Written by Holly Whitehead on Thursday December 12, 2019
The term ‘due diligence’ generally refers to an ‘action that is considered reasonable for people to be expected to take in order to keep themselves or others and their property safe’.
Thinking about customer due diligence (CDD) then, this applies specifically to enquiries made about the customers of a business, in order to support a decision as to whether or not business (or a relationship) should be undertaken or continued with these customers.
In financial services, CDD is a key part of any firm’s anti money laundering and counter financing of terrorism (AML/CFT) framework. It ensures that they know who their customers are, and prevents criminals from gaining access to the financial system.
It also means that money laundering and terrorist financing (ML/TF) risks associated with customer relationships can be identified and mitigated on a continuous basis. In other words, if you know and understand the usual and expected activity for your customer, then you will know what is unusual and therefore suspicious.
With the importance of carrying out effective CDD in mind, let’s have a look at six steps that you can take to help improve your CDD.
A risk-based approach means that regulated firms can identify, assess, and understand the ML and TF risks that they are exposed to, and take the appropriate mitigation measures in accordance with the level of risk. This will indicate whether simplified due diligence (SDD) or even enhanced due diligence (EDD) may be required.
The risk-based approach is essential to the effective management of AML/CFT risks and offers firms the flexibility to focus resources and efforts in those areas of their business that carry higher levels of risk.
It’s not just attributes of the customer relationship or their account activity which could raise suspicion: the customer’s behaviour during account opening and CDD information gathering could also reveal red flags.
We have included a few of the more commonly identified red flags for you below, but do be aware that this list is by no means exhaustive.
There’s a saying in financial services: if you didn’t document it, it didn’t happen. It is vital that you document everything that takes place. Your analysis could be reviewed by an independent internal or external third party, and they will want to see what you did and the rationale and logic behind your actions.
It is also essential that CDD reviews are comprehensive and well-documented – your review needs to make sense to someone who has a limited, or non-existent, understanding of the customer. You need to demonstrate that you not only thoroughly understand the customer and what documentation has been reviewed, but also the risks posed by the relationship. You will need to clearly articulate that you are comfortable with those risks and the reasons why, or how they could be mitigated if you are not.
Essentially this means using a common sense approach to CDD. Consider the following example.
You have a potential customer who:
Is this plausible or not? Well, on the face of it, the customer has a lot of assets for their age; how were the properties funded without mortgages? How long have they had the properties? What else do they receive from their employer? There may well be a completely rational explanation, but unless you ask the questions, you will not know.
CDD is not a ‘tick-box’ exercise, even at a low-risk, routine level. Each case should be treated on its merits and appropriate enquiries made and verified.
There are so many places where you can obtain information to help you with CDD. Utilise them. That is what they are there for. Many organisations have guidance around performing CDD and what information needs to be gathered. The following are just a few examples. There are many more.
It is really important that you use useful information available to keep yourself updated. As an example, the Fourth and Fifth EU Money Laundering Directives have recently introduced a raft of changes, including some which will affect CDD procedures, such as the removal of applying SDD to a certain category of customers automatically. Failing to acknowledge these would leave a gap in your knowledge and understanding, so it is therefore vital to be aware and keep up-to-date.
More and more tasks within CDD and know your customer (KYC) teams are being earmarked for automation, for example reviewing false positives. This will require experts within those teams to work with the technology to get the work done. Hence, it can be of great benefit to you if you are open to additional learning or training so you can keep up with these rapidly progressing times.
Being a CDD analyst is a challenging but never-dull position, characterised by highly varied skills and aptitudes, and the steps detailed in this blog will certainly aid you in this interesting role, and help you carry out effective CDD. However, one last tip for you is to remember that different firms will have different policies and procedures around CDD, and it is key that you follow those at your firm first and foremost.
This article forms part of the #BigCompConvo - Join us as we explore and debate the latest challenges and issues facing you and regulatory and financial crime compliance professionals all over the world. If you’d like to contribute an article as part of the Big Compliance Conversation get in touch with us at firstname.lastname@example.org
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.