What Is Customer Due Diligence in Banking?

Customer Due Diligence (CDD) in banking is a process financial institutions use to gather and evaluate information about current and prospective customers. It helps combat money laundering (AML) and counter terrorist financing (CTF) activities. CDD ensures banks understand their customers, the nature of their financial activities, and the risks they might pose to the financial system. This process is crucial for maintaining the integrity and stability of the financial sector.

Key Information Collected by Banks

Banks collect various types of information from individuals and entities as part of their Customer Due Diligence process, also known as “Know Your Customer” (KYC). For individuals, this includes verifying their full legal name, date of birth, residential address, and a national identification number. Official documents such as a passport or driver’s license confirm identity. Banks also gather information about the source of funds and wealth, and the intended purpose of the banking relationship, to understand the customer’s financial profile.

For entities like businesses, banks collect the legal name, physical address, business registration details, and tax identification numbers. They also require information regarding the nature of the business and its activities. A key aspect for entities is identifying Beneficial Ownership (BO), which involves pinpointing the natural persons who directly or indirectly own or control the entity. This is a requirement stemming from regulations like the Bank Secrecy Act (BSA) and its rules from the Financial Crimes Enforcement Network (FinCEN), which mandate collecting and verifying beneficial owner information for certain legal entity customers when new accounts are opened.

This information helps counteract financial crimes like money laundering, tax evasion, and fraud, which legal entities can conceal. A beneficial owner includes any individual who directly or indirectly owns 25% or more of the equity interest in the legal entity, or a single individual with significant responsibility to control or manage the entity, such as an executive officer. For each identified beneficial owner, information such as name, residential address, date of birth, and Social Security Number (or other government-issued identification for non-U.S. citizens) must be collected.

Steps in Customer Due Diligence

Banks perform comprehensive Customer Due Diligence through several steps after initial information collection. The first step involves verifying the identity information provided by the customer. Banks accomplish this by cross-referencing details with reliable, independent sources, conducting database checks, and authenticating official documents. This confirms the information’s legitimacy and the customer’s identity.

Following identity verification, banks conduct a risk assessment to evaluate potential money laundering and terrorist financing risks associated with each customer and their anticipated activities. Factors influencing this assessment include the customer type, geographic location, nature of transactions, and products or services they intend to use. This assessment assigns a risk profile to the customer, which guides the intensity of subsequent due diligence measures. A customer’s risk profile is dynamic and can change over time.

Ongoing monitoring extends beyond initial onboarding. Banks regularly monitor customer transactions and account activity for unusual or suspicious patterns that might indicate illicit financial behavior. This scrutiny helps identify changes in a customer’s risk level or emerging suspicious activities. Periodic reviews also ensure customer information remains current and their risk profiles are accurate.

Finally, banks are subject to regulatory requirements for record keeping. They must maintain detailed records of all CDD information and activities for a specified period, five years after an account is closed. These records include identification documents, beneficial ownership certifications, and documentation of risk assessments and monitoring activities. Accurate and accessible record keeping is important for compliance and for assisting law enforcement investigations into financial crimes.

Varying Levels of Due Diligence

Customer Due Diligence is not applied uniformly to all customers; instead, financial institutions adopt a risk-based approach. This means the intensity and nature of due diligence efforts are proportional to the assessed risk posed by each customer. This targeted strategy allows banks to allocate resources efficiently, focusing more intensive scrutiny on higher-risk areas.

For customers assessed as presenting a lower risk of money laundering or terrorist financing, banks may apply Simplified Due Diligence (SDD). SDD involves fewer or less rigorous controls than standard CDD, though basic identity verification remains. Examples of situations where SDD might be appropriate include certain government entities, publicly traded companies, or customers opening basic savings accounts for personal use with low-value transactions. SDD streamlines the onboarding process for these low-risk customers while still ensuring fundamental compliance.

Conversely, Enhanced Due Diligence (EDD) is required for customers or situations that present a higher risk. EDD goes beyond standard CDD, requiring a deeper understanding of a customer’s background, financial activities, and potential risks. High-risk indicators that trigger EDD include Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, complex corporate structures, cash-intensive businesses, or unusual transaction patterns. PEPs are individuals holding prominent public positions who may be vulnerable to corruption; EDD applies to them, their family members, and close associates.

EDD entails collecting more extensive information than standard CDD, such as a detailed source of wealth and funds. It may also involve more frequent and rigorous monitoring of transactions, increased scrutiny of account activities, and higher levels of internal approval for establishing or maintaining relationships. Comprehensive background checks, adverse media screening, and verification against sanctions lists are also common EDD components. The goal of EDD is to ensure higher risks posed by these customers are effectively identified and mitigated.