Customer Due Diligence (CDD)

Attempts at money laundering and other financial crimes happen every day. This is where Anti-Money Laundering (AML), Know Your Customer (KYC), and Customer Due Diligence (CDD) regulations come into play. AML regulations require financial institutions to have robust systems to detect and prevent money laundering. As part of AML, Customer Information Program (CIP) regulations mandate that financial institutions verify the identities of their customers. KYC requirements assure that financial institutions identify the risk the customer presents to the organization and CDD laws require financial institutions to gather additional information about the identity of their customers and the risks associated with their business activities. CDD is a tool that helps identify and mitigate the risks a customer presents to an organization.

Compliance with these stringent regulations can take time and effort. However, falling out of compliance can be far more disastrous. Consider the case of HSBC Bank, which failed to implement a comprehensive AML system and was fined over $1.2 billion. Fortunately, Socure’s KYC compliance solution can help banks and financial organizations unlock customer growth while bolstering compliance.

The five pillars of AML

Customer Due Diligence is part of the five key pillars that define procedural guidelines against money laundering and other financial crimes. For reference, these five pillars include:

1. Designating a compliance officer
2. Developing a set of internal policies, procedures and controls
3. Training all employees to understand and follow these policies
4. Independent testing and auditing
5. Implement effective Customer Due Diligence programs

What is the Meaning of Customer Due Diligence?

Customer Due Diligence (CDD) refers to the process financial institutions and companies follow to verify their customers’ identities and assess the risks associated with their business relationships. These risks and the overall customer risk rating (CRR) or risk status are the outputs of the Know Your Customer (KYC) process. This process is a dynamic one that occurs throughout the lifecycle of the customer relationship.

There are several types of Due Diligence and each have their own role in the KYC/CDD process. There are three main types of CDD that financial institutions need to be aware of:

1. Simplified Due Diligence (SDD): This is the lowest level of scrutiny and is typically used for low-risk customers and transactions. Limited customer review occurs in this type of due diligence.
2. Basic Due Diligence (BDD): At this level of CDD, organizations must do more research and collect more customer information to understand the risk. Financial institutions must assess additional risks once the client has been verified and assign a customer risk rating. This risk rating is updated throughout the lifecycle.
3. Enhanced Due Diligence (EDD): This due diligence only applies to high-risk customers or transactions. Maximum research is required to verify several different customer details. If the customer passes these strict verification requirements, there is another layer where a full risk assessment is conducted. Institutions must verify the source of funds, income, and all ultimate beneficial owners for business accounts.

Why is it important to understand the meaning of Customer Due Diligence?

Once KYC and CDD have been determined with a risk status, that information is used to monitor the behavior. For example, a customer that is high risk will always be monitored more stringently in the transaction monitoring systems. Those customer alerts should always be prioritized higher in work cues.

Understanding the meaning and components of CDD is essential for individuals who work in financial institutions and other businesses. Stringent legal and regulatory requirements surrounding these processes exist, and to remain compliant, finance professionals need to be aware of the various rules and guidelines to follow.

Financial professionals can prevent money laundering and other criminal activities by taking the proper steps to identify customers and assess risk. Failing to follow CDD standards can introduce an array of risks that, if left unchecked, damage the financial health and reputation of the institution in question. On top of that, the inability to follow these guidelines may lead to serious legal consequences and fines.

When do banks need Customer Due Diligence?

Banks should conduct Customer Due Diligence processes early and often. This includes ongoing customer evaluations throughout the lifecycle of a customer’s professional relationship with the bank or financial institution. Doing so enables bank representatives to take notice of any suspicious activity before it becomes a severe issue.

Socure KYC, Global Watchlist, and Portfolio Scrub support ongoing Customer Due Diligence efforts. Socure’s identity verification platform determines risks at onboarding and beyond, and also helps finance professionals detect and understand various changes in customer behaviors. These insights make it easier to manage both ongoing and new risks.

What are CDD rules under FinCEN?

According to the federal government’s guidelines, financial institutions must take the following steps to perform several stages of CDD. They must perform:

1. Customer identification and verification,
2. Collection of beneficial ownership identification and verification,
3. Have an understanding of the nature and purpose of customer relationships to develop a customer risk profile, and
4. Perform ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.

Further, these institutions must conduct the same verification processes when working with business representatives opening accounts.

Why is Customer Due Diligence important for stopping money laundering?

Customer Due Diligence helps organizations identify customers and report suspicious activity potentially connected to money laundering. The typical CDD process looks like this:

1. Collect basic identity information from the customer.
2. Verify the customer’s identity using reliable sources such as government-issued IDs or commercial databases.
3. Assess the risk associated with the customer’s business activities, look at their source of funds, the purpose of the transaction, and their geographic location.
4. Conduct ongoing monitoring of the customer’s business activities to detect any later suspicious activity.

This due diligence chain makes suspicious behavior evident, equipping organizations with the tools to keep themselves and their customers safe. For instance, a money launderer attempting to get around U.S. sanctions on Russia would be flagged because of the geographic location of their business activities. Then, the purpose of their transaction and other activity would be analyzed to paint a full picture of the customer’s intentions. If criminal activity is suspected, it can then be reported, and your organization can remain compliant and secure.

Socure’s KYC software effectively defines each customer, whether they’ve engaged in risky financial behaviors, and who these individuals are connected to. By determining these identification elements, the platform enables financial representatives to prevent potential money laundering, terrorism funding, tax evasion, and corruption.

What does CDD have to do with KYC?

Customer Due Diligence (CDD) and KYC both aim to prevent money laundering and other financial crimes. CDD sits downstream from the start of the KYC process.

The initial stage of the KYC process involves identifying and verifying a customer’s identity. After, CDD assesses the potential risks associated with that specific customer identity. The CDD process consists of collecting and analyzing the customer’s identity, occupation, source of funds, and other relevant information. CDD is an ongoing process that starts at onboarding and continues throughout your institution’s relationship with the customer.

What does the typical CDD process look like?

The CDD process involves several steps, including identifying the customer, verifying their identity, and assessing the risks associated with their business activities. The typical CDD process includes the following steps:

• Collecting basic identity information from the customer
• Verifying the customer’s identity using reliable sources such as government-issued identification documents or commercial databases
• Assessing the risk associated with the customer’s business activities, including the source of funds, purpose of the transaction, and geographic location
• Conducting ongoing monitoring of the customer’s business activities to detect any suspicious transactions

Socure is the industry-leading customer identification software. Powered by AI and ML technology, we help you effectively identify customers and assess risk with 98% frictionless auto-approvals. Our platform unlocks deep customer insights, enabling you to identify and break into niche segments. With Socure, your institution can stay compliant, ensure safety, and achieve real growth.

Schedule time with our team to learn more about the most inclusive KYC solution!