What is Customer Due Diligence (CDD)?

What is customer due diligence (cdd)?

Financial institutions and other regulated businesses employ Customer Due Diligence (CDD), a key Know Your Customer (KYC) process, to mitigate risks in business relationships, prevent financial crime, and ensure compliance with regulatory requirements. The essence of CDD lies in establishing customer identities and assessing the risks associated with forging a business relationship with them.

This guide delves into the intricacies of CDD checks and common customer due diligence challenges. It further highlights practical CDD measures, recent trends, and technological advancements, emphasizing the transition toward digital customer due diligence solutions.

What is Customer Due Diligence?

Customer due diligence refers to the process by which companies, particularly financial institutions and other regulated entities, collect and analyze customer information to ensure compliance with various legal and regulatory prerequisites. Customer due diligence involves conducting manual or automated checks to verify customer identities and understand the nature of their financial history in line with the potential risks a customer presents.

The US Federal Financial Institutions Examination Council (FFIEC) recommends that a robust Anti-money Laundering (AML) compliance program adopt thorough CDD measures, especially for high-risk customers.

The Three Levels of Customer Due Diligence

Companies commonly adopt three nuanced levels of customer due diligence, each aligned to the customer’s risk profile. This strategy aligns with the Risk-Based Approach (RBA), as recommended by the Financial Action Task Force (FATF). You can learn more about the topic here: What is a Risk-Based Approach (RBA)?

By adopting these varying levels of due diligence, a financial institution can ensure an effective risk management strategy, enabling it to respond swiftly to diverse customer risk scenarios.

What is customer due diligence (cdd)? Due diligence levels kyc/aml & idv: sdd, cdd, edd

Simplified Due Diligence (SDD)

Simplified due diligence applies when there is a low risk of involvement in financing terrorism or money laundering. SDD involves lighter KYC procedures with low identity assurance requirements. Nonetheless, businesses may run enhanced due diligence on low-risk customers to better assess customer relationships and improve trust.

Basic Due Diligence (BDD)

BDD is also referred to as standard due diligence or basic customer due diligence. It is the most common level of CDD and involves customer identification and data verification. Customer details can be verified using a government-issued ID, reliable third-party databases, and private data sources. For businesses, BDD also involves confirming the customer’s activities, source of funds, business model, and ultimate beneficial ownership.

Ultimate Beneficial Ownership UBO

Enhanced Due Diligence (EDD)

High-risk customers, such as Politically Exposed Persons (PEPs) or clients from high-risk countries, must undergo enhanced due diligence. EDD involves gathering additional identity information and establishing the sources of wealth or funds. Understanding the intended business relationship and the purpose of potential customer transactions is also essential.

Several jurisdictions have enacted laws mandating that financial institutions establish EDD measures. Examples include the European Union’s 6th Anti-Money Laundering Directive (6AMLD) and the Bank Secrecy Act (BSA) in the United States. You can learn more about the topic here: Navigating the World of Enhanced Due Diligence.

Case Study: ESG Compliance

Historically, Environmental, Social, and Governance (ESG) factors weren’t considered compliance issues. However, new mandates from bodies such as the Securities and Exchange Commission (SEC) highlight the changing nature of regulations, leading to the need for ongoing monitoring procedures.

For instance, in 2022, the SEC fined Goldman Sachs Asset Management $4 million for not adhering to its ESG guidelines. Therefore, when considering partnerships, it is vital to conduct a thorough risk assessment to avoid reputational risk and foster responsible business relationships.

EDD Benefits | The benefits of Enhanced Due Diligence

When is Customer Due Diligence Required?

The need for CDD emerges at different stages, whether at the beginning of a business relationship, during transactions of significant value, or in scenarios that require higher scrutiny due to emerging concerns. The following are instances when a CDD process is needed:

  1. New Business Relationship: Businesses collect relevant information when a customer onboarding process is initiated to ensure they are who they claim to be, preventing identity fraud.
  2. Occasional Transactions: CDD assessments are warranted for financial transactions exceeding regulatory thresholds or which involve companies or individuals from a high-risk country.
  3. Suspicion of Money Laundering: Suspicious activity from a returning or new customer might hint at involvement in terrorist financing or money laundering.
  4. Unreliable or Fake Documentation: Businesses apply additional identification measures to resolve discrepancies when a customer provides inadequate identification documents.
  5. Ongoing Monitoring: CDD is an ongoing process that involves monitoring business relationships to ensure they align with customer risk profiles.
When is customer due diligence (cdd) required?

The Customer Due Diligence Rule Requirements

The FATF recommends several requirements for a reliable customer due diligence process as part of Recommendation 10:

  • Verifying a new customer’s identity or establishing a business relationship.
  • Identify the ultimate beneficial owners and verify their identity.
  • Evaluating suspicious transactions to minimize money laundering risks.
  • Ongoing monitoring and reporting activities indicative of financial crime to assist law enforcement.
  • Maintaining and updating information and customer profiles.

Customer Due Diligence Checklist

FATF guidelines recommend that financial institutions and other regulated entities tailor their CDD process to the risk profile posed by their business model and customer base. Companies can balance compliance obligations, operational resources, and budgetary requirements with the help of an Identity Verification (IDV) provider. Here is a reliable customer due diligence checklist:

1. Collecting Customer Information

Customer authentication, typically part of a financial institution’s Customer Identification Program (CIP), involves collecting customer data, such as full name, date of birth, contact details, nationality, and sources of funds or wealth when relevant. This information is required to verify a customer’s identity and ensure they aren’t suspected or sanctioned for illicit financial behavior such as terrorist financing or other financial crimes.

