Six steps to improve your customer due diligence

Written by Holly Whitehead on Thursday December 12, 2019

The term ‘due diligence’ generally refers to an ‘action that is considered reasonable for people to be expected to take in order to keep themselves or others and their property safe’.

Thinking about customer due diligence (CDD) then, this applies specifically to enquiries made about the customers of a business, in order to support a decision as to whether or not business (or a relationship) should be undertaken or continued with these customers.

In financial services, CDD is a key part of any firm’s anti money laundering and counter financing of terrorism (AML/CFT) framework. It ensures that they know who their customers are, and prevents criminals from gaining access to the financial system.

It also means that money laundering and terrorist financing (ML/TF) risks associated with customer relationships can be identified and mitigated on a continuous basis. In other words, if you know and understand the usual and expected activity for your customer, then you will know what is unusual and therefore suspicious.

With the importance of carrying out effective CDD in mind, let’s have a look at six steps that you can take to help improve your CDD.

1. Remember that international standards require a risk-based approach to be applied to CDD.

A risk-based approach means that regulated firms can identify, assess, and understand the ML and TF risks that they are exposed to, and take the appropriate mitigation measures in accordance with the level of risk. This will indicate whether simplified due diligence (SDD) or even enhanced due diligence (EDD) may be required.

The risk-based approach is essential to the effective management of AML/CFT risks and offers firms the flexibility to focus resources and efforts in those areas of their business that carry higher levels of risk.

 2. Remember to watch out for red flags.

It’s not just attributes of the customer relationship or their account activity which could raise suspicion: the customer’s behaviour during account opening and CDD information gathering could also reveal red flags.

We have included a few of the more commonly identified red flags for you below, but do be aware that this list is by no means exhaustive.

  • Reluctance to provide CDD information, including vague or incomplete answers.
  • Applying pressure to open the account quickly.
  • Threats to escalate or aggressive behaviour during account opening.
  • Atypical knowledge of the firm’s CDD procedures.
  • Convoluted or unclear description of business activities or of the purpose of the relationship.
  • Documentation provided is unclear or unprofessional.


 3. Document everything thoroughly.

There’s a saying in financial services: if you didn’t document it, it didn’t happen. It is vital that you document everything that takes place. Your analysis could be reviewed by an independent internal or external third party, and they will want to see what you did and the rationale and logic behind your actions.

It is also essential that CDD reviews are comprehensive and well-documented – your review needs to make sense to someone who has a limited, or non-existent, understanding of the customer. You need to demonstrate that you not only thoroughly understand the customer and what documentation has been reviewed, but also the risks posed by the relationship. You will need to clearly articulate that you are comfortable with those risks and the reasons why, or how they could be mitigated if you are not.

4. Employ plausibility testing.

Essentially this means using a common sense approach to CDD. Consider the following example.

You have a potential customer who:

  • is a 24-year-old single UK national who has been resident in the UAE for 12 months
  • wants to open current and savings accounts
  • previously banked with a rival high street bank in the UAE but is unhappy with their service
  • lists their occupation as IT Consultant with approximately AED150k ($41,000) income
  • has a property in the UAE valued at AED5 million and one in Germany valued at $13 million – both properties are rented out and have no mortgages.

Is this plausible or not? Well, on the face of it, the customer has a lot of assets for their age; how were the properties funded without mortgages? How long have they had the properties? What else do they receive from their employer? There may well be a completely rational explanation, but unless you ask the questions, you will not know.

CDD is not a ‘tick-box’ exercise, even at a low-risk, routine level. Each case should be treated on its merits and appropriate enquiries made and verified. 

5. Don’t forget about the mountains of information out there.

There are so many places where you can obtain information to help you with CDD. Utilise them. That is what they are there for. Many organisations have guidance around performing CDD and what information needs to be gathered. The following are just a few examples. There are many more.

  • The Joint Money Laundering Steering Group (JMLSG)
  • Financial Action Task Force (FATF), especially Recommendation 10
  • European Supervisory Authorities (ESA) risk factor guidelines
  • The Financial Conduct Authority’s (FCA) Financial crime: A guide for firms

Read more: The importance of knowing your customer ► 



It is really important that you use useful information available to keep yourself updated. As an example, the Fourth and Fifth EU Money Laundering Directives have recently introduced a raft of changes, including some which will affect CDD procedures, such as the removal of applying SDD to a certain category of customers automatically. Failing to acknowledge these would leave a gap in your knowledge and understanding, so it is therefore vital to be aware and keep up-to-date.

6. Be open to learning or training.

More and more tasks within CDD and know your customer (KYC) teams are being earmarked for automation, for example reviewing false positives. This will require experts within those teams to work with the technology to get the work done. Hence, it can be of great benefit to you if you are open to additional learning or training so you can keep up with these rapidly progressing times.

Final thoughts 

Being a CDD analyst is a challenging but never-dull position, characterised by highly varied skills and aptitudes, and the steps detailed in this blog will certainly aid you in this interesting role, and help you carry out effective CDD. However, one last tip for you is to remember that different firms will have different policies and procedures around CDD, and it is key that you follow those at your firm first and foremost.


This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at

Big Compliance Conversation


Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author