Glossary Customer Due Diligence

Customer Due Diligence 

Customer due diligence (CDD) is becoming an increasingly critical success factor for financial institutions, with serious financial consequences for negligence. The fines imposed clearly demonstrate this: in 2021 alone, financial institutions worldwide had to pay 2.7 billion US dollars because their compliance measures and CDD processes were inadequate.

Precise identity verification is proving indispensable as the basis for CDD. It is the foundation on which all subsequent compliance measures are built and the first critical step in effectively preventing fraud and money laundering.

What is Customer Due Diligence (CDD)?

Customer due diligence is the process of verifying a customer's identity beyond any doubt. One of the key elements of this process is thorough identity verification, which financial institutions must carry out before entering into a business relationship or executing transactions with a customer. This includes digitally recording and verifying identity documents, as well as checking their authenticity.

The legal requirements for CDD are based on international standards for combating money laundering and terrorist financing. For banks, financial service providers, and other obligated companies, CDD is a legal obligation, not an optional extra. They must be able to prove that they know their customers and who they are doing business with. This also protects their own company from financial and legal risks.

The different levels

Customer due diligence is not carried out using a 'one-size-fits-all' approach. Instead, different levels of customer verification are applied, based on the customer's individual risk profile.

Simplified Due Diligence (SDD)

Simplified due diligence applies to business relationships with proven low risk. Although it is called 'simplified', the basic customer identity check remains mandatory – it forms the indispensable minimum of any due diligence check. The main difference from the standard check is the reduced scope of additional documentation requirements.

SDD is suitable for the following customer groups, for example:

• Regulated financial service providers that are already subject to strict EU money laundering directives;
• Transactions with listed companies that are already bound by strict transparency requirements;
• Organisations under public supervision.
• Government institutions with transparent identities and traceable accounting.
  

Basic/Standard Customer Due Diligence (BDD)

Standard due diligence is the norm for customer due diligence and applies to most business relationships. The focus here, too, is on reliably verifying the customer's identity, which can be done particularly efficiently using modern digital processes today.

BDD includes the following elements, among others:

• Unique identification of the customer by checking official identification documents or using other reliable databases and sources.
• For corporate customers, it involves obtaining information about the nature and purpose of the planned business relationship, as well as the company's activities and source of financing.

Enhanced Due Diligence (EDD)

Enhanced due diligence is employed for business relationships that pose an increased risk, and it goes far beyond the requirements of standard due diligence. Triggers for EDD typically include business relationships with customers from high-risk countries or industries, or with politically exposed persons (PEPs).

In addition to basic identity checks, further verification measures are carried out in these cases.

• Obtaining additional information on the origin of the assets.
• enhanced, continuous monitoring of the business relationship;
• detailed documentation of all business activities;
• regular updating and verification of customer data.
  
  

Which laws apply?

The legal framework for customer due diligence is defined at both the European and national levels. The EU Money Laundering Directive provides the overarching foundation and legal framework for all Member States. Its purpose is to create a uniform level of protection in the European financial sector and prevent cross-border financial crime.

In the DACH region, individual countries have transposed these European requirements into national law and supplemented them with additional regulations in some cases. Germany's Money Laundering Act closely aligns with EU requirements, whereas Switzerland, as a non-EU member, has created a comparable but independent legal framework through its Anti-Money Laundering Act and associated ordinances. Austria has also transposed the European requirements into national law.

• Germany: Money Laundering Act based on the EU Directive.
• Switzerland: Money Laundering Act and Money Laundering Regulations
• Austria: Richtlinie Money Laundering Directive.

The goal of all regulations is the same: to oblige financial institutions and other companies to reliably identify their customers and detect suspicious activity at an early stage.

What happens if CDD laws are not complied with?

The consequences of violating customer due diligence regulations can threaten the very existence of a company. Regulatory authorities impose severe penalties for compliance violations, as the statistics mentioned at the beginning of this article show.

But the financial consequences are only the first level of possible consequences. The threat of reputational damage is particularly serious: if violations of CDD obligations become public, this leads to a massive loss of trust among customers and business partners. The resulting customer churn and loss of business can significantly exceed the immediate financial damage caused by fines.

In the worst case, there may be criminal consequences, especially if customers suffer damage as a result of inadequate verification processes. This can be the case, for example, if insufficient identity checks enable identity theft. Managers and responsible employees must then expect personal and legal consequences.

CDD vs. KYC: the difference between customer due diligence and know your customer

KYC focuses exclusively on the fundamental first step: verifying the customer's identity. The Know Your Customer principle states that financial institutions may only enter into business relationships once they have verified their customers' identities beyond doubt. The primary question here is therefore: ‘Who is the customer?’

Customer Due Diligence, on the other hand, is much more comprehensive and describes a holistic verification process. While identity verification in accordance with the KYC principle forms the foundation, CDD also includes additional verification steps such as risk assessment, transaction monitoring and continuous updating of customer information. CDD therefore answers not only the question of ‘who’, but also “why” and ‘how’ in the business relationship.

The relationship can be understood as follows: KYC is an essential component of the wider CDD framework. Without reliable identity verification based on the KYC principle, further CDD measures cannot be carried out effectively. However, KYC alone is insufficient for comprehensive customer verification.

An explanation of the client due diligence process:

Identity verification
This forms the foundation of the entire CDD process. This involves using official identification documents to establish the customer's identity beyond doubt. Modern digital procedures, such as those offered by PXL Vision, enable fast and secure verification by checking the authenticity of the documents and ensuring they match the person.

The next step is to compare the customer with PEP and sanctions lists.
After basic identity verification, a comparison with various databases is usually carried out. This checks whether the customer is a politically exposed person (PEP) or listed on international sanctions lists. This step is typically performed by specialised service providers.

Risk assessment
The risk assessment determines the customer's individual risk profile. Various factors are taken into account, such as industry, transaction volume, geographical origin, and the type of business relationship. The outcome of this assessment determines the intensity of any further verification measures required.

Ongoing monitoring
This involves identifying unusual or suspicious transaction patterns in the business relationship at an early stage. This involves comparing actual business activities with expected behaviour and analysing any discrepancies.

Customer information must be maintained and updated
Customer information must be regularly checked to ensure it is up to date, and updated as necessary.

CDD for banks and financial institutions with PXL Vision

Identity verification is the first step in any CDD process, and PXL Vision is the perfect solution for this. Our digital solution makes identity verification fast, secure and straightforward. Companies can use it to identify new customers directly online without compromising security.

For customers, the process is as simple as taking a selfie: a quick scan of their ID document and a selfie video, and they're done. This combination of maximum security and ease of use is especially important when it comes to digital banking.

It is important to note that: We focus specifically on identity verification as the first and most important step in customer due diligence (CDD). We are planning to integrate PEP and sanctions lists for further CDD requirements, which use third-party APIs to check whether users are politically exposed persons or appear on sanctions lists. This ensures compliance with KYC regulations and increases trust and security throughout the onboarding process.

Would you like to see how easy and secure digital identity verification can be? Contact us now to find out more.