’s legitimacy. As the international monetary fund (IMF) states “An effective anti-money laundering [AML]/counter financing of terrorism framework must address [two] risk issues: it must prevent, detect and punish illegal funds entering the financial system and the funding of terrorist individuals, organizations and/or activities.”
A bank’s approach to prevention, detection, and punishment starts with CDD, aimed at using data to identify and verify a customer to ensure they aren't a criminal. This is the start of a know your customer (KYC) and risk management process that goes on throughout the duration of a customer’s relationship with a bank. Due diligence could be carried out on a person opening a current account or it could be investigating a person who owns a business the bank will be transacting with. The FI wants to understand the individual and their source of funds to ensure they are legitimate and to comply with regulation. The aim of CDD is to create clarity for FIs so they know who they are doing business with and the risks of doing business with them.
Four requirements of CDD
The total amount of fines issued in 2021 by the Financial Conduct Authority (FCA) for non-compliance with regulation was £567,765,219.95. Apart from the direct financial loss caused by a fine, the damage to reputation in the financial services industry, where trust is key to profits, is immeasurable. It is essential all FIs have a thorough CDD process.
Each country will have its own AML and counter-terrorist financing regulations, however there are four core pillars that are similar the world over.
1. Identify and verify the identity of customers
2. Identify and verify the identity of the beneficial owners of companies opening accounts
3. Understand the nature and purpose of customer relationships to develop customer risk profiles
4. Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information
In the UK, CDD is required to comply with anti-money laundering regulations that are overseen by the FCA. In the EU, anti-money laundering directives (AMLD) are updated and published periodically to harmonize regulation across member states.
There is also a global Financial Action Taskforce (FATF) with 36 member states that include all the major financial centers in the world and whose published standards comprise “a comprehensive and consistent framework of measures, which countries should implement in order to combat money laundering and terrorist financing…”
What checks are carried out as part of CDD?
To know who you are doing business with and to assess the risks of doing business with them, data checks are needed. These CDD checks fill in the picture of who the customer is and what kind of risk they might pose to you.
PassFort, a Moody's Analytics company, can orchestrate the end-to-end customer due diligence process. It can automate any required data checks with leading sources of identity, fraud, and AML information to build a risk profile for each customer. Then you can create a clearer picture of whether you should work with this customer or not.
A series of data checks might include:
· Electronic identity checks
· Geocoding checks
· ID and visa verification
· Trustee and charity details
· PEPs and sanctions screening
· Negative news or negative media screening
· Ultimate business ownership (UBO) detection and shareholder identification
· And Fraud checks
New regulatory technology for a new economy
KYC and CDD activities were previously carried out with manual checks on an individual or corporate customer. This was time-consuming and inefficient, particularly in the world of corporate finance where uncovering company ownership information and identifying UBOs is complex and difficult. Now these processes are automated using regtech solutions, like PassFort.
PassFort can digitize your risk management and compliance processes; integrate data checks with leading providers like Moody’s Analytics Orbis, GRID and kompany; provide a flexible risk engine to automatically build and update a risk profile for each customer; offer a full case management system where profiles can be reviewed and assessed; and deliver a platform for direct communication with customers, and document collection and storage.
Electronic ID checks, checks for politically exposes persons (PEPs), sanctions, adverse media and other risk factors can be automatically executed in a series of tasks defined by you to ensure you know your customers, are complying with AML regulation, conducting ongoing monitoring, and delivering efficiencies as a business.
Get in touch
Please get in touch to talk about how you manage customer due diligence. We would love to work with you to make it more efficient for your team and a better experience for your customers – while stopping criminals from exploiting your business.