Anti-money laundering customer due diligence

Businesses don’t hire new employees without first checking that they’re right for the job. Well, just as an employer needs to thoroughly vet a candidate before they offer them a job, a business in the financial services industry must ask questions of prospective clients before they allow them to open an account. This helps mitigate fraud and lower money laundering risks. The process is known as customer due diligence (CDD) and it’s an essential part of any anti-money laundering (AML) strategy. 

Customer due diligence involves taking steps to identify a customer and check that they are who they say they are. In practice, this usually means that a business needs to obtain a customer’s name, residential address, and date of birth, at a minimum. The business then needs to ask them to provide an official government document (such as a passport), so that their identity can be confirmed and verified.

Your responsibilities regarding anti-money laundering

Customer due diligence is a foundation of know your customer (KYC) processes and AML strategies. CDD requires companies to understand who their customers are, their financial behavior, and what kind of money laundering or terrorism financing risk they present. All Financial Action Task Force (FATF) member states must implement CDD methods.

Financial institutions have a number of responsibilities regarding anti-money laundering, including devising a comprehensive anti-money laundering policy (which we’ll cover in detail later). 

However, there are a number of important reasons why financial institutions carry out anti-money laundering customer due diligence and commit time and effort towards knowing their customers. After all, carrying out appropriate customer due diligence ensures:

• The organization remains compliant with the regulations and laws of the regions or markets they are operating in
• The customer attempting to access the service is exactly who they’re claiming to be
• Customers are not trying to commit fraud, launder money, or finance terrorism

Enhanced due diligence measures and when to use them

Enhanced due diligence (EDD) is a KYC process that highlights risks that cannot be detected by the usual anti-money laundering customer due diligence processes.

EDD goes well beyond CDD. It looks to establish a higher level of identity assurance and accurately evaluates the risk category of the customer. EDD measures vary from CDD measures in the following ways:

• They’re more rigorous and robust, and they require significantly more evidence and detailed information from the customer
• The entire EDD process must be documented in detail, and regulators must be provided with immediate access to EDD reports
• EDD requirements call for “reasonable assurance” when calculating KYC risk. This means staff members must follow the necessary research steps and exercise professional skills when reaching a judgment
• Special attention must be given to politically exposed persons (PEPs)

EDD measures should be used when dealing with high-risk or high-net-worth customers and large transactions. This is because these transactions and customers pose greater risks to the financial sector. As a result, they are heavily regulated and monitored.

By employing EDD measures for high-risk transactions and individuals, you can avoid painful fines and unwanted regulatory scrutiny. However, using these measures also provides you with a number of other benefits. For example, by capturing more information from your customers, you can offer them bespoke solutions that better suit their needs. On top of this, by properly screening your customers, you can deter financial crime and enhance your own brand reputation by preventing dirty money from accessing your ecosystem.

The importance of risk-based CDD in an AML policy

Guidance from the Financial Action Task Force (FATF) states that companies should implement risk-based CDD measures as part of their AML due diligence policies. These measures should reflect the specific level of AML/CFT risk that individual customers present.

Risk-based customer due diligence is a way for companies to balance their compliance obligations with their budget and their resource requirements. Plus, by ensuring that checks aren’t too onerous, companies can also ensure that the customer experience is preserved.

With a risk-based approach to CDD, a company can deploy faster and more efficient CDD for low-risk customers, and more enhanced due diligence (EDD) for high-risk customers. An effective CDD process for customer onboarding will follow all of these steps:

• Prior to starting a relationship with the new customer, a company should establish the identity and business activities of the individual involved
• Once a customer has been identified and their identity has been verified, the company should categorize the level of risk this customer poses. This should then be documented somewhere, so it can be used for future regulatory checks
• Now a customer’s risk category has been determined, the company should determine whether EDD measures are needed. If so, these should be carried out before a customer accesses a product or service

These checks are simple to run when you enlist the help of an AML and KYC compliance solution. Thankfully, with the help of our anti-money laundering compliance tool, you will find it easy to verify exactly who your customers are and fight fraud.

Once you’ve verified a customer’s identity, you can then screen global sanctions and PEP lists in order to ensure this person is legally allowed to access your services. Following this, you can also screen the customer against negative information and news to help assess their potential AML risk.

Once onboarded, you can also monitor your customer on an ongoing basis and get notified if anything changes.

Create and follow an anti-money laundering (AML) policy

The exact AML due diligence policy you’ll need to create will depend on the type of business you run and the regulations and laws in the regions or markets you’re operating in. For example, in the EU, companies must comply with the Anti-Money Laundering Directive. However, firms in the US must make sure they comply with the Bank Secrecy Act.

