Introducing Professional Services. Learn how we can help accelerate your payments transformation.Learn more →
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
CDD ensures that financial institutions have carefully considered the risk of working with a given customer before allowing that customer to open an account. FIs must use Enhanced Due Diligence procedures for customers who pose a higher risk.
History of Customer Due Diligence
The CDD rule is an amendment to the Bank Secrecy Act—legislation aimed at detecting and preventing money laundering. As such, CDD is designed to enhance financial transparency and stop bad actors and/or terrorists from using financial institutions to hide their illegal activities and conceal the origins of their money,
CDD requirements were put into practice on May 11, 2016, and companies were given until May 11, 2018, to comply.
This rule lays out these institutions’ specific obligations to understand the business interests of potential customers and to verify that potential customers aren't involved in criminal activities, like financing terrorism or laundering money.
How Does Customer Due Diligence Work?
CDD is an integral part of the Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance initiatives and aims to help FIs prevent a slew of financial crimes, including money laundering, fraud, financing terrorists, and drug and human trafficking.
The purpose of CDD is to help banks understand their relationships with their customers. Increased knowledge about each customer’s usual transaction types helps these institutions identify potentially suspicious transactions. FIs that don't have the right due diligence processes in place potentially face cyber threats, massive fines for CDD non-compliance, and damage to their reputations.
Guidelines from the Financial Action Task Force note that banks should follow a risk-based approach to CDD. This allows them to balance their budgets and resource requirements with their compliance requirements. It also helps them offer better customer experiences, especially for low-risk consumers.
CDD has four core requirements:
1. Identifying customers: To ensure consumers are who they say they are, financial institutions must establish the identities of potential customers. At this stage, banks collect and verify customers' information, including their full names, addresses, email addresses, phone numbers, occupations, and tax identification or Social Security numbers.
2. Business information: Banks must also collect additional information about the business interests of consumers, including their business models, sources of funds, and beneficial ownership (a beneficial owner is a person who owns or controls more than 25% of an organization's shares or voting rights or who exercises control over the organization or its management).
3. Customer risk assessment: After financial institutions have verified customers' identities, locations, and types of business, they classify those customers by risk levels ( e.g., low, medium, or high). This signifies how likely they are to engage in money laundering and/or other types of fraud. Banks use customers' risk profiles to decide the level of due diligence required for each customer. For example, they will need to do more in-depth due diligence for customers who pose a high risk of engaging in money laundering than they will for low-risk customers.
4. Continuous monitoring: Banks must continually monitor high-risk customers, changing customer profiles, suspicious transactions, etc.
Try Modern Treasury
See how smooth payment operations can be.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.
Subscribe to Journal updates
Discover product features and get primers on the payments industry.