For any financial institution, one of the first analysis made is to determine if you can trust a potential client. You need to make sure a potential customer is trustworthy; Customer Due Diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against criminals, terrorists and Politically Exposed Persons (PEPs) who might present a risk.
There are three levels of due diligence:
Simplified Due Diligence (“SDD”) are situations where the risk for money laundering or terrorist funding is low and a full CDD is not necessary. For example, low value accounts or accounts.
Basic Customer Due Diligence (“CDD”) is information obtained for all customers to Ondato verification the identity of a customer and asses the risks associated with that customer.
Enhanced Due Diligence (“EDD”) is additional information collected for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks. In the end, while some EDD factors are specifically enshrined in a country’s legislations, it’s up to a financial institution to determine their risk and take measures to ensure that their customers are not bad actors.
Some practical steps to include in your Customer Due Diligence program include:
Ascertain the identity and location of the potential customer, and gain a good understanding of their business activities. This can be as simple as locating documentation that verifies the name and address of your customer.
When authenticating or verifying a potential customer, classify their risk category and define what type of customer they are, before storing this information and any additional documentation digitally.
Beyond basic CDD, it’s important that you carry out the correct processes to ascertain whether EDD is necessary. This can be an ongoing process, as existing customers have the potential to transition into higher risk categories over time; in that context, conducting periodic due diligence assessments on existing customers can be beneficial. Factors one must consider to determine whether EDD is required, include, but are not limited to, the following:
Location of the person
Occupation of the person
Type of transactions
Expected pattern of activity in terms of transaction types, dollar value and frequency
Expected method of payment
Keeping records of all the CDD and EDD performed on each customer, or potential customer, is necessary in case of a regulatory audit.