Remember the last article where we talked about KYC?
Well, this is the continuation of it.
This time we’re going to geek out on everything about customer due diligence (CDD). As usual we promise to make this article easy to understand and not boring. So, before we do a deep dive;
Let’s get the basics of CDD right.
Customer due diligence is part of a bigger process called KYC where the identity of the customers are verified. CDD might vary from one country to another but the ultimate goal is to identify and verify your customers.
So why do we need a CDD program in the first place?
CDD is the most important part of your KYC process. At a certain point, it dictates how the entire KYC process is structured.
It acts like a barrier that can help you weed out and protect your businesses from fraudsters and criminals.
Also, failure to do so can result in heavy fines that can cost both a brand’s reputation and money.
We have covered the basics, what’s next?
The common measures taken in a CDD program.
Identification of your customers
In CDD, your first step would be to identify your customer.
It can be something as simple as making sure you get their first and last name right.
This might look simple but it’s important too, for obvious reasons.
You don’t want to implement CDD on the wrong person right?
Now that you have identified them, it’s time to verify that they are really who they claim to be and not someone impersonating another person.
You need to check that the proof of identity submitted by your customer is correct. It can be a in-person check, computer assisted. There are lots of way to spot fake IDs.
Part of this process can also involves verifying the customers’ identity with other reliable sources such as the sanction list and any other legal databases.
Recognizing the type of business relationship your customers want from you
It might be obvious what type of services your customer wants from you.
But in some situations, it might not be clear.
As part of customer due diligence, you need to understand the nature of the business relationship to understand the type of risk your customers will impose on you
Documenting the information you have collected
By now, you would have an information bank for your client.
But it’s not important for you to use them for verification, you need to document them for easy access for regulators.
Most importantly, you need to store them securely, preferably in a secured solution to avoid the data being manipulated or misused.
AML risk scoring
Since you have all the information about the customer in hand, it’s time to conduct an AML risk scoring on them.
AML risk scoring not only helps you to understand the severity of the risks that your potential client can impart on you; it helps to determine the next steps to be taken in your CDD program.
What are the types of CDD and when should we use them?
Most organizations have 3 levels of due diligence in CDD and each of them are only implemented based on the risk that a customer can bring to your business.
The levels are as following,
Simplified Due Diligence
As we have discussed in the previous article, Simplified Due Diligence is often used to onboard customers who pose the lowest-risk to be involved in any type of fraud activities.
This is most appropriate for low value accounts.
However, it’s wise to keep them on an ongoing monitoring phase for potential trigger activities that require further due diligence such as unusual transaction amounts than normal.
Standard Due Diligence
Standard Due Diligence is the most common type of due diligence in practice.
Since most of the customers do not require simplified due diligence or enhanced due diligence their onboarding flow involves Standard Due Diligence.
Typically Standard Due Diligence comprises basic background checks on the customers who have some level of risk but are not likely to act on it.
They can be a normal employee at an organization or maybe a normal employee at a governmental organization such as a teacher.
The risk is there, but the probability of them acting upon it is quite low.
Enhanced Due Diligence
Enhanced Due Diligence is mandatory for customers classified as high-risk.
Note that EDD can be triggered by many different factors.
That’s why we have put together a list of risk-factors that might require Enhanced Due Diligence to be applied on that particular customer so that you can refer back to anytime you want.
Here’s the list:
- Your customers Here are some of the things that you need to watch out for in your clients Most of their clients are foreigners and non-residents of the country they’re operating in It’s either them or their family members and even their friends or associates are Politically Exposed. Their business deals with cash more than digital transactions-which is a red flag especially in 2022.
- Geographical factors Yes, location does matter. You’ll be able to see why in the following list of geographical risk factors
- Countries that triggers EDD are the ones:
- without proper Anti-Money Laundering systems such as North Korea.
- Under sanction especially by the US.
- Blacklisted as they are known to be financing terrorist activities according to the State Sponsors of Terrorism list.
- That acts as a base for terrorist organization
- Famously known for their corruption level such as Venezuela.
- Not part of FATF which is like the international standard equivalent for AMD laws
- Other factors
Private and correspondent banking.
This is because by nature these types of financial institutions tend to be more money orientated and will protect their client’s confidentiality well as they consider it as part of their brand identity.
How to improve your Customer Due Diligence Program.
Since, there isn’t a set template to be followed, there’s always room for improvement in your Customer Due Diligence program.
- Make sure your clients match the risk profile you have decided for them before conducting any type of business relationship with them-you can do this by collecting any additional documents needed such as the beneficial owners and so on.
- Organize and give a structure to your CDD procedures with the right and secured third parties’ databases- remember to choose wisely as, at the end only you will be the one who’s responsible for your own KYC process.
- Store the data you have collected in a safe environment like Collect’s storage- it’s safe,secure and GDPR compliant.
- Determine whether you need to implement EDD or not by identifying any red flags that can trigger an EDD.
- Compile and store all the data you have collected previously-no data is too small to be ignored,so compile every single data you have collected and make it available for regulatory purposes.
That sums up our guide on Customer Due Diligence.
Want to try Collect to do your customer due diligence? 👉 Start your 7-day free trial, no credit card required.