In today’s increasingly complex financial landscape, customer due diligence (CDD) has become a critical component of effective anti-money laundering (AML) compliance programs. As financial crime grows more sophisticated and regulations tighten worldwide, banks and financial institutions must strengthen their CDD processes to reduce risk and meet regulatory expectations.
This guide provides a clear, step-by-step customer due diligence checklist designed to help organizations bolster their AML efforts while ensuring a smooth customer onboarding and monitoring experience.
What Is Customer Due Diligence (CDD)?
Customer Due Diligence, or CDD, is a structured process that financial institutions use to evaluate the identity and risk profile of their customers both before onboarding and throughout the business relationship. The core goals of CDD include preventing money laundering and terrorism financing, detecting suspicious activity early, and creating an audit-proof onboarding process.
CDD is a fundamental part of broader regulatory frameworks such as Know Your Customer (KYC) and AML. While KYC focuses primarily on verifying a customer’s identity, CDD builds on that foundation by assessing the legitimacy and risk associated with the customer relationship and ensuring ongoing monitoring.
CDD vs KYC vs EDD: What’s the Difference?
Understanding the distinctions between CDD, KYC, and Enhanced Due Diligence (EDD) is key to implementing a compliant and efficient AML program. Here’s a comparison table to clarify their purposes, activities, and timing:
| Term | Purpose | Key Activities | When It’s Used |
|---|---|---|---|
| Know Your Customer (KYC) | Verify identity and understand customer behavior | ID verification, document checks, screening | At onboarding |
| Customer Due Diligence (CDD) | Assess the risk and legitimacy of the customer | Risk profiling, ownership checks, ongoing monitoring | Before and during the relationship |
| Enhanced Due Diligence (EDD) | Apply extra scrutiny to high-risk customers | In-depth investigations, PEP screening, adverse media | For high-risk or suspicious accounts |
CDD Requirements Under AML Regulations
Regulatory bodies globally enforce strict customer due diligence requirements to prevent financial crime. In the U.S., agencies like FinCEN oversee CDD obligations under laws such as the Bank Secrecy Act (BSA). Globally, organizations like the Financial Action Task Force (FATF) and regional regulators, including the EU’s 6th AML Directive (6AMLD), MAS in Singapore, and AUSTRAC in Australia, impose similar mandates.
Core CDD requirements include:
- Verifying customer identity accurately.
- Understanding the purpose and nature of the business relationship.
- Identifying and verifying ultimate beneficial owners (UBOs).
- Assessing customer risk profiles based on multiple factors.
- Conducting ongoing monitoring throughout the relationship lifecycle.
Failure to comply with these requirements can result in significant penalties, including hefty fines, license revocation, and reputational damage.
The Complete Customer Due Diligence Checklist
Below is a comprehensive checklist to guide your customer due diligence process at every stage, helping you meet anti-money laundering compliance standards effectively:
| CDD Phase | Checklist Item | Why It Matters |
|---|---|---|
| Identity Verification | Collect government-issued ID (passport, driver’s license) | Confirms identity and reduces fraud risk |
| Conduct biometric checks (selfie, liveness) | Prevents impersonation and deepfakes | |
| Match selfie with ID photo | Confirms the person is presenting their own ID | |
| Verify address and contact information | Ensures the customer is real and reachable | |
| Risk Assessment | Analyze customer geography | High-risk countries may require EDD |
| Determine account type and expected transaction volume | Helps assign appropriate risk tier | |
| Check occupation and source of funds | Detects shell companies or front entities | |
| Sanctions Screening | Screen against OFAC, EU, and UN sanctions lists | Mandatory to avoid illegal activity |
| Screen for politically exposed persons (PEPs) and adverse media | Identifies customers requiring extra scrutiny | |
| Beneficial Ownership Verification | Identify all UBOs with 25%+ ownership | FATF mandates transparency for entity accounts |
| Verify UBO identity and screen them | Prevents misuse of shell companies | |
| Ongoing Monitoring | Set transaction thresholds and alerts | Detects suspicious activity early |
| Schedule periodic reviews (e.g., every 12–18 months) | Keeps risk profiles updated |
CDD for Businesses vs Individuals
CDD for Individuals
For individual customers, the process typically involves collecting government-issued IDs, performing biometric verification, and validating addresses. Additionally, sanctions screening and PEP flagging are conducted. Risk levels are assigned based on factors such as geography, profession, and account purpose.
