It can be all too tempting to see due diligence as an activity to endure when onboarding new customers only to be forgotten once it’s done, but this is a mistake.
CDD doesn’t end at onboarding but is a continuous dynamic process, essential for AML compliance, and that’s where ongoing customer due diligence comes in.
Leave the set and forget mindset behind and instead embrace ongoing CDD as a critical element in protecting both your customers and your business. When implemented correctly it will sharpen risk awareness and enhance the entire customer experience.
Keep on reading to find out how you can embed ongoing CDD in your business and effective strategies for success.
What is ongoing customer due diligence?
Ongoing customer due diligence is the process of monitoring customer account activity and transactions, and ensuring the client information you hold is always up-to-date and accurate.
Doing this will help you identify any changes in the relationship you have with your customer, and show you whether you need to adjust your clients risk rating.
AUSTRAC ongoing CDD requirements
To ensure you are able to carry out ongoing CDD and account monitoring effectively you must develop a process which reflects the level of risk identified for each of your clients and document this in your compliance program.
AUSTRAC advise you must document how you’ll carry out the following ongoing CDD activity:
- Monitor for unusual transactions and behaviours and criminal activity: Demonstrate what policies you have in place to recognise behaviour which is unusual or inconsistent with your knowledge about your customer, and what AML monitoring tools (if any) you use to assist with this.
- Review, update and reverify your customers know your customer (KYC) information: Outline the process you use to collect the necessary customer information. This is likely to be much like the process you take when onboarding new clients.
- Review and update your assessment of the customer’s ML/TF risk: Confirm what triggers a change in a customer’s risk rating, how you record those changes, and the steps you take in response to these changes.
- Respond to unusual transactions and behaviours and additional ML/TF risks you identify during ongoing CDD: Explain how you respond to red flags, and what risks or unusual behaviours in your business trigger the need for a suspicious matter report (SMR). Outline the process for escalation, who is involved and how you manage this.
- Ensure your ongoing monitoring is working effectively: Show how you review and assess the effectiveness of your processes, how often you do this, and how you manage procedural changes. Include records of training, and how you share important information with your team.
- Keep records that demonstrate how you complied with your ongoing CDD obligations: This includes keeping records of customer transactions, your identification, analysis and assessment of your customers risk, and any decisions your business makes about how you carry out ongoing CDD on the customer.
The frequency of ongoing due diligence may vary depending on the level of risk you have decided your customer poses. Medium to high-risk customers require more frequent monitoring, around every 6 months and low-risk customers every 24 months.
However, if you experience a ‘trigger event’ AML checks should be carried out regardless as they could impact your customers risk profile. Trigger events can include:
- Changes in activity types
- New services or products
- New ML/TF risks announced by the Financial Action Task Force (FATF)
- Updated regulations from AUSTRAC or other regulatory authorities
- Emergence of new technology
- New customer base
- Change in beneficial ownership
While it could be tempting to ignore the need for ongoing monitoring it pays to remember AUSTRAC’s focus, especially with recent reforms, is firmly on turning AML/CTF into a continuous, dynamic process, signalling it’s something we also need to reflect in our AML processes.
Ongoing due diligence procedures
When conducting ongoing CDD consider the procedures you need to take. These may vary depending on the risks that you identified during initial CDD, any changes to your customers risk rating and your company’s risk assessment profile.
Procedures to consider include:
- Reviewing the type of customer due diligence carried out when the business relationship with the customer was established.
- Reassessing the information that has been obtained and verified about the customer.
- Determining if any information needs to be clarified, updated or obtained on the customer.
- Considering whether any suspicious activities have occurred, and if so whether a suspicious matter report should be filed with AUSTRAC.
- Ensuring there has been no material change in products or services offered.
- Establishing that there has been no material change in what you know about the customer, and no material change in the delivery method of services to the customer.
Ultimately the purpose of account monitoring is to help detect red flags that may point to a money laundering or financing terrorism risk. Below are some key red flags you may uncover as you carry out your ongoing CDD procedures.
Key red flags
- A customer requesting for funds to be transferred to an unknown party.
- A customer requesting funds to be transferred to a high-risk jurisdiction with insufficient ML/TF controls.
- A significant change in the nature and purpose of the business relationship occurs.
- Doubts arise as to the authenticity of the customer.
- Payment from a 3rd party who is unknown or not the purchaser, their spouse, or a parent.
- Frequent requests for refunds.
- Payments from countries with poor AML/CTF regimes.
- Payments from a number of different sources.
- Any party that deposits cash greater than A$10,000 into the trust account.
- Adverse media found.
- Suspicious matter report is required.
- Politically exposed person (PEP) found.
- False information discovered.
- Significant transaction volume increase.
AUSTRAC CEO Brendan Thomas continually signals that businesses need to actively manage money laundering risk over time. Having robust ongoing due diligence procedures will go a long way to fulfilling this obligation.
From checklist to continuous intelligence
Like many aspects of AML, ongoing CDD isn’t a set and forget process but rather a continuous loop of re-verification and real-time adjustments. It should not only support regulatory compliance but provide a way to create an improved experience for both you and your customers.
Ensure you have adequately designed policies, procedures, and controls for the monitoring and re-verification of customers, and you will create a strong foundation where your customer information remains current, risk profiles are accurate, and financial crime risks are managed proactively.
Without proactive management, you risk breaching AML/CTF obligations and facing significant regulatory consequences. In 2024, a well-known Australian casino learned this the hard way when AUSTRAC launched civil penalty proceedings for multiple compliance failures, including inadequate ongoing customer due diligence. The result? Millions of dollars in fines and a stark reminder that lapses in CDD can have costly, public repercussions.
Keeping your due diligence on track
Ongoing Customer Due Diligence is a vital part of any robust AML/CTF compliance program, and done right represents the shift from a one-time onboarding checklist to a dynamic, continuous process.
This commitment to continuous monitoring supported by well-designed policies, clear escalation procedures, and thorough record-keeping will benefit your business’s risk awareness and create a stronger, more protected environment for both you and your customers.
If you’d like some help setting up your processes or want to see how our AML technology can make ongoing CDD easier, call our team on 1800 958 409 or book a no obligation consultation.
About the author
Nicolas Charles
Nick has a background in financial services for nearly 10 years. During his time in retail finance and banking, he was directly involved in the application of AML verification and compliance, which gave him valuable skills for his current role as Head of Operations and Finance at tic company.
