In 2023, regulated businesses are navigating a highly dynamic regulatory landscape. With financial crime and AML failures a key area of focus for FCA enforcement action, a high-functioning due diligence framework has never been more vital to ensuring compliance, whilst supporting growth, innovation and improving the customer experience.
Let’s start with the basics…
What is Customer Due Diligence?
Customer Due Diligence (CDD) is the process of identifying your customers, checking they are exactly who they say they are, and ensuring they are properly risk-assessed before being onboarded. CDD sits at the heart of Anti-Money Laundering (AML) and Know Your Customer (KYC) initiatives.
What does Customer Due Diligence look like in practice?
AML requirements in the UK are based on several key Acts including The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Financial Services and Markets Act 2000 (FSMA) and the Proceeds of Crime Act 2002.
In simple terms financial institutions must carry out CDD measures when establishing a new business relationship, undertaking occasional transactions, when it suspects nefarious activity or when it doubts the accuracy or adequacy of customer information. When carrying out CDD measures a regulated business must:
- Verify the customer’s identity
- Identify and verify beneficial ownerships (for business entities)
- Understand the ownership and control structures of a legal person, trust, company, foundation, or other entity
- Assess and obtain information pursuant to the purpose and nature of the business relationship or transaction
The complexity of financial crime remains a huge challenge for businesses. Combined with rapidly evolving geo-political events and sanctions, regulated businesses are increasingly taking a risk-based approach to customer due diligence, moving beyond standard CDD to enhance customer identity assurance.
What is Enhanced Due Diligence?
Enhanced Due Diligence (EDD) is an extension of CDD. EDD is a set of measures applied, using a risk-based approach, to investigate potentially high-risk customers or transactions and gather more evidence and detailed intelligence.
High-risk customers might include, for example, those subject to economic sanctions or operating in countries without adequate AML controls, customers with complex ultimate beneficial ownership (UBO) structures, companies managed by politically exposed persons (PEPs), or businesses operating in countries with significant levels of corruption, criminal activity or terrorist activity.
EDD provides a greater level of scrutiny of potential business partnerships and highlights risk that cannot be detected by standard customer due diligence checks. EDD measures may include adverse media screening, obtaining additional identifying information, analysing the source of funds, scrutinising Ultimate Beneficial Ownership (UBO) and transaction screening.
What is the difference between CDD and EDD?
Essentially, CDD and enhanced due diligence are different levels of background checks. The key difference between CDD and EDD arises as a result of a customer risk assessment. If through a risk-based approach to assessment a customer is deemed to present a normal level of risk, they can go through CDD, however if it’s apparent that they present a higher level of risk, they are required to undergo EDD.
But - and it’s an important but - CDD doesn’t end at the customer verification and onboarding stage.
What is Continuous Due Diligence?
Customer behaviour changes and risk profiles evolve. Continuous due diligence, also referred to as Ongoing Customer Due Diligence (OCDD) or Perpetual Due Diligence (PDD), refers to a risk-based in-life monitoring approach, based upon risk events and triggers and identifying risk patterns, for maintaining KYC/KYB information and monitoring customers for the risks they pose for money laundering and other financial crimes.
EY recently described continuous due diligence as a transformative strategy, beneficial, less burdensome, and less costly for regulated business and their customers. They also stipulated that transformation requires investment in technology and data, including trusted data sources, integrated triggering events, data logic, adverse media screening, and automated updating of customer information.
Ready to go beyond standard due diligence?
Customer Lifecycle Intelligence (CLI) from FullCircl goes way beyond standard due diligence, through the use of automated data collection and execution of critical checks and processes to deliver continuous due diligence. The result being regulated businesses can ensure compliance through proactive risk mitigation – targeting efforts where it is needed in line with their policies and risk appetite.
The ultimate risk-based approach, CLI utilises technology to connect data points that can be used to expose potential risk trends and connections across networks of people and businesses, as well as providing the ability to overlay policy decisioning and risk appetite across trigger changes – generating targeted and actionable events, prioritising remediation to the highest risk activity and delivering consistency of decisioning and efficiency benefits in AML and KYC.
Head over to our Resources Hub for more information about our web app, API, decision engine, and due diligence tools, including specific guidance on UBOs, PEPs and sanctions, adverse director history, CCJs and legal notices.
Get in touch to find out how we can supercharge customer onboarding and due diligence - so you can do Better Business, Faster