CDD checks help verify customer identity and assign the correct risk level to an organization or financial institution. CDD checks are a core requirement in regulations and laws enforcing anti-money laundering (AML) compliance. In addition, CDD is part of a broader compliance requirement called Know Your Customer (KYC).
Here are a few examples of regulatory authorities that require CDD:
The goal of CDD is to help organizations obtain information from their customers, which can help them avoid business relationships that may be related to criminal activity - such as money laundering, tax evasion, and financing of terrorist organizations. CDD can also help financial institutions identify customers with low credit ratings.
In this article:
According to a Thomson Reuters report, major financial institutions spend $150 million per year on average on KYC compliance to prevent money laundering and other financial crimes. Money laundering affects 2-5% of global GDP each year. You can avoid the risk of such financial crimes in your organization by conducting due diligence.
Failure to comply with anti-money laundering (AML) guidelines can result in significant fines. Global authorities issued over $13 billion in penalties to organizations for violating AML laws, and the number is rapidly growing from year to year. For example, the UK Financial Conduct Industry (FCA) recently fined London Commercial Bank over $37 million for violating anti-money laundering guidelines.
In an environment of growing financial crime, it is necessary to preemptively identify customers' risk levels. This can help fight financial crime and ensure the safety of your assets. However, failure to do customer due diligence can also lead to reputational issues. Remember that a single money laundering or terrorist financing event can irreparably damage a company's reputation.
It is common to apply customer due diligence differently to different groups of customers, according to the level of compliance risk they present:
CDD is primarily needed when a company enters a business relationship or performs a transaction with a customer or prospect. For example, if the business relationship falls under AML regulation, the company needs to assess its risk profile and verify its identity.
Companies are typically required to perform KYC and CDD in these cases:
KYC and CDD should be applied based on the evaluated risk of each customer. Businesses should assess the risk of AML and adjust their due diligence review accordingly. Most customers should be subject to standard CDD measures, requiring identification, verification, and evaluation of the business relationship. In low-risk scenarios, it may simplify due diligence and require only identification with no proof required.
Use the following best practices to ensure your KYC and CDD efforts are more effective.
Your organization should have a KYC policy, which outlines the requirements customers must meet before registering for your products or services. The policy should also outline the type of risk that a particular customer may pose.
High-risk customers, such as politically exposed customers, require a rigorous CDD process. The policy should include control over this process. There should be checks and balances to ensure that acceptance policies are not too restrictive, negatively impacting disadvantaged customers.
The key to an effective and sustainable CDD program has policies in place for every situation. In addition, anticipating scenarios with customers can help clarify in advance which CDD method is best, speeding up response times.
Compliance is not only about implementing regulatory checkboxes but also about competitive advantage. Effective and ongoing compliance can reduce risk, increase customer knowledge, and enable adaptive business processes. In addition, establishing values and procedures that promote vigilance and respect for regulatory obligations will help build more transparent organizations with more robust governance.
A good KYC plan needs clear, well-documented procedures to work effectively. The responsibilities of all business roles should be clarified, with clear channels for reporting suspicious activity. Companies also need internal processes that describe the course of action employees should take if a risk arises. Procedures should be subject to regular evaluations, including internal audits and extensive external audits.
Adopt CDD protection as early as possible to detect potentially malicious individuals before establishing business relationships with them. Put barriers in place to prevent financial criminals from accessing your accounts, thus avoiding suspicious activity before it starts.
The best way to do this is to evaluate potential customers and gain insight into their business activities. For example, this can be as simple as verifying a name and address. However, with online scams and fraud growth, gathering more information and performing additional identification checks are recommended.
Valuable sources of information for the identification process include the name, address, birth date, ID number and identity documents, telephone number and data from mobile networks, geolocation, automated identity verification via a selfie or live video, and third-party proof of identifying documents.
Businesses and other business customers must also verify the legality of the business and ensure that the account holder has the appropriate authority to act on behalf of the business. A business identification process focuses on company registration number, date of incorporation, company type, company name and address, management personnel, and operational status.
Early detection and handling of falsification of personal or business information can avoid risks and exposure to AML violations.
BlueCheck’s industry-leading identity verification infrastructure enables merchants to grow their business faster. As BlueCheck serves a wide variety of industries, our solutions are custom-tailored to the unique needs of our customers, including PACT Act and eCommerce compliant offerings.