Customer-related risk assessment is highly important to any organization. That’s why companies process information from each prospective customer to maintain the needed level of organizational supervision.
Proper customer due diligence (CDD) is what institutionalizes this process. Proper CDD utilizing makes companies aware of the smallest risk and helps identify the highest risks, including fraud.
CDD is a legal requirement for businesses in the US and many other countries with EDD (Enhanced Due Diligence) required for dealing with clients from the KYC high-risk category.
Areas of application
It’s important to understand that CDD has to be implemented on the proper level in all kinds of financial organizations and other entities that conduct lasting business relationships with customers.
Areas that need CDD the most are commodity trade businesses and providers of services that can be considered large-scale. All financial institutions, including banks, have to integrate CDD in order to save the organization’s resources in the long run. Sticking to the rules of the process is essential.
Essential rules to follow
Being a legal requirement, CDD obliges organizations to follow five essential rules provided by the Financial Crimes Enforcement Network:
- Identify and verify the client – it’s highly important to ensure that clients of your organization don’t pretend to be someone or something they are not. Connection with authoritative data sources can be required;
- Identify and verify customer’s beneficial ownership – at this stage, the organization has to identify and verify the individual that owns 25% or more equity interests of a legal entity customer, takes responsibility for controlling it, and manages the entity. It’s prohibited to establish relationships with a customer before this stage is complete;
- Clarify the purpose and business nature of the client – proper risk determination is impossible until you figure out the actual nature of the client’s business and its purposes. This information is needed for the full risk profile; and
- Monitor and update customer data consistently – you cannot stop the CDD process even on time and after having business relationships with your company’s clients. It’s your organization’s duty to detect suspicious customer activities and report them to responsible authorities as soon as possible.
The following requirements should be considered a step-by-step guide for making the CDD process simple and efficient. It’s usually possible to collect all the entrance-required information by handing a CDD form to the customer. Here are the requirements:
- Perform measurements – identify financial sources and their actual capacity along with verifying and identifying your customers. All business activities must be clearly defined;
- Accept a reliable third party – this step is required to handle a high-quality CDD process and may involve lawyers, auditors, or other parties that are trusted and competent enough to enhance the safety of stakeholders’ interests;
- Collect a comprehensive document database – collection and analysis of all the documentation that has or may have potential value to the process is a must. For privately-held companies, stakeholders should be investigated too;
- Ensure if EDD (Enhanced Due Diligence) is necessary or not – completion of all the previous steps and rules means that you already have a primary risk profile. Use this information to determine if you are dealing with a high-risk client and apply EDD, which is a more powerful CDD form, if that is the case; and
- Provide secure information storage – all the data gathered by your organization during the investigation process must be thoroughly protected from leaks to prevent the probability of damage to your clients.
The 5th EU AML directive imposes the organizations to monitor areas that are exposed to the greatest risks. Organizations that are involved in any of the areas determined as risky on the list of the directive must establish a system that can identify risks and determine their levels.
This will let your organization understand which areas need more control and resources. Next, the organization has to be able to contact responsible authorities in case any unusual activities are detected on the client side.
Customer Due Diligence requires well-trained personnel that knows how to implement the best CDD and EDD practices. Always inform the client when you apply CDD and take enough time to conduct the process without fail.