There are different types of customer due diligence. CDD is the process of identifying your customers and checking they are whom they say they are. In practice, this means obtaining a customer’s name, photograph on an official document that confirms their identity and residential address, and date of birth.
There are three levels of customer due diligence: standard, simplified, and enhanced. The level of customer due diligence that needs to be applied is derived from a customer’s risk score, which should be calculated when onboarding a customer and during the ongoing due diligence process.
What Is Customer Due Diligence?
It is not enough to collect a customer’s personal information in order to onboard them. You must also ensure that this data is not a forgery.
Customer Due Diligence (CDD) refers to the process of gathering and verifying information about a customer during the onboarding process. This information includes the customer’s name, address, and other personal information.
When establishing a business relationship, companies must perform CDD. A bank or trading platform, for example, may need to check a customer’s passport before allowing them to open an account and deposit funds into it.
Businesses that do not use CDD expose themselves to fraud as well as fines for non-compliance with AML requirements. Failure to comply with AML regulations can cost businesses more than one million euros in jurisdictions such as Cyprus.
Types Of Customer Due Diligence
When there is a low risk of money laundering, some regulators allow a simplified check, known as Simplified Due Diligence (SDD). Businesses may need to perform more in-depth verification, known as Enhanced Due Diligence, in higher-risk situations (EDD).
Lets define the types of costumer due diligence:
Regular Customer Due Diligence (CDD)
In most cases, standard due diligence is the level of due diligence that will be used. These are generally situations where there is a potential risk, but it is unlikely that these risks will be realized.
Standard due diligence requires you to identify your customer as well as verify their identity. Besides, there is a requirement to gather information to understand the nature of the business relationship. This due diligence should provide you with confidence that you know who your customer is and that your service or product is not being used as a tool to launder money or any other criminal activity.
As with simplified due diligence, there is a requirement to monitor your client and the relationship; this will highlight any potential trigger events that may result in further due diligence being required.
Simplified Customer Due Diligence (SDD)
Simplified customer due diligence, or SDD, is the lowest due diligence that can be completed on a customer. This is appropriate for little opportunity or risk of your services or customer becoming involved in money laundering or terrorist financing.
Where you are satisfied that a customer, product, and services fall into simplified due diligence criteria, your only requirement is to identify your customer. When completing simplified due diligence, there is no requirement to verify your customer’s identity as you would with a standard or enhanced due diligence approach. The business relationship should be continually monitored for trigger events, creating a requirement for further due diligence in the future.
Several factors can help determine if a situation is a low-risk situation, such as the service or product being provided or the type of customer you engage with. Often, customers required to disclose information regarding their ownership structure and business activities or companies subject to the Money Laundering Regulations are a lower risk.
For example, suppose your customer is a public authority or listed on a regulated market. In that case, they may be perceived as lower risk as they must disclose information.
Suppose at any point during the relationship with your customer, additional intelligence becomes available, which suggests that the customer or product may pose a higher risk than originally thought. In that case, a more enhanced level of due diligence should be conducted.
Enhanced Due Diligence (EDD)
Beyond basic customer due diligence or CDD, it’s important that you carry out the correct processes to ascertain whether enhanced due diligence or EDD is necessary. Enhanced due diligence is a level of customer due diligence that provides greater scrutiny of potential business partnerships and highlights the risk that regular customers cannot detect due diligence measures.
This can be an ongoing process, as existing customers have the potential to transition into higher-risk categories over time. In that context, conducting periodic due diligence assessments on existing customers can be beneficial.
A major problem during EDD is understanding how much information about a customer is necessary. The solution to this problem can be a factor-based risk rating approach. Factors one must consider to determine whether EDD is required include but are not limited to the location of the person, the occupation of the person, the type of transactions a person conducts, the expected pattern of activity in terms of transaction types, value, and frequency, and the expected methods of payment.
Let’s look at individual risk factors in more detail:
Customer Risk Factors
In terms of the customer risk factors, six attributes can lead to EDD.
- Firstly, the bulk of your customer’s customers are clients that are foreigners or non-residents.
- Secondly, your customer is an asset-holding vehicle.
- Thirdly, your customer is a Politically Exposed Person, or PEP, or is a politically exposed person’s family members or known associates.
- Next, your customer has nominee shareholders or shares of the company are issued in bearer form.
- Fifthly, your customer is a cash-intensive business.
- And lastly, your customer is expected to exceed certain limits in the number of daily cash transactions. For example, in Switzerland, this amount starts at one hundred thousand francs.
Geographical Risk Factors
Secondly, there are geographical risk factors that can lead to EDD. These factors include the following six attributes.
- Firstly, countries without adequate anti-money laundering prevention systems as identified by credible sources. For example, North Korea and Iran, which the Financial Action Task Force has identified as having material deficiencies.
- Secondly, countries under sanctions and embargoes or similar measures. This can include countries such as Russia, Iran, and North Korea, which the United States of America sanctions.
- Thirdly, countries notorious for general levels of corruption as identified by credible sources. For example Venezuela, Yemen has been listed as such on the transparency index list.
- Fourthly, countries are blacklisted for financing or supporting terrorist activities. According to the State Sponsors of Terrorism list, these countries include Iran, Syria, and Sudan.
- Fifthly, locations that have designated terrorist organizations operating within their country. Examples of this are Syria, Iraq, and Somalia.
- Lastly, countries that are not members of the Financial Action Task Force and its partners.
Additional Risk Factors
In terms of additional risk factor categories, other risk factors might lead to enhanced due diligence, but which is rather individual to certain types of organizations or financial institutions. This includes private and correspondent banking, for example. These banks are revenue-driven and maintain a high level of confidentiality. Hence, they are naturally more prone to money laundering than others.
Fraudsters will occasionally provide real documents and even selfies obtained on the darknet. Because no document manipulation has occurred, even the most reliable verification systems will not detect anything suspicious in this case. Businesses can use an additional facial biometric check called liveness to prevent criminals from onboarding customers remotely. This check ensures that the true holder of the documents is verified.