However, all AML compliance policies contain the same elements. Your AML due diligence policy should contain:

• An effective system that helps you identify and report suspicious activity
• An ability to identify high-risk customers
• A system for monitoring customers on an ongoing basis
• A compliance officer who leads your efforts
• A series of internal practices that help you meet regulatory compliance
• Accurate risk assessments
• Provisions for an independent audit
• Adequate training for staff members

Let’s look at some of these factors in greater detail.

Ongoing monitoring

A customer’s risk profile will likely change during their time with your business as they move jobs, change locations, and earn/spend more money. As a result, you need to monitor each customer on an ongoing basis. This means you should continually screen them against PEP watchlists, global sanctions lists, and adverse media. After all, if something changes, then you need to be aware before they begin to exploit your business.

Your AML efforts should focus on your high-risk customers. You need to be able to quickly identify who these people are, and receive notifications if one of your previously onboarded customers moves into this category.

Risk assessments

You should also regularly assess the AML risk that’s associated with your business. There’s no prescribed way of doing this, and you can decide for yourself how you carry out the risk assessment. However, you should document the risk assessment and update it regularly.

Your risk assessment may be quite basic or incredibly sophisticated. This will depend on the size and structure of your business, the range of activities your business carries out, and the nature of the products and services it supplies.

When assessing the risks that apply to your business, consider the following factors:

• The types of customer you have
• Where you and your customers are based
• The behavior of your customers
• How customers come to your business
• The products you sell or the services you offer
• Your delivery channels and payment processes, for example cash over the counter, electronic transfers, or wire transfers
• Where the funds of your customers come from or go to

Once you’ve carried out your AML risk assessment, you need to put policies, controls, and procedures in place to reduce any money laundering risks that you’ve identified. You also then need to monitor your business on an ongoing basis to make sure your controls are effective.

When appropriate, you should also get your AML processes, procedures, and risk assessments independently audited to ensure that there aren’t any weaknesses.  

Record keeping

On top of this, you need to keep a record of all anti-money laundering customer due diligence measures that you carry out, including:

• Customer identification documents that you’ve obtained
• Risk assessments you’ve carried out
• Your policies, controls, and procedures
• Staff training records

By keeping records, you’ll be able to show law enforcement officials and regulators that you have complied with regulations. If you’re audited or there’s an investigation into one of your customers, you’ll be expected to hand over all of this information promptly.

As part of this, it’s vital that you develop and implement internal guidelines regarding information sharing within your organization. You should make due diligence your focus point, assign clear roles, and report any suspicious activities immediately.

Transaction reporting

Depending on the exact nature of your business, you may also need to monitor customer transactions on an ongoing basis. This way, you can see whether a customer’s activity is consistent with their risk profile. If it isn’t, you’ll need to report the transaction(s) immediately.

If required, you may also need to file certain reports with regulatory bodies. In the US, for example, if a customer attempts a currency transaction of more than $10,000, then a bank must file a currency transaction report (CTR). Alternatively, if a bank believes that a customer’s activity is suspicious, then it must file a suspicious activity report (SAR).

This means your business must have the ability to handle and quickly expose activities related to money laundering, such as finding fake data or abnormally big sums of money deposited into a particular account. A system or a piece of software can help you with this. Some of these systems can also file reports automatically.

Appoint an AML compliance officer

In order to oversee your AML policies and ensure that you’re compliant with the latest regulations, you should appoint an anti-money laundering compliance officer. This individual is then responsible for overseeing the development and implementation of your AML program.

The AML compliance officer is responsible for the program’s implementation at an institutional level. They should focus on the internal systems and controls that their institution has put in place to help detect, monitor, and report money laundering activities to the authorities. Their job is to ensure that their institution is not exposed to criminal risk and does not inadvertently facilitate financial crime.

The AML compliance officer is also responsible for ensuring that employees are aware of their company’s AML policy and that they have received training about this. Training is particularly important in departments where staff come into direct contact with clients, as improved knowledge gives them the insight required to spot suspicious activities.

Speak with the AML screening and compliance experts at Veriff

If you run a financial institution, then having proper anti-money laundering customer due diligence processes in place is vital. Thankfully, our AML and KYC compliance solution can help you fight financial crime and show regulators that you take financial crime and compliance seriously.

If you’d like to hear more about how our solution can help you, then talk to our compliance experts today.