In order to ensure that customers are being honest, companies will verify official documents such as driving licenses or passports. However, the approach taken should always be risk-based, and there’s no one-size-fits-all approach to due diligence.
The customer due diligence process involves identifying your customers and checking that they’re exactly who they’re claiming to be. This process usually involves collecting information from the customer and asking them for a copy of their official government-issued identity document, which can be used to verify their identity.
There are three levels of due diligence. Although these are sometimes known as level 1, level 2 and level 3 due diligence, they’re more commonly referred to as simplified, standard, and enhanced due diligence.
Here, we’ll take a look at what each of these levels of due diligence involves in greater detail. We’ll also examine which level of due diligence you need and how we can support your due diligence checks. But, before we dig into the details about the different levels of due diligence, let’s first look at when due diligence is required.
Institutions should carry out customer due diligence measures under the following circumstances:
When carrying out due diligence, companies must meet the following regulatory obligations:
Once you’ve gathered the identification information outlined above, you can sort your customers by risk level (usually low, medium and high) to indicate how much money laundering risk they pose. This risk profile determines how much due diligence is required. High-risk customers need a more in-depth due diligence process than low-risk customers.
Simplified due diligence is the lowest level of due diligence. It can be applied when a risk assessment has determined that there is a particularly low or negligible risk of money laundering and terrorist financing. Simplified due diligence is usually used for well-known public enterprises, individuals who have a reliable source of funds, and customers who only make small transactions.
When carrying out simplified due diligence, you only need to identify the customer. There is no need to then verify their identity. However, that said, you must also provide proof that this customer was eligible for simplified due diligence and you may decide that it’s still best to verify the identity of the individual anyway to ensure the customer is being honest. This can also protect your business and prevent fraudsters from accessing your services.
Once the simplified due diligence process has been completed, you must also continually monitor the business relationship for trigger events that may create a requirement for further due diligence to be carried out.
A number of different factors can help you determine whether the situation only requires simplified due diligence. These factors include the service or the product being offered and the type of customer you’re engaging with.
For example, customers that are required to disclose information regarding their ownership structure and business activities, or companies that are subject to money laundering regulations, are seen to be less risky than those that do not have to disclose this information.
Standard due diligence is the most common level of check. It involves not only identifying the customer, but also verifying their details. If your customer is acting on someone else’s behalf, then you must also verify this individual’s identity before doing any business with them.
To ensure that the customer is exactly who they’re claiming to be, you must collect their information, including at least their full name, their date of birth, and their address. Following this, you must also ask them for a copy of a government-issued identity document and a selfie. This way, you can verify their identity and check their identity against third-party databases, which will flag any potential issues. If the customer is another business, you must ask for additional identifying information about the customer’s business model, source of funds, and beneficial ownership.
On top of this, during standard due diligence, you must also establish the purpose and intended nature of the business relationship or transaction.
Once you’ve onboarded the customer, you must then monitor their transactions on an ongoing basis. In doing so, you must check that the customer’s activity is in line with their risk level and how you expected them to use your products and services.
Enhanced due diligence is reserved for high-risk customers, such as politically exposed persons (PEPs) and people who are the target of economic sanctions. Enhanced due diligence is rigorous and intensive, with additional measures including:
On top of this, the enhanced due diligence process must take into consideration all relevant adverse information. Any information that pertains to money laundering or corruption must be considered.
Although most businesses are primarily concerned with the different levels of due diligence when onboarding customers, ongoing monitoring is required at all levels of due diligence.
When conducting ongoing monitoring, the business must check that the client’s activities and transactions are consistent with their risk profile. By continually checking this, the business can also uncover patterns of behavior that may reveal that the customer’s activities are suspicious or that their risk profile has changed and that further due diligence checks need to be carried out. Ongoing monitoring involves:
Although ongoing monitoring applies to all business relationships, the amount of ongoing monitoring required should be scaled to reflect that customer’s risk profile. For example, customers who are seen as a high risk should be monitored more closely and more regularly than those that are low risk.
Customer due diligence is a foundation of the Know Your Customer (KYC) process. This process requires companies to understand who their customers are, their financial behavior, and what kind of money laundering or terrorism financing risk they present. All Financial Action Task Force (FATF) member states must implement customer due diligence requirements as part of their domestic AML/CFT legislation.
Generally speaking, when onboarding most customers, firms will need to collect a customer’s name and address, information about the business in which they are involved, and how they will use their account. In order to ensure that customers are being honest, companies will then verify that information with reference to official documents such as driving licenses or passports. However, the approach taken should always be risk-based, and there’s no one-size-fits-all approach to due diligence.
According to guidance from the Financial Action Task Force (FATF), anti-money laundering measures must take a risk-based approach that reflects the specific AML/CFT risk posed by each customer.
By conducting a risk-based approach to due diligence, a company can balance its compliance obligations with its budget and its resource requirements. Plus, this risk-based approach can also preserve the customer experience, ensuring that the onboarding process isn’t too onerous for low-risk customers.
This is because, as part of a risk-based approach, a business can deploy faster and more efficient customer due diligence for low-risk customers, and slower, more intensive, enhanced due diligence for high-risk customers. If all customers were subjected to enhanced due diligence, the customer experience would be adversely affected and conversion rates would be lower.
As a result, you need to make sure that your customer due diligence processes are as streamlined as possible and that each customer is only subjected to necessary checks. To do this, ensure your customer due diligence process includes all of the following steps:
Finally, you should also create risk assessments and process flows that demonstrate exactly how your business handles due diligence and why it takes the steps that it does. While national risk assessments highlight money laundering risks in general (such as whether one nation poses a particularly high level of money laundering risk), every financial organization must complete its own company-wide risk assessment as well as a risk assessment for each customer and area of the business.
A risk assessment must include:
Here are Veriff, we’ve developed a range of products that can help support your due diligence efforts. With the help of our AML and KYC compliance solution, you can employ the checks you need to ensure regulatory compliance while also making the onboarding process as smooth and efficient as possible for your customers.
Our AML and KYC compliance solution starts with identity verification. Thanks to leading identity fraud prevention and automated and accurate decision making, you can ensure that your customers are who they say they are and fight identity fraud.
Following this, we can ensure that you’re complying with regulations and fighting financial crime by screening your customers against global sanctions and politically exposed persons lists. To ensure accuracy and confidence, our list coverage is updated in real-time.
But, we also understand that predicate crimes can indicate increased risk. As a result, we screen for negative information and news to help you accurately assess the potential AML risk exposure of their customers.
Finally, to help with your ongoing monitoring efforts, we continually screen customer lists against PEP watchlists, global sanctions lists, and adverse media. You’re then notified with automated screening if something changes with your existing or previously onboarded customers.
If you’re interested in learning more about the different levels of due diligence and how our solutions can help you scale your due diligence efforts, then contact our experts today.
Our dedicated and experienced due diligence experts would love to provide you with a personalized demonstration that shows you exactly how our solutions can help you perform due diligence and meet