Customer due diligence is both a compliance issue and a challenge that fraudsters love to solve.
In this guide, we’ll show you how fraudsters fool KYC checks, and why sourcing alternative data is one of the best solutions to flag them. But first, a quick recap of the key terms.
What Is Customer Due Diligence?
Customer due diligence (CDD) means collecting, verifying and analyzing key information about a customer or client as a background check – so you can be confident they are who they claim to be. It is a form of risk management and can include the verification of identity documents (IDV), collection of alternative data, as well as data enrichment.
CDD is a legal requirement for certain industries – especially banks and neobanks, who must therefore comply with CDD regulations to avoid fines. It is generally split into two types: SDD (simplified CDD) and EDD (enhanced CDD).
Customer Due Diligence Requirements
Certain types of organizations, including banks, fintech firms, and investment companies, are required to conduct customer due diligence in a variety of scenarios. The below table shows some of these scenarios and the customer due diligence requirements that they relate to.
Type of CDD Requirement | Example of Relevant Scenario | Explanation |
Customer identification program (CIP) | a new customer starts a business relationship with an organization that they wish to sign up to | a customer carries a transaction over a certain threshold and/or arouses suspicion by being on a blacklist, PEP list, watchlist, or other form of sanctions list |
Ongoing due diligence (ODD) | an organization needs to carry out regular (e.g. annual) due diligence checks to ensure that their customer records are accurate and up-to-date | CDD not only applies during the customer onboarding stage: Organizations must also, over time, carry out ODD to ensure that they are updated of any changes, or even discrepancies, in their customers’ personal information over time, or to monitor for suspicious transactions. |
Customer risk profiling (CRP) | a prospective customer is flagged as a potential money laundering risk by an organization’s AML/CFT (countering the financing of terrorism) measures | An organization that is considering serving a customer who has been flagged as a potential money laundering risk will need to go through a process where they can decide the extent to which that person is a small, medium, or high risk. In fact, potential and existing customers are often required to assign a customer risk profile even to people they think are no risk at all to their business. |
Enhanced due diligence (EDD) | a customer carries a transaction over a certain threshold and/or arouses suspicion by being on a blacklist, PEP list, watchlist, or otherwise | EDD is when an organization has decided there is reason to escalate the level of customer due diligence, which may be due to the prospective customer having a higher-than-average customer risk profile. EDD can involve checks related to the person’s business associates, source of funds, and so on. |
As reflected above, there are many types of customer due diligence requirements, and their stringency often depends on the level at which the organization finds the given customer to be law-abiding or suspicious.
With that said, the nature of CDD requirements depends on each organization’s policy, jurisdiction, and many other factors such as the risk appetite of the business itself.
What Are the Types of CDD?
Different customers present varying levels of risk, necessitating a risk-based approach to CDD. This method ensures that the intensity and scope of your due diligence efforts align with the potential risks posed by each customer.
For most clients, standard CDD practices are sufficient. These involve not only identifying but also verifying customer identities to understand their business nature and assess associated risks.
However, for customers perceived as low-risk, simplified CDD may be adequate. In such cases, the process can be less stringent, often only requiring customer identification without the full extent of verification.
Conversely, there are scenarios where standard CDD might not suffice due to higher risk factors. Here, enhanced due diligence (EDD) becomes necessary. EDD involves a more thorough investigation, including deeper scrutiny of the customer’s source of funds, their business transactions, and more frequent transaction monitoring.
Customer Due Diligence for Banks
CDD is a fundamental requirement for banks and other financial institutions, mandated by anti-money laundering (AML) regulations and Know Your Customer (KYC) standards. Here are the main reasons banks need to do CDD:
- Preventing financial crimes: Banks must ensure that the customer is who they claim to be to prevent fraudulent activities. This verification helps mitigate risks associated with identity theft and other forms of financial deception.
- Regulatory compliance: CDD ensures that banks comply with local and international AML regulations. This compliance is crucial for avoiding penalties, fines, or more severe regulatory actions like licensing issues.
- Risk management: Implementing a risk-based approach allows banks to adjust the intensity of the due diligence process based on the customer’s risk profile. This tailored approach is essential for efficiently managing potential risks that vary with each type of customer and their activities.
- Operational integrity: Through ongoing monitoring and updates to CDD procedures, banks maintain operational integrity and keep up with changes in customer status or risk profiles.
Under AML/KYC regulations, banks have several obligations: they must verify the identity, address, and source of funds of new customers, a requirement for both initiating and maintaining financial relationships.
For high-risk customers, banks are required to perform Enhanced Due Diligence involving a thorough investigation into the customer’s background and financial activities. Additionally, CDD is an ongoing duty, requiring banks to monitor transactions to identify and report any suspicious activities continuously.
Overall, while CDD is a critical component of AML efforts, AML encompasses broader measures to prevent money laundering and maintain the integrity of the financial system.
