The fraud epidemic is continuing to ripple through the financial sector. While financial institutions and law enforcement are yet to find a way to eradicate financial fraud completely, there are effective measures to prevent it, such as Customer Due Diligence (CDD). By implementing customer due diligence procedures, institutions learn everything they can about their natural and legal clients. Ensuring that clients are precisely who they say they are can help identify every suspicious activity head-on and minimize the money laundering risk. Learn what makes customer due diligence one of the essential tools in preventing crime.

What is CDD?

Customer due diligence, also known as third-party due diligence, is the process of gathering and analysing identifying information about an individual or organisation. Typically performed at the beginning of a business relationship, CDD aims to assess the potential risk a client or a partner may pose to financial institutions.

Customer due diligence is a crucial aspect of the Know Your Business (KYB) process for onboarding customer entities. It also applies to Know Your Customer (KYC), which usually pertains to natural persons. KYB and KYC are both Anti-Money Laundering (AML) measures designed to prevent money laundering at the most susceptible institutions, such as banks, insurance companies, and so on.

Why are CDD Checks Important?

Customer due diligence is a vital regulatory requirement mandated by AML regulations. It serves as a security measure to reduce money laundering, financing terrorism, and other financial crimes that financial institutions run into, such as embezzlement or corruption.

While organizations value every one of their clients, doing business with some of them may be challenging and even prohibited by law. Even though laws require clients to disclose relevant personal information, such as PEP status, the rampant fraud attempts demonstrate that those with criminal intentions avoid doing so. Thus, the responsibility falls on organisations to thoroughly vet the clients to avoid legal repercussions, damaged reputation, and financial loss in case a high-risk client exploits their service for illicit activities. 

In short, employing a correct and efficient customer due diligence checklist and procedure can help an institution to:

  • comply with both local and global regulations and laws
  • avoid non-compliance penalties
  • determine the potential risk of every client
  • monitor risk associated with existing clients
  • protect customers’ assets from identity theft and other crimes
  • protect your business against potential risks

What is the Customer Due Diligence Checklist?

The customer due diligence checklist is a list of requirements that are prevalent in most due diligence procedures. Although these may vary depending on the regulatory region, the customer due diligence checklist usually includes four major responsibilities: identity verification, beneficial ownership transparency, defined business relationship and ongoing monitoring process.

Customer Identity Verification

Customer Identity Verification (IDV) is a mandatory procedure of the Know Your Customer process. It allows organizations to ensure that they know who their clients truly are. This is why the IDV process should involve collecting identifying information and verifying its authenticity from a reliable source. 

The IDV procedure involves three main components:

  1. Identification. During the first step of the IDV procedure, a KYC specialist collects user data either manually or automatically. The data includes, but is not limited to, name, surname, proof of address, and photo of the identification document.
  2. Identity verification. The user’s identity is verified by ensuring that the collected data is legitimate. The process involves examining the authenticity of a document and checking lost and stolen document registries.
  3. Identity authentication. During this step returning customers’ identities are revalidated before granting them access to the service.

The IDV process involves many other steps, which may depend on the individual subjected to the IDV, the business’ industry, and, of course, the regulatory environment. For this reason, some businesses may or may not be required to perform other IDV checks such as sanctions lists, a politically exposed person list, and adverse media checks. 

Additionally, the IDV process is presented differently to the user depending on several factors. As a result, a business can carry out IDV by choosing one of the three most common ways, such as:

  • Photo-based identity verification works by mapping biometric data from a customer’s selfie. It is a quick and simple method to onboard consumers while complying with KYC regulations. 
  • Video-based identity verification is performed through a real-time video call. During the process, a person’s biometric and identification document data are captured automatically. Then, the data is analysed for any spoofing attempts to ensure that the client is who they claim to be. 
  • Upload-based identity verification can be used when regulations permit a person not to be present during the verification process. They are required to submit data manually. Registry checks are performed to verify a person’s identity and ensure the authenticity of provided documents. Upload-based identity verification efficiently replaces real-time procedures.

Beneficial Ownership

Organizations dealing with customer entities are subjected to Know Your Business (KYB) regulations. A major part of the KYB due diligence process is to collect business information such as the Ultimate Beneficial Ownership (UBO). 

the ultimate beneficial owner is a natural person benefiting from an entity’s profits. Many legal entities attempt to keep their UBOs anonymous or concealed by a complex corporate infrastructure. This lack of beneficial ownership information may result in tax evasion, money laundering, corruption, and other financial crimes. For this reason, regulated organizations are mandated to establish UBO’s identity before entering into a relationship with a customer entity.

