Enhanced Due Diligence Checks | The Art of Mitigating Risks Associated with Third-Parties

For multinational businesses, reliance on external third-party vendors is crucial. However, failure to identify, manage, and eliminate the surging risks posed by such partnerships can lead an organization to severe consequences, including hefty fines, sanctions, criminal prosecutions, operational impact, and reputational damages. Regular headlines are piled with the news about companies’ alleged financial crimes, including tax evasion, corruption, and money laundering – all associated with relations with third-party distributors, agents, and donors. In addition to this,  increasing regulatory pressures and the need to curb emerging risks highlight the need for effective Enhanced Due Diligence (EDD) measures that can seamlessly manage third-party risks. 

EDD is a set of additional checks that financial service providers have to implement to determine and monitor high-risk entities and suspicious activities leading to money laundering. Due to the lack of EDD checks, approximately 2 trillion in illicit cash flows through the financial systems despite the efforts made by regulatory authorities, governments, and financial institutions.

An Overview of Enhanced Due Diligence 

Generally speaking, it is a process of deeply investigating a certain customer, topic, or business. In relation to compliance, the term is often associated with third-party due diligence or enhanced due diligence on certain – high-risk entities. Carrying out due diligence assists businesses in making better decisions about who they partner with and what types of risk they are exposed to. There are multiple types of due diligence, but enhanced due diligence is top-tier, and developed to uncover PEP, sanctioned entities, and former criminals.

According to the Financial Action Task Force (FATF), all member countries are obliged to implement customer due diligence requirements as part of the AML and CFT compliance program under the watchdog’s Recommendations 10th of 40.

The FATF, in its CDD guidance, highlights that customers, countries, and products may be exposed to money laundering risks, which is why enhanced due diligence is required for instance, customers pose a high risk of financial crimes or are from countries exposed to money laundering and terrorist financing activities. In addition to this, PEPs are considered a red flag across the global financial industry. To identify them, companies are further required to develop a risk-based approach backed with rigid EDD checks.

Third-Party Due Diligence | A Step Forward to Secure Supply Chains

At its core, this form of due diligence is independent work conducted by using primary or secondary resources, either conducting more investigatory assurance locally or remotely. In both cases, the aim is to collect detailed information that uncovers red flags that further require risk assessment or to ensure that the third-party vendor is a legitimate entity.

To enforce this obligation effectively, The Foreign Corrupt Practices Act (FCPA) plays a key role, as more than 90% of all FCPA enforcement actions, sanctions, and fines have been linked to non-compliance to third-party due diligence over the last 40 years. These staggering numbers have motivated regulatory authorities worldwide to prioritize third-party due diligence, helping businesses overcome the risk of financial crime risks associated with third-party entities.

However, as the supply chain is getting diverse, third-party due diligence as a part of a compliance program is not one-size-fits-all because of unique attributes of businesses, including the country’s origin, number of partnered third-party vendors, where they are located, and more. 

Here are some essential aspects that your business must be aware of before carrying out third-party due diligence, an effective measure to curb money laundering risks:

Compliance Requirements for Third-party Due Diligence

Customer or simplified due diligence regulations typically mandate businesses to hold, store, and maintain clients’ information that is gathered for at least five years. However, the duration varies country-wise. The records must include copies of verification of all identity documents provided by the customer, including ID cards, driver’s license, insurance documents, and more, while in the case of a business entity, all relevant information, including the business filings, tax returns, origin country, etc

In addition to record-keeping, businesses need to have fully automated operations to build seamless communication flow with the regulatory bodies and be able to quickly and efficiently provide the authorities with requested records to help them in criminal proceedings. Where CDD makes firm ground to prove that a customer is linked to financial crime activities, enhanced due diligence is practiced to determine further risk levels and categorize them accordingly. However, companies must instantly report to local financial intelligence units by filing a Suspicious Activity Report (SAR).

However, adverse media monitoring is not a part of EDD checks; it is an essential practice for curbing financial crimes. It holds the capability of uncovering money laundering and other organized crime patterns. In Europe, Article 18 of the Fourth Anti-Money Laundering Directive mandates businesses to conduct EDD checks on customers in high-risk third countries. And if the client is identified as a PEP, their close associates and family members must be investigated thoroughly. 

In all jurisdictions, businesses are obliged to stay updated with anti-money laundering sanction lists. Ongoing monitoring and periodic verification of customers are required to ensure that customers are not on any financial crime watchlists. In the United States (US), the Financial Crimes Enforcement Network (FinCEN) determines the scope of due diligence, which may vary case-wise.

Given the increasing risk of crimes and exposure of third-party to money laundering activities, financial regulatory authorities across the world have proposed various obligations regarding third-party due diligence – some of them are as follows:

FATF’s Recommendation 17 

According to FATF’s Articles 10, 11, and 17, all types of businesses are required to evaluate third-party vendors or suppliers before onboarding them. As per Article 17, a company that depends upon third parties must gather the essential information described in Article 10 of the 40 Recommendations structured by FATF. In addition to due diligence obligations, businesses must have a risk-based approach to determine the authenticity of their customers and third-party partners. 

FinCEN’s Final Rule

The FinCEN has legislated its Final Rule that amends the Bank Secrecy Act (BSA) to prevent organized crime criminals from carrying out money laundering activities nationwide. This Rule has provided a set of mandatory checks specifically associated with third-party entity verification, which are as follows:

1. Identifying and verifying an individual’s identity
2. Determining and verifying businesses’ beneficial owners is set mandatory
3. Creating customer risk profiles based on the level of risk they pose 
4. Filing suspicious activity reports to FinCEN and practicing ongoing customer due diligence to curb the evolving risk of crimes

FINTRAC’s Section 32 

Like FATF and FinCEN, The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has also highlighted the urgency of practicing enhanced due diligence upon third-party entities. According to FINTRAC’s Section 32, enhanced due diligence is a must to be carried out if:

1. If a transaction is conducted using cash above $10,000 is reported 
2. If a significant worth of cryptocurrency transaction is conducted (this is subject to the 24-hour rule)
3. If gambling suspicious activities have to be reported 
4. For bank account opening 

Conducting EDD Checks with Shufti

Today’s data-driven, digital companies require automated, secure, and accurate enhanced due diligence solutions to ensure secure business operations while eliminating the risk of money laundering associated with customers and third-party entities. As every business depends on a third-party network, it’s becoming increasingly important to carry out EDD checks on them before making ties with them. Doing this dictates success in the constantly evolving business ecosystem.

Shufti, an all-in-one identity verification service provider, offers businesses fully automated enhanced due diligence solutions that are well-designed and fully customizable to meet evolving regulatory obligations. The company aims to build EDD checks that automatically gather customers’ information, screen them against sanction lists, and submit suspicious activity reports – all under one platform. 

With Shufti, your business can:

1. Create customized EDD models based on compliance requirements.
2.  Choose from Shufti’s predefined industry-grade EDD models for instant and informed results.
3. Automatically gather customer information and store it with KYC data – all while ensuring the highest level of data security.
4. Onboard legitimate customers using versatile EDD checks.
5. Comply with stringent compliance standards while completing all required due diligence steps.
6. Screen customers against 1700+ watchlists.
7. Onboard customers and third-party vendors from 240+ countries and territories.