Customer due diligence (CDD) measures are known as kundekendskabsprocedurer in Danish. CDD measures play a crucial part in ensuring compliance with Anti-Money Laundering rules and protect companies from doing business with illegitimate entities.

This article focuses on the three customer due diligence measures that obliged entities in Denmark must apply under AML/CFT rules.

What is customer due diligence?
What are the three types of due diligence?
When do obliged entities need to apply CDD measures?
What are the CDD measures required by AML/CFT rules?
How can Penneo KYC help you streamline CDD measures?

To read about CDD measures in other EU countries, check out the following articles:


What is customer due diligence?

Customer due diligence refers to the measures that companies take to verify the identity of customers (and beneficial owners), determine the purpose and nature of the business relationship, and continually monitor transactions.

CDD measures are an integral part of the KYC process.


What are the three types of due diligence?

The AML legislation defines three types of customer due diligence:

1. Standard customer due diligence (kundekendskabsprocedurer)

Standard due diligence measures apply to all customers who pose a “standard” risk of money laundering, which means they don’t fall in the high-risk or low-risk categories based on the risk assessment.

2. Simplified due diligence (lempede kundekendskabsprocedurer)

Simplified due diligence measures apply to customers who pose a low risk of money laundering. SDD is less rigorous than standard customer due diligence.

3. Enhanced due diligence (skærpede kundekendskabsprocedurer)

Enhanced due diligence measures apply to high-risk customers such as politically exposed persons and their relatives or companies operating in high-risk countries. EDD is more stringent than standard customer due diligence and includes the following measures:

  • collecting additional information on customers and beneficial owners — e.g., address, place of birth, information on business activities, etc.
  • asking supplementary questions regarding the purpose and nature of the business relationship
  • establishing the origin of the funds and wealth of customers and beneficial owners and collecting supporting documents — e.g., payslips, tax returns, bank statements, etc.
  • getting information about the customer from several independent and reliable sources
  • inquiring about the reasons behind transactions
  • closely monitoring the business relationship
  • applying more frequent and rigorous controls on the customer and their transactions
  • obtaining approval from senior management to continue or enter the business relationship


When do obliged entities need to apply CDD measures?

In Denmark, obliged entities need to apply customer due diligence measures in the following situations:

  • when entering a business relationship with a new client
  • when the customer’s circumstances change
  • at appropriate intervals throughout the business relationship (based on the customer’s risk level)
  • for occasional transactions:
    • when a customer carries out either one or multiple interconnected transactions amounting to €15,000 or more
    • when a customer carries out a transfer of funds amounting to €1,000 or more
    • when a customer exchanges currency amounting to €500 or more
  • when a gambling service provider pays out winnings or receives payments amounting to €2,000 or more
  • when suspecting money laundering or terrorist financing
  • when they are unsure about the accuracy of previously collected information


What are the CDD measures required by AML/CFT rules?

AML/CFT rules require obliged entities to implement the following customer due diligence measures:

  • identifying customers and beneficial owners and verifying their identities
  • determining the nature and purpose of the business relationship
  • continually monitoring transactions

1. Customers and beneficial owners identification and identity verification

Under AML/CFT rules, obliged businesses must obtain information about their customers. What’s more, they have to ask clients to submit official documents that can verify the accuracy of such information.

The information and documents you need are different and depend on whether your client is a company or an individual. Also, they can vary from country to country.

In Denmark, companies need to gather the following information during standard customer due diligence checks:

For individuals and beneficial owners:

  • first name
  • last name
  • CPR number or date of birth and national identification number for customer without a CPR number

For companies:

  • name
  • legal form
  • information on ownership structure
  • CVR number or registration number, tax identification number, or legal entity identifier for non-Danish businesses

Companies must also verify the identities of customers and beneficial owners. To do so, they can:

  • request the customer/beneficial owner to present their passport, national identity card, driver’s licence, Danish health insurance card (sundhedskort), or other similar official documents
  • ask the customer/beneficial owner to confirm their identity using NemID or other trusted electronic identification means
  • check the information against data from the Danish Tax Agency (SKAT)
  • look up the customer’s/beneficial owner’s information in the Danish Central Person Registry (CPR)

For the verification of legal entities, obliged entities can:

  • collect the customer’s articles of incorporation and articles of association
  • check the information against data from the Danish Tax Agency (SKAT)
  • look up the customer’s information in the Danish Central Business Register (CVR)

For low-risk customers, you can collect less information. The only requirement is that the data collected must ensure that the customer is who they say they are.

Conversely, for high-risk customers, you must always collect additional information and documents.

Since CDD information and documents contain personal data, you need to collect them securely. Avoid using insecure channels like emails; instead, rely on digital KYC solutions that use encryption.

2. Collecting information on the purpose and intended nature of the business relationship

As an obliged company, you need to understand why customers want to enter a business relationship with you.

Most of the time, customers simply need the services that your company provides. Sometimes, however, clients have a hidden agenda.

To determine the reason why they want to use your services and how they intend to do it, ask them questions regarding:

  • Why do they want to use a specific product/service?
  • What types of transactions will they carry out, and how often?
  • What are the expected amounts involved in each type of transaction?
  • Do they intend to conduct cross-border transactions? And if yes, what countries will they send money to or receive funds from?

Understanding why and how customers intend to use your services/products can help you determine if they want to enter the business relationship for legitimate reasons and assess their risk level.

3. Ongoing monitoring of business relationships

Businesses covered by AML regulations must continually monitor business relationships and ensure their customer information is up-to-date.

Transactions made by low-risk customers require less frequent and less rigorous examination. However, you still need to ensure that you have sufficient monitoring in place to detect unusual activity and transactions.

For high-risk customers, on the other hand, you need to put in place stricter recurring controls.

Continually monitoring the business relationship helps you detect, analyze, and report suspicious activities and transactions.


How can Penneo KYC help you streamline CDD measures?

Penneo KYC is a semi-automated digital solution that can help you reduce the time and effort associated with conducting customer due diligence.

With Penneo KYC, you can:

  • securely collect information and official documents from customers and beneficial owners
  • verify customers’ identities via NemID
  • automatically screen customers and UBOs against PEP and sanctions list and retrieve company information from business registers
  • ask for information regarding the nature and the purpose of the business relationship
  • carry out a guided risk assessment
  • store data and documents in full compliance with both AML and GDPR retention requirements

Get a free trial of Penneo KYC and eliminate administrative burdens associated with client due diligence!



If you're looking to learn more, we have a few suggestions for you

Norwegian Transparency Act

The Norwegian Transparency Act (Åpenhetsloven)

Digital signatures

Hvad er en digital signatur?


Hvad er en elektronisk underskrift?