Wondering what is customer due diligence? Here's a complete guide on customer due diligence meaning, types & important steps involved in CDD in KYC. Click to read now!
Customer Due Diligence, or CDD, is the process of performing background checks on potential clients to assess the risk before onboarding. Performed as a part of KYC (Know Your Customer) and AML (Anti-Money Laundering) norms, CDD is intended to help financial institutions prevent illegal activities such as fraud, trafficking, money laundering and terror financing.
As a part of CDD, financial companies collect and verify information, including name, address, and certain other parameters. While it is true for the onboarding of individuals, businesses are also carrying out CDD. It does not necessarily need to be a bank; it could be a trading platform, a stock-broking platform, a crypto exchange, or a payments gateway. Businesses, especially those dealing with sensitive data, need CDD to ensure that they stay compliant with regulatory rules. Regulators across the world are becoming increasingly stringent in enforcing compliance norms and laws, and they are imposing higher fines or penalties on businesses that fail to comply.
There are two key types of CDD: Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD).
In situations where the risk perception is lower, regulators allow for a simplified procedure of due diligence. This simplified version of CDD is known as Simplified Due Diligence. Prominent examples could be Public Sector Enterprises or High Net-worth Individuals (HNIs) with reliable fund sources.
On the other hand, when the risk perception is higher, a more detailed due diligence known as Enhanced Due Diligence is carried out. EDD is especially recommended for prospects who are politically exposed (PEPs) or have high transaction volumes with foreign nations.
Businesses generally decide when to apply SDD or EDD based on a predefined decision matrix – it could be based on transaction value, customer profile, etc. SDD gives businesses the leeway to save time and effort involved in verification processes for prospects that fit into the criteria. EDD, on the other hand, has a lot of additional checks around information or verification of sources of funds, place of business, etc.
Companies with KYC and AML processes have CDD as a basic requirement for identity verification and risk profile assessment. In general, companies follow a risk-based approach to CDD – most of them have a predetermined matrix identifying risk profiles in potential customers and requirements for due diligence. The majority of clients require Simplified Due Diligence, focusing on customer identification more than verification. On the other hand, when the risk profile is higher, EDD - focused on identification and verification in equal parts - is carried out.
There are four key scenarios in which companies can opt for a CDD process:
CDD is a very essential step for any business in order to protect the company from any potential threats. Performing background checks is necessary for AML compliance and to prevent financial fraud of different kinds, including cyber threats with technologies that might go undetected without proper efforts to keep them in check.
Businesses that do not have CDD are not only vulnerable to fraud but also fines for failing to comply with AML regulations. Such cases of lack of proper CDD might affect the reputation of a financial institution.
The CDD process is divided into three parts.
This part of Customer Due Diligence is about customer information. The purpose of this step is to acquire all the necessary information about a prospect and to verify if the provided information is true.
If you are looking to conduct a CDD of an individual, you would need information for at least three fields: full name, address of residence and government-issued identification. These are the baseline requirements; they might vary between jurisdictions. All the above information can be verified against a document issued by an independent and reliable source like the government. It could be a passport or a PAN card for IDs and electricity bills, water bills or bank account statements for residential addresses.
If you are looking to conduct a CDD of a company, the list is a little more expansive. You would need information for at least six fields: legal name of the entity, registered trading name, corporate registration number, complete address of registered office and head offices, principal place of business operations, and contact details of the company. Again, the list is not exhaustive and may vary from institution to institution.
The general purpose of CDDs is to establish beneficial ownership of the company - individuals who exert significant control over the company (generally 25% ownership, direct or indirect). Once beneficial owners are established, their identification and verification need to be done. All the stated information needs to be substantiated by original and certified copies of documents such as Certificate of Incorporation, Memorandum and Articles of Association, etc.
Depending on the requirement - what is already known about the prospect and what needs to be known - you can choose between simplified or enhanced due diligence. You might want to factor in the potential customer’s profile, source of funds and political exposure.
Due diligence is part of a dynamic process. It does not stop at establishing a business relationship. Since client profiles are dynamic, due diligence needs to be conducted periodically or needs to be triggered on specific change events. Transaction monitoring and profile change responses are important to ensure that you are a step ahead of your prospects.
Many organisations, especially banks and fintech companies, are looking to automate KYC, AML and CDD processes to improve customer experience, increase process efficiency, and reduce errors. HyperVerge’s Fintech suite can prove to be the next step in due diligence and streamlining the customer experience.