Can you trust your customers? Understanding customer due diligence

Can you trust your customers? Understanding customer due diligence

How well do you know your customers? To protect your business from money laundering and other financial crimes, you need to know who your customers are and whether you can trust them.

So, how do you determine whether you can trust a potential customer?

That's where customer due diligence (CDD) comes in.

What is customer due diligence?

Customer due diligence is a critical part of anti-money laundering (AML) rules that prevent people from transacting with money from illegal sources. It helps businesses manage risks and protect themselves against criminals, money launderers, and high-risk customers.

Here's the important part: for many businesses, including all financial institutions, it is a regulatory requirement to conduct CDD.

The Financial Action Task Force (FATF) explains CDD as "identifying the customer and verifying that customer's identity using reliable, independent source documents, data or information."

The terms “customer due diligence” and “know your customer (KYC)” can be used interchangeably. However, it's best to think of KYC as the regulatory principle and compliance imperative for businesses, whereas CDD refers to the information collection, risk assessment and ongoing monitoring of a customer's risk profile, identity and transactions throughout their lifecycle.

Critical processes for customer due diligence

Verify a customer's identity

A critical part of customer due diligence is verifying the identity of potential customers before you start doing business with them. This includes collecting personal information to verify a customer's identity and ensure they are who they say they are before establishing a business relationship.

If regulated by AUSTRAC, you must conduct customer due diligence on all customers and be able to show that you have verified the identity of all your customers.

Watchlist and sanctions screening

In addition to verifying a customer's identity, customer due diligence involves checking personal customer information against global watch lists or sanctions against individuals. This determines the potential risks associated with the customer, for example, using politically exposed persons (PEPs) and sanctions screening.

PEPs and sanctions checks are conducted to ensure customers are not at risk of political exposure or on global law enforcement and sanctions lists. For example, a PEP is seen to be at a higher risk of money laundering due to bribery or corruption, either because they hold a high-profile position (such as a government official or senior executive) or have proximity to someone in a political position.

For compliance, you must have the appropriate risk assessment and procedures to identify PEPs and their risk level before providing them with a designated service.

Verify business customers

For business customers, you are required to collect information to verify the business. This includes identifying beneficial owners, information on the business model, and source of funds.

According to AUSTRAC, a beneficial owner is: “an individual who owns 25% or more of, or otherwise controls the business of, an entity (such as a trust, an association or a company). Ownership and control may be direct (such as through shares) or indirect (such as shares held by a third party on the individual’s behalf). ‘Control’ means having the ability to determine decisions about the entity’s financial and operating policies.”

Identifying the beneficial owner is critical to customer due diligence and is the only way to truly understand business risk. These individuals may have a considerable equity interest or control over the entity's financials, and therefore, it's critical to know who they are to prevent money laundering.

What’s the risk?

CDD is an integral part of your risk management processes. Different customers present different levels of risk. CDD is carried out to determine the level of risk each customer presents so you can make informed decisions about how to do business with that customer.

Through a series of checks and monitoring, CDD enables you to assess the potential risk level of each customer and adjust your approach accordingly.

If a customer is found to be lower risk, you can use simplified due diligence, where you only need to identify customers using document verification and biometric checks. You may need to adopt enhanced customer due diligence (ECDD), a step-up KYC process for higher-risk customers. A high-risk customer may be considered high risk due to political exposure, location in a high-risk country, or other factors. In these cases, you must perform additional checks before doing business with the customer to help protect your business.

ECDD includes processes designed to help you better understand who you are doing business with and measure their risk level.

It's important to realise that existing customers have the potential to transition into higher-risk categories over their lifecycle, which is why ongoing CDD checks are essential.

Customer due diligence never stops

Customer due diligence is not a one-time process – it requires ongoing monitoring. Identifying a customer during onboarding is not enough. You need to know if their circumstances have changed. This means your customer data needs to be up to date. For example, you can cleanse your customer data against the Australian Death check to remove deceased individuals and rescreen customer data against PEPs and sanctions watchlists.

Ongoing CDD also includes transaction monitoring for suspicious activities. Transaction monitoring is essential to customer due diligence and should be conducted based on thresholds developed as part of a customer's risk profile. For example, transactions might require further CDD measures if they are over a certain threshold or if the customer is transacting with PEPs or high-risk countries.

Over to you

With the right customer identity verification and customer due diligence (CDD) processes in place, you can truly know your customers and protect your business from money laundering and financial crime.

Stay on top of your regulatory CDD requirements with GBG's identity verification, watchlist screening, and transaction monitoring solutions.

Sign up for more expert insight

Hear from us when we launch new research, guides and reports.