Business professionals, especially those working in banks and financial institutions might frequently wonder ‘What is Customer Due Diligence?’. This article focuses on explaining what Customer Due Diligence is all about.
What is Customer Due Diligence and Selected Key Aspects
Customer Due Diligence (CDD) is a process performed by the organization to obtain the facts about a customer that should enable an organization to assess the extent to which the customer exposes it to a range of risks. These risks include money laundering and terrorist financing risks. Due diligence aims to identify and verify the prospective customers before onboarding or establishing business relationships.
How do you define ‘business/customer relationship’?
A customer relationship or business relationship is defined as being formed when two or more parties engage in conducting regular business or in performing a “one-off” transaction.
The term “business relationship” applies where a professional, commercial relationship will exist with an expectation by the firm that it will have an element of duration. The application of CDD is required when a firm covered by money laundering regulations “enters into a business relationship” with a customer or a potential customer.
Important Reasons for Customer Due Diligence
Organizations should know their customers for a variety of reasons, including:
- to comply with relevant AML/KYC legislation and regulations;
- be fairly satisfied that the customers are who they say they are and that it is suitable to supply them with the items or services requested, in accordance with relevant AML/KYC rules and regulations;
- to protect against fraud, such as impersonation and identity theft
- to assist the organization in identifying what is unique throughout a long-term partnership and allowing the odd to be investigated;
- to allow the organization to help law enforcement by making information on customers under investigation accessible to the financial intelligence unit following the filing of a suspicion report (FIU)
Knowing a customer can enable an organization to pro-actively satisfy the legitimate needs of honest customers, and good compliance also equates to good business.
A prohibition on setting up anonymous accounts or relationships is the baseline for the international CDD and KYC standards, with many jurisdictions prohibiting the provision of unverified accounts for shell banks.
The Fourth European Union Directive on Money Laundering (4MLD) requires that CDD measures should be applied on a risk-sensitive basis, depending on the type of customer, business relationship, or nature of the transaction or activity.
Organizations must, however, be able to demonstrate to the supervising authorities that the extent of the measures is appropriate to the perceived risks of money laundering and terrorist financing. In line with the Financial Action Task Force (FATF) requirements, the 4MLD outlines the four parts of CDD, including an explicit requirement for ‘ongoing monitoring.’
Important CDD Considerations
- If a person establishes a business relationship, makes an occasional or significant transaction worth more than $1,000, suspects money laundering or terrorist financing, or has doubts about the veracity or sufficiency of documents or information previously obtained for identification or verification, the organization should use CDD measures.
- An organization must also apply the CDD measures if the person carries out an occasional transaction that is significant or unusual, whether the transaction is executed in a single operation or in several operations which appear to be linked.
- A high-value dealer must also apply the CDD measures if that dealer carries out an occasional transaction in cash that amounts to $10,000 or more, whether the transaction is executed in a single operation or in several operations which appear to be linked.
- The organization must identify the customer unless the identity of that customer is known to, and has been verified by, the organization, and the appropriate measures must be taken to verify the customer’s identity unless the customer’s identity has already been verified by the organization either at the time of onboarding or during the process of a previous occasional transaction.
- The organization must assess and, where appropriate, obtain information on the purpose and intended nature of the business relationship or occasional transaction.
- Where the customer is a body corporate, then the organization is required to obtain and verify the name of the body corporate, its company number, or another registration number; and the address of its registered office, and if different, its principal place of business.
- The organizations are required to take reasonable measures to determine and verify the law to which the body corporate is subject and its constitution (whether set out in its articles of association or other governing documents, the full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the body corporate. Where the customer is beneficially owned by another person, the organization must: identify the beneficial owner, and take reasonable measures to verify the identity of the beneficial owner so that the relevant person is satisfied that it knows who the beneficial owner is.
- If the beneficial owner is a legal person, trust, company, foundation, or similar legal arrangement, the organizations are required to take reasonable measures to understand the ownership and control structure of that legal person, trust, company, foundation, or similar legal arrangement.
- When CDD measures cannot be performed by the organization to identify the customer, then the account should not be opened for that particular customer. Organizations are required not to open anonymous accounts in any case.
Customer Due Diligence is a process performed for the safety of both the organization’s and the customer’s business. This also allows the organization to help law enforcement by making information on customers under investigation. The information shared, of course, is limited to: type of customer, business relationship, or nature of the transaction or activity.