Anti-money laundering customer due diligence

Your anti-money laundering responsibilities

Customer due diligence is a foundation of know your customer (KYC) processes and AML strategies. CDD requires companies to understand who their customers are, their financial behaviors, and what kind of money laundering or terrorism financing risk they present. All Financial Action Task Force (FATF) member states must implement CDD methods.

Financial institutions have several responsibilities regarding AML, including devising a comprehensive anti-money laundering policy, which we'll cover in detail later. 

However, there is also a number of important reasons why financial institutions should carry out customer due diligence regardless. In fact, carrying out appropriate customer due diligence ensures:

• The organization remains compliant with the regulations and laws of the regions or markets they are operating in
• The customer attempting to access the service is exactly who they're claiming to be
• Customers are not trying to commit fraud, launder money, or finance terrorism

What are the key CDD requirements in AML?

The four key customer due diligence requirements typically include:

• Identity Verification: Financial institutions must verify the identity of their customers  by collecting reliable, independent source documents, data, or information.
• Risk Assessment: Banks and financial entities are required to assess the risk level associated with each customer, which may be influenced by the customer’s background, type of business activity, the nature of the business relationship, and the country of operation.
• Ongoing Monitoring: This involves regular scrutiny of transactions and accounts to detect any unusual or suspicious activities that deviate from the customer's profile or business patterns.
• Beneficial Ownership: For legal entity clients, institutions must take steps to understand the ownership and control structure of the customer, identifying the ultimate beneficial owners.

Enhanced due diligence measures and when to use them

Enhanced due diligence (EDD) is a KYC process that highlights risks that cannot be detected by the usual AML customer due diligence processes.

EDD goes beyond CDD. It looks to establish a higher level of identity assurance and accurately evaluates the risk category of the customer. EDD measures vary from CDD measures in the following ways:

• They're more rigorous and robust, and they require significantly more evidence and detailed information from the customer
• The entire EDD process must be documented in detail, and regulators must be provided with immediate access to EDD reports
• EDD requirements call for “reasonable assurance” when calculating KYC risk. This means staff members must follow the necessary research steps and exercise professional skills when reaching a judgment
• Special attention must be given to politically exposed persons (PEPs)

EDD measures should be used when dealing with high-risk or high-net-worth customers and large transactions. This is because these transactions and customers pose greater risks to the financial sector - and are therefore heavily regulated and monitored.

By employing EDD measures for high-risk transactions and individuals, you can avoid fines and unwanted additional regulatory scrutiny. However, using these measures also provides you with other benefits. For example, by capturing more information from your customers, you can offer them bespoke solutions that better suit their needs. On top of this, by properly screening your customers, you can deter financial crime and enhance your own brand reputation by preventing dirty money from accessing your ecosystem.

The importance of risk-based CDD in an AML policy

Guidance from the Financial Action Task Force (FATF) states that companies should implement risk-based CDD measures as part of their AML due diligence policies. These measures should reflect the specific level of AML/CFT risk that individual customers present.

Risk-based customer due diligence is a way for companies to balance their compliance obligations with their budget and their resource requirements. Plus, by ensuring that checks aren't too onerous, companies can ensure that the customer experience is preserved.

With a risk-based approach to CDD, a business can deploy the faster and more efficient CDD for low-risk customers, and the more enhanced due diligence for high-risk customers. An effective CDD process for customer onboarding will follow all the following steps:

• Prior to starting a relationship with the new customer, a company will establish the identity and business activities of the individual involved
• Once a customer has been identified and their identity has been verified, the company will categorize the level of risk this customer poses. This should then be documented, so it can be used for future regulatory checks
• Now that a customer's risk category has been determined, the company will determine whether EDD measures are needed. If so, these should be carried out before a customer accesses a product or service

These checks are simple to run when you enlist the help of an AML and KYC compliance solution. Thankfully, with the help of our Identity Verification & AML screening tool, you will find it easy to verify exactly who your customers are and fight fraud.

Once onboarded, you can also monitor your customer on an ongoing basis and get notified if anything changes.

What are the key CDD requirements in AML?

The four key customer due diligence requirements typically include:

• Identity Verification: Financial institutions must verify the identity of their customers  by collecting reliable, independent source documents, data, or information.
• Risk Assessment: Banks and financial entities are required to assess the risk level associated with each customer, which may be influenced by the customer’s background, type of business activity, the nature of the business relationship, and the country of operation.
• Ongoing Monitoring: This involves regular scrutiny of transactions and accounts to detect any unusual or suspicious activities that deviate from the customer's profile or business patterns.
• Beneficial Ownership: For legal entity clients, institutions must take steps to understand the ownership and control structure of the customer, identifying the ultimate beneficial owners.

Enhanced due diligence measures and when to use them

Enhanced due diligence (EDD) is a KYC process that highlights risks that cannot be detected by the usual AML customer due diligence processes.

EDD goes beyond CDD. It looks to establish a higher level of identity assurance and accurately evaluates the risk category of the customer. EDD measures vary from CDD measures in the following ways:

• They're more rigorous and robust, and they require significantly more evidence and detailed information from the customer
• The entire EDD process must be documented in detail, and regulators must be provided with immediate access to EDD reports
• EDD requirements call for “reasonable assurance” when calculating KYC risk. This means staff members must follow the necessary research steps and exercise professional skills when reaching a judgment
• Special attention must be given to politically exposed persons (PEPs)

EDD measures should be used when dealing with high-risk or high-net-worth customers and large transactions. This is because these transactions and customers pose greater risks to the financial sector - and are therefore heavily regulated and monitored.

