Know Your Customer (KYC) vs Customer Due Diligence (CDD): What’s the Difference?

Ensuring robust identity verification processes is necessary with the ever-increasing number of businesses operating in the digital world. As of 2022, Credit Suisse was involved in a series of events for failing to authenticate the identities of perpetrators, corrupt public officials, and drug traffickers utilising its services. The only way to overcome such failures is to know the difference between Know Your Customer (KYC) and Customer Due Diligence (CDD) processes.

Diving Deeper into KYC and CDD

The KYC process checks that the clients are who they claim to be.  KYC is applied to individual users and businesses called Know Your Business. Several nations have laws requiring specific industries, such as banks, gaming businesses, and cryptocurrency exchanges, to adhere to strict KYC compliance criteria. This helps them with the identification, reporting, and ultimately decreased occurrence of financial crime and fraud.

Customer due diligence is a  crucial part of KYC, a set of ongoing procedures for evaluating customer risk. The Financial Crimes Enforcement Network (FinCEN) sets critical CDD criteria for financial institutions:

1. Identify and validate all customers.

2. Identify and confirm the identities of the beneficial owners of the businesses you want to engage with as its standard to look into any person(s) who control and/or own at least 20% of the company.

3. Develop client risk profiles by understanding the purpose and nature of their relationships.

4. Monitor consumer behaviour and transactions to spot and report suspicious activities.

Understanding the Main Functions of KYC

The KYC verification comprises three main processes:

1. Customer Identification Programme (CIP)

Companies are required to carry out customer identification programmes as part of KYC regulations. This is to confirm that clients are who they claim to be and are being honest about the transaction they are engaging in. The CIP establishes minimum standards for onboarding new customers, but each programme will differ based on the company’s size and location. For example, the steps used by a big bank offering various services differ from those used by a small community bank. Despite these differences, a successful CIP helps businesses have a solid understanding of each consumer.

The USA PATRIOT Act’s Section 326 suggests the following steps for creating a client identification programme:

• Verifying the individual who is opening an account
• Comparing their records with the government lists
• Recordkeeping

Businesses need to obtain the name, Date of Birth (DoB), and address as a minimum requirement for identifying details about an individual. Acceptable identification documents include a US social security number and other official documents; an individual tax ID or employer ID number is needed for a non-US citizen. Firms should consider the risks associated with their clientele and product offerings by examining the different kinds of accounts offered. Not only this, but the companies have to consider the type of information readily available and other company characteristics to check the risk they may pose in future.

2. Customer Due Diligence (CDD)

CDD is obtaining personally identifiable information to confirm a client’s identity and check the degree of risk they can pose. A customer’s name and address, details about their business, and plans to utilise their account are the essential pieces of information that CDD mandates firms acquire. Companies also require official documents, such as driver’s licence, passport, and utility bills to ensure that customers are genuine. Recommendation 10 of the FATF’s 40 Recommendations requires all the member nations of the Financial Action Task Force (FATF) to adopt customer due diligence standards as part of their domestic AML and Countering Terrorism Financing (CTF) laws.

3. Ongoing Monitoring

Ongoing monitoring refers to continuously examining business ties to ensure that data about clients and their risk levels are up to date. This approach is essential because, even though sporadic transactions might not seem suspicious initially, they could indicate a pattern of behaviour over time that calls for modifying a customer’s risk profile. 

Ongoing monitoring involves:

• Monitoring transactions over a business relationship’s duration ensures that a customer’s risk profile reflects their behaviour.
• Adapting to changes in the risk profile may raise suspicion.
• Maintaining records that are required to conduct CDD purposes.

All commercial interactions should be subject to ongoing monitoring, which, like other CDD procedures, can be scaled to account for the client’s risk profile.

Understanding the Different Levels of CDD

Several levels of CDD might be imposed by businesses depending on the nature of the client interactions. If a customer withdraws $50 via their banking app, there should be much less friction than if they attempted to clear their whole account from a different location. 

Here are the three levels of CDD:

1. Standard Due Diligence

Clients that don’t pose any substantial concerns during the initial assessment are subject to standard CDD. The standard CDD requires Personally Identifiable Information (PII) about the customer, the beneficial owners, and any individual authorised to act on the customer’s behalf. The information must include the following:

• Full name of the customer
• Date of birth 
• Relationship to the customer in circumstances of authorised persons
• Home and business addresses
• Name of the proposed corporate relationship
• Any information needed to comply with regulations 
  

  2. Simplified Due Diligence

Financial institutions often request simplified CDD from clients who have obligations to transparency and public disclosure requirements, such as local governments, public service organisations, and government organisations. For reference, 18(2) of the AML/CTF Act provides a list of qualifying customer types. 

To complete the process, institutions must:

• Verify that the client satisfies the simplified CDD requirements
• Determine the type and objectives of the proposed corporate relationship
• List all authorised individuals who work for the client’s business 
  

  3. Enhanced Due Diligence 

Customers at a high risk of committing financial crimes are subject to Enhanced Due Diligence (EDD). The following situations are considered high-risk triggers:

• The client’s assets are held in a trust or independent financial arrangement.
• The customer owns or manages a business that has nominee shareholders.
• The client is on the Politically Exposed Persons (PEPs) list. 
• The customer is a non-resident of the nation in which the financial institution is based and holds citizenship or permanent residence status in a country where anti-money laundering and anti-terrorist financing regulations are either nonexistent or inadequate. 

When enhanced CDD is necessary, institutions should acquire all the data for conventional CDD procedures and add an in-depth description of the client’s financial resources to the file. The organisation should have taken reasonable measures to confirm any allegations concerning the sources of funding, as should be made abundantly evident in the documentation of the inquiry and disclosure.

Why are KYC and CDD Important?

Financial institutions must develop effective KYC and CDD procedures for several reasons:

1. Legal and Regulatory Compliance: CDD and KYC procedures are crucial to abide by global anti-money laundering and counter-terrorism financing regulations. By adhering to these laws,  institutions can reduce their risk of legal repercussions, such as severe fines and reputational harm.
2. Risk Mitigation: Businesses can identify and reduce risks related to money laundering, fraud, terrorism financing, and other illicit activities with the help of KYC and CDD. Institutions can stop illegal activity before it happens by understanding their clients, backgrounds and transactional patterns.
3. Reputation Management: In the financial sector and other businesses, building and upholding a solid reputation is critical for long-term success. Having strong KYC and CDD measures in place can protect the importance of financial companies. It proves their dedication towards boosting customer security and abiding by international regulations. 
4. Enhancing Security: KYC and CDD processes help guard the banking system against criminal activity. Financial institutions make their facilities more secure for clients and the sector by preventing unauthorised access, spotting potential threats, and protecting customer information.

How Can Shufti Help?

KYC processes that are poorly integrated impede user experience. Ensuring your verification procedures are as efficient and safe as possible is crucial. This is where Shufti steps in. 

Shufti offers globally trusted KYC and CDD solutions that verify within seconds. Moreover, Shufti’s KYC and CDD solutions stand out because they are constantly updated to help businesses abide by evolving KYC and AML compliance worldwide. This gives organisations confidence that they are safe and meet compliance standards wherever they do business.

Still confused about how our KYC and CDD solutions help you mitigate the risk of fraud?