Customer due diligence for banks

The importance of customer due diligence in banking cannot be overstated. After all, banks that fail to put proper due diligence methods in place face cyber threats, huge compliance fines, and reputational risks. 

In this guide, we’ll explain everything you need to know about customer due diligence for banks. We’ll cover what due diligence involves, the importance of due diligence in banking, and why a risk-based approach to customer due diligence is best.

What is customer due diligence?

Customer due diligence (CDD) is the act of performing background checks and other screening processes on a customer. By performing CDD checks, a bank can ensure they properly assess the level of risk a customer poses before they allow them to open an account.

Why is proper due diligence important for the banking sector?

Customer due diligence in the banking sector is vitally important. This is because CDD checks are at the heart of anti-money laundering (AML) and know your customer (KYC) initiatives.

CDD checks have been designed to help banks and financial institutions prevent financial crimes like money laundering, terrorist financing, human and drug trafficking, and fraud.

What about fintechs and neobanks?

CDD regulations apply across the financial sector. As a result, this means that they also apply to neobanks.

This is a key point because many of these businesses are currently moving quickly in the pursuit of growth. However, due to moving quickly, several neobanks have faced fines and reprimands for failing to meet their legal obligations during growth cycles.

When it comes to creating proper CDD procedures, some neobanks have faced two big problems:

1) The “fail fast and learn fast” approach many neobank startups take is unworkable in the world of banking due to regulations and legal obligations. Although working quickly allows neobanks to onboard new customers swiftly, this cannot be done at the expense of customer due diligence

2) Neobanks prioritize keeping their teams lean and often have limited compliance departments. But, in banking, compliance is a non-negotiable and neobanks must make the proper investments in these areas

Although neobanks may wish to act fast and grow quickly, they cannot treat their legal obligations as lower priorities. As a result, they must put proper due diligence processes in place.

The same can be said for fintech startups, those offering digital-only services, and traditional lenders who are adopting new financial technologies and onboarding customers in new ways.

After all, fintech customer due diligence methods ensure customers comply with the relevant regulations. They’re also designed to prevent money laundering and the financing of terrorism. Plus, due diligence in financial services can also be used to help detect and analyze unusual events and situations.

To do this, a fintech must collect information from the customer, including their name, date of birth, and address. Then, this information must be verified. Following this, the customer’s activity must be examined to detect any potentially suspicious behavior.

What does the due diligence process look like?

According to guidelines from the Financial Action Task Force (FATF), banks should follow a risk-based approach to customer due diligence (we’ll discuss exactly what this involves in greater detail later).

However, all effective customer due diligence processes for banks should involve the following steps:

Identity establishment

Before any business relationship begins, the bank or financial institution involved must establish the identity and business activities of their new potential customer.

During this stage of the process, a customer’s information should be gathered and then authenticated. This is usually done with the help of a piece of identity verification software, which can verify the customer in a matter of seconds.

Risk level categorization

Once a financial institution has confirmed the identity of the customer, they must then categorize the level of risk this customer poses to the business.

This information must also be stored in a digitally secure location where it can be easily accessed during regulatory checks.

Determine which level of due diligence is required

When a customer’s identity has been verified and their risk level has been calculated, the financial institution must determine whether it’s most appropriate to carry out simplified due diligence (SDD), customer due diligence (CDD), or enhanced due diligence (EDD) checks.

With this in mind, let’s take a look at these forms of customer due diligence for banks in greater detail and examine why a risk-based approach to due diligence is appropriate.

Following a risk-based approach

As we mentioned earlier, FATF guidelines state that banks should implement risk-based due diligence procedures that reflect the specific level of AML/CFT risk that individual customers present.

A risk-based approach to due diligence in financial services allows companies to balance their compliance obligations with their budget and resource requirements. It also allows them to preserve the customer experience; particularly for low risk individuals.

Using a risk-based approach to due diligence, a financial institution will perform faster and more efficient processes for low risk customers, while employing slower and more intensive enhanced due diligence for high risk customers. The options available to financial institutions include:

Simplified due diligence (SDD)

SDD is used in situations where the bank believes that the risk of money laundering or terrorist financing is low and that full CDD is not necessary.

In these situations, customers can avoid stringent CDD procedures, which can also help reduce onboarding friction for the customer and limit costs for the financial institution.

Customer due diligence (CDD)

When a customer opens an account with a financial institution, CDD checks usually take place. During this process, the customer’s identity is verified and the risks associated with allowing that customer to open an account are assessed.

Enhanced due diligence (EDD)

If CDD procedures show that a customer offers a substantial level of risk (for example if they’re a politically exposed person or a target of economic sanctions), then EDD measures will be deployed before the customer is allowed to open an account. As part of this, additional information will be collected from the customer so that the financial institution can gain a deeper understanding of the customer’s activity. Using this information, they can mitigate associated risks.

When conducting EDD, financial institutions are often asked to:

• Obtain additional customer identification materials
• Establish the source of funds or wealth
• Apply closer scrutiny to the nature of the business relationship or purpose of a transaction
• Implement ongoing monitoring procedures

Record keeping requirements

CDD regulations vary on a country-by-country basis. However, generally speaking, most financial institutions are required to maintain records of the information they collect from customers for at least five years.

As part of this, financial institutions are required to keep copies of all identity documents, including driving licenses, passports, and birth certificates. On top of this, companies must also keep this information in a place where it can be easily accessed. This is because banks must be able to quickly and efficiently reply to requests for records from competent authorities.

On top of this, financial institutions must also provide enough information for those authorities to reconstruct individual transactions, including details of the amounts of money and types of currency involved.

What technology and expertise is available for effective customer due diligence?

In order to effectively implement CDD and KYC measures, a financial institution must employ expertise and technology in equal measure.

Risk profiles and criminal threats are constantly evolving, and the number of transactions and account openings a bank processes on a daily basis means that not all aspects of a customer’s behavior can be reviewed manually.

As a result of this, although human vigilance is an important step in the process, tools such as identity verification software and pieces of transaction monitoring software can help you continually evaluate the risk profile of your customers.

How can Veriff help your business with its due diligence requirements?

At Veriff, we’ve developed a market-leading identity verification and KYC solution that can help you confirm that your customers are exactly who they say they are.

With the help of our AML and KYC compliance solution, you can verify the identity of your customers, screen them against global sanctions and politically exposed persons watchlists (which are updated in real-time), check for adverse information and media, and provide ongoing monitoring.

As well as helping you fight identity fraud, it can also help you stop bad actors from exploiting your business. Plus, as it always checks real-time information, you can bolster your confidence in your KYC processes and accurately determine the AML risk posed by each customer.  

Speak with the customer due diligence experts at Veriff

If you’d like to learn more about how our AML and KYC compliance solution can help your business, then speak to our customer due diligence experts today. Simply provide us with a few details and we’ll offer you a free personalized demo that will show exactly what Veriff can do for you.