Know your customer (KYC) is a process that banks and other financial institutions use to verify the identity of potential clients, as mandated in the 1970 U.S. Bank Secrecy Act and the 2001 USA PATRIOT Act. In the first phase of KYC, the financial organization collects documents to identify a potential customer (sometimes called a customer identification program, or CIP). In the second stage, they perform customer due diligence (CDD), in which the bank verifies that documents are legitimate, then quantifies the level of risk that customer is involved in illegal activities, based on certain factors. When the risk level is high enough, the financial institution is required to implement enhanced due diligence (ECDD).
A bank or financial institution can perform CDD before or after establishing the business relationship and generally invokes the practice when it expects an ongoing relationship. However, one-off transactions may also require CDD.
Customer due diligence is most commonly associated with banking and financial services, but the term due diligence is also used in real estate, mergers and acquisitions, and securities sales. The concept of due diligence even comes up in day-to-day life, when people evaluate prospective employers, dates, vacation spots, or restaurants.
CDD has become more prevalent in the last couple of decades, and financial institutions and governments have realized the need for stronger anti-money-laundering (AML) and Countering the Financing of Terrorism (CFT) regulations. In the United States, the Financial Crimes Enforcement Network (FinCEN), which is part of the Treasury Department, collects and analyzes financial information and looks for evidence of money laundering, terrorist financing, and other financial crimes, both domestic and international. In addition, the Federal Financial Institutions Examinations Council on Customer Due Diligence (FFIEC) creates guidelines on CDD.
Financial institutions gather information during CDD and use it to monitor the customer’s transactions and look for questionable activity. When the institution finds questionable activity, it reports the incident or incidents to the relevant authorities.
CDD can be ongoing, so financial transactions through the customer's account must stay consistent with the bank’s knowledge of the customer, their business, their risk profile, and the source of funds. Additionally, the continuing nature of the process helps keep all documents and information up to date.
Why Is Customer Due Diligence Important?
First and foremost, CDD protects the business from dealing with a customer involved in illegal or questionable activity. It also helps detect this activity if it starts to occur.
Risks of Unverified Customers
Potential customers who appear risky at first may turn out to be stable. However, it’s smart to be proactive and attempt to verify their risk level. When customers are not verified, a financial institution or bank could become the target of legal or regulatory actions stemming from customer activities like money laundering, terrorist financing, and corruption.
Without performing CDD, a financial institution risks harming its reputation if the customer’s business is involved in money laundering, terrorist financing, or corruption. The financial organization could be the target of legal or regulatory actions, or it may suffer financial loss. If the risk is too great and can't be mitigated, the bank can decline a relationship with the customer.
What Is Enhanced Customer Due Diligence?
Enhanced customer due diligence (ECDD) is required when a potential customer poses a higher risk of associations with money laundering, terrorist financing, or other financial crimes. The threshold varies, based on the bank’s location and area of focus.
A customer with any of these characteristics may pose a higher risk:
- Links to a politically exposed person (PEP), terrorists, or criminals, or an individual or entity on a sanctioned list
- Appears on a watchlist
- Runs business operations in high-risk locations
- Requests a non-face-to-face account opening and conducts all business remotely
- Questionable source of assets or funds
- Questionable nature of business activity
- Questionable ownership structure
- Associations with offshore banks or private banking institutions
The bank could request the following information in cases of enhanced due diligence, both at the creation of the account and on a recurring basis after (this list is not comprehensive):
- Purpose of the account and expected types of business transactions
- Type of businesses conducted by the customer and all individuals with ownership or control over the account
- Financial statements
- Proximity of the bank to the customer’s residence, place of business, and place of employment
- Expectations of routine international transactions
- Description of business operations, anticipated volume of transaction, and total sales
- Major customers and suppliers
- Explanations for changes in account activity
Customer Due Diligence Best Practices
The CDD process should be risk-sensitive, so the financial institution should apply the appropriate treatment, checks, and controls as commensurate with the level of risk. The treatment, checks, and controls should also depend on the type of customer, business relationship, nature of activity, and nature of transactions. These steps allow you to prioritize resources in areas that require more attention based on risk sensitivity.
To make the CDD and ECDD processes stronger and more efficient, incorporate these other steps and ideas:
- For standard-risk customers, verify only the standard information provided.
- Only collect basic account information for a low-balance, low-turnover deposit account.
- Public companies and their wholly owned subsidiaries are considered lower-risk, while privately owned companies and other entities (like trusts) are generally assessed as higher risk.
- Apply CDD and ECDD to beneficial owners.
- Don’t allow anonymous business relationships.
- Report any suspicious activity.
- Keep all historical records related to the CDD/ECDD process.
- When relying on third parties to perform verification, ensure they are reliable and independent sources.
- Continuously monitor media for negative mentions.
Benefits of Customer Due Diligence
Practicing customer due diligence provides a number of benefits to the bank or financial institution, including the following:
- Compliance with safe banking practices, such as those established by the Financial Action Task Force (FATF), and legislative and regulatory requirements
- Learning the customer's risk profile and assessing their risk level before the account is open
- Ensuring that customer needs can be legally met through product and service offerings
- Ability to focus more attention on high-risk customers
- Guarding against identity fraud and other kinds of scams
- Easier prediction of activities the customer is likely to engage in (and identification of unusual or illegal activity during the course of the business relationship)
- Enabling the business to assist law enforcement when needed
- Avoiding criminal exposure for customers’ actions
Challenges of Customer Due Diligence
Running a good due diligence program for customers is not an easy process. Below are some of the bigger challenges:
- Proper verification of customer identification and documentation (especially if the customer is dishonest or hiding something)
- Determining where on the risk scale a customer falls
- Investigating suspicious transactions (they may turn out to be innocuous)
- Maintaining vigilance throughout the duration of the customer relationship
- Compliance with laws and regulations (especially when multiple countries and jurisdictions are involved)
Why Is Customer Due Diligence Necessary?
When a bank or financial institution starts a relationship with a new customer, due diligence helps the bank determine the customer’s risk level of engaging in future financial crimes. By performing strong CDD, the bank shields itself from association if the customer is later targeted for legal action. It also means that higher-risk customers receive more scrutiny than lower-risk clients.
When Is Customer Due Diligence Required?
Financial institutions should apply customer due diligence to all potential customers, but the choice to perform standard, simplified, or enhanced due diligence is based on the type of customer, the bank’s policies, and the laws and regulations covering them.