Customer due diligence (CDD) is a key component of the know-your-customer (KYC) processes that organizations follow to comply with anti-money-laundering (AML) regulations. The Bank Secrecy Act and the Patriot Act, under the aegis of the Financial Crimes Enforcement Network (FinCEN), impose CDD obligations on financial institutions and a broad range of financial services companies. Given the pace and complexity of the modern financial system, a one-size-fits-all due diligence process is unworkable. Therefore, organizations must tailor due diligence to the risk that each customer presents. Customers with higher risk levels should be subject to enhanced due diligence (EDD), while lower-risk customers can be governed by standard and simplified due diligence. To avoid the risk of non-compliance with AML regulations, it’s vital that organizations understand EDD and when it is necessary. Following EDD guidelines also ensures that CDD and KYC processes are as efficient and cost-effective as possible.
Risk-Based Approaches to Know Your Customer (KYC)
Modern KYC regulations take a risk-based approach. The greater the risk, the more stringent the requirements. There are three components of KYC:- A customer identification program collects information, including the customer’s name, date of birth, legal address and identification number.
- Customer due diligence verifies the customer’s identity, identifies beneficial ownership, investigates the purpose of the business relationship, and establishes the risk of money laundering and illegal activity.
- Ongoing transaction monitoring assesses customer activity throughout the relationship.
Who Qualifies for Enhanced Due Diligence?
A wide range of circumstances may indicate that a customer represents a risk sufficient to justify EDD, including:- High net-worth individuals
- Cash-intensive businesses
- Unusual business relationships, including anonymous relationships
- Businesses with unclear or complex ownership structures
- Businesses based in countries with lax or non-existent AML regulations
- Businesses based in countries under sanctions or embargoes
- Private and correspondent banks
- Politically exposed persons (PEP), people in a position of influence who may be susceptible to bribery or corruption
- Any business that may represent a higher risk of money laundering, such as gambling
What Is Included in Enhanced Due Diligence?
EDD scrutinizes business relationships and customers to detect risks that would likely go unnoticed during standard CDD. When forming a relationship with a high-risk individual or company, businesses in the financial sector are expected to conduct rigorous and robust investigations and gather significantly more evidence. EDD processes must provide reasonable assurance of reaching an accurate understanding of the money laundering and financial crime risk a customer presents. Decisions about whether to provide financial services must be based on the adequate gathering of information and the assessment of an experienced and expert professional. It’s worth emphasizing that EDD processes must be exhaustively documented so that regulators can access due diligence reports. Regulators want to see the work that goes into decision-making, including the quality of the information sources. Recommended information sources and CDD measures vary depending on the customer and the circumstances of the relationship, but the Financial Action Task Force (FATF) Recommendations mention measures that include obtaining additional information about:- The customer, including occupation, volume of assets, publicly available data and media reports
- The intended nature of the business relationship
- The source of funds or the customer’s source of wealth
- The reasons for intended or performed transactions
