10 June 2021
In a fast-moving world, getting to know your customer is the best way to keep them. It helps you make better and more effective business decisions based on their changing needs. But also, knowing your customer is an essential part of anti-money laundering due diligence, helping prevent criminals from taking advantage of your organisation and the financial sector in general.
Thankfully, the European Banking Authority (EBA) has issued a set of guidelines for financial institutions to follow in order to minimise their risk when they enter into a business relationship with a customer. This article explores the best practices for due diligence and how your organisation can apply them to customers in order to safeguard your operations from financial crime.
At its most basic level, Customer Due Diligence (CDD) is the process of verifying the identity of a customer in order to be sure that an organisation is confident it knows who it is doing business with. In the financial world, there is a risk of onboarding clients who are involved with money laundering (ML) or terrorist financing (TF).
The EBA sets out factors that organisations should consider when assessing their risk from ML and TF, as well as details on how to scale their CDD efforts in order to counter the risks they have identified.
The three areas of initial CDD that should be performed in every case are:
Area |
Description |
Verify the Customer’s Identity |
Source reliable information from an independent source on the personal identifying details of the customer. |
Verify the Beneficial Owner’s Identity |
Discovering the identity of the person who is ultimately in charge or control of the business with which you are entering a relationship. |
Establish the Business Relationship |
Understanding the type and purpose of the business relationship in question. |
The EBA states that CDD is required ahead of banks and other financial operations entering into both sporadic and regular business dealings. It says: “Before entering into a business relationship or carrying out an occasional transaction, firms should apply initial CDD in line with Article 13(1)(a), (b) and (c) and Article 14(4) of Directive (EU) 2015/849.”
Besides the initial checks before entering into a business relationship, institutions are required to monitor these relationships on a regular basis. This includes keeping all the basic information about the customer up to date and analysing transactions involving the client.
In addition, anyone selling goods worth €10,000 and more in cash must perform their own CDD in order to minimise the risk of money laundering.
The type of customer due diligence you apply is risk-based, so might vary from client to client. Below are the different types of CDD.
For most customers, you will need to perform standard CDD. This involves verifying the customer’s identity, establishing the nature of the business relationship, identifying the beneficial owner of the business and resolving to continuously monitor these elements throughout the relationship.
However, there are situations in which you might decide to loosen or strengthen the Know Your Customer (KYC) and Anti Money Laundering (AML) measures.
For customers that you deem low-risk, you can perform simplified CDD. Reasons that you might find for settling on SDD could relate to the nature of the business or the product in question. If you enter into business with a local authority, for example, there may already be a requirement for them to disclose information relating to AML and TF matters. This means they are likely to pose a much lower risk of engaging in money laundering and terrorist funding.
You still have to perform CDD, but you can take these additional SDD measures:
The European Union’s 4th Anti Money Laundering Directive dictates that you should enact enhanced due diligence (EDD) if your assessments deem the customer to be high risk and in any one of a number of set situations. These are:
There are different EDD measures to take, depending on the risk factor identified.
This is the general process for performing CDD.
Collecting data on customers is the first step in performing CDD. For individuals, this includes the customer’s name, residential address, phone numbers, email addresses, gender, marital status, nationality, race and occupation. For legal entities, you should find out the name of the business, details of the incorporation, management structure, articles of association and details of its constitution.
You then need to verify this data with trusted and reliable sources. For an individual, this could be a government agency, in the form of a passport or other photo ID, or a utility provider to prove their address. For an organisation, you might ask to see the articles of association or the certificate of incorporation.
You must look into the control structure of the company to ascertain the identity of the beneficial owner of the business. This is the person that owns 25% or more of the shares or voting rights in the company. They can appoint or remove the majority of the directors or can otherwise exert control and influence over the organisation.
This step can involve a large amount of investigative work, from looking through shareholding data to sifting through public sources to uncover the identity of the ultimate beneficial owner.
Your analysts can run processes such as name screening to check on the background of the customer. They will look to see if the individuals in question are PEPs and whether they have been sanctioned, have a criminal record, have been involved with terrorism or have been associated with any dubious behaviour in the press.
Following these processes, the analysts can create a customer risk profile relating to money laundering and terrorist financing. If the entity is a government organisation that has its own AML compliance processes in place, it may be flagged as low risk, whereas a business where a high-ranking politician has beneficial ownership may be flagged as high risk.
From these results, you can assess the best form of due diligence to instigate, whether that is standard, simplified or enhanced.
Ongoing monitoring of the account is key to maintaining security. This means constantly reviewing transactions and other account activity for indicators of money laundering. In addition, you should ensure that, if there is a change to the nature of the business relationship, it is not one that leaves you open to unwittingly allowing money laundering to occur. Keeping your Know Your Customer or KYC process documentation up to date is essential.
Verifying the identity of a client before entering into a business relationship means you start off knowing that you can trust they are who they say they are. The ID Proof tool from Evidos allows your new customers to identify themselves using their locally available electronic identities (eIDs). This enables you to work with overseas clients with complete confidence.
Every transaction with the client provides you with an identification file backed by independent evidence and verified by an NFC chip reader or a passport selfie.
Timely customer identification can speed up your due diligence and prevent hours spent manually investigating and verifying customers.
Your record-keeping of CDD material is essential for compliance with AML legislation. You should be able to prove that you carried out due diligence and the reasons why you assigned the customer the risk profile, and therefore the type of due diligence you performed.
Keeping detailed records of risk factors, suspicions and names of beneficial owners for clients and prospective clients helps to inform the decisions your analysts make. It helps other departments in your organisations perform their risk assessments if the client wants to work with them, too.
Using artificial intelligence (AI), such as Robotic Process Automation, to scour publicly available information and internal data enables you to create easily accessible and digestible records on a person or business for future reference.
Ensuring you keep a database of third parties allows you to cross-reference vital information that could inform your risk profile. By noting down all of the countries in which the customer operates, you can easily identify high-risk customers. When a country is felt to become ‘high risk’ the database can show you all the customers that are connected with that territory.
By investigating the owner, directors and senior management separately, you can easily spot connections between all the customers related to someone who becomes blacklisted. When you update customer information, you can immediately identify suspicious connections.
CDD is Customer Due Diligence, relating to the concept of collecting data about the customer in order to verify who they are and to mitigate the risks that they may pose in relation to money laundering and terrorist funding. EDD is enhanced due diligence and encompasses the measures financial institutions should take to ensure that customers with a higher risk of money laundering are not connected with such activities.
Financial institutions must employ CDD measures for all of their customers. The only exception appears in Article 2 of the AML regulation, where it is said that EU member states can choose to exempt organisations that only occasionally offer financial products to clients. In this case, the organisation must adhere to a number of criteria, including that the sums should be lower than €1,000, making it an inefficient vessel for money laundering.
Understanding anti money laundering customer due diligence measures helps you assess and manage the risks that your customers pose in relation to criminal activity. Tools such as RPA and ID Proof from Evidos streamline and enhance your AML investigations, making identity verification in the financial world easier and faster. For implementing electronic identification as part of your due diligence requirements, talk to our sales team today.
Want to know more?
Please contact us for more information. We’re always happy to answer your questions.