In today’s business and regulatory climate, a business should not only be concerned with making profits — it should also attempt to know who it has business dealings with. This means identifying and verifying customers’ identities and meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) guidelines. When a financial institution creates a new business partnership with individuals or organizations without fully knowing their past and present business dealings, it can expose them to hefty lawsuits and regulatory fines.
In fact, regulators around the world have levied nearly US$38.47 billion in fines against financial institutions, with $21.47 billion for AML and $16.9 billion for sanctions-related violations since 2000 (source: Financial Crime News).
But KYC compliance goes beyond ticking regulatory checkboxes. KYC helps financial institutions better understand and serve their customers and their unique needs. Before exploring the non-compliance benefits of KYC, let’s set the stage and review some key definitions and processes that make up KYC.
The KYC Process
KYC is the essential first step in AML compliance. Financial institutions and other organizations typically carry out the KYC process when online users open new accounts. Inherent within KYC is the notion of customer due diligence (CDD) which usually involves background checks to assess the risk they pose before dealing with them. In the financial sector, this usually involves vetting the user for creditworthiness and ensuring that they are not on any money laundering or terrorist financing watchlists.
The good news is that much of this vetting and AML screening has now been automated to verify your customers in minutes. With customer due diligence, financial institutions are performing important checks, but they’re not validating that the person is who they say they are and are not on any government watchlists. This is the domain of enhanced due diligence.
Dig Deeper with a Free Resource from Fintrail and Jumio
Ongoing Customer Due Diligence and Remediations
Enhanced Due Diligence (EDD) Defined
Enhanced due diligence (EDD) is a KYC and AML process that provides a greater level of scrutiny of potential business partnerships and highlights risk that cannot be detected by customer due diligence. EDD goes beyond CDD and looks to establish a higher level of identity assurance by obtaining the customer’s identity and address, and evaluating the risk category of the customer.
Enhanced due diligence is specifically designed for dealing with high-risk or high-net worth customers and large transactions. Because these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored in order to ensure that everything is on the up and up.
Enhanced Due Diligence vs. Customer Due Diligence
While some low-risk customers may be subject to simplified customer due diligence, it’s important for companies to understand the unique characteristics that set enhanced due diligence (EDD) apart from regular Know Your Customer (KYC) policies:
- Rigorous and Robust: EDD policies must be “rigorous and robust” which requires significantly more evidence and detailed information.
- Detailed Documentation: The entire EDD process must be documented in detail, and regulators should be able to have immediate access to enhanced due diligence reports. This demands more scrutiny when it comes to how data is captured and validating the reliability of those information sources.
- Reasonable Assurance: EDD requirements call for “reasonable assurance” when calculating a KYC risk rating. This means that the professionals responsible for making a “go” or “no go” decision must have completed all the necessary research steps and exercised professional skill and care in reaching their judgment.
- Special Attention for PEPs: Special attention must be paid to politically exposed persons (PEPs) — they’re viewed as being a higher risk because they are in positions that can be potentially abused for money laundering.
One of the challenges with EDD is knowing how much information about a customer is necessary to collect. Regulators have consistently favored risk-based approaches where financial institutions leverage documented risk assessment policies and procedures (e.g., automated AML screening) that provide sufficient assurance while also enabling regulators to electronically audit decisions made by banking officials.
When Is Enhanced Due Diligence Required?
While all businesses subject to oversight by the Financial Action Task Force (FATF) are required to implement CDD, EDD may be required for people or situations that present higher risk profiles. Typically, enhanced due diligence procedures are required when customers represent a greater risk than CDD guidance can solve for. Some examples of this include:
- High-risk customers like PEPs or known financial criminals and close family members.
- Business relationships with unclear or unexplained conditions. This could be, for example, an off-shore firm that serves customers in a far-off geographic location.
- Businesses where a significant amount of transactions are in cash. Cash-intensive businesses create more risk.
- Businesses that focus on anonymous transactions with no face-to-face interaction.
- Private banking institutions.
- Business in countries with active sanctions or embargoes (high-risk third countries) — or with a high rate of corruption, terrorist organizations or criminal activity.
