Introduction to Customer Due Diligence (CDD)

GRC

Introduction:

One of the important Regulatory Compliance requirements of Anti-Money Laundering Frameworks is the performance of activities which is known as Customer Due Diligence. Before onboarding, the customers are unknown to the company or business because of the non-verification of identification information of the prospective customer. 

Due diligence is a process that is performed, to assess the possible risk of Money Laundering or Terrorist Financing (ML/TF), associated with the prospective customer.

Due diligence enables organizations to avoid onboarding criminals such as money launderers or terrorists and associated people or organizations. Without performing due diligence, the organizations carry the risk of dealing with customers who may be money launderers, terrorists, or other criminals.  

In the past, various organizations, especially banks have been significantly penalized by the regulatory authorities, due to the weak Customer Due Diligence (CDD) and Know Your Customer (KYC) processes implemented by them to onboard the customers, resulting in the occurrence of Money Laundering incidents.

Due to the involvement of higher levels of money laundering and terrorist financing risks in financial institutions, the regulatory authorities of different countries have adopted the Anti Money Laundering and Know Your Customer Frameworks. 

To avoid money laundering and terrorist financing activities, the organizations are required to implement robust due diligence processes, which must be followed before and after the onboarding of the customers.  

The information discussed in this post is not specific to any country and its regulatory requirements, however, the purpose is to discuss the concepts of Customer Due Diligence.     

Table of Contents:

1.    Customer Due Diligence Information

2.    Which Organizations Must Perform Customer Due Diligence

3.    Performing Initial Customer Due Diligence

4.    Risk-Based Approach (RBA)

5.    High-Risk Customers     

6.    Ongoing CDD 

Introduction to Customer Due Diligence CDD

Customer Due Diligence Information: 

Customer Due Diligence (CDD) is the means of obtaining the personal identification number of the prospective customer such as National ID Card number, Passport number, Tax Information, etc. 

In the case of Businesses or Corporates, more information is obtained before onboarding such as business details, constituent documents, Business or Corporate Tax numbers, Registered Business address and website, etc. 

Which Organizations Must Perform Customer Due Diligence:

As per AML/CFT Regulatory Compliance requirements, customer due diligence is one of the important requirements of Anti Money Laundering Regulations worldwide. CDD is performed by Financial Institutions and related entities, such as Money Service Businesses, MSBs, Remittance Businesses, Payment Gateway providers, Insurance companies, real estate agents, etc.  

Financial institutions perform CDD measures to identify and verify prospective customers. CDD process helps in understanding the customer's needs and assessing whether the customer poses any money laundering or terrorist financing risk to the financial institution or not. 

Performing Initial Customer Due Diligence:

During the initial CDD process, the financial institution assesses the background and identity of customers by using data from independent and reliable sources. 

In the initial CDD process, the customer is identified. Identification of customers means that the information is obtained from the customer and verified. 

As part of the identification and verification of the prospective customers, the organizations are required to identify the true beneficial owner (where applicable).

The customer's source of income and purpose of account opening is assessed, which helps in the creation of a Customer Risk Profile (CRP).  

CRP is used later to monitor the activities and transactions of the customers and it serves as a reference point whenever the records of the customers are checked either by the Compliance team or the Regulatory Authorities. 

Risk-Based Approach (RBA):

AML/CFT regulations require the adoption and performance of the Risk-Based Approach (RBA) of CDD. The RBA is a proactive method used to assess and evaluate risks posed by the customers and to ensure that activities are relevant to data acquired from the customer. 

RBA requires financial institutions to perform due diligence according to the risk profile of the customer, which means the higher the risks the higher will be the initial scrutiny of the information of the customer and ongoing monitoring of the activities and transactions.


Other GRC Articles


02 Use of Data Analytics by Compliance Function

 

High-Risk Customers:

High-risk customers are those customers who belong to the high-risk jurisdictions or countries or are politically exposed persons (PEPs).

Some other types of organizations are also classified as high risk depending on the local AML/CFT regulations of the country. 

Some organizations such as Not For Profit organizations and Charitable Institutions are considered high risk because of the increased risk of money laundering and terrorist financing.

High-risk organizations, such as NGOs, NPOs, charitable organizations, casinos, etc. are more prone to money laundering because money launderers use these high-risk category organizations, to park their black or illegal money, and convert it into white. 

Criminals also use these organizations to transfer their illegal money from one location to another or from one person to another.

