Conducting customer due diligence or CDD is a skill every AML compliance officer should have. A typical investigation into a potential suspicious transaction will begin with CDD. In most countries with robust AML/CFT framework, it is compulsory for a financial institution to conduct CDD during the onboarding stage before establishing business relations with a potential customer.
Definition and objective
CDD is the process where pertinent information of the customer’s profile is collected and evaluated for any potential money laundering or terrorist financing red flags. Upon completion of due diligence, the customer is then given a risk rating. An example of a risk rating can either be a simple low/medium/high or a numeric value derived from a complicated risk matrix listing out the score based on a specific set of criteria.
A risk rating helps a company in deciding how and when to apply stringent checks, treatment, and controls to a specific group of risk rated customer. This is a form of a risk-based approach to ensure that proper resources are allocated accordingly.
The first step to CDD is to obtain information from the customer. The following points outline the most basic information that a financial institution will collect.
Customer Profile (Individual):
- Full name, including any aliases
- Residential address
- Place of birth
- Date of birth
- Government-issued identification number
- Government-issued tax identification number
- Specimen signature
- Parental consent form (where the individual is a minor)
Customer Profile (Entity):
- Name of corporation
- Type of corporation
- Date of incorporation
- Place of incorporation
- Board resolution on authorised signatories
- Certificate of Incumbency
- Articles of Association
- Certificate of Incorporation
Customer Profile (Trust):
- Settlor’s information
- Trustee’s information
- Beneficiaries information
- Protector’s information
- Relationship between settlor, trustee, protector and beneficiary
- Ultimate beneficial owner’s information
Independent verification of collection
The second step is to independently verify the information collection from the customer. These are legal documents that are issued by the government or an independent reputable agency.
- Government-issued photo identification card
- Government-issued passport
- Tax bill
- Phone/power/water bill to prove residential address
- Business profile issued by a government regulator for business entities
- Certificate of incorporation
- Articles of association, or memorandum of association
Name screening is the third step where a compliance officer performs a check on a name screening database or an internal blacklist to determine if a customer poses a risk to the financial institution. Typically, the objective is to ascertain if the customer is one of the following profiles:
- Politically Exposed Persons (PEPs)
- Reported in media to be involved in any activity that is of adverse in nature
A compliance officer can then evaluate the customer on its risk and proposes to the company on the decision of establishing business relationship with the customer. However, CDD does not stop here. Ongoing monitoring must be undertaken to ensure that the customer would not be of any heightened risk in the future. To better perform ongoing monitoring, a compliance officer must take into consideration on the customer’s account activity and ensuring that CDD documents are kept up-to-date.