The business should have a process for customer information updates and maintenance and conduct ongoing monitoring to prevent financial crimes. It’s recommended to use an identity verification solution that simplifies data collection and provides a unified, clear view of each customer’s identity.

2. Smart Screening for High Accuracy

Many IDV platforms promote fuzzy name matching as a critical feature for CDD processes. However, this method mainly handles misspellings and minor variations, leaving other crucial aspects unaddressed.

It doesn’t effectively tackle issues like phonetic similarities, transliterations, linguistic variations, non-Latin scripts, patronymics, honorifics, titles, or out-of-order names. ComplyCube offers a comprehensive KYC solution that covers these aspects for more reliable and thorough verification.

3. Defining Customer Acceptance Policies

CDD measures may vary based on factors such as the customer’s risk profile, geographical location, jurisdictional regulations, etc. Therefore, businesses should define a bespoke, risk-based approach with clear customer acceptance criteria for their services and products. This step also contributes to risk profiling, defining thresholds, and alert monitoring.

4. Risk Profiling Based on Customer Data

Companies should determine a client’s risk level based on the information collected and the initial identification processes. Businesses can define custom thresholds for low-risk and higher-risk customers with the help of an AML/KYC solution that covers risk scoring.

The KYC provider calculates a risk score for new customers based on a suite of risk attributes such as country, political exposure, and occupation risks, among other vectors. These factors aid in determining the level of the due diligence that should be applied: simplified, basic, or enhanced.

5. Case Management for Alert Monitoring

Incorporating case management with monitoring and alerts empowers analysts to delve into suspicious activities and swiftly investigate financial crimes. A robust Case Management solution should offer a seamlessly integrated experience enriched with contextualized data like detailed match breakdowns.

This facilitates investigators in organizing, prioritizing, and managing investigations while effortlessly dismissing false positives. Additionally, it ensures the creation of a permanent audit trail for regulatory scrutiny.

6. Ongoing Monitoring for Risk Mitigation

Regardless of a client’s risk level, companies must continuously monitor and update customer data to detect changes and identify suspicious activity. Maintaining an audit trail for ongoing monitoring and documenting findings following an alert is essential.

An effective monitoring system should be adaptable and bolstered by robust technology that seamlessly integrates with existing platforms, offering real-time alerts and a user-friendly interface for analysts to swiftly respond to and mitigate potential risks and issues.

Customer Due Diligence checklist

Challenges in Implementing CDD

Implementing a CDD process is a critical yet complex endeavor for companies striving to adhere to regulatory requirements while ensuring a smooth customer experience. This compliance requirement presents several challenges for various financial services firms and other regulated institutions, among which the following two are particularly notable:

  1. Adapting to Global Regulatory Frameworks

Companies operating internationally face the challenge of navigating a mixture of regulatory frameworks. The varying and sometimes conflicting regulations across different jurisdictions can pose a significant hurdle in standardizing CDD processes, leading to the complex task of finding ways to maintain compliance while operating efficiently. This requires a robust compliance framework, a well-informed team, and a robust identity verification partner to simplify the verification process.

  1. Balancing Customer Experience and Compliance

Striving for a seamless customer experience while adhering to stringent due diligence requirements can be a tightrope walk. Companies often find it challenging to collect necessary information without alienating customers or compromising the speed and ease of service. This balance is crucial to maintaining trust and offering a great user experience while ensuring regulatory compliance.

Customer Due Diligence for Financial Institutions

CDD is vital for banks and other financial institutions to ensure compliance, manage financial risks, prevent money laundering and terrorist financing, and establish transparent banking relationships. The KYC process aligns financial institutions’ activities with legal requirements, detects suspicious behavior, and averts potential legal and reputational issues.

Moreover, CDD cultivates a foundation of trust between banks and their customers that goes beyond mere compliance. A robust framework is critical for navigating complex regulatory environments in today’s digitally-driven global banking landscape. Through rigorous CDD practices, banks establish a compliant operational structure and bolster their reputation, reinforcing trust and business relationships among customers and regulators. This trust is a cornerstone of long-term success in the financial industry.


Customer due diligence is essential for businesses looking to confirm the identity of returning and potential customers and comply with regulatory requirements. Financial institutions and other regulated bodies can effectively manage customer risk levels and avert possible financial crimes. With the help of a robust IDV/KYC partner, businesses can ensure that they stay up to date with evolving customer due diligence regulations, identify red flags, and foster a healthy compliance framework.

Looking for a global compliance platform for IDV and KYC checks? Get in touch with us today!

Table of contents
    Add a header to begin generating the table of contents

    More posts

    How to choose from the many KYC Vendors on the market

    Differentiating Between KYC Vendors

    Multiple KYC software vendors have come to market over recent years. KYC vendors are becoming increasingly vital for modern business compliance. This KYC checklist identifies which KYC services are best optimized for your business....
    What is a Customer Identification Program and what are the CIP requirements?

    Customer Identification Program: What Is CIP?

    Businesses obtain customer information and ratify it through a KYC process, which begins with a Customer Identification Program (CIP). FinCEN's Final Rule sets out the CIP requirements, answering many queries about 'what is CIP?'...
    ComplyCube, the leader in global IDV, has partnered up with Emigreat, an emerging risk management tool for international HR compliance.

    ComplyCube and Emigreat Partner to Lead Global HR Transformation

    In an era where the HRM market is booming and internal security threats are on the rise, ComplyCube, the leader in IDV solutions, has partnered up with Emigreat, an emerging risk management tool for global HR compliance....