Customer Due Diligence (CDD) Measures

Customer due diligence, aka CDD, plays a crucial part in ensuring compliance with Anti-Money Laundering rules. Furthermore, it protects companies from doing business with illegitimate entities.

This article focuses on the three customer due diligence measures that obliged entities must apply under AML/CFT rules.

To read about specific CDD measures required by the Danish, Swedish, Norwegian, and Belgian anti-money laundering legislations, check out the following articles:

What is customer due diligence?

Customer due diligence refers to the measures that companies take to verify the identity of customers (and beneficial owners), determine the purpose and nature of the business relationship, and continually monitor transactions.

CDD measures are an integral part of the KYC process.

What are the three types of due diligence?

The AML legislation defines three types of customer due diligence:

1. Standard customer due diligence (CDD)

Standard due diligence measures apply to all customers who pose a “standard” risk of money laundering, which means they don’t fall in the high-risk or low-risk categories based on the risk assessment.

2. Simplified due diligence (SDD)

Simplified due diligence measures apply to customers who pose a low risk of money laundering. SDD is less rigorous than standard customer due diligence.

3. Enhanced due diligence (EDD)

Enhanced due diligence measures apply to high-risk customers such as politically exposed persons and their relatives or companies operating in high-risk countries. EDD is more stringent than standard customer due diligence and includes the following measures:

  • collecting additional information on customers and beneficial owners
  • asking supplementary questions regarding the purpose and nature of the business relationship
  • establishing the origin of the funds and wealth of customers and beneficial owners and collecting supporting documents — e.g., payslips, tax returns, bank statements, etc.
  • getting information about the customer from several independent and reliable sources
  • closely monitoring the business relationship
  • applying more frequent and rigorous controls on the customer and their transactions
  • obtaining approval from senior management to continue or enter the business relationship

When do obliged entities need to apply CDD measures?

Generally, obliged entities need to apply customer due diligence measures in the following situations:

  • when entering a business relationship with a new client
  • for occasional transactions:
    • when a customer carries out either one or multiple interconnected cash transactions amounting to €10,000 or more
    • when a customer carries out a transfer of funds amounting to €1,000 or more
    • when a client carries out either one or multiple interconnected transactions totaling €15,000 or more
  • when a gambling service provider pays out winnings or receives payments amounting to €2,000 or more
  • when suspecting money laundering or terrorist financing
  • when they are unsure about the accuracy of previously collected information

What are the CDD measures required by AML/CFT rules?

AML/CFT rules require obliged entities to implement the following customer due diligence measures:

  • identifying customers and beneficial owners and verifying their identities
  • determining the nature and purpose of the business relationship
  • continually monitoring transactions

1. Customers and beneficial owners identification and identity verification

Under AML/CFT rules, obliged businesses must obtain information about their customers. What’s more, they have to ask clients to submit official documents that can verify the accuracy of such information.

The information and documents you need are different and depend on whether your client is a company or an individual. Also, they can vary from country to country.

Commonly, companies need to gather the following information during standard customer due diligence checks:

For individuals and beneficial owners:

  • first name
  • last name
  • date and place of birth
  • nationality
  • address

For companies:

  • name
  • office address
  • information on ownership structure and senior management
  • company registration number
  • type of business structure

Companies must also verify the identities of customers and beneficial owners. To do so, they can either ask the customer/beneficial owner to confirm their identity via trusted electronic identification means, access the information in national registers of natural persons, or request official documents as proof — e.g., passports, national identity cards, etc.

For the verification of legal entities, obliged entities can:

  • collect the customer’s articles of incorporation and articles of association
  • check the information against data from official business registers such as the Crossroads Bank for Enterprises in Belgium, Enhetsregisteret in Norway, CVR in Denmark, etc.

For low-risk customers, you can collect less information. The only requirement is that the data collected must ensure that the customer is who they say they are.

Conversely, for high-risk customers, you must always collect additional information and documents.

Since CDD information and documents contain personal data, you need to collect them securely. Avoid using insecure channels like emails; instead, rely on digital KYC solutions that use encryption.

2. Collecting information on the purpose and intended nature of the business relationship

As an obliged company, you need to understand why customers want to enter a business relationship with you.

Most of the time, customers simply need the services that your company provides. Sometimes, however, clients have a hidden agenda.

To determine the reason why they want to use your services and how they intend to do it, ask them questions regarding:

  • Why do they want to use a specific product/service?
  • What types of transactions will they carry out, and how often?
  • What are the expected amounts involved in each type of transaction?
  • Do they intend to conduct cross-border transactions? And if yes, what countries will they send money to or receive funds from?

Understanding why and how customers intend to use your services/products can help you determine if they want to enter the business relationship for legitimate reasons and assess their risk level.

3. Ongoing monitoring of business relationships

Businesses covered by AML regulations must continually monitor business relationships and ensure their customer information is up-to-date.

Transactions made by low-risk customers require less frequent and less rigorous examination. However, you still need to ensure that you have sufficient monitoring in place to detect unusual activity and transactions.

For high-risk customers, on the other hand, you need to put in place stricter recurring controls.

Continually monitoring the business relationship helps you detect, analyze, and report suspicious activities and transactions.

How can Penneo KYC help you streamline CDD measures?

Penneo KYC is a digital solution that can help you reduce the time and effort associated with carrying out customer due diligence and client risk assessments. Our pre-built integrations and open API allow you to connect Penneo KYC with your existing tools, thus minimizing manual work, reducing human errors, and enhancing security.

With Penneo KYC, you can:

  • securely collect information and official documents from customers and their beneficial owners
  • verify customers’ identities via electronic IDs
  • automatically screen customers and beneficial owners against PEP and sanctions list and retrieve company information from official business registers
  • ask for information regarding the nature and the purpose of the business relationship
  • conduct client risk assessments using a questionnaire created in partnership with local AML experts
  • schedule the automatic deletion of KYC data
  • get notified of changes in your clients’ circumstances
  • document your compliance with the help of comprehensive activity logs
  • store data and documents in full compliance with the GDPR

Book a meeting with one of our experts and find out how Penneo KYC can help you eliminate the administrative burdens associated with client due diligence!

Explore more resources

Security and trust: How Penneo ensures compliance and protects data

Security and trust: How we ensure compliance and protect data 

READ MORE

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

READ MORE

Kickstart your company's digital transformation

Kickstart your company’s digital transformation

READ MORE