CDD for Businesses
Business customers require more extensive due diligence, including verifying company incorporation documents, understanding the nature of the business and its revenue model, identifying all UBOs, and screening them. The process also includes monitoring transaction size, frequency, and cross-border activities to detect suspicious patterns.
Enhanced Due Diligence (EDD): When and How to Use It
EDD is reserved for higher-risk customers or situations, such as:
- Customers operating in high-risk jurisdictions.
- Large or unusual cash transactions.
- Complex or opaque ownership structures.
- Use of cryptocurrencies or other emerging financial products.
EDD involves more in-depth media and background screenings, possibly including in-person or video interviews, submission of additional documents like utility bills and tax filings, and requires senior compliance approval.
Common Customer Due Diligence Questions for Onboarding & Monitoring
Effective customer due diligence relies on asking the right questions to understand customer risk profiles and detect potential compliance issues early.
- What is the nature of your business or source of income?
- Are you the ultimate beneficial owner of this account?
- Will you be conducting international wire transfers?
- Do you work in a high-risk industry (e.g., gambling, crypto, remittance)?
- Have you ever been investigated or sanctioned?
How to Improve the CDD Process with Automation
Modern AML compliance increasingly relies on automation to improve the customer due diligence process. AI-powered identity verification tools can speed up onboarding while enhancing fraud detection. Real-time sanctions and PEP screening APIs help maintain regulatory compliance, while dynamic risk scoring systems allow for continuous, centralized monitoring.
Benefits include:
- Reduced onboarding time and operational costs.
- Fewer manual errors and inconsistencies.
- Enhanced ability to detect and prevent financial crime.
FAQs
What is CDD?
Customer Due Diligence (CDD) is the process by which financial institutions verify their customers’ identities, assess their risk levels, and monitor their ongoing activities. It is a foundational pillar of AML compliance programs designed to prevent money laundering, terrorism financing, and fraud.
What is CDD in banking?
In banking, CDD refers to mandatory procedures for verifying customer identities, understanding their financial behavior, and assessing risk throughout the customer lifecycle. Banks perform CDD to comply with regulatory obligations like the Bank Secrecy Act and FATF guidelines.
What does CDD mean?
CDD stands for Customer Due Diligence — a regulatory requirement and practical tool to reduce financial crime risk by ensuring institutions know exactly who their customers are.
What are customer due diligence requirements in banking?
These requirements include verifying identity, conducting ownership checks, sanctions screening, and performing ongoing monitoring for suspicious behaviors.
What’s the difference between CDD and EDD?
CDD is the standard risk assessment applied to most customers, while EDD is a deeper, enhanced process for high-risk individuals or entities, involving more thorough checks and documentation.
Why is CDD important in AML compliance?
CDD helps detect and prevent money laundering by verifying who the customer is, their risk level, and their transaction behaviors.
What is the difference between KYC and CDD?
KYC focuses mainly on identity verification and initial risk assessment at onboarding, whereas CDD encompasses ongoing risk monitoring, beneficial ownership checks, and periodic reviews.
What are CDD and EDD used for in AML compliance?
Both are used to identify and mitigate financial crime risk. CDD applies to all customers as a baseline, while EDD targets high-risk cases requiring enhanced scrutiny.
How often should customer due diligence be conducted?
Frequency depends on risk level: low-risk customers every 3-5 years, medium-risk annually, and high-risk quarterly or more frequently. Additionally, significant changes in customer behavior should trigger CDD reviews.
What are the consequences of inadequate CDD procedures?
Inadequate CDD can lead to regulatory penalties, license revocation, increased fraud exposure, reputational damage, and operational losses.
How do CDD requirements vary by customer type?
Business customers require more extensive documentation and ownership verification. High-risk customers of any type require enhanced due diligence and more frequent monitoring.
Trusted CDD Solutions from Jumio
A strong AML compliance banking program is only as effective as its customer due diligence framework. By leveraging Jumio’s advanced identity verification and risk solutions, organizations can automate and strengthen their CDD workflows — making them smarter, faster, and more reliable.
Ready to improve your CDD process? Just fill out this form, and we’ll reach out to discuss how Jumio can help you meet customer due diligence requirements.
