Carrying out customer due diligence (CDD) when onboarding new clients is a compliance task most entities are well used to, but carrying out ongoing due diligence on existing clients can sometimes be overlooked. Effective due diligence however is not a one-off activity but a continuous task critical for protecting your business and to ensure you meet compliance requirements.
In this blog post, we will explore when ongoing CDD is required, and key strategies for conducting ongoing due diligence to help maintain compliance within your business.
Regulatory requirements for ongoing due diligence
Regulations state that when you are in a business relationship with a client, you are required to conduct ongoing CDD and account monitoring. This means regularly reviewing client account activity and transactions. This ongoing process ensures the client information you hold is always up-to-date and accurate.
The purpose of doing this is to determine any changes in the business relationship you have with your client, and if this changes the original risk rating you assigned to your client.
You should develop a process for ongoing CDD and account monitoring, ensuring you document this in your compliance programme. Develop this according to the level of risk identified for each of your clients.
Ongoing due diligence frequency
High-risk clients will need more frequent monitoring than clients considered to be low or medium risk.
At tic company we recommend reviewing client information every 12 months for customers onboarded as low-risk, and every 6 months for medium to high-risk customers
Factors that tic company often see that make a customer high-risk are:
- Individuals with high net worth
- Individuals from high-risk jurisdictions
- Individuals where their source of wealth and/or source of funds is unexplained or comes from other jurisdictions
Make your assessments using a risk-based approach, and remember if you identify any red flags, trigger events, or there is a material change, redo CDD.
Key ongoing CDD trigger events
Trigger event refers to an event that potentially increases the customer’s risk profile which would require updated AML checks to be conducted.
A trigger event could be:
- Changes in activity types
- New services or products
- New money laundering or terrorism financing risks determined by the FATF
- Updated regulations
- Adverse media found
- Emergence of new technology
- New customer base
- Suspicious activity report SAR) is required
- Politically exposed person (PEP) found
- False information discovered
Ongoing CDD may also be required if there is a material change in your customers’ circumstances. For example, CDD may need to reoccur if your customer’s corporate structure changes, or if they start carrying out different transactions to previous ones.
Below are five key ways to help ensure effective monitoring of customers.
Implementing effective ongoing due diligence strategies
Central to the development of comprehensive ongoing customer due diligence procedures is the ability to identify and quantify potential risks, and ensuring relevant employees understand what they need to do for compliance.
1. Create and maintain up to date records and documentation
Ensure your compliance documentation outlines how you are going to carry out ongoing CDD. Show how you use a risk-based approach, the risk rating for each customer, and what checks you will be doing as part of the ongoing CDD process.
Make sure you keep up to date records on your customer, beneficial owners, and those with effective control.
2. Train staff and create a culture of compliance
Keeping employees informed about regulations and your compliance processes is vital for the successful implementation of your AML obligations. Ongoing training will help employees to recognise compliance issues and report potential violations promptly.
Ensure you keep a record of all training and note when it occurred.
3. Know your customer
Knowing your customer will help you to identify when activity occurring in the business relationship is unusual or inconsistent with your knowledge about the customer, their business, and risk profile.
If you identify anything suspicious you must file a suspicious activity report with the FIU.
4. Integrate technology solutions for compliance monitoring
Incorporating advanced technology solutions, like tic company’s online portal into your due diligence activity, optimises compliance monitoring and will help you to identify and report suspicious activity more effectively. This will help you manage and store large amounts of data, flagging anomalies in transactions or accounts that could indicate money laundering or fraudulent activity.
It is important to remember that while a tech solution will make the compliance process easier for teams, and can save time and money, it requires human intervention to properly analyse any red flags raised.
5. Address red flags and implement corrective actions
If you identify a trigger such as a client being found in a PEP check, it’s important to tackle the raised risk promptly. It does not necessarily mean you cannot continue a business relationship with your customer or that a SARs is required but you must understand, assess and record the risk, and carry out enhanced customer due diligence where necessary.
Ongoing due diligence process
Once you have established when you need to carry out ongoing CDD on clients you’ll find the reverification process is much like the process you take when onboarding new clients.
The process has been proving difficult for some entities however, with 9% of businesses reviewed by the FMA in their 2021 monitoring report showing areas of non-compliance in relation to ongoing CDD and account monitoring.
To avoid breaches ensure you have adequately designed policies, procedures, and controls for the monitoring of customer accounts and carry out reverification diligently.
Conclusion
Ongoing due diligence is essential for businesses to remain compliant amidst the ever-changing regulatory landscape. The adoption of efficient technology alongside employee training, and regular risk-based reviews of client information will help mitigate risk of non-compliance.
Juggling ongoing customer due diligence and your business? Let us lend a hand! Call us on 09 369 6867 or email our expert team at info@ticcompany.com to find out how you can leverage our expertise and automated systems to save you time and money.
About the author
Nicolas Charles
Nick has a background in financial services for nearly 10 years. During his time in retail finance and banking, he was directly involved in the application of AML verification and compliance, which gave him valuable skills for his current role as Head of Operations and Finance at tic company.