By employing EDD measures for high-risk transactions and individuals, you can avoid fines and unwanted additional regulatory scrutiny. However, using these measures also provides you with other benefits. For example, by capturing more information from your customers, you can offer them bespoke solutions that better suit their needs. On top of this, by properly screening your customers, you can deter financial crime and enhance your own brand reputation by preventing dirty money from accessing your ecosystem.

The importance of risk-based CDD in an AML policy

Guidance from the Financial Action Task Force (FATF) states that companies should implement risk-based CDD measures as part of their AML due diligence policies. These measures should reflect the specific level of AML/CFT risk that individual customers present.

Risk-based customer due diligence is a way for companies to balance their compliance obligations with their budget and their resource requirements. Plus, by ensuring that checks aren't too onerous, companies can ensure that the customer experience is preserved.

With a risk-based approach to CDD, a business can deploy the faster and more efficient CDD for low-risk customers, and the more enhanced due diligence for high-risk customers. An effective CDD process for customer onboarding will follow all the following steps:

• Prior to starting a relationship with the new customer, a company will establish the identity and business activities of the individual involved
• Once a customer has been identified and their identity has been verified, the company will categorize the level of risk this customer poses. This should then be documented, so it can be used for future regulatory checks
• Now that a customer's risk category has been determined, the company will determine whether EDD measures are needed. If so, these should be carried out before a customer accesses a product or service

These checks are simple to run when you enlist the help of an AML and KYC compliance solution. Thankfully, with the help of our Identity Verification & AML screening tool, you will find it easy to verify exactly who your customers are and fight fraud.

Once onboarded, you can also monitor your customer on an ongoing basis and get notified if anything changes.

Create and follow an AML policy

The exact AML due diligence policy you'll need to create will depend on the type of business you run and the regulations and laws in the regions or markets where you operate. For example, in the EU, companies must comply with the Anti-Money Laundering Directive. However, firms in the US must make sure they comply with the Bank Secrecy Act.

Regardless, all AML compliance policies contain similar elements. To ensure compliance, your AML due diligence policy should contain:

• An effective system that helps you identify and report suspicious activity
• An ability to identify high-risk customers
• A system for monitoring customers on an ongoing basis
• A compliance officer who leads your efforts
• A series of internal practices that help you meet regulatory compliance
• Accurate risk assessments
• Provisions for an independent audit
• Adequate training for staff members

Let's look at some of these factors in greater detail.

Ongoing monitoring

A customer's risk profile will likely change during their time with your business – as they move jobs, change locations, and earn/spend more money. As a result, you need to monitor each customer on an ongoing basis. After all, if something changes, then you need to be aware before they begin to exploit your business.

Risk assessments

You should also regularly assess the AML risk that's associated with your business. There's no prescribed way of doing this, and you can decide for yourself how you carry out the risk assessment. However, you should document the risk assessment and update it regularly.

The complexity of your risk assessment will depend on the size and structure of your business, the range of activities your business carries out, and the nature of the products and services it supplies.

When assessing the risks that apply to your business, consider the following factors:

• The types of customers you have
• Where you and your customers are based
• The behavior of your customers
• How customers come to your business
• The products you sell or the services you offer
• Your delivery channels and payment processes, for example, cash over the counter, electronic transfers, or wire transfers
• Where the funds of your customers come from or go to

Once you've carried out your AML risk assessment, you need to put policies, controls, and procedures in place to reduce any money laundering risks that you've identified. You also need to monitor your business on an ongoing basis to make sure your controls are effective.

When appropriate, you should also get your AML processes, procedures, and risk assessments independently audited to ensure that there aren't any weaknesses.  

Record keeping

Keep a record of all anti-money laundering customer due diligence measures that you carry out, including:

• Customer identification documents that you've obtained
• Risk assessments you've carried out
• Your policies, controls, and procedures
• Staff training records

By keeping records, you'll be able to demonstrate law enforcement officials and regulators that you have complied with regulations. If you're audited or there's an investigation into one of your customers, you'll be expected to hand over all this information promptly.

As part of this process, it's vital that you develop and implement internal guidelines regarding information sharing within your organization. You should assign clear roles and report any suspicious activities immediately.

Transaction reporting

Depending on the exact nature of your business, you may need to monitor customer transactions on an ongoing basis. This way, you can see whether a customer's activity is consistent with their risk profile. If it isn't, you'll need to report the change in activity immediately.

In the US, for example, if a customer attempts a currency transaction of more than $10,000, then a bank must file a currency transaction report (CTR). And, if a bank believes that a customer's activity is suspicious, then it must file a suspicious activity report (SAR).

This means you must have the ability to handle and quickly expose activities related to money laundering, such as finding fake data or abnormally big sums of money deposited into a particular account. A system or a piece of software can help you with this. Some of these systems can also file reports automatically.

Appoint an AML compliance officer

To oversee your AML policies and ensure that you're compliant with latest regulations, appoint an AML compliance officer. This individual will be responsible for overseeing the development and implementation of your AML program –  to ensure that the institution is not exposed to criminal risk and does not inadvertently facilitate financial crime.

The AML compliance officer is also responsible for ensuring that employees are aware of their company's AML policy and that they have received training about this. Training is particularly important in departments where staff come into direct contact with clients, as improved knowledge gives them the insight required to spot suspicious activities.

Speak with the experts at Veriff

If you run a financial institution, then having proper anti-money laundering customer due diligence processes in place is vital. Thankfully, our IDV & AML Screening solution can help you fight financial crime and show regulators that you take financial crime and compliance seriously.

Veriff’s Proof of Address product has been bolstered with additional data extraction capabilities to work seamlessly alongside our product ecosystem. The updates to POA will further reduce user friction, lower costs, and continue to comply with regulators. Ensure your customers aren’t waiting hours, or even days, for approval.

If you'd like to hear more about how our solution can help you, then talk to our compliance experts today.