The global money laundering and terrorist financing watchdog, Financial Action Task Force (FATF), defines beneficial owners of a legal entity as:

  • Individuals owning at least 25% of the capital or share capital.
  • Individuals owning at least 25% of the entity’s voting rights
  • Persons with the power of attorney
  • Legal guardians of minors
  • Corporate directors specifically appointed to conceal the true owners
  • Holder of anonymous shares, including bearer shares

Business Relationship

Regulations mandate a clearly defined and verified business relationship. That’s why, during the onboarding of a new client or partner, the bank or financial institution must take steps to assess the purpose and nature of the relationship. Additional screening and transaction monitoring are required to verify that the intended purpose is maintained throughout the business relationship.

Ongoing Monitoring

The process of customer due diligence is typically performed during the onboarding. However, as per regulations, CDD checks should be a regular and ongoing procedure. This is important because customer data can change at any point throughout the relationship. 

Critical processes of efficient ongoing monitoring include:

  1. Constant reassessment and identification of the purpose and nature of changing business relationships
  2. Reevaluation of client risk score according to changes in their PEP and sanctions status, adverse media updates, business activities, and transactions
  3. Documenting the missing and outdated details in the customer risk profiles

CDD and Risk Scoring

A client’s risk profile is related to the effectiveness of the customer due diligence process. Obligated industries must assess each client’s risk score to handle each case with an individual, risk-based approach. 

Risk assessment uses many data points from both the client and independent sources. 

Assessment may result in these scores:

  • low-risk customers
  • medium-risk customers
  • high-risk customers (sometimes high high risk)
  • prohibited customers

The risk scoring process is tightly related to the type of due diligence process. When criminal activity is highly unlikely, meaning that a client has obtained a low-risk score, organizations can perform simplified due diligence (SDD). Medium-risk clients require full customer due diligence. Meanwhile, high-risk clients should undertake a complete enhanced due diligence process.

Types of Due Diligence

Financial institutions’ due diligence process is not straightforward or easy, and it comes with strict procedures with different variations according to a customer’s risk profile. To better understand CDD checks, it’s important to get familiar with their types.

Simplified Due Diligence

Anti-money laundering (AML) laws define simplified due diligence (SDD) as the minimum required risk level examination. SDD should be performed at the beginning of the business relationship when the risk profile of a new customer is low. It means that SDD can only be performed in situations where the client has a minimum risk of exploiting the service for financial crimes. 

When it’s eligible, the organization chooses SDD due to its simplicity. While it doesn’t emit the most critical steps of due diligence, by applying them to a lesser extent, SDD allows a better and smoother customer onboarding.

Customer Due Diligence 

Customer Due Diligence is the default compliance risk management procedure. As required by law, obligated industries must ensure a thorough CDD process that extracts and verifies all relevant client data before proceeding with business relationships. This process can start by having the client fill out a simple customer due diligence form before moving on to more extensive checks.

Enhanced Due Diligence

Typically, enhanced due diligence is performed after customer due diligence. This process deals with higher-risk customers. Performing EDD when required can help companies avoid regulatory penalties. This process is crucial when a client shows a high risk of money laundering and terrorist financing. It should automatically be performed on PEPs (Politically Exposed Persons).

How to Streamline the Customer Due Diligence Process

As the number of regulations continues to grow exponentially, organizations need a solution to lift the heavy burden of a compliance program. This is where reg tech comes into play. Organizations can save time, money, and prevent AML violations by implementing an automated, all-in-one compliance tool.

Ondato OS is the only tool available that provides a full AML, KYC, and KYB solution. From customer due diligence to ongoing monitoring, Ondato OS can handle the heavy weight of compliance. 

To ensure an efficient customer due diligence strategy, we offer the following solutions that can be easily accessed in our compliance management system:

  • Sanctions Screening
  • Adverse Media Screening
  • Politically Exposed Persons Screening
  • Ultimate Beneficial Owner Detection and Screening
  • Proof of Address Screening
  • Business Registry Screening
  • People Registry Screening
  • Risk Screening and Scoring
  • Ongoing monitoring

You can learn more about Ondato OS and the benefits it provides here.


Customer due diligence is a process of gathering and analyzing identifying information about an individual or organization. It ensures security by requiring organizations to verify a customer’s identity, perform a thorough background check, and establish a client’s risk category. Tight CDD measures help to prevent money laundering, terrorist financing, and other financial crimes. 

However, CDD checks are a highly complex and resource intense process. Thankfully, they can be aided by automation software. Tools such as Ondato can improve customer experience, save precious resources and make the compliance process much more effective.

    Stay in the loop with the latest industry news
    Thousands of subscribers already joined our monthly mailing list to receive the latest news, updates and insider information on our product. Join them by entering your email below.