Customer due diligence (CDD) is the process by which banks and other financial institutions (FIs) identify and verify individuals before they become customers, and how they then assess risk throughout a customer’s lifecycle. The CDD process helps banks understand and manage their entire client risk base and prevent financial crimes like money laundering and fraud.
CDD is a process used to verify a person’s identity - usually through documentation or data checks - and to assess any risk associated with them. This review and risk assessment process takes place before a new customer is onboarded and it might happen at intervals throughout the customer’s lifecycle to ensure nothing has changed in their risk profile and no illicit activity has been identified.
Customer due diligence is designed to mitigate risk, and to prevent criminals and terrorist organizations from gaining access to the legitimate financial systems. Bad actors use a variety of methods to disguise the source of funds placed with a bank. Therefore, banks need to take due care to check each customer’s legitimacy. As the international monetary fund (IMF) states: “An effective anti-money laundering [AML]/counter financing of terrorism [CTF] framework must address [two] risk issues: it must prevent, detect, and punish illegal funds entering the financial system and the funding of terrorist individuals, organizations, and/or activities.”
A bank’s approach to prevention, detection, and punishment of financial crime starts with CDD, aimed at using data to identify and verify a customer to ensure they aren't a criminal before onboarding them. This is the start of a know your customer (KYC) compliance and risk management process that goes on throughout the duration of a customer’s relationship with a bank, fintech, neobank, and other regulated financial institutions.
Customer due diligence is carried out on every person a FI plans to transact with. This could be a person opening a current account, a business entity applying for a loan, or it could be investigating a person who owns a business the bank will be helping to finance. The financial institution wants to understand the individual and their source of funds to ensure they are legitimate and to comply with up to date AML/CTF regulation.
The aim of CDD is to provide clarity, so FI's know who they are doing business with and the risks of doing business with them. This means when KYC and AML data checks are carried out, clients will often be given a risk rating from low risk to high risk - helping the bank make decisions about onboarding, off-boarding, and ongoing monitoring.
Each year, fines for non-compliance with anti-money laundering regulations run into many billions of dollars globally. In 2024, one of the largest AML fines issued in the US was for $3.09 billion given to a bank for violations of the Bank Secrecy Act and AML compliance.
Apart from the direct financial loss caused by a fine, the damage to a business’ reputation can be immeasurable. It's essential FIs have robust, in-depth CDD processes tailored to their regulatory environment, products, and customer base.
Each country will have its own AML and CTF regulations, requiring different CDD rules to be followed. However there are "4 pillars of KYC" that are similar the world over:
In the UK, CDD is required to comply with anti-money laundering regulations that are overseen by the FCA. In the European Union (EU), anti-money laundering directives (AMLD) are updated and published periodically to harmonize regulation across member states. There is also a global Financial Action Task Force (FATF) with 36 member states that include all the major financial centers in the world and whose published standards comprise “a comprehensive and consistent framework of measures, which countries should implement to combat money laundering and terrorist financing…”
CDD activities were previously carried out through manual checks on an individual or corporate customer. This was time-consuming and inefficient, particularly in the world of corporate finance where uncovering company ownership information and identifying UBOs can be complex and difficult. Now these processes can be automated using regulatory technology (regtech) solutions.
To meet regulatory requirements in a changing economy, CDD processes can leverage advanced technology features that enhance efficiency and productivity in risk management and compliance.
By considering these kinds of features in a technology platform designed for CDD, financial institutions can transform their KYC processes and better meet regulatory requirements in a dynamic economic environment.
To know who you are doing business with and to assess the risks of doing business with them, data checks are needed. These CDD checks help complete the picture of who a customer is and what kind of risk they might pose.
A series of automated data checks might include:
Maxsight™ can help banks and other financial services businesses streamline customer due diligence (CDD), integrating data checks from global sources. The platform’s AI-enabled workflows can automate identity verification, risk profiling, and monitoring tasks to help reduce manual effort.
For more information, or to see Maxsight™ in action, please get in touch.
Moody's can orchestrate an end-to-end customer due diligence process. It can automate any data checks with leading sources of identity, fraud, and AML information to build a risk profile for each customer, enabling FIs to understand their risk base and make decisions with confidence about each customer. Our customers create their own unique CDD ecosystem, combining automated workflows for CDD on any product in any jurisdiction.
We offer a single, powerful platform with a built-in risk engine to help automatically curate and update customer risk profiles. The platform has a full case management system where profiles can be reviewed and assessed on a perpetual basis. And it has the ability for direct communication with customers, as well as document collection and storage.
Electronic ID checks, checks for politically exposes persons (PEPs), sanctions, adverse media, and other risk factors can be automatically executed in a workflow of tasks defined by each financial institution to support know your customer activities and compliance with AML/CFT regulations. The workflows can also be configured for perpetual KYC or ongoing monitoring to delivering compliance efficiencies.
Integrate data and automated workflows powered by Moody’s extensive global entity and risk databases, including adverse media, sanctions, watchlists, PEPs, and ownership information.
Create an automated, risk-based digital onboarding approach that aligns with your risk policies and configuration. From due diligence to onboarding to ongoing monitoring to offboarding, Maxsight™ supports you to understand your customers and business partners and the associated risks.
Tailor workflows to manage third-party risk, KYC, and AML processes, integrating access to vast sources of up-to-date data for more effective decision-making.
Get in touch with us about Maxsight™ unified risk platform for customer onboarding and CDD processes - we would love to hear from you.