Lesson 6 of 9

Module 06: Customer Due Diligence

Juno Education

What is Customer Due Diligence?

Customer Due Diligence (CDD) is the process of collecting identifying information to verify a
customer's identity and more accurately assess the level of criminal risk they pose. On a
fundamental level, CDD requires businesses to collect a customer's name and address, as well as
information about their business and account usage. Companies should then verify this
information with o cial documents such as driver's licenses, passports, utility bills, and
incorporation documents to ensure that customers are being truthful. Know Your Customer
(KYC) requires companies to understand who their customers are, their financial behavior, and
the money laundering or terrorism financing risk they present. Customer Due Diligence (CDD)
is the foundation of this process. According to Recommendation 10 of the FATF's forty
Recommendations, all FATF member states must implement CDD requirements as part of their
domestic AML/CFT legislation.

Customer Due Diligence entails the following fundamental regulatory responsibilities:

1 Customer Identification: Companies must identify their customers by obtaining

personal information and data, including name, photographic ID, address, and
birth certification, from a reliable, independent source

2 Beneficial Ownership: When a company or third-party is acting on behalf of

someone else, companies should seek to establish ultimate beneficial ownership
(UBO). This refers to the individual(s) who benefit from the activities of a person or
group of persons
 3 Business Relationship: In addition to personal and beneficial ownership
identification, companies must also establish the nature and purpose of the
business relationship into which they are entering with the customer

When is CDD required?

Institutions are required to implement KYC/AML and CDD measures in the following situations:

Before establishing a new business relationship, businesses are required to

conduct due diligence. The information gathered will inform any subsequent
AML/CFT risk assessment and guarantee that the customer is not using a false
identity to access their services.

Certain occasional transactions necessitate the implementation of CDD measures.

These may involve monetary sums that exceed regulatory thresholds or
transactions involving foreign entities in high-risk nations.

If a customer is suspected of money laundering or terrorism financing, additional

CDD checks should be implemented.

When customers provide unreliable or insu cient identification documents,

businesses should apply additional CDD scrutiny to resolve discrepancies.

Continuous monitoring: CDD is not a one-time requirement. Periodically

throughout a business relationship, companies should conduct CDD to ensure that
customer transactions align with their established risk profiles.

How to Perform Customer Due Diligence?

In accordance with FATF recommendations, businesses should implement CDD measures
based on the AML/CFT risk posed by each individual customer. Risk-based due diligence
enables businesses to balance compliance obligations with budget and resource requirements
while preserving customer experiences. Under a risk-based approach, firms may implement
faster and more e cient customer due diligence (CDD) for low-risk customers and slower,
more intensive enhanced due diligence (EDD) for high-risk customers, which may negatively
impact customer experiences.

With that in mind, an e ective CDD process should involve the following steps:

Prior to beginning a business relationship, companies should establish the identity

and business activities of their new potential customer, with the goal of identifying
bad actors as early as possible

Once a customer has been identified with su cient certainty, businesses should
classify their risk level. This data should be stored in a digitally secure location
where it is readily accessible for future regulatory audits.

After determining a customer's risk category, businesses should determine if more

stringent enhanced due diligence procedures are required.

What is Enhanced Due Diligence (EDD)?

Customers with a high risk should be subject to enhanced due diligence (EDD) in accordance
with a risk-based approach to compliance. Politically Exposed Persons (PEPs) and customers
who are the target of economic sanctions are examples of high-risk customers. In order to
provide businesses with a deeper understanding of the AM/CFT risk posed by their customers,
EDD measures generally involve a higher level of CDD scrutiny, including requirements to:

Obtain additional customer identification materials.

Establish the source of funds or wealth.

Apply closer scrutiny to the nature of the business relationship or purpose of a

transaction.
 Implement ongoing monitoring procedures.

Reporting Suspicious Transactions

Companies must submit a suspicious activity report (SAR) in a timely manner to their
jurisdiction's financial intelligence unit (FIU) if customer due diligence measures generate
suspicion or reasonable grounds to believe a customer is involved in criminal activity. AML/CFT
legislation protects employees, company directors, and o cers who report suspicious activity
to the authorities in good faith from criminal and civil liability. In accordance with FATF
standards, this protection applies regardless of contractual, legislative, or administrative
provisions and "even if the reporting parties did not know precisely what the underlying
criminal activity was, and if the illegal activity actually occurred."

Technology and Expertise for an Effective Customer Due Diligence

Process
E ective CDD and KYC measures are ultimately based on a combination of technology and
knowledge. As risk profiles and criminal threats evolve, financial institutions must be as
adaptable and creative in their approach to CDD as they are in all other aspects of their AML/CFT
policies. While technology provides useful tools to facilitate CDD processes, human vigilance is
still essential for identifying and responding to new threats.