Customer due diligence (CDD) is a key component of the know-your-customer (KYC) processes that organizations follow to comply with anti-money-laundering (AML) regulations. The Bank Secrecy Act and the Patriot Act, under the aegis of the Financial Crimes Enforcement Network (FinCEN), impose CDD obligations on financial institutions and a broad range of financial services companies.
Given the pace and complexity of the modern financial system, a one-size-fits-all due diligence process is unworkable. Therefore, organizations must tailor due diligence to the risk that each customer presents. Customers with higher risk levels should be subject to enhanced due diligence (EDD), while lower-risk customers can be governed by standard and simplified due diligence.
To avoid the risk of non-compliance with AML regulations, it’s vital that organizations understand EDD and when it is necessary. Following EDD guidelines also ensures that CDD and KYC processes are as efficient and cost-effective as possible.
Risk-Based Approaches to Know Your Customer (KYC)
Modern KYC regulations take a risk-based approach. The greater the risk, the more stringent the requirements. There are three components of KYC:
- A customer identification program collects information, including the customer’s name, date of birth, legal address and identification number.
- Customer due diligence verifies the customer’s identity, identifies beneficial ownership, investigates the purpose of the business relationship, and establishes the risk of money laundering and illegal activity.
- Ongoing transaction monitoring assesses customer activity throughout the relationship.
When carrying out CDD, organizations investigate customers to establish the risk they represent. This typically involves identity verification and background checks to ensure that the customer is not on money laundering or terrorist financing watchlists.
However, in some circumstances, customers are deemed a higher risk, which obligates businesses to take a closer look at them and perform enhanced due diligence.
Who Qualifies for Enhanced Due Diligence?
A wide range of circumstances may indicate that a customer represents a risk sufficient to justify EDD, including:
- High net-worth individuals
- Cash-intensive businesses
- Unusual business relationships, including anonymous relationships
- Businesses with unclear or complex ownership structures
- Businesses based in countries with lax or non-existent AML regulations
- Businesses based in countries under sanctions or embargoes
- Private and correspondent banks
- Politically exposed persons (PEP), people in a position of influence who may be susceptible to bribery or corruption
- Any business that may represent a higher risk of money laundering, such as gambling
When financial institutions and other relevant business entities form a relationship with high-risk customers, they must investigate more thoroughly and gather more information than during standard CDD.
What Is Included in Enhanced Due Diligence?
EDD scrutinizes business relationships and customers to detect risks that would likely go unnoticed during standard CDD. When forming a relationship with a high-risk individual or company, businesses in the financial sector are expected to conduct rigorous and robust investigations and gather significantly more evidence.
EDD processes must provide reasonable assurance of reaching an accurate understanding of the money laundering and financial crime risk a customer presents. Decisions about whether to provide financial services must be based on the adequate gathering of information and the assessment of an experienced and expert professional.
It’s worth emphasizing that EDD processes must be exhaustively documented so that regulators can access due diligence reports. Regulators want to see the work that goes into decision-making, including the quality of the information sources.
Recommended information sources and CDD measures vary depending on the customer and the circumstances of the relationship, but the Financial Action Task Force (FATF) Recommendations mention measures that include obtaining additional information about:
- The customer, including occupation, volume of assets, publicly available data and media reports
- The intended nature of the business relationship
- The source of funds or the customer’s source of wealth
- The reasons for intended or performed transactions
Implementing Enhanced Due Diligence
Implementing these measures may require collecting information about the customer’s name and all known aliases, corporate records and company background information, negative media coverage, global compliance status, current and past litigation, background and business interest checks for business directors, and more.
EDD is a significant burden for organizations intending to comply with anti-money laundering regulations. It consumes a great deal of time and requires substantial expertise. That’s why Alessa makes it straightforward for users of our AML Compliance Solution to risk score customers and order enhanced due diligence reports.