Customer Due Diligence

Ensuring You Know Your Customer

Do your due diligence. That’s a fundamental rule of business and basically comes down to knowing who you are dealing with. For any financial institution, one of the first analysis made is to determine if you can trust a potential client. You need to make sure any potential customer is worthy; customer due diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against potential financial crimes and nefarious activities.

Know your customer (KYC) is the process of a business verifying a clients identity, and, if you are a financial institution, it’s more than a good idea, it’s enshrined in legislation. For anti-money laundering (AML) purposes, KYC rules curtail financial activities of criminals, terrorists, and ensure that Politically Exposed Persons (PEPs) are not getting caught up in bribery or corruption.

After all, where there’s money, there are also criminals lurking to take advantage wherever they can. By limiting financial activities, AML laws hit them where it hurts. And, there’s a lot of money to go after; the US Treasury estimates that over 300 billion dollars in illicit activity occurs in the US annually.

Besides being the right thing to do morally, the customer due diligence (CDD) process is a smart business strategy to avoid heavy losses due to fraud, hefty fines and sanctions, as well as bad publicity. Not knowing your customer in today’s financial World is a non-starter.

While caveat emptor (buyer beware) has been around since Roman days, the concept was first codified into law in the US Security Act of 1933, where the phrase due diligence came into being. Cut to 2001, and the US Patriot Act, where the idea of due diligence was applied to knowing your customers. Since then, the US has strengthened CDD requirements, and similar laws have been passed around the World.

Taken together, steps two and three are the basis of CDD.

As of 2013, according to PwC, at least 74 countries have AML legislation with some form of CDD requirements. Here is a sampling:

Type II
For a Type II account, the KYC requirements are more stringent. To open this type of account requires an in-person identity verification or three external identity database. With this higher level of security in place, there is also a higher limit for outgoing transactions, at just over $15,000 annually. Additionally, this limit does not apply to transfers to the user’s own bank account. This allows eCommerce merchants to use this type of account to receive and withdraw funds with no restrictions.

Type III
With a limit set to just over $30,000 per year, the Type III account would be suitable for investments as well as for making purchases. Because of the higher limit, the KYC requirements are, by far, the strictest. To open a Type III account requires either an in-person identity check or five external identity database checks. Like Type II accounts, transfers to a user’s own bank account do not apply to the annual transaction limit.

Mexican identity verification has grown in the past few years. While there has not been a legal requirement for independent verification, copies of identification are generally provided upon account openings. Furthermore, verification of Mexican identities is important for many U.S. businesses.

Going forward, successful identity verification requires meeting any two of the following three criteria:

While the new guidelines provide a comprehensive list of what is considered acceptable as an independent and reliable source, they also make it very clear what is not acceptable.

For example, as briefly mentioned above FINTRAC rules out the use of online document verification.

According to the guidelines, “It is not acceptable to view photo identification online, through a video conference or through any virtual type of application. You cannot accept a copy or a digitally scanned image of the photo identification.”

Canada’s existing rules already require that regulated financial service businesses monitor foreign PEPs. Once the proposed regulations come into effect, those same requirements will also apply to domestic PEPs as well as the heads of international organizations and family members and close associates of such persons.

Customer authentication
Most significantly, PSD2 (Payment Service Directive) calls for considerably tougher rules on verifying the identities of payment service users. PSPs must apply “strong customer authentication” for senders who initiate electronic payments. Based on the definition given in the Directive, this means that two-factor authentication will be the minimum standard. Unless the senders themselves have committed fraud, PSPs that do not comply with this requirement will be responsible for any losses due to identity fraud.

As the types of financial accounts, and account holders, vary widely, so does the risk profile. Many jurisdictions take these different risk profiles into account when considering customer due diligence and create different CDD levels.

Simplified Due Diligence

In some situations, if the risk for money laundering or terrorist funding is low, a full CDD is not necessary. In these cases, a simplified due diligence (SDD) process is enough to satisfy legal requirements.

For example, low transaction value accounts limit the opportunity to use the account for illegal purposes. Therefore, to reduce friction to customers and financial institutions for these small value accounts, they are exempt from a stringent CDD. Each jurisdiction will have its own maximum limit for different types of accounts that can fall under the rules for SDD.

Another class of activities that can possibly use SDD are accounts that are already reporting under other checks and reporting systems. If a bank, for example, is under the same jurisdictional rules, it already is on record for its due diligence, so does not face further requirements. Or, a Public Company, which has its records already in the public domain, has its financial activities already monitored, need not face full due diligence requirements.

Enhanced Due Diligence

On the other hand, there are types of activities or account holders that require extra scrutiny. If an account type or account owner has a higher risk of money laundering or terrorist funding, then it’s subject to enhanced due diligence (EDD).

For example, most jurisdictions require PEPs to go through the EDD process. Other factors that might trigger EDD are high transaction value accounts, accounts that deal with high-risk countries, or accounts that deal with high risk activities.

In the end, while some EDD factors are specifically enshrined in a countries legislations, it’s up to a financial institution to determine their risk and take measures to ensure that they are not dealing with bad customers.

Covered financial institutions must collect from the legal entity customer the name, date of birth, address, and social security number or other government identification number (passport number or other similar information in the case of foreign persons) for individuals who own 25% or more of the equity interest of the legal entity (if any), and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.

The Due Diligence requirements are now more stringent. There are fewer scenarios where SDD (Simplified Due Diligence) for eMoney are allowable. There are more situations where CDD (Customer Due Diligence) need to be re-done. And, there has been an expansion of the definition of high risk, wherein enhanced due diligence is necessary (including remote transactions).

Related posts:

How do you get yourself motivated? When it comes to doing homework most people end up pushing it off to the last minute, there are the few who do their homework right away. What makes the two…

Any time you get behind the wheel of a car you take a chance — with your own life and with the lives of everyone else on the road. That risk is doubled if you are intoxicated, tired, or just not…

Service to the Customer is one of the core values which drives global supply chains and we apply our heart and soul for it. Many people and systems located across the world come together every day in…