- Businesses that facilitate transactions with unknown third parties, making it harder to track the source of funds.
- Businesses that represent a higher risk of money laundering.
The enhanced due diligence process is meant to find suspicious activity by requiring these businesses and organizations to gather additional information outside the scope of customer due diligence.
How to Conduct Enhanced Due Diligence
In line with the recommendations of the FATF, it is essential for companies to adopt risk-based EDD measures that are tailored to the specific AML/CFT risks posed by their customers. Here’s an example of a enhanced due diligence checklist to get you started:
- Identify high-risk factors: Start by identifying the high-risk factors that warrant enhanced due diligence. These may include factors such as the individual’s country of origin, type of business or reputation. For many financial institutions, accurately evaluating the customer’s risk level is essential for your AML compliance to avoid working with customers committing illegal activities.
- Additional assurance: Once you have identified high-risk factors, you may need to use additional credentials to verify the customer’s identity and assess their level of risk. This may involve conducting in-depth research using online databases, social media and other sources to gather more information about the customer.
- Adverse media and negative control: Conducting ongoing monitoring of adverse media and negative control lists can help identify any reputation or financial risks associated with a customer.
- On-site visit: Sometimes it is necessary to visit the physical address of the customer’s place of business, residence or legal entity to verify their identity and assess their level of risk.
- Reporting: Documenting all findings and actions taken during the EDD process is crucial for demonstrating compliance and responding to any regulatory inquiries. The customer’s risk profile is a detailed report outlining the steps taken to verify their identity and assess their level of risk, and any findings or red flags identified during the process.
Enhanced Due Diligence in Your Workflow
Increasingly companies are combining online identity verification and AML screening during the account onboarding process within a single, automated solution. For example, Jumio combines automated watchlist/PEPs/sanctions screening and monitoring with its online identity verification solution, giving financial institutions the ability to drill down into specific sanctions matches for a streamlined, real-time compliance review. This means customers can leverage a single dashboard for identity verification and screening and be immediately alerted if there’s a watchlist, PEPs or adverse media hit — both during onboarding and as an ongoing monitoring strategy.
EDD: Beyond Regulatory Scrutiny
Beyond avoiding painful fines and unwanted regulatory scrutiny, what’s the advantage of EDD?
1. Better Serve Your Customers
The EDD and identity verification processes yield a bunch of useful information about your customers, including employment status, age and purchasing power which can be repurposed to offer bespoke solutions to better serve their needs.
2. Enhance your Own Brand Reputation
When you properly screen your customers with enhanced due diligence measures, you can help prevent dirty money — money from corrupt politicians, criminals and terrorists — from sneaking into your ecosystem. This means taking the necessary precautions to know your customer at a more fundamental level — not just their company name and where they do business, but who owns the entity, also known as ultimate beneficial ownership (UBO). Building in the necessary safeguards will help defend against fraud loss, compliance fines and loss of reputation.
3. Deter Financial Crime
The idea is that knowing your customers — verifying identities, making sure they’re real, confirming they’re not on any prohibited lists and assessing their risk factors — can keep money laundering, terrorism financing and more run-of-the-mill fraud schemes at bay. An ounce of prevention lets you focus more on business growth because you’re conducting more business within a positive legal climate.
4. Build Trust
Sadly, trust is evaporating quickly. As cybercrime headlines continue to break, organizations need to focus not only on halting the flow of money laundering and corruption, but also on being seen as scrupulous custodians of their customers’ data and cash. Adopting KYC and EDD processes also telegraphs to your customers, and prospective customers, that your focus is on lawful business.
Thanks to emerging identity verification and screening technologies, banking customers can now identify themselves from anywhere in the world. But, if banks are to be sure the process of remote verification is failsafe so that funds — and sensitive data — are protected, they need to be a step ahead of every technological development and every hack.
Find Out How Jumio Can Help with Enhanced Due Diligence
Build trust with your customers, meet your regulatory requirements and avoid fines by implementing software that automates enhanced due diligence for you.
Jumio will help score customer risk profiles, ensure users are who they say they are and help your organization prevent costly fines and sanctions. Find out how we can help you now.
Originally published August 15, 2019; updated May 31, 2023