Open Web Portal SupportContact
Signhost logoSignhost logo
Log in

What is Customer Due Diligence (CDD)?

Customer due diligence (CDD) is a comprehensive process used by firms to verify customer identities, evaluate risk levels, and monitor transactions for suspicious behavior. The aim is to combat terrorism financing, money laundering, and other illicit activities by understanding who clients are and ensuring their transactions align with legitimate business practices.

Importance of CDD

CDD is integral to enforcing anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. It helps companies make informed decisions about who they do business with and supports a secure and transparent financial system. Robust CDD measures are essential for protecting firms from reputational damage and ensuring compliance with applicable laws and regulations. 

Key components

Customer identification

This involves collecting client data, such as name, address, and ID documents, to verify their identity. For business clients, firms must also identify the ultimate beneficial owners (UBOs) to prevent illegitimate entities from concealing their activities behind complex business structures. 

Risk assessment

Establishing the client’s risk profile — low, medium, or high — is essential for determining the level of scrutiny required. This step evaluates the potential risk of corruption or financial fraud based on factors like location, nature of business, and transaction patterns.

Ongoing monitoring

CDD is an ongoing process that ensures that any unusual activity or changes in risk are detected and handled proactively. Regular monitoring is key to identifying potential threats, maintaining up-to-date profiles, and ensuring continued regulatory compliance.

Levels of CDD

  • Simplified due diligence (SDD): Applies to low-risk clients, such as a local salaried employee with a good credit history, and involves basic identity checks without in-depth analysis.
  • Standard due diligence: Applies to customers with medium-risk profiles, such as small business owners who only occasionally conduct business with high-risk clients. It involves verifying identities, establishing business structures, and understanding the nature of the relationship.
  • Enhanced due diligence (EDD): For high-risk clients, such as a politically exposed person (PEP) or a cash-intensive business that frequently engages in large transactions. EDD includes comprehensive investigations, such as detailed background checks, additional document requirements, intelligence on UBOs, and closer monitoring.

How CDD works

CDD involves the following processes:

  • Data collection: Information like ID, address, and business details is gathered during onboarding and authenticated.
  • Verification: The details are cross-checked with official records to verify the identities of individual and business entities.
  • Risk profiling: Based on the collected data, customers are assigned a risk level that dictates further monitoring needs.

Global standards for CDD

Several international frameworks provide guidelines for CDD practices:

  • Financial Action Task Force (FATF): This intergovernmental body sets standards to combat money laundering and terrorism financing, such as reporting suspicious transactions to the relevant Financial Intelligence Unit (FIU) and applying appropriate CDD measures based on perceived risk.
  • EU Anti-Money Laundering Directive (AMLD): The EU AMLD includes specific requirements for CDD as part of a broader AML framework, mandating secure manual and digital identification measures, regular monitoring and reporting, and accurate record-keeping.

Connection with KYC

Know Your Customer (KYC) is often considered part of the broader CDD process. Here are the key differences between the two:

  • KYC is an infrequent process that focuses on verifying the customer’s identity before starting a business relationship or when there are risk triggers, while CDD is an ongoing process.
  • KYC involves collecting personal data, verifying documents, and creating a risk profile, while CDD involves more extensive checks, including risk assessment, monitoring, and compliance with AML regulations.
  • KYC is generally applied to new clients or accounts, while CDD applies to all customers over the long term and is particularly important when there are significant changes in the relationship, such as large transactions.
  • KYC often involves ID verification technology, such as eID checks and document scanning tools, while CDD relies on data analytics and transaction monitoring systems to track and flag potential risks.

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.