What is customer due diligence (CDD)?

Customer due diligence (CDD) is a key part of financial crime and anti-money laundering compliance for banks, financial institutions, and other regulated industries. The goal of CDD is to understand who exactly you’re doing business with, with the ultimate goal of identifying any risks while helping prevent fraud, money laundering, or other financial crimes. 

Customer due diligence is part of know your customer (KYC) compliance requirements. It’s also just part of the common sense good business practice of knowing who you’re working with. You wouldn’t hire a new employee or start working with a supplier without interviewing or vetting them first. CDD fulfills a similar role.

This article gives you an overview of customer due diligence: what it is, what kind of information is required in the process, what enhanced due diligence is, and when financial institutions must perform CDD.

Customer due diligence, or CDD, consists of collecting information about a customer and performing various checks to verify that customer’s identity, usually with the help of some kind of documentation. The process enables you to verify that the customer is who they claim to be, and helps you gather the necessary information to assess their financial crime risk. This applies to any customer, be it an individual or a business. For business entities, banks also need to verify beneficial ownership to understand who benefits from the organization’s activities. 

CDD is an important part of AML activity. It’s a required step for banks to comply with anti-money laundering directives.

The type of information required for CDD depends on several factors, including the customer profile, the type of account they are opening, the region where the financial institution is operating, and more. 

Some of the most basic information required for CDD includes customer name and address, the nature of their business, and information on how they plan to use their account. To verify the information provided by the customer, the financial institution should seek out official documents like identity cards or passports, utility bills, incorporation documents, etc. 

Additional information for customer due diligence comes from multiple sources, which can include:

• Information provided by the customer, or an in-person visit
• Public data sources
• Politically exposed persons (PEP) lists
• Sanctions lists
• Private, third-party data sources

Customer due diligence is part of risk management activities, so it should be carried out with a risk-based approach. The process therefore won’t look the same for all customers. For those with a lower risk profile, you might only need to go through the identification process without needing to go through verification steps. With higher risk scenarios, however, standard CDD procedures might not cut it. That’s where enhanced due diligence comes in. 

Enhanced due diligence, or EDD, is essentially CDD for higher risk clients. It involves additional checks and verifications, still with the same goal of uncovering any financial crime or compliance risks. A financial institution might perform EDD if a new client is a PEP or if they come from a high-risk country for example. The exact scenarios will depend on the organization and their risk models.

Any information gathered during CDD or EDD must be carefully documented and stored. Banks must effectively be able to prove they have carried out the necessary steps in onboarding their clients. Such documentation proves the organization has done its due diligence, and can also help law enforcement in the event of an investigation.

Customer due diligence is an important step when onboarding new customers as part of AML/KYC measures. But there are also other times when CDD is necessary to identify possible risks.

Some transactions require you to perform CDD. This might be if a customer requests to make a transaction that exceeds regulatory thresholds, or with entities linked to a high-risk country.

If during any point in the business relationship a customer provides documentation that seems unreliable, it’s necessary to perform further checks or verification as part of CDD.

If some customer behavior raises a red flag for fraud or money laundering schemes, you’ll need to go through further CDD checks with that person or organization.

Customers and their behavior can change. Financial institutions should perform periodic checks on their customers to verify their risk profiles and update them if necessary.

Technology is rapidly changing not only banking, but also the way financial institutions perform processes like CDD. In a context where both criminal threats and risk profiles evolve quickly, graph technology can lend flexibility to compliance teams while helping them connect the dots within their data for more effective CDD and EDD. By desiloing data and analyzing both individual data points and the connections within the data, graph analytics shows you the full context around your customers and their relationships.