In the most basic sense, the customer due diligence process involves collecting information that identifies the customer, assessing the risk of doing business with the customer, and determining if enhanced due diligence (EDD) needs to be performed.
As such, CDD is often associated with onboarding: a customer opening an account for the first time at a particular financial institution. However, it also has to apply after the customer opens the account to assess any changes in their risk profile, and adjust the monitoring of their transactions accordingly.
What is the CDD Final Rule (and Why Is It So Important)?
The Customer Due Diligence Final Rule is an amendment to the Bank Secrecy Act, intended to prevent criminals and terrorists from using companies to disguise (or otherwise obfuscate) sources of illegal funds.
Specifically, it requires covered financial institutions (such as banks, mutual funds, securities brokers or dealers, and more) to identify and verify the beneficial ownership of entities.
The CDD Final Rule is extremely important, as it enables companies to determine where ownership and control of the business lies. This information is crucial for determining if there is suspicious activity in relation to money laundering.
The CDD Final Rule establishes four main requirements for financial institutions:
- Verify the identity of the customer.
- Verify the identity of the beneficial owner of the company opening the account.
- Determine the nature and purpose of the business relationship with the company and develop a risk profile for the customer.
- Perform consistent transaction monitoring to determine changes to a customer’s risk profile and ensure information is accurate and up-to-date.
When is Customer Due Diligence Necessary?
There are times when Customer Due Diligence procedures must (or should) be conducted. Here are five general scenarios that (should) necessitate CDD checks:
- Onboarding new customers: Any time a new business relationship is being formed, to verify the customer is who they say they are.
- Transactions that exceed AML thresholds: Any time a transaction exceeds certain thresholds of value, according to AML regulations.
- Suspicious activity: Any time transactions or customer activity raises suspicions about potential money laundering.
- Unreliable documentation: Any time a company suspects that a customer has provided inadequate, unreliable, or potentially false identification documentation.
- Intermittent monitoring: Periodically throughout a business relationship with a customer, to check their transaction history and any changes in their ID information for signs of increased financial risk.
The Customer Due Diligence Process Explained
The core elements of a compliant Customer Due Diligence program are as follows:
Step 1: Verify Customer at Time of Onboarding
The first step is to perform adequate customer verification at the time of customer onboarding. It’s extremely important to perform CDD checks when engaging in a new business relationship to ensure the customer is who they say they are, and to perform an adequate risk assessment.
At this stage, the financial institution will collect customer identification documentation such as their name, address, and the purpose of the business relationship. The customer will also be required to present documentation that proves their identity, such as a government ID.
If the customer is a company or other legal entity (such as a trust), the FI must collect ID information regarding the beneficial owners.
These individuals may not serve as the legal holder of the account, but own, benefit from and can influence decisions regarding significant portions of the assets in the account (or the legal entity that controls it). Examples include corporate shareholders.
Step 2: Create a Risk Profile for the Customer
After the customer’s identity has been confirmed, the company needs to create a risk profile for the customer.
This will help assess the risk associated with doing business with the customer and can be used to determine if further CDD checks are needed throughout the business relationship with this customer.
For this process, a database check will be performed, corroborating the customer information and examining their history, helping the company determine risk.
Step 3: Determine if EDD is Necessary
Next, the company will need to determine if the customer falls into the high-risk category, and is subject to Enhanced Due Diligence (EDD). If this is the case, EDD procedures must be performed before completing the CDD process.
Step 4: Perform Consistent Transaction Monitoring
After the customer onboarding process, it’s still important for the company to perform CDD checks throughout their business relationship. These can be done intermittently, if the company suspects a transaction or account to be suspicious, or if the legitimacy of identification documents is brought into question.