Customer due diligence (CDD) has become one of the core compliance activities of real estate agents, financial institutions, accountants and lawyers all around the world in an effort to protect against money laundering.
Do it right, and it can protect your business, and provide reassurance that you truly know your customer and their source of funds. Do it wrong, and you can find yourself in time consuming, costly remediation processes, and inadvertently provide an opening for criminal financial activity.
Here we outline the key steps to take when carrying out standard customer due diligence.
What is standard customer due diligence?
Standard customer due diligence is the process entities are required to complete to confirm the identity of customers, ensuring the personal data they have provided is genuine.
CDD must take place when a cash transaction, or series of related cash transactions exceeds $10,000.
Standard CDD requires less sophisticated measures than other types of due diligence such as enhanced due diligence which is generally used for higher risk customers. However, there are still a number of activities that are required to ensure you fully understand your customer’s risk profile.
Four steps to standard CDD
1. Nature and purpose
Obtain information about the nature and purpose of your proposed business relationship.
How: Consider how your business relationship may develop, the types of transactions which will take place, how much money is involved and how frequently these transactions will take place.
2. Confirm customer’s identity
Gather identity information about your customer, any beneficial owners and any person acting on behalf of your customer.
How: Confirm your potential customers full name, date of birth, and if you are dealing with persons acting on behalf of your customer you will also need to understand that person’s relationship to the customer and their identity.
3. Determine risk
Make a decision on the level of money laundering risk, and ensure you have enough information to determine whether enhanced CDD needs to be carried out on your customer.
How: Take a risk-based approach, and determine the level of money laundering risk to your business. Look at transactions, your customer’s occupation, their business (if relevant) and expected frequency and source of funds.
4. Verify identities
According to the level of risk determined, verify the identity of your customer and other relevant persons such as the beneficial owner.
How: Use recommended photographic identification documents such as a New Zealand passport, overseas passport or national identity card. Or use non photographic documents such as a birth certificate alongside other photographic identification such as a New Zealand driver’s licence.
If you are using electronic identification (EIV), your customer’s name and date of birth must be verified from one source, and only the name verified on the second source.
Remember, completing identity verification may seem like a relatively quick and easy method to get to ‘know your customer’, but on its own it’s not enough. This is just one step in your standard CDD process, and all steps need to be completed to gain a complete picture of your customer, and for your records to stand up to auditor scrutiny.
How often do you need to carry out standard CDD?
Customer due diligence must be carried out on a regular basis on existing customers. Even though you have already established and verified their identity it is important that ongoing customer due diligence is part of your compliance activities so you can detect any material changes, suspicious activities, and transactions.
This requires you to review the record you have of your customer details systematically. Check their identification documents are still valid, and transactions are consistent with your understanding of your customer and their risk profile.
CDD and ongoing monitoring of customers is an essential part of knowing your customer, ensuring you meet compliance obligations outlined in the AML/CFT Act, helping to prevent financial crime, and protecting your business.
Doing it right, can save a lot of time in the long run and should be a fundamental part of your compliance programme and reporting activity.
For more on CDD and the different types used for higher risk customers, read our complete guide.