What is Customer Due Diligence in Banking?
Customer due diligence (CDD) is a process that evaluates prospective customers. It involves performing customer identity verification, confirming that the customer is not on a prohibited list, checking their background, and generally assessing the risk factors of the customer.
Almost all banks are subject to know your customer (KYC) and anti-money laundering (AML) regulations, and CDD is a critical requirement in most of these regulations.
Here are key main aspects involved in a CDD check:
- Customer identification—to identify customers, organizations must obtain personal information, such as name, a photographic identification document (ID), birth certification, and address. The goal is to verify identity against an independent and reliable source.
- Beneficial ownership—in many cases, organizations need to evaluate an entire company rather than a single individual. This is when due diligence measures check the identify beneficial ownership of a company. It usually includes assessing the control structure of the company.
- Business relationship—this check helps organizations obtain information related to the nature of a certain business relationship they are considering and its purpose.
In this article:
- Why is Customer Due Diligence Required?
- Types of Customer Due Diligence for Banks
- Challenges of Customer Due Diligence
- Lengthy CDD Processes Cause Onboarding Friction
- Costs of Compliance Are Dramatically Rising
- Inconsistent Standards for Verification Create Poor Quality Data
- Customer Verification with BlueCheck
The information provided in this article and elsewhere on this website is meant purely for educational discussion and contains only general information about legal, commercial and other matters. It is not legal advice and should not be treated as such. Information on this website may not constitute the most up-to-date legal or other information.
The information in this article is provided “as is” without any representations or warranties, express or implied. We make no representations or warranties in relation to the information in this article and all liability with respect to actions taken or not taken based on the contents of this article are hereby expressly disclaimed.
You must not rely on the information in this article as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider.
This article may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites.
Why is Customer Due Diligence Required?
Companies that are required to comply with AML regulations are also usually required to perform CDD, to verify the identity of the customer and assess their risk profile.
Here are several circumstances during which financial institutions and other companies must perform CDD:
- New business relationship—before entering a business relationship, companies must run a CDD check to ensure that their customer is not using a fake identity and matches the desired risk profile.
- Occasional transactions—some transactions warrant CDD measures. For example, transactions involving an amount of money that exceeds a predefined threshold, or any transaction with an entity located in a high-risk foreign country.
- Money laundering suspicion—companies must run CDD checks when suspecting a customer of financing terrorism or laundering money.
- Unreliable documentation—when customers supply inadequate or unreliable documentation, companies must apply CDD measures.
Companies should base their KYC and CDD checks on risk factors. The risk of each client with respect to anti money laundering (AML) or combating financing of terrorism (CFT) should be assessed and their due diligence scrutiny should be adjusted accordingly.
The majority of clients should be subjected to standard CDD measures, which usually require customer verification and identification. When the risk is low, the business can apply a simple CDD process. Once the initial screening passes, the business relationship can be assessed, and the business can decide whether to proceed or not.
Types of Customer Due Diligence for Banks
The financial industry is strictly regulated and needs to meet KYC and CDD requirements. Here are the three types of CDD used in the banking industry:
Standard Due Diligence
This process involves the verification and identification of customers through the application of KYC practices. This involves verification based on personal identity information as well as government-issued IDs. It is usually performed by reliable and independent third-parties.
Standard due diligence checks are meant to investigate entities and individuals with moderate risk scores. The goal is to uncover their intended reason for achieving the new business partnership, and is applied when large transactional volumes are involved or the customer is suspected of criminal activities.
Simplified Due Diligence
This type of due diligence is applied during scenarios of low or no risk of financial crime. For example, customers residing in low-risk locations can be identified using IDs and personally identifiable information (PII).
Enhanced Due Diligence
Enhanced CDD is performed when the financial risks are high and may involve suspicion of money laundering, tax evasion, terrorist financing, or corruption. This type of due diligence process investigates high-risk customers located in high-risk areas. The goal is to ensure that large amounts of funds, transactions, and assets are properly vetted to minimize risk of crimes or regulatory penalties. Customers are usually screened against blacklists, politically-exposed person (PEP’s) lists, and government-issued sanctions.
Challenges of Customer Due Diligence
Lengthy CDD Processes Cause Onboarding Friction
Companies put a lot of effort into onboarding and retaining their customers. To achieve this, companies strive to create customer journeys that are seamless and convenient. CDD processes, however, can often introduce lengthy and uncomfortable steps into the customer journey.
While some companies manage to create a balance that keeps customers satisfied, a clumsy CDD may be the factor that prevents a company from onboarding customers. Financial institutions are usually required to comply with CDD and AML regulations. While not all sectors must comply, more regulations are being added and non-compliant businesses may face fines.
Costs of Compliance Are Dramatically Rising
Compliance regulations are regularly being revisited and updated by their governing bodies, and the cost of compliance continues to rise. Financial institutions and banks need increasingly bigger budgets in order to cover the additional costs of compliance staff, frequent transaction monitoring, and strict KYC checks.
According to a survey by Thomson Reuters, big financial institutions spend up to $500 million per year on KYC and CDD. Other studies show companies spend as much as $48 million per year on KYC compliance. Onboarding corporate clients can cost up to $25,000 per client.
These costs are not sustainable for large financial companies, which means they are far beyond the reach of smaller or upcoming companies. These companies require a solution that offers a significantly lower cost for KYC and CDD. Ideally, this solution can help provide the right balance between regulatory compliance, budget requirements, and user experience.
Inconsistent Standards for Verification Create Poor Quality Data
While regulation clearly requires financial institutions to put in place customer due diligence procedures, they do not define how CDD should be carried out. There is no standardized process for verification and no systematic way of ensuring that a customer is authentic.
Financial institutions must therefore put their trust in third-party verifiers. They must rely on the correctness of the data of these third-parties and trust that their methods are secure. The issue is that in many cases, third-party identity verification providers use inaccurate or incomplete data sources to verify customer identity.
Non-standard data structures, fragmented sources, and low data quality standards, make the process of authentication difficult, slow and prone to error. As a result, the customer risk score provided by identity verification services often tends to be incorrect. Inaccurate risk assessment results in low-risk applicants being accidentally flagged, or conversely, high-risk applicants being accepted, creating a compliance risk.
With 45% of financial organizations noting that it is ‘very’ or ‘fairly’ difficult to monitor the continual compliance status of their clients, there must be a more effective standard for authentication to enforce CDD compliance.
Customer Verification with BlueCheck
BlueCheck’s industry leading identity verification infrastructure ensures the highest accuracy and efficiency in financial services industries, where due diligence impacts everything from cost-effective compliance and risk mitigation to competitive advantage and market leadership.