Performing customer due diligence is a skill that every compliance officer should have. A typical investigation of a potentially suspicious transaction should start with the CDD. In countries with a solid AML / CFT framework, a financial institution must do CDD when establishing business relationships with a potential client.
Definition of Customer Due Diligence
Customer Due Diligence is identifying your customers and checking whether they are who they say. It means confirming a customer's necessary information such as name, identity, and residential address in practice. There are four levels of customer due diligence. These are; Standard, Simplified, Enhanced, and Ongoing.
Standard Customer Due Diligence
Financial institutions implement Standard Customer Due Diligence for most of their clients. As part of the application, the identity of the customer is verified from a reliable source. Financial institutions also determine the nature of the client's transaction or business needs.
Simplified Customer Due Diligence
This process is applied when the risk of a customer is low. In Simplified Customer Due Diligence, financial institutions only need to know the customer. No authentication is required.
Enhanced Customer Due Diligence
Enhanced Customer Due Diligence is required for customers at high risk of money laundering. Some factors indicate that the risk is high, for example, like Politically Exposed Person. With the developed CDD, customers' information is verified, and information such as the source of funds and the purpose of the transaction is obtained.
Ongoing Customer Due Diligence
A customer's financial situation can change over time. Financial institutions must take this into account. To keep up with changing financial transactions, it must observe the movements of its customers. This Ongoing Customer Due Diligence should continue as long as a business with the customer continues.
Purpose of Customer Due Diligence
CDD is collecting relevant information of a customer profile and its assessment in terms of potential money laundering and terrorist financing risks. After the CDD is completed, a risk rating is given to the customer. Based on this rating, the client can be either low risk or high risk.
A risk rating is done to help a company decide the appropriate controls proportional to the level of risk and how to implement them. It allows a company to prioritize resources according to areas that need more attention.
The first step of CDD is to get information from the customer. The information you get is summarized below.
If it is an individual customer;
- Full name
- Contact numbers
- Email address
- Place of birth, date of birth
- Issued identification number
- Tax number
- Marital status
- Company name
- Company type
- Founding date and place
- Board of directors decision regarding signatories
- Certificate of establishment
- Annual report
- Senior management
- Ultimate beneficial owners
- Source of wealth
- Income source
- Annual income
The second step of the CDD is to verify the information we collect. Most of the data can be verified by a government agency or a reputable independent institution. For example, documents such as identity cards, passports, tax receipts were issued by the government.
Name Screening is done to see if a customer is at high risk. At this stage, it tries to find out if the customer is in an internal blacklist database. The purpose is to confirm that the customer is not in one of the profiles below.
- Politically Exposed Person (PEPs)
- Sanctioned individual/entity
- Reported in media
At this stage, the officers determined the customer's risk level, and after establishing their business relationship, they decided what kind of monitoring they would carry out. They share these results with the company. As a result of the control, they may refuse to engage with the customer, but this does not happen much because rejecting customers can be counterproductive and suffer reputational loss.
It is about understanding some information from customers in the evaluation process—for example, source of wealth, reasons for choosing the company, expected activity level.
After the CDD process is over, the client should still be monitored. Monitoring should be carried out regularly for transactions and account activities. The customer's behavior, transaction, and accounts must be compatible with the expected activity, and this needs to be controlled.
The final stage of proper customer due diligence is to keep all records in accordance with the company's retention policies. The exact time required for the retention of such records is determined by the law and varies between countries.
Keeping records allows the company to understand the entire relationship with the customer. In addition, a systematic record-keeping workflow helps the company meet its reporting obligations.