Due diligence is pivotal to ensuring the integrity and security of every financial institution. With increasing regulatory requirements and evolving financial crimes, banks must adopt robust due diligence practices to protect themselves, their customers, and the broader financial system. 

Customer Due Diligence

In 2016, the Financial Crimes Enforcement Network (FinCEN) published the Customer Due Diligence (CDD) final rule, outlining a due diligence checklist for financial institutions. 

This rule codifies existing supervisory expectations and practices related to regulatory requirements. It does not lower, reduce, or limit the due diligence expectations of federal functional regulators or their regulatory discretion.

Regulatory Requirements

All banks must develop and implement appropriate risk-based procedures for ongoing customer due diligence, including, but not limited to:

Know Your Customer (KYC): Customer Identity Verification (IDV) is an essential component of the Know Your Customer process, enabling organisations to confirm the true identities of their clients and evaluate relevant information during the onboarding process. To achieve this, the IDV process involves collecting identifying information and verifying its authenticity using reliable sources.

Ongoing monitoring: To identify and report suspicious transactions, and on a risk basis, to maintain and update customer information, including information on the beneficial owner(s) of legal entity customers.

Risk-Based CDD Policies

The risk-based CDD policies, procedures, and processes of financial institutions should:

  • Match the bank’s Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) risk profile with increased focus on higher-risk customers.
  • Contain a clear statement of management’s and staff’s responsibilities, including procedures, authority, and responsibility for reviewing and approving changes to a customer’s risk profile.
  • Provide standards for conducting and documenting analysis associated with the due diligence process, including guidance for resolving issues when insufficient or inaccurate information is obtained.

The Core Components of Customer Due Diligence

  1. Customer Identification Program (CIP):

The first step in due diligence is the accurate identification of any potential customer. This involves collecting personal information such as name, address, date of birth, and identification number. Banks must verify this information using reliable sources with Identity Verification (IDV) systems. 

  1. Understanding the Nature and Purpose of Customer Relationships:

Banks must obtain and analyse sufficient information to understand the nature and purpose of customer relationships. This helps in developing a customer risk profile and determining the level of monitoring required.

  1. Ongoing Monitoring and Updating of Customer Information:

Continuous monitoring of customer transactions is vital to identify and report suspicious activities during the entire customer lifecycle. Additionally, banks must regularly update customer information, especially regarding the beneficial owners of legal entities.

  1. Risk-Based Approach:

Banks should adopt a risk-based approach to due diligence, focusing more resources on higher-risk customers. This involves tailoring due diligence procedures based on the bank’s risk profile, with increased scrutiny on customers posing greater risks.

Identifying High-Risk Customers

There are many factors that determine whether a potential client is high-risk during the due diligence process. In general, three main considerations are applicable:

Sanctions lists: Sanctions screening is the process of determining whether a country sanctions a person, company, or other entity. By ensuring effective sanction lists screening, businesses can avoid unknowingly engaging with countries that violate international law or are perceived as a security threat.

Politically Exposed Persons (PEPs): A politically exposed person is someone who holds or has held a prominent public-sector role, such as a government official, head of state, high-ranking judge, military officer, or governor. According to the Financial Action Task Force (FATF), high-ranking officials are considered higher risk due to their potential involvement in bribery, corruption, money laundering, or other financial crimes.

Reputational risk media: Reputational risk media screening, also known as media monitoring or negative news screening, involves looking for negative news about a natural or legal person in news sources. It allows companies to identify risks, find out about financial crimes a potential client may be involved with and recognize high-risk clients. 

Challenges in Implementing Due Diligence

While due diligence is critical, banks face several challenges in implementing effective procedures:

Complex and Evolving Regulations: Keeping up with the constantly changing regulatory environment requires significant resources and expertise.

Data Management: Collecting, verifying, and updating vast amounts of customer data can be daunting, necessitating advanced technology and robust data management practices.

Balancing Customer Experience: Ensuring compliance without compromising on customer experience is a delicate balance that banks must maintain.

However, these challenges can be easily solved with effective due diligence processes.

The Benefits of Effective Due Diligence

  • Compliance with Regulations:

Adhering to due diligence requirements ensures compliance with laws and regulations, thereby avoiding penalties and legal issues.

  • Prevention of Financial Crimes:

Robust due diligence practices help in preventing money laundering, fraud, terrorist financing, and other financial crimes by identifying and mitigating risks early.

  • Protection of Reputation:

By implementing strong due diligence measures, banks protect their reputation and build trust with customers, regulators, and the public.

  • Enhanced Decision Making:

A thorough understanding of customer profiles aids in making informed decisions, managing risks effectively, and providing better customer service.

Last Thoughts

Due diligence is essential for banking operations and maintaining the integrity and security of financial systems. By implementing comprehensive and risk-based due diligence procedures, banks can comply with regulations, prevent financial crimes, and build a trustworthy reputation. Comprehensive due diligence measures allow banks to stay vigilant, leveraging technology and expertise to enhance their due diligence practices. In doing so, they not only safeguard their interests but also contribute to the stability and trustworthiness of the global financial system.

    Stay in the loop with the latest industry news
    Thousands of subscribers already joined our monthly mailing list to receive the latest news, updates and insider information on our product. Join them by entering your email below.


    Due diligence in banking refers to the thorough investigation and assessment process banks undertake to understand the risks associated with financial transactions and relationships. This process involves evaluating the financial health, compliance status, and potential risks of clients, investments, and other business activities to ensure sound decision-making and regulatory compliance.
    While customer due diligence meets the regulatory requirements for most customers, enhanced due diligence procedures include much more sophisticated processes. They are focused on surveilling high-risk customers like politically exposed persons to ensure the company is prepared to react in case of possible fraud.
    The customer due diligence (CDD) rule for banks mandates that financial institutions must verify the identity of their clients, understand the nature of their business, and assess the risk they pose. This includes gathering and analysing information about the customer's activities, ownership structure, and any potential for money laundering or terrorist financing, ensuring ongoing monitoring and updating of client information.
    Due diligence questions for banks typically include inquiries about a customer's identity, business operations, financial history, and source of funds. Banks may ask for documentation such as identification, business licences, financial statements, and details about beneficial ownership to assess the risk profile and ensure compliance with regulatory requirements.
    Lender due diligence involves a comprehensive evaluation process where lenders assess the creditworthiness and risk of potential borrowers. This includes analysing the borrower's financial statements, credit history, collateral, business plan, and market conditions to make informed lending decisions and mitigate the risk of default.