Conducting customer due diligence or CDD is a skill every AML compliance officer should have. A typical investigation into a potential suspicious transaction will begin with CDD. In most countries with robust AML/CFT framework, it is compulsory for a financial institution to conduct CDD during the onboarding stage before establishing business relations with a potential customer.
Definition and objective
CDD is the process where pertinent information of the customer’s profile is collected and evaluated for any potential money laundering or terrorist financing red flags. Upon completion of due diligence, the customer is then given a risk rating. An example of a risk rating can either be a simple low/medium/high or a numeric value derived from a complicated risk matrix listing out the score based on a specific set of criteria.
A risk rating helps a company in deciding how and when to apply stringent checks, treatment, and controls to a specific group of risk-rated customer. This is a form of a risk-based approach to ensure that proper resources are allocated accordingly.
The first step to CDD is to obtain information from the customer. The following points outline the most basic information that a financial institution will collect.
Customer Profile (Individual):
- Full name, including any aliases
- Residential address
- Place of birth
- Date of birth
- Government-issued identification number
- Government-issued tax identification number
- Specimen signature
- Parental consent form (where the individual is a minor)
Customer Profile (Entity):
- Name of corporation
- Type of corporation
- Date of incorporation
- Place of incorporation
- Board resolution on authorised signatories
- Certificate of Incumbency
- Articles of Association
- Certificate of Incorporation
Customer Profile (Trust):
- Settlor’s information
- Trustee’s information
- Beneficiaries information
- Protector’s information
- Relationship between settlor, trustee, protector and beneficiary
- Ultimate beneficial owner’s information
Independent verification of collection
The second step is to independently verify the information collected from the customer. These are legal documents that are issued by the government or an independent reputable agency.
- Government-issued photo identification card
- Government-issued passport
- Tax bill
- Phone/power/water bill to prove residential address
- Business profile issued by a government regulator for business entities
- Certificate of incorporation
- Articles of association, or memorandum of association
Name screening is the third step where a compliance officer performs a check on a name-screening database or an internal blacklist to determine if a customer poses a risk to the financial institution. Typically, the objective is to ascertain if the customer is one of the following profiles:
- Politically Exposed Persons (PEPs)
- Reported in media to be involved in any activity that is adverse in nature
A compliance officer can then evaluate the customer on its risk it presents and proposes to the company on the decision of establishing business relationship with the customer. Decisions may involve understanding the circumstances of the clients such as:
- The source of their funds
- The nature of their circumstances
- The reasons why they have chosen the company to establish a relationship
- The anticipated and expected level of activity
Enhanced Customer Due Diligence (ECDD)
ECDD is where the customer has been evaluated to be at a heightened risk to the company. The Financial Action Task Force (FATF) 40 Recommendations suggest that companies adopt a risk management system to determine if the customer presents a higher risk.
Part of the process of conducting ECDD obtain senior management approval before establishing a relationship, and take reasonable measures to establish the source of wealth and the soruce of funds. Examples of higher risk customers/transactions include but not limited to:
- Politically Exposed Person (PEP)
- Customer who are positively identified to have adverse profiles on watchlists
- Non-face to face account opening
- Correspondent Accounts
- Customers located in high-risk location
CDD does not stop after the onboarding of customers. On a regular basis, transactions and account activity should be scrutinized for suspicious activity and that the behaviour of the transaction and accounts are in line with the expectation of the company, as well as the customer profile. This is an ongoing responsibility as clients’ risk profiles may change over time. To better perform ongoing monitoring, a compliance officer must take into consideration on the customer’s account activity and ensure that CDD documents are kept up-to-date.
Part of performing a proper customer due diligence is ensuring that all records are retained as per the company’s retention policy. The exact length of time to keep such records are usually mandated by law and differs between countries.
Record keeping helps the company understands the company over the entire relationship with the customer. As mentioned earlier, record keeping helps the company deal with its reporting obligation in submitting documents to the local financial intelligence unit for suspicions on money laundering or terrorist financing.