
Know Your Customer (KYC) vs Customer Due Diligence (CDD): What’s the Difference?

BEFORE YOU GO...
Check how Shufti Pro can verify your customers within seconds
Request DemoNo thanks
Ensuring robust identity verification processes is necessary with the ever-increasing number of businesses operating in the digital world. As of 2022, Credit Suisse was involved in a series of events for failing to authenticate the identities of perpetrators, corrupt public officials, and drug traffickers utilising its services. The only way to overcome such failures is to know the difference between Know Your Customer (KYC) and Customer Due Diligence (CDD) processes.
The KYC process checks that the clients are who they claim to be. KYC is applied to individual users and businesses called Know Your Business. Several nations have laws requiring specific industries, such as banks, gaming businesses, and cryptocurrency exchanges, to adhere to strict KYC compliance criteria. This helps them with the identification, reporting, and ultimately decreased occurrence of financial crime and fraud.
Customer due diligence is a crucial part of KYC, a set of ongoing procedures for evaluating customer risk. The Financial Crimes Enforcement Network (FinCEN) sets critical CDD criteria for financial institutions:
1. Identify and validate all customers.
2. Identify and confirm the identities of the beneficial owners of the businesses you want to engage with as its standard to look into any person(s) who control and/or own at least 20% of the company.
3. Develop client risk profiles by understanding the purpose and nature of their relationships.
4. Monitor consumer behaviour and transactions to spot and report suspicious activities.
The KYC verification comprises three main processes:
Companies are required to carry out customer identification programmes as part of KYC regulations. This is to confirm that clients are who they claim to be and are being honest about the transaction they are engaging in. The CIP establishes minimum standards for onboarding new customers, but each programme will differ based on the company’s size and location. For example, the steps used by a big bank offering various services differ from those used by a small community bank. Despite these differences, a successful CIP helps businesses have a solid understanding of each consumer.
The USA PATRIOT Act’s Section 326 suggests the following steps for creating a client identification programme:
Businesses need to obtain the name, Date of Birth (DoB), and address as a minimum requirement for identifying details about an individual. Acceptable identification documents include a US social security number and other official documents; an individual tax ID or employer ID number is needed for a non-US citizen. Firms should consider the risks associated with their clientele and product offerings by examining the different kinds of accounts offered. Not only this, but the companies have to consider the type of information readily available and other company characteristics to check the risk they may pose in future.
CDD is obtaining personally identifiable information to confirm a client’s identity and check the degree of risk they can pose. A customer’s name and address, details about their business, and plans to utilise their account are the essential pieces of information that CDD mandates firms acquire. Companies also require official documents, such as driver’s licence, passport, and utility bills to ensure that customers are genuine. Recommendation 10 of the FATF’s 40 Recommendations requires all the member nations of the Financial Action Task Force (FATF) to adopt customer due diligence standards as part of their domestic AML and Countering Terrorism Financing (CTF) laws.
Ongoing monitoring refers to continuously examining business ties to ensure that data about clients and their risk levels are up to date. This approach is essential because, even though sporadic transactions might not seem suspicious initially, they could indicate a pattern of behaviour over time that calls for modifying a customer’s risk profile.
Ongoing monitoring involves:
All commercial interactions should be subject to ongoing monitoring, which, like other CDD procedures, can be scaled to account for the client’s risk profile.
Several levels of CDD might be imposed by businesses depending on the nature of the client interactions. If a customer withdraws $50 via their banking app, there should be much less friction than if they attempted to clear their whole account from a different location.
Here are the three levels of CDD:
Clients that don’t pose any substantial concerns during the initial assessment are subject to standard CDD. The standard CDD requires Personally Identifiable Information (PII) about the customer, the beneficial owners, and any individual authorised to act on the customer’s behalf. The information must include the following:
Financial institutions often request simplified CDD from clients who have obligations to transparency and public disclosure requirements, such as local governments, public service organisations, and government organisations. For reference, 18(2) of the AML/CTF Act provides a list of qualifying customer types.
To complete the process, institutions must:
Customers at a high risk of committing financial crimes are subject to Enhanced Due Diligence (EDD). The following situations are considered high-risk triggers:
When enhanced CDD is necessary, institutions should acquire all the data for conventional CDD procedures and add an in-depth description of the client’s financial resources to the file. The organisation should have taken reasonable measures to confirm any allegations concerning the sources of funding, as should be made abundantly evident in the documentation of the inquiry and disclosure.
Financial institutions must develop effective KYC and CDD procedures for several reasons:
KYC processes that are poorly integrated impede user experience. Ensuring your verification procedures are as efficient and safe as possible is crucial. This is where Shufti Pro steps in.
Shufti Pro offers globally trusted KYC and CDD solutions that verify within seconds. Moreover, Shufti Pro’s KYC and CDD solutions stand out because they are constantly updated to help businesses abide by evolving KYC and AML compliance worldwide. This gives organisations confidence that they are safe and meet compliance standards wherever they do business.
Still confused about how our KYC and CDD solutions help you mitigate the risk of fraud?