Customer due diligence (CDD) has always been at the centre of AML and is a critical process to ensure regulatory compliance. While it can often be seen as a chore it is important to conduct CDD before establishing a business relationship or conducting a transaction on behalf of a new client.
Best practice would dictate that a risk-based approach is used – meaning that risk is considered when carrying out CDD, and that as part of the CDD process, the nature and purpose of the transaction is recorded. There are however, different types of CDD which should be used depending on your client risk levels and situation; simplified due diligence, standard due diligence, enhanced due diligence and ongoing due diligence.
Keep reading to unlock the details of simplified due diligence (SDD) and the key differences between levels of due diligence.
What is AML simplified due diligence?
AML simplified due diligence is a level of due diligence that is applicable to certain types of customers. It recognises the lower risk of money laundering or terrorism financing which certain clients may pose due to their circumstances or situation.
This allows entities to conduct a more streamlined approach to CDD specifically to clients that are already subject to transparency and public disclosure. These are prescribed customers as identified in 18(2) of the AML/CFT Act. These include but are not limited to (we suggest you always check this section of the Act to ensure simplified DD can be applied):
- Government entities
- Local authorities such as the local council
- Public service agencies such as the DIA
- NZ Police
- Crown entities
- State owned entities such as Air New Zealand
- Companies listed on the Stock Exchange and its subsidiaries such as the NZX, and providing they are located in a country that has sufficient AML/CFT systems in place
- Registered banks
Simplified CDD could also be used on the person representing a customer that is subject to simplified CDD.
While there are specific clients that naturally allow for a simplified due diligence process, generally you will find if you are choosing this method of CDD your customer will have already been:
- Subject to higher scrutiny, or;
- Subject to the requirements of the government.
What is the simplified due diligence process?
No matter what level of CDD you are undertaking, identifying, and verifying customer identity forms the cornerstone of CDD. Making sure entities or individuals are precisely who they claim to be is vital to the compliance process even for those undergoing SDD.
SDD is the lowest form of due diligence you can employ and is only for very low risk clients.
If you are using simplified due diligence, review the checklist below to ensure you don’t miss any critical steps.
1. Meet the criteria
Confirm your client meets the criteria for simplified CDD, A full list of criteria’s can be found in section 18 of the AML/CFT Act and includes the types of customers listed above.
2. Nature and purpose
Confirm nature and purpose of the relationship between you and your client. Confirm that any person acting on behalf of your client has the necessary authority to do so – this may be an email or a letter from the client to confirm that they are authorised to conduct the activity.
3. Identity requirements
Obtain identity information, from the person acting on behalf of your client. Ensure you obtain and verify:
- the person’s full name; and
- the person’s date of birth; and
- the person’s relationship to the customer; and
- any information prescribed by regulations.
3. Assess risk and verify
Consider the risk to your business, the value and volume of transactions involved, and the type of product or service you are offering. According to the level of risk, verify the identity of the person acting on behalf of your client. Verification involves confirming identity information against documents, data or information obtained from a reliable and independent source.
4. Record keeping
If you choose to carry out simplified CDD on a customer you should record why that entity is subject to this level of due diligence, and ensure you maintain detailed and accessible records of your customer interactions, transactions, and identification processes. This will help provide evidence at audit time that you have taken the necessary measures to know your client, and to understand the changing nature and purpose of your client relationship.
And remember, your customers situation can change over time so it is important to make sure ongoing due diligence is part of your AML procedures. This will allow for a review of customers on a regular basis and help determine any changes in the business relationship, and if this changes the original risk rating assigned to the customer.
What is the difference between standard and simplified due diligence?
The difference between standard and simplified due diligence is in the extent of investigation each approach requires. Both due diligence approaches require identifying your customer, gathering information, and understanding risks involved. However, simplified due diligence relies on customers already having gone through substantial investigation (as identified in section 18 of the AML/CFT Act), and therefore negates the need for such in-depth analysis.
What is the difference between enhanced due diligence and simplified due diligence?
As the name suggests, conducting enhanced due diligence (EDD) requires an increased or more sophisticated investigation of clients. While both EDD and SDD require the collection of data to verify a customers identify and to determine the level of risk, with EDD you are also required to:
- Verify the customer’s details, beneficial ownership, and details of key people/representatives in the transaction, and;
- Take reasonable steps to obtain and verify source of wealth and/or source of funds of the customer.
This is because unlike clients who have been identified as low risk and subject to simplified due diligence, EDD is carried out on customers identified as high risk. These could be because the customer is a trust, a politically exposed person (PEP), subject to a suspicious activity report (SAR), be from a high risk jurisdiction or a company with nominee directors/shareholders.
Customers identified as very low risk, such as government entities generally undergo simplified due diligence, medium risk customers undergo standard due diligence, and high risk customers enhanced due diligence.
Final thoughts
Simplified due diligence is no doubt a less time-consuming method of due diligence when compared to others. However, it should only be used in low risk situations and you should be prepared to increase your scrutiny of customers if their risk profile changes.
Here at tic we use enterprise-grade technology and ISO certified tools to make verifying customers identity easier, saving time and money. To try our online tool give us a call on 09 369 6867, or request a demo.