The Relationship Between Know Your Customer (KYC) & Customer Due Diligence (CDD)

Anti-money laundering (AML) regulations are necessary to battle crimes in the financial services industry, including terrorist financing, identity fraud and illegal drug transactions. They are the primary means used to reduce this type of unlawful activity.

AML regulations encompass several subsets. Know Your Customer (KYC) is perhaps the most important of these subsets and, in turn, has three parts:

  • Customer Identification Program (CIP)
  • Customer Due Diligence (CDD)
  • Ongoing Monitoring

KYC is designed to verify a customer’s identity, financial profile and risk level, and CDD is the key to this process.

Customer Due Diligence (CDD) means collecting and evaluating the new customers’ information and determining their risk for illegal financial transactions. AML cannot work without KYC and CDD. They completely depend on each other.

AML vs. KYC vs. CDD

AML is a set of directives meant to deter, reduce and detect financial crimes within financial institutions and other organizations. Successful adherence to AML compliance laws relies on both KYC and CDD.

KYC begins during customer onboarding with a Customer Identity Program (CIP) and includes getting the new customer’s information, including full name, phone number and ID documents, which allows financial institutions to verify a customer’s identity. Organizations must determine that these potential customers are who they claim to be before they risk fully onboarding them.

A variation of KYC is Know Your Business (KYB), a process for determining the identity of business owners, including beneficial owners – those people who benefit from the business and whose identities may be somewhat hidden.

CDD is a crucial part of the KYC process that begins during onboarding and continues on an ongoing basis throughout the customer lifecycle. An account can operate legally in the beginning and only later start to reflect suspicious activity.

Dig Deeper with a Free Resource from Fintrail and Jumio

Ongoing Customer Due Diligence and Remediations

KYC Processes: What Does KYC Include?

KYC processes include three main parts:

  • Customer Identification Program (CIP) – Financial services companies must collect four pieces of identifying information from potential clients: full name, date of birth, legal address and valid identification number.
  • Customer Due Diligence (CDD) – The customer’s credentials are evaluated to verify their identity and risk of suspicious activity. High-risk customers are then subject to a higher level of scrutiny. (This phase is also sometimes called KYC Due Diligence.)
  • Ongoing Monitoring – Financial services companies are required to perform ongoing monitoring on higher-risk accounts. Your company must closely examine these customers’ transactions, often in real time. For risk management purposes, you might need to ask them to give more information to your financial institution as time passes.

KYB is KYC with a few differences. Know Your Business requires identifying the ultimate beneficial owners of the company, those individuals actually benefiting the most from the business. These people are not necessarily those listed on the company’s masthead, so you must closely examine the client’s business relationships to identify them.

What Are the Different Levels of Customer Due Diligence?

Customer Due Diligence must be tailored to fit the client’s risk profile. During this process, you create customer risk profiles that determine the level of CDD each customer receives. From this risk assessment, each customer will be assigned one of the following Customer Due Diligence levels.

Simplified Due Diligence

If you determine that a customer is at low risk of suspicious activity, you only need to check their government ID. You do not need to verify the identification.

Standard Due Diligence

Standard Due Diligence (SDD) means the customer is at average risk of suspicious activity, so you need to perform identity verification using a reliable, independent source.

Enhanced Due Diligence

Once you identify a customer as high-risk, you will need to verify them more thoroughly through enhanced due diligence (EDD). You can do so by asking for extra ID from them, information about the source of their funds, the nature of their business relationships and the reason for their transactions. Monitoring these clients is ongoing during the length of your business relationship.

These higher-risk individuals include politically exposed persons (PEPs), people on governmental sanctions lists, those on financial watchlists, etc. You will also need to look for adverse media about the client and examine other potential risks of this customer relationship.

KYC Due Diligence Failures: What Happens if Financial Institutions Fail To Meet Compliance Standards?

If your company fails to meet KYC policy standards, you will receive more than a slap on the wrist. In 2021, 80 companies were fined a total of $2.7 billion. The number of companies receiving these fines rose from 24 the previous year.

For instance, FinCEN fined one business $390 million for “willful and negligent violations of the Bank Secrecy Act.” The main complaint was that the company did not file thousands of suspicious activity reports (SARs) for a period of years and simply ignored suspicious transactions. This practice allowed financial criminals to operate unchecked in a unit that served check-cashing businesses.

Negligence on the part of your company can lead to huge fines, reputational damage and potential prosecution. Poor AML practices also enable terrorist financing, identity fraud and illegal drug trafficking.

KYC Solutions: Meeting KYC Due Diligence Standards

KYC, and its major component CDD, are essential parts of an effective AML effort. Following these directives means assessing risk levels, verifying identities and determining the source of funds. High-risk clients require ongoing monitoring to prevent them from using your platform to engage in suspicious financial activity.

These regulations can seem daunting, but Jumio can help you stay compliant while preserving the customer experience. We offer frictionless onboarding and automation that enables CDD without placing an undue burden on you or the potential customer. For more information, contact us today.

jumio kyx platform

Updated February 13, 2023


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.