There are different types of customer due diligence or CDD. CDD is the process of identifying your customers and checking who they say they are. In practice, this means obtaining a customer’s name, photograph on an official document that confirms their identity and residential address, and date of birth.
There are three levels of customer due diligence: standard, simplified, and enhanced. The level of customer due diligence that needs to be applied is derived from a customer’s risk score, which should be calculated when onboarding a customer and during the ongoing due diligence process.
What Is Customer Due Diligence?
It is not enough to collect a customer’s personal information in order to onboard them. You must also ensure that this data is not a forgery.
Customer Due Diligence (CDD) refers to the process of gathering and verifying information about a customer during the onboarding process. This information includes the customer’s name, address, and other personal information.
When establishing a business relationship, companies must perform CDD. For example, a bank or trading platform may need to check a customer’s passport before allowing them to open an account and deposit funds into it.
Businesses that do not use CDD expose themselves to fraud as well as fines for non-compliance with anti money laundering or AML requirements. Failure to comply with AML regulations can cost businesses more than one million euros in jurisdictions such as Cyprus.
Types Of Customer Due Diligence
When there is a low risk of money laundering, some regulators allow a simplified check, known as Simplified Due Diligence (SDD). Businesses may need to perform more in-depth verification, known as Enhanced Due Diligence, in higher-risk situations (EDD).
Regular Customer Due Diligence (CDD)
In most cases, standard due diligence is the level of due diligence that will be used. These are generally situations with a potential risk, but it is unlikely that these risks will be realized.
Standard due diligence requires you to identify your customer as well as verify their identity. Besides, gathering information is required to understand the nature of the business relationship. This due diligence should provide you with confidence that you know who your customer is and that your service or product is not being used as a tool to launder money or any other criminal activity.
As with simplified due diligence, there is a requirement to monitor your client and the relationship; this will highlight any potential trigger events that may result in further due diligence being required.
Simplified Customer Due Diligence (SDD)
Simplified customer due diligence, or SDD, is the lowest due diligence that can be completed on a customer. It is appropriate for little opportunity or risk of your services or customer becoming involved in money laundering or terrorist financing.
Where you are satisfied that a customer, product, and services fall into simplified due diligence criteria, your only requirement is to identify your customer. When completing simplified due diligence, there is no requirement to verify your customer’s identity as you would with a standard or enhanced due diligence approach. The business relationship should be continually monitored for trigger events, creating a requirement for further due diligence in the future.
Several factors can help determine if a situation is low-risk, such as the service or product being provided or the type of customer you engage with. Often, customers required to disclose information regarding their ownership structure and business activities or companies subject to the Money Laundering Regulations are a lower risk.
For example, suppose your customer is a public authority or listed on a regulated market. In that case, they may be perceived as lower risk as they must disclose information.
Suppose, at any point during the relationship with your customer, additional intelligence becomes available, which suggests that the customer or product may pose a higher risk than originally thought. In that case, a more enhanced level of due diligence should be conducted.
Enhanced Due Diligence (EDD)
Beyond basic customer due diligence or CDD, you must carry out the correct processes to ascertain whether enhanced due diligence or EDD is necessary. Enhanced due diligence is a level of customer due diligence that provides greater scrutiny of potential business partnerships and highlights the risk that regular customers cannot detect due diligence measures.
It can be an ongoing process, as existing customers can potentially transition into higher-risk categories over time. In that context, periodic due diligence assessments can benefit existing customers.
A major problem during EDD is understanding how much information about a customer is necessary. The solution to this problem can be a factor-based risk rating approach. Factors one must consider to determine whether EDD is required include but are not limited to the location of the person, the occupation of the person, the type of transactions a person conducts, the expected pattern of activity in terms of transaction types, value, and frequency, and the expected methods of payment.
Let’s look at individual risk factors in more detail:
Customer Risk Factors
Six attributes can lead to EDD in terms of the customer risk factors.
- The bulk of your customer’s customers are clients that are foreigners or non-residents.
- The customer is an asset-holding vehicle.
- The customer is a Politically Exposed Person, or PEP, or is a politically exposed person’s family members or known associates.
- The customer has nominee shareholders, or shares of the company are issued in bearer form.
- The customer is a cash-intensive business.
- The customer is expected to exceed certain limits in the number of daily cash transactions. For example, this amount starts at one hundred thousand francs in Switzerland.
Geographical Risk Factors
There are geographical risk factors that can lead to EDD. These factors include the following six attributes:
- Countries without adequate anti-money laundering prevention systems as identified by credible sources. For example, North Korea and Iran, which the Financial Action Task Force has identified as having material deficiencies.
- Countries under sanctions and embargoes or similar measures, including countries such as Russia, Iran, and North Korea, which the United States of America sanctions.
- Countries notorious for general levels of corruption as identified by credible sources. For example, Venezuela and Yemen have been listed on the transparency index list.
- Countries are blocklisted for financing or supporting terrorist activities. According to the State Sponsors of Terrorism list, these countries include Iran, Syria, and Sudan.
- Locations that have designated terrorist organizations operating within their country. Examples of this are Syria, Iraq, and Somalia.
- Countries that are not members of the Financial Action Task Force and its partners.
Additional Risk Factors
In terms of additional risk factor categories, other risk factors might lead to enhanced due diligence, which is individual to certain types of organizations or financial institutions. It includes private and correspondent banking, for example. These banks are revenue-driven and maintain a high level of confidentiality. Hence, they are naturally more prone to money laundering than others.
Fraudsters will occasionally provide real documents and even selfies obtained on the darknet. Because no document manipulation has occurred, even the most reliable verification systems will not detect anything suspicious in this case. Businesses can use an additional facial biometric check called liveness to prevent criminals from onboarding customers remotely. This check ensures that the true holder of the documents is verified.