SEON comes with an AML solution checking for PEP & RCA, sanctions, crime lists and watchlists – all in one place.
Learn More
What Is the Difference Between CDD and KYC?
Both Customer Due Diligence and KYC are required by law in some sectors, such as banking. CDD includes KYC checks, but also adds a focus on the source of funds, for purposes to do with money laundering and terrorism financing concerns.
Importantly, KYC is a process that takes places when a new customer signs up. On the other hand, CDD checks need to be ongoing throughout your relationship with the user.
The KYC happens at the onboarding stage. Its three key components include a first and last name, date of birth and residential address, but CDD typically looks into more than this.
More specifically:
CDD | KYC | |
When? | At signup and at regular intervals | When the customer signs up |
What? | Source of funds, intentions, name, address, DoB | Name, address, DoB |
Who? | Those at risk of money laundering, terrorism financing, corruption, bribery | Age-restricted products and services, certain financial services & anyone who chooses to |
How to Perform Customer Due Diligence
The CDD process is a legal requirement, and it must be performed for new business relationships (new customers), for transactions over a certain threshold, upon money laundering suspicion, or if a user presents unreliable documentation.
- Basic CDD: The first step involves identifying and verifying a customer’s identity as part of the KYC regulations. This is essential at the start of any new business relationship. Verification can be achieved through various methods, such as online document verification, which checks the legitimacy of identity documents during customer onboarding.
- Gathering additional information: Alongside identity verification, businesses should analyze the customer’s financial information and business activities. This helps in assessing potential risks associated with the customer.
- Collaborate with third parties: Often, businesses may need to involve third parties like lawyers, auditors, or digital identity verification providers to enhance the due diligence process. It’s crucial to ensure these third parties are reliable and trusted.
- Enhanced Due Diligence if needed: For customers identified as high-risk—such as politically exposed persons (PEPs) or individuals from high-risk countries—EDD is required. This involves a more in-depth investigation into the customer’s background, financial activities, and the sources of their funds.
- Keeping records secure and up-to-date: Businesses must maintain records of all financial transactions and CDD data for at least five years. This documentation must be securely stored to protect sensitive information and ensure it is accessible for regulatory inspections. It’s also important to keep customer records up-to-date, particularly if there are significant changes in the customer’s circumstances, such as changes in ownership or business structure.
- Leverage technology: Utilizing open banking APIs and digital footprint analysis can provide additional insights into a customer’s financial behavior and identity. This includes analysis of email addresses, phone numbers, IP addresses and device intelligence to validate their authenticity and detect potential risks.
- Continuous monitoring: Continuous monitoring of the customer’s transactions and activities is essential to detect any suspicious behavior promptly. This ongoing vigilance helps in adapting to any changes in the risk landscape and ensuring compliance with AML regulations.
The CDD process is integral to AML efforts, requiring a combination of traditional verification methods and modern technological tools to gather relevant and up-to-date data and to ensure thorough and effective risk management. This process not only helps in preventing financial crimes but also ensures that businesses comply with relevant regulatory requirements.
Partner with SEON to reduce fraud rates in your business with real time data enrichment that only lets good users through to KYC and CDD.
Ask an Expert
How to Save on CDD Costs with SEON
By offering one of the most advanced customer intelligence solutions on the anti-risk market, SEON can help you spend less on CDD checks. Leverage digital footprint analysis as a pre-KYC and pre-CDD step to block bad actors from gaining access, thus reducing your CDD workload.
Using a single email address or phone number, SEON checks 90+ social media and digital platforms. You will get access to public information on user profiles, bios and avatars, and even a “last seen” date – hundreds of data points about a user.
This means that you can weed out many criminals before they even reach CDD. IDV providers charge per CDD or KYC check. With SEON, you end up conducting fewer checks, more of which will be approvals.
The data enrichment information can be aggregated via manual query, API call or even a Chrome browser extension. Working in the background, this wall of defense can streamline CDD while also keeping an organization safe from all manner of fraud.
By building a fuller user profile using SEON’s fresh alternative data, you’ll:
- know exactly who you’re dealing with
- spot hidden connections between customers
- remove the risk of onboarding money launderers
- spend less on KYC and AML
- Help automate your KYC
- Improve AML fraud detection.
All with zero extra user friction, and a choice of integration that works with your business. SEON also provides AML checks, ensuring your customer is not on any watchlists, sanctions lists, blacklists or PEP lists.
Frequently Asked Questions
A due diligence checklist is a series of steps your organization must complete to ensure it remains legally compliant. The checklist steps may vary from one industry to the next, but they always include some form of identity and financial information verification.
Customer due diligence requirements vary from one industry to another, however, you will commonly find that a business must establish a user’s: 1) identity, 2) financial information, 3) residential address, 4) money-laundering risk.
Sources
- Thales Group: Annual Report Ebook
- Identity Force: What Are the Odds of Getting Your Identity Stolen?
- CNBC: 25% of households are either banked or unbanked