In any customer relationship, financial institutions have to take steps to verify their client’s identities and the nature of their business. With these steps, financial institutions aim to protect themselves from financial crimes.
Performing customer due diligence (CDD) is one of the most crucial components of any AML/CFT regime. In order to identify and address money laundering and terrorist financing risks, companies have to establish that their clients' transparency about the nature of their business. Customer due diligence sometimes referred to as Know Your Customer (KYC), which is a process of background checks run according to legislation and in relation to the risk level of the customer.
Customer due diligence, at its most basic level, involves verifying the customer’s identity and the business in which they are involved, to an adequate level of confidence. The process involves a number of regulatory obligations:
Corporations must identify their customers by obtaining personal information, including name, photographic ID, address, and birth certification from a trustworthy, independent source.
Due diligence measures should identify beneficial ownership of a company in situations where this is not the client. Identifying beneficial ownership includes understanding the control structure of the corporation.
Following customer and beneficial ownership identification, corporations must also obtain information on the nature of the business relationship they are entering into, and its purpose.
Financial institutions have to carry out KYC and CDD measures in the following circumstances:
Corporations must perform due diligence measures prior to establishing a business relationship to ensure the customer matches their risk profile and isn’t using a fake identity.
Certain occasional transactions warrant CDD measures. They may involve amounts of money over a certain threshold or entities in high-risk foreign countries.
If a customer is suspected of money laundering or financing terrorism, corporations must apply CDD checks.
When the identification documents that customers have provided are untrustworthy or insufficient, companies should apply further CDD examination.
KYC and CDD measures should be risk-based. Companies should assess the AML/CFT risk each client poses and adjust their due diligence examination accordingly. The majority of clients will be subjected to standard CDD measures which require customer identification and verification, and an assessment of the business relationship. In lower-risk scenarios, simplified due diligence may be appropriate, only requiring the identification of customers and no need for further verification.
Certain customers, such as politically exposed persons (PEPs), poses a much higher risk of money laundering, making institutions to take advanced CDD measures, which may involve:
▪Obtaining additional materials of verification from the customer
▪Establishing the source of funds or wealth,
▪Applying ongoing monitoring procedures
▪Closer examination of the nature of the business relationship or purpose of a transaction
▪Applying ongoing monitoring procedures
Ongoing monitoring refers to the continuous examination of business relationships. This process matters because occasional transactions may not initially present as suspicious, they may form a behavioral pattern over an extended period of time which reveals a change in a risk profile or business relationship. Ongoing monitoring involves:
▪Monitoring transactions throughout the course of a business relationship to ensure a client’s risk profile is matched with their behavior.
▪Maintaining responsiveness to any changes in risk profile, or any factors which might raise suspicion.
▪Keeping relevant records, documents, data, and information that may be needed for CDD purposes.
▪Ongoing monitoring should apply to all business relationships but, like other CDD measures, may be scaled to reflect the customer’s risk profile.
Ultimately, effective CDD and KYC measures are built on a combination of technology and specialization. As the risk profiles and criminal threats evolve, financial institutions have to be prepared to be as flexible and innovative with their approach to CDD as any other aspect of their AML/CFT policy. As technology provides useful tools to facilitate CDD processes, human vigilance remains important to spot and address new threats.