Think of a Charitable organization, that is run on the donations provided by the people. Criminals or Money Launderers may hide their illegal money by providing donations to the Charitable organization and through collusion, the criminals or money launderers may offer money to the senior management of the Charitable organization, for transfer of such donations to another criminal or use in some specified manner.

     

Read the Article on Introduction to Compliance Risk Assessment


Ongoing CDD:

CDD is also required to be performed on an ongoing basis after onboarding the customers. The Ongoing CDD process helps the financial institutions to know that the transactions and activities of the customers are relevant to the initial information provided by the customers on the basis of which the risk profile was created. 

Ongoing CDD is specifically performed for high-risk customers, because of the increased chances of involvement or use of high-risk customers for money laundering or terrorist financing purposes. 

Compliance functions in order to perform ongoing due diligence of its customers, use data analytics techniques to gather the information of the customers, and use them in a meaningful manner. 

Any significant changes identified in the behavior or transactions of the customers, the Financial Institutions, update the risk profiles of these customers after appropriate investigations and taking necessary responses from the respective customers. 

Check Our Specialized GRC Courses and upgrade your knowledge
Usman is an experienced GRC Trainer, and Consultant. He can be reached at: liboctober@gmail.com

Newsletters and eBook

Name

Email *

Message *

Popular GRC Posts

Introduction to Compliance Risk Assessment

GRC
Image
Introduction to Compliance Risk Assessment Before starting the Compliance Risk Assessment (CRA), it is important to know about some important factors that increase the importance of performing CRA. High competition, changes in business practices, complex products and operations, adoption of technology and digital payment mechanisms, increase in expectations of customers, and increase in numbers of financial crimes, including but not limited to money laundering, frauds, insider trading, human trafficking, market abuse, etc. have led to the emergence of new risks, including compliance risks. This is because, in order to control the above-mentioned broader risk factors, the organizations or institutions are required to take appropriate and robust measures, to ensure that these risks are managed to avoid losses, including financial and reputational losses. Regulators are also working to further, strengthen the regulatory frameworks, which are required to be complied with by the organizatio
Read Article

What Is Regulatory Compliance

GRC
Image
What Is Regulatory Compliance To understand Regulatory Compliance, we need to know about Compliance first.  What is Compliance? In general terms, Compliance means the act of identifying and practicing the particular information, received from some reliable source. Now, if we think about Compliance by a business, entity, or organization, then Compliance will be defined as follows: Compliance means the identification, understanding, and practicing of the provisions of applicable laws, regulations, standards, policies, circulars, etc. that are issued by the State or the Regulatory authorities. Now, Regulatory Compliance means, compliance with the provisions of applicable regulations issued by the regulator. Who is a Regulator?  Regulator The Regulator is the supervising body or institution, which issues a license, provides directions, issues frameworks and regulations, and provides oversight to the entities or organizations, which are registered with it.  For example, The Securities and E
Read Article

Performing KYC/CDD at Different Stages of Customer Lifecycle

GRC
Image
KYC/CDD at Different Stages of Customer Lifecycle   Customers need solutions to their needs and wants and explore different financial options, to choose suitable institutions for collaboration and services. They need quick responses and easy solutions to their account opening and financing needs.  The financial objectives of the customers might include obtaining finance or funds, to utilize or invest in some profitable business or company or they may require other services that these financial institutions provide, such as credit card, payment gateway, digital payment solution, etc. When we talk about the financial service industry, such as banks, money exchange businesses, money service businesses (MSBs), remittance companies, insurance houses, payment gateways, etc. the needs of most of the consumers are linked with their financial objectives. 
Read Article

Who Is Your Customer? Know Your Customer (KYC)

GRC
Image
Who Is Your Customer?  A customer is a person, including the individual, business, corporate, organization, etc. to whom the products and services are provided, as part of the business relationship. Customers are the source of business and profits for the organizations.  Customers are required to be treated with care and in an ethical manner, and regulatory authorities require companies and organizations to ensure that fair dealing policies and practices are adopted and implemented. Types of Customers? Customers may be real person or individuals or legal businesses or entities. Customers usually include  salaried individuals,  business start-ups, sole proprietors, traders, housewives, small and medium enterprises, corporate entities, not-for-profit organizations, charitable organizations, welfare trusts, governmental organizations, etc. Nature and types of customers vary from organization to organization.  Customers may belong to different jurisdictions or countries therefore; they pos
Read Article