What Does CDD (Customer Due Diligence) Mean for Banks and Financial Companies?

Understanding CDD

You wouldn’t hire a new employee without making sure they’re the right fit for the job, right? Just as employers thoroughly vet candidates, banks and financial institutions need to have a good read on their prospective clients before allowing them to open an account. This is where customer due diligence comes into play.

What is Customer Due Diligence?

Customer due diligence (CDD) is at the heart of Anti-Money Laundering (AML) and Know Your Customer (KYC) initiatives, and is designed to help banks and financial institutions verify if customers are who they say they are, confirm they’re not on any prohibited lists and assess their risk factors. Put simply, CDD is the act of performing background checks on the customer to ensure that they are properly risk-assessed before being onboarded.

Why is CDD important?

When you consider what’s at stake, it starts to make a little more sense why banks and other financial institutions are spending big money on AML compliance. These countermeasures are designed to thwart the growing threat of money laundering, which unfortunately isn’t a tactic used by drug cartels alone — it’s now being used across a broad range of criminal enterprises.

Here are a few reasons to take CDD seriously:

  1. Big Compliance Fines: Enforcement actions related to AML have been on the rise. Since 2009, regulators have levied approximately $32 billion in AML-related fines globally. Most of these have been leveled against U.S. firms.
  2. Sophisticated Cyber Threats: Criminals are using more sophisticated means to remain undetected, including globally coordinated technology, insider information, the dark web and e-commerce schemes.
  3. Reputational Risk: AML incidents put a financial institution’s reputation on the line. In fact, the average value of each of the top 10 bank brands is $45 billion.
  4. Rising Costs: Most AML compliance activities require significant manual effort, making them inefficient and difficult to scale. The cost of AML compliance across U.S. financial services firms equaled $25.3 billion per year, with some major financial institutions spending up to $500 million annually on KYC and customer due diligence (Thomson Reuters).
  5. Poor Customer Experience: Compliance staff must have multiple touch points with a customer to gather and verify information. Perhaps not surprisingly, one in three financial institutions have lost potential customers due to inefficient or slow onboarding processes.

Some Quick CDD Legalese

Now that we’ve established for CDD as part of AML compliance, let’s cover off on some legal definitions to get us on the same page.

The application of customer due diligence is required when a firm covered by money laundering regulations enters into a business relationship with a customer or a potential customer. This includes occasional one-off transactions even though this may not constitute an actual business relationship. A customer/business relationship is defined as being formed when two or more parties engage for the purposes of conducting regular business or to perform a one-off transaction. The term “business relationship” applies where a professional, commercial relationship will exist with an expectation by the firm that it will have an element of duration.

A Better Customer Due Diligence Process

Given the time-consuming and manual nature of most CDD processes today, there’s little doubt that these processes can be streamlined and automated through better use of technology. The process starts with an online identity verification process. While there are a number of alternative verification methods, more and more companies are now relying on a government-issued ID (e.g., a driver’s license) and a corroborating selfie. But, this is just the start of the CDD process. Ideally, the process would also include a liveness check to ensure the applicant is physically present and not spoofing the system with a picture of someone else or using a doctored video.

After the person has been verified, the name is then screened against a number of online databases including government watchlists, PEPs (politically exposed persons), and adverse media. At this point, banks can now assign applicants to risk pools — low-to-medium risk individuals (those with no red flags) are allowed to create online accounts with little friction. Higher-risk individuals (e.g., those listed on government watchlists) are flagged for further review. These folks necessitate an extra layer of review by bank personnel who need to capture additional customer information to fully vet these users.

The graphic below walks through nine steps a financial institution may go through as part of their KYC process. We’ve talked to hundreds of banks and there seem to be hundreds of variations of how they perform customer due diligence. So, please consider this a strawman that enumerates the kinds of checks that can be performed to answer these fundamental questions:

  • Is the applicant the person who they claim to be online?
  • Does the risk profile of the applicant raise any red flags?

Sample Customer Due Diligence Flowchart

Low-risk individuals can be fast-tracked through the approval process. Thanks to automation of online identity verification and AML screening, this streamlined process can be 40% more efficient than traditional manual processes. This means decisioning time can be cut to under 2 hours for low-risk individuals, with this process often completed in minutes. However, the decisioning time for higher-risk individuals may still take longer, sometime between 48 and 72 hours, because of the extra review time needed to vet these individuals. Assuming that more than 90% of your applicants will fall into the low-to-medium risk pool, the cost and efficiency gains of automated identity verification and AML screening can have a dramatic reduction on AML costs and improvement in the user experience.

Once the customer has been successfully onboarded, the process isn’t over. After all, banks need to monitor their customers on an ongoing basis to ensure they remain in compliance and flag any suspicious behavior. This part of CDD is known as transaction monitoring.

With transaction monitoring, financial institutions can better identify changes in customer behavior over time and be alerted to typical money laundering scenarios.This means banks need to monitor for suspicious activity and spot patterns that may be indicative of money laundering, financial crimes, corruption, drug trafficking or other criminal activity. Indeed, a transaction involving the leader of a drug cartel is much more likely to be suspicious than a transaction involving a “round amount” (e.g., €10,000). Increasingly, regulators are demanding that banks bake transaction monitoring into their CDD processes. Just as individuals were scored and put into risk categories during the identity proofing stage, individual transactions can also be scored and combined with advanced algorithms that track expected vs. actual transaction behavior, and will update the banking customer’s risk rating in real-time.

Ongoing screening needs to occur since a customer may not have been initially on any watchlists when they created the account, but suddenly they can appear on one today. By continually checking and pinging established (and constantly refreshed) databases (including OFAC, HMT, UN and thousands of other government, regulatory, law enforcement, fitness and probity watchlists) as well as through thousands of subscribed and global news sources, banks can be notified immediately via an alert. If a customer appears on one of these PEPs and sanctions lists, they can mitigate risk and take appropriate next steps. This ensures that the bank is kept informed of any status changes to their existing customer base in real time.

Better identity verification and AML screening solutions are enabling financial institutions to meet the requirements of regulators, banking partners and auditors with an electronic audit trail of all system and user actions with date and time stamps. These solutions help banks spot patterns and outliers by monitoring current transactions alongside historic transaction and behavior data.

A More Enlightened Approach to CDD

Complying with KYC and AML requirements has made even opening a new account a long and complex journey for corporations. While estimates vary, banks take an average of 24 days to complete the customer onboarding process (Thomson Reuters, 2017) and many suspect it’s only getting worse thanks to increasing regulations.

Beyond the time involved, customers also resent having to provide all the information requested of them. While some may have something to hide, many balk because they find it overly intrusive and they believe (sometimes correctly) other institutions are not asking for the same information. The more time and the more hurdles banks place before legitimate customers, the higher the abandonment rates and these costs can often far exceed the cost of any perpetrated fraud (when one considers the lifetime value of those lost or abandoned customers).

But, there’s a bit of good news here. A growing number of banks and fintechs are discovering how to automate their CDD (and, if necessary, enhanced due diligence) processes resulting in a vastly better customer experience and a dramatic reduction in online abandonment rates. You probably know where I’m headed with this, so, instead, I will merely suggest that you explore these new technologies to see how they can shave minutes (or even hours) off your onboarding process. The payback will be sizable and almost immediate.

Jumio