There are levels of due diligence. An organization may apply Simplified Due Diligence or SDD, if it determines that, taking into account its risk assessment, the business relationship or transaction presents a low degree of risk of money laundering/terrorist financing.
Nonetheless, it is important to note that SDD measures do not mean any due diligence. Clearly, for operational purposes, the firm will still need to maintain a base of information about the customer. Some mutual evaluations, including those relating to EU member states, have criticized the SDD measures permitted.
The Levels of Due Diligence
The general rule is that customers must be subject to the full range of CDD measures, including the requirement to identify the beneficial owner. Nevertheless, there are circumstances where the risk of money laundering or terrorist financing is lower, where information on the identity of the customer and the beneficial owner of a customer is publicly available.
Where adequate checks and controls exist elsewhere in national systems. In such circumstances, it could be reasonable for a country to allow its financial institutions to apply simplified or reduced CDD measures when identifying and verifying the identity of the customer and the beneficial owner.
The Simplified Customer Due Diligence
Examples of customers where simplified or reduced CDD measures could apply are:
- A financial institution regulated/ supervised by the Central Bank.
- A Non-Bank Finance Company (NBFC) regulated/ supervised by Securities and Exchange Commission SEC.
- A government entity, public administrations or enterprises.
- An entity listed on any stock exchange.
- Financial institutions – where they are subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and are supervised for compliance with those controls.
- Public companies that are subject to regulatory disclosure requirements.
- Government administrations or enterprises.
Generally, the SDD is done when risk is negligible or low for a customer, and financial crime risk such as money laundering is also negligible. The only identification is performed in this type of due diligence, and verification is not required. Consequently, the Interpretive Notes to Recommendation 10 of the FATF Recommendations clarify the requirements in the following terms.
The simplified measures should be commensurate with the lower risk factors like the simplified measures could relate only to customer acceptance measures or to aspects of ongoing monitoring.
Examples of possible measures are:
- Verifying the identity of the customer and the beneficial owner after the establishment of the business relationship (e.g. if account transactions rise above a defined monetary threshold).
- Reducing the frequency of customer identification updates.
- Reducing the degree of ongoing monitoring and scrutinizing transactions based on a reasonable monetary threshold.
- Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring the purpose and nature from the type of transaction or business relationship established.
The Regular Customer Due Diligence
The Regular customer due diligence is an organization’s essential due diligence process to identify its customers and verify their identity, including the beneficial owner if any. The standard due diligence measures are applied to all the customers, irrespective of the category. These are industry standard processes that are followed by all the financial institutions, as best practices, however, standard due diligence measures are also the AML/KYC-related regulatory requirements.
The standard due diligence measures are applied, which are followed with other simplified or enhanced due diligence measures, depending on the type and category of the prospective customer. Standard due diligence provides an initial insight about the risk profile of the customer, according to which the account opening officer, decides for further due diligence measures.
For example, if after performing the standard due diligence, the customer is identified as a sole-proprietor, then accordingly the further due diligence processes shall be planned, considering the applicable regulatory requirements. For this purpose, the details about the sole-proprietor business, and related constituent documents shall be obtained. This type of due diligence provides confidence to the organization, to understand who the customer is and the services offered to them are not being used for any money laundering or other criminal activity.
The standard due diligence measures aim to ensure that at-least minimum steps are taken, before onboarding the customers, as part of the overall CDD measures:
- Step 1: Verify customer identities.
- Step 2: Assess third-party information sources.
- Step 3: Secure your information.
- Step 4: Take any necessary additional measures.
There are four core elements of customer due diligence (CDD) and that they should be explicit requirements in the anti-money laundering (AML) program for all covered financial institutions, to ensure clarity and consistency across sectors:
(1) Customer identification and verification.
(2) Beneficial ownership identification and verification.
(3) Understanding the nature and purpose of customer relationships to develop a customer risk profile.
(4) Ongoing monitoring for reporting suspicious transactions.
The Enhanced Customer Due Diligence
Enhanced customer due diligence is a CDD process that requires additional risk investigation on the customer. It is designed to manage high-risk potential customers and odds transactions. Customers located in high-risk jurisdictions pose a greater risk to the Organization, which cannot be identified with a standard due diligence process.
The standard customer due diligence is an organization’s essential due diligence process to identify its customers and verify their identity, including the beneficial owner if any. The enhanced due diligence measures are applied to all the high-risk category customers, irrespective of the jurisdiction. This is an industry and AML regulatory requirement that is followed by all financial institutions.
Enhanced Customer Due Diligence is done when the customer has been considered at a higher risk for financial crime, such as politically exposed persons (PEPs). According to the Financial Action Task Force policy, Organization must adopt a risk-based system to determine whether the customer presents a higher risk or not. EDD measures mean detailed scrutiny, increased monitoring, tighter transaction thresholds, frequent reviews, checked adverse news, performing additional identification and verification processes, etc.
EDD measures are applied by the organization when it is dealing with:
- Sanctions countries
- Politically Exposed Persons (PEPs)
- Correspondent banking accounts
- Customer located in high-risk jurisdictions, and
- Charitable organizations
Simplified Customer Due Diligence is a more relaxed due diligence procedure used for low-risk customers. Regular Customer Due Diligence is the standard procedures used for low-risk customers. Enhanced Customer Due Diligence refers to procedures that have been strengthened for high-risk customers.