Everything You Need to Know About Customer Due Diligence
The CDD process generally involves three steps:
- Verifying the identity of prospective individual customers or controlling business owners
- Building a customer profile to quantify overall financial and overall financial and regulatory risk
- Monitoring transactions and sources of funds to prevent money laundering, tax evasion, bribery, and other crimes
2. Why Is CDD So Important?
Terrorism and other paramilitary conflicts started surging in the 1990s. This has been supported by the multi-billion-dollar illegal trade in weapons and military equipment, and often funded — and dwarfed — by global drug trafficking.
This massive illicit transnational trade was inadvertently helped by the creation of global electronic banking networks such as SWIFT. Rather than physically transporting suitcases of cash or valuable commodities such as drugs or diamonds, criminals began to use banks and other legitimate financial institutions to quickly move large sums of money and pay for transactions across the world. So have those involved in bribery, tax evasion, and other corruption-related crimes.
To combat this, governments implemented AML and KYC laws which required banks and other financial institutions to screen for criminal customers and illegal funds. According to the International Monetary Fund (IMF), “An effective anti-money laundering [AML]/counter financing of terrorism framework must address [two] risk issues: it must prevent, detect and punish illegal funds entering the financial system and the funding of terrorist individuals, organizations and/or activities.”
According to the International Monetary Fund (IMF),“An effective anti-money laundering [AML]/counter financing of terrorism framework must address [two] risk issues: it must prevent, detect and punish illegal funds entering the financial system and the funding of terrorist individuals, organizations and/or activities.”
However, AML and KYC enforcement is only as good as the weakest link. Criminal elements have become adept at sniffing out countries or industries with lax enforcement of AML and KYC laws, as well as financial institutions with sloppy CDD procedures.
Besides banking and real estate, criminals have also adopted increasingly-creative methods to disguise their money, using everything from cryptocurrencies, modern art, gift cards, and even private school fees. And with the constant advancements in banking software and networks, the washing of ill-gotten funds can happen faster and at a much larger scale than before.
To combat this, regulators are continually harmonising and strengthening their AML and KYC laws. They are also expanding their scope. More types of organisations are now being required to perform due diligence of their customers. And these KYC checks are being mandated on an ongoing basis, rather than solely before the commencement of a customer relationship.
The penalties for non-compliant companies also continue to grow. In 2021, the UK’s Financial Conduct Authority fined organisations a total of £567,765,219 for non-compliance. The FCA is only one national regulator. Multinational organisations that are found liable for ineffective CDD in multiple countries can see their fines quickly stacking up. There is also the reputational damage.
3. How Do CDD, AML and KYC All Work Together?
Even among experts, there is often overlap between how CDD, AML and KYC are discussed. At the same time, there is also some general agreement about how they differ.
Know Your Client/Customer:
Know Your Client/Customer usually refers to the rules and processes around verifying the identities of:
- Individual clients and their designated representatives
- Potential corporate clients and their directors, major shareholders, and ultimate beneficial owners (UBOs
The standard CDD process usually starts with an initial KYC screening. This typically involves gathering customer personally identifiable information (PII) as well as basic business data, along with supporting documents.
Customer Due Diligence:
CDD generally refers to the actual work that financial service providers must do to comply with KYC and AML laws. In other words, the identity verification, the financial risk profile research, and the ongoing customer and transaction monitoring.
By diligently researching potential customers and continuing to monitor them after they come onboard, organisations reduce their risk of:
- Inadvertently doing business with criminals and terrorists
- Aiding in identity theft and fraud, and
- Abetting bribery, tax evasion, and other forms of corruption.
AML revolves around regulations such as the U.S.’s Bank Secrecy Act (BSA) that combat money laundering, as well as the monitoring and research employed by financial institutions to flag potentially illicit transactions.
Such transactions are usually one of three types:
- Unusually large transactions or payments
- Cross-border transactions between particular countries
- Large amounts of cash
A flagged transaction can be sent as a Suspicious Activity Report (SAR) to governmental or industry regulators.
4. What Constitutes a Standard Customer Due Diligence Process?
CDD in Banking
As the ideal entry points for those seeking to gain access to the legitimate financial system, banks are also under the greatest pressure from regulators. Banks suffered the bulk of the $27 billion in AML and KYC fines over the last two decades. These include BNP Paribas ($9 billion), HSBC ($1.9 billion) Societe Generale ($1.3 billion) and Standard Chartered ($1.1 billion).
No wonder that every leading bank has a large department focused on due diligence.
CDD in Real Estate
Property has long been an attractive way for individuals as well as companies to launder money, evade taxes and conduct other fraud. Methods include:
- Buying property in cash in order to quickly resell it or rent it out
- Complex corporate structures (e.g. shell companies) and multiple bank accounts to hide ultimate beneficial ownerships of property
- Paying estate agencies or agents large amounts of money and reclaiming it in order to launder funding sources or reduce tax liability
- Mortgage fraud in order to fund property purchases
Though they do not manage their clients’ money, real estate agents have key information on customers and their funds. As such, real estate agents in many countries are required to conduct CDD reviews on potential customers.
A typical CDD process would involve:
- Recording the PII of an individual client or the UBO of a legal corporation
- Cross-checking that PII with government-issued documents such as driver’s licence or passport
- Checking whether individuals or companies are listed on regulatory watchlists for PEPs or sanctions
- Creating an initial risk profile of the potential client
- Proceeding with transactions for clients rated as low or medium risk, though monitoring of funding sources for potential AML violations must continue
- For customers rated as high risk, an Enhanced CDD process to investigate suspicious factors. Depending on the outcome of this deeper investigation, customers may be accepted, turned down, or referred to regulators.
CDD in Other Sectors
Casinos and card clubs have long been a favourite of money launderers due to the large amounts of cash involved. Regulators such as the United States’ FinCEN are turning up the pressure on all financial firms, including casinos. As a result, “the days of robotic SARS filings are over,” one casino manager said in 2021, lest they risk an audit.
Criminals and corrupt leaders are also laundering their money by snapping up paintings at auction, sending their children to private schools and making large donations to universities and charities. Terrorist groups such as ISIS have also funded their activities by stealing and selling Iraqi cultural antiquities to American buyers.
The CDD processes outlined in the banking and real estate sections are good starting points for organisations in other sectors newer to CDD. You can learn more about the five kinds of CDD processes, and use this KYC checklist to speed things up.
5. Who Is Responsible for CDD?
Inside larger organisations, CDD is usually overseen by a risk management or compliance team. The biggest enterprises and the most-regulated ones may have dedicated CDD analysts or whole CDD teams. With the aid of digitally-automated tools, they can handle most aspects of the process in-house, and would only outsource specific or enhanced CDD, KYC or AML checks to third-party firms or experts.
For smaller organisations or individuals (think real estate agents), the burden of CDD may fall upon the employees dealing with the potential client. Digitally automated tools can alleviate this burden, allowing sales and customer relations people to focus on their core business.
6. When Is CDD Required, and How Often Should It Occur?
Companies of all stripes and sizes must now weigh whether the burden of CDD falls on them. Regulators are not just enhancing their KYC and AML rules, but applying them to more scenarios and industries. Even companies that are not formally regulated today are conducting CDD and screening for negative news about their clients, as they can be a canary in the coal mine for future infractions.
Even for low-risk clients, CDD is not a one-time event. After customers pass the onboarding review, KYC files still must be refreshed every six months to a year for most firms. Transactions need to be monitored — preferably in real-time for high-risk clients — and investigated. Such ongoing CDD is best done with the help of automated, digital tools to streamline the process and improve its accuracy. CDD and KYC triggers should be audited every two years to ensure they remain relevant and compliant.
At the same time, overenthusiastic application of CDD by your risk management and compliance teams can create tension with your business and client teams, who are naturally trying to maximise your company’s revenue and minimise customer frustration. Their needs must be balanced with the risks of penalties, financial losses, and reputational damage.
7. How to Standardize CDD
Though CDD requirements vary by country and industry, certain data has become more or less standard. We have collected these in our KYC Checklist, which you can deploy in our easy-to-use, interactive KYC template.
As part of FileInvite’s secure document collection portal, this form can be customised and deployed in less than ten minutes for your due diligence needs.
Instead of emailing potential clients and forcing them to print, scan, and fax back signed documents, you can gather all of your KYC data in record time and minimal effort through electronic signatures, cloud-hosted documents, and automated reminders and approvals. The form also complies with GDPR privacy requirements for European residents and organisations.
8. Leveraging Technology to Support CDD
Global business has accelerated in pace and has become more complex over the last two decades. Manual CDD and AML monitoring no longer cut it.
Sending emails, tracking customer transactions in Excel spreadsheets and other manual CDD tactics have become too labour-intensive and slow.
Secure document collection portals such as FileInvite are one of the best ways companies can digitally transform their CDD processes, enabling smoother, faster onboarding of customers.
Beyond customer onboarding, companies can enhance their Ongoing CDD processes through machine learning-powered fraud detection solutions like Fortiro. Using optical character recognition (OCR) with natural language processing (NLP), Fortiro automates the process of scanning and analysing payslips, bank statements and other documents to determine their validity. This enables financial institutions to perform AML and KYC checks in real time.
Boost team productivity by 35% on average
Gone are the days of requesting documents from clients via email. Our client-facing customers have experienced an average 35% increase in productivity as a direct result of implementing FileInvite.
Reduce time to close by 64%
By improving internal and external efficiencies within the document collection process, the entire lending process moves faster, giving you more time to devote to client - and revenue - growth.
Increase application completion rates by 34%
Give your clients complete visibility into the document collection process - including which documents are due and when, as well as what their requirements are. Not only does this increase application completion rates, but it also improves client experience.