Customer due diligence (CDD) or asiakkaan tunteminen in Finnish plays a crucial part in ensuring compliance with Anti-Money Laundering rules. Furthermore, it protects companies from doing business with illegitimate entities.

This article focuses on the three customer due diligence measures that obliged entities in Finland must apply under AML/CFT rules.

What is customer due diligence?
What are the three types of due diligence?
When do obliged entities need to apply CDD measures?
What are the CDD measures required by AML/CFT rules?
How can Penneo KYC help you streamline CDD measures?

To read about CDD measures in other EU countries, check out the following articles:


What is customer due diligence?

Customer due diligence refers to the measures that companies take to verify the identity of customers (and beneficial owners), determine the purpose and nature of the business relationship, and continually monitor transactions.

CDD measures are an integral part of the KYC process.


What are the three types of due diligence?

The AML legislation defines three types of customer due diligence:

1. Standard customer due diligence (asiakkaan tunteminen)

Standard due diligence measures apply to all customers who pose a ”standard” risk of money laundering, which means they don’t fall in the high-risk or low-risk categories based on the risk assessment.

2. Simplified due diligence (yksinkertaistettu asiakkaan tuntemisvelvollisuus)

Simplified due diligence measures apply to customers who pose a low risk of money laundering. SDD is less rigorous than standard customer due diligence.

3. Enhanced due diligence (tehostettu asiakkaan tuntemisvelvollisuus)

Enhanced due diligence measures apply to high-risk customers such as politically exposed persons and their relatives or companies operating in high-risk countries. EDD is more stringent than standard customer due diligence and includes the following measures:

  • collecting additional information on customers and beneficial owners
  • asking supplementary questions regarding the purpose and nature of the business relationship
  • establishing the origin of the funds and wealth of customers and beneficial owners and collecting supporting documents — e.g., payslips, tax returns, bank statements, etc.
  • getting information about the customer from several independent and reliable sources
  • closely monitoring the business relationship
  • applying more frequent and rigorous controls on the customer and their transactions
  • obtaining approval from senior management to continue or enter the business relationship


When do obliged entities need to apply CDD measures?

In Finland, obliged entities need to apply customer due diligence measures in the following situations:

  • when entering a business relationship with a new client
  • for occasional transactions:
    • when a customer carries out either one or multiple interconnected transactions amounting to €10,000 or more
    • when a customer carries out a transfer of funds amounting to €1,000 or more
    • when a customer carries out a transaction in virtual currency amounting to €1,000 or more;
  • when a person trading in good makes or receives cash payments amounting to €10,000 or more</li
  • when a gambling service provider pays out winnings or receives payments amounting to €2,000 or more
  • when suspecting money laundering or terrorist financing
  • when they are unsure about the accuracy of previously collected information


What are the CDD measures required by AML/CFT rules?

AML/CFT rules require obliged entities to implement the following customer due diligence measures:

  • identifying customers and beneficial owners and verifying their identities
  • determining the nature and purpose of the business relationship
  • continually monitoring transactions

1. Customers and beneficial owners identification and identity verification

Under AML/CFT rules, obliged businesses must obtain information about their customers. What’s more, they have to ask clients to submit official documents that can verify the accuracy of such information.

The information and documents you need are different and depend on whether your client is a company or an individual. Also, they can vary from country to country.

In Finland, companies need to gather the following information during standard customer due diligence checks:

For individuals and beneficial owners:

  • first name
  • last name
  • date and place of birth
  • national identification number
  • citizenship
  • address

For companies:

  • name
  • office address
  • company registration number, date of registration, and registration authority
  • line of business
  • information on ownership structure and and the names, dates of birth and nationalities of senior management
  • arrangements governing the power to bind the company

Companies must also verify the identities of customers and beneficial owners. To do so, they can either ask the customer/beneficial owner to confirm their identity via trusted electronic identification means, verify the information by checking it against data in official registers, or request official documents as proof — e.g., passports, national identity cards, etc.

For the verification of legal entities, obliged entities can:

  • collect the customer’s articles of incorporation and articles of association
  • check the information against data from official business registers such as the Finnish Trade Register

For low-risk customers, you can collect less information. The only requirement is that the data collected must ensure that the customer is who they say they are.

Conversely, for high-risk customers, you must always collect additional information and documents.

Since CDD information and documents contain personal data, you need to collect them securely. Avoid using insecure channels like emails; instead, rely on digital KYC solutions that use encryption.

2. Collecting information on the purpose and intended nature of the business relationship

As an obliged company, you need to understand why customers want to enter a business relationship with you.

Most of the time, customers simply need the services that your company provides. Sometimes, however, clients have a hidden agenda.

To determine the reason why they want to use your services and how they intend to do it, ask them questions regarding:

  • Why do they want to use a specific product/service?
  • What types of transactions will they carry out, and how often?
  • What are the expected amounts involved in each type of transaction?
  • Do they intend to conduct cross-border transactions? And if yes, what countries will they send money to or receive funds from?

Understanding why and how customers intend to use your services/products can help you determine if they want to enter the business relationship for legitimate reasons and assess their risk level.

3. Ongoing monitoring of business relationships

Businesses covered by AML regulations must continually monitor business relationships and ensure their customer information is up-to-date.

Transactions made by low-risk customers require less frequent and less rigorous examination. However, you still need to ensure that you have sufficient monitoring in place to detect unusual activity and transactions.

For high-risk customers, on the other hand, you need to put in place stricter recurring controls.

Continually monitoring the business relationship helps you detect, analyze, and report suspicious activities and transactions.


How can Penneo KYC help you streamline CDD measures?

Penneo KYC is a semi-automated digital solution that can help you reduce the time and effort associated with conducting customer due diligence.

With Penneo KYC, you can:

  • securely collect information and official documents from customers and beneficial owners
  • verify customers’ identities via NemID
  • automatically screen customers and UBOs against PEP and sanctions list and retrieve company information from business registers
  • ask for information regarding the nature and the purpose of the business relationship
  • carry out a guided risk assessment
  • store data and documents in full compliance with both AML and GDPR retention requirements

Get a free trial of Penneo KYC and eliminate administrative burdens associated with client due diligence!



If you're looking to learn more, we have a few suggestions for you

Signing engagement letters digitally

Signing Engagement Letters Digitally

Digitalization in real estate and property management

Digital Transformation in Real Estate and Property Management

AML risk assessment

Performing a Business-Wide AML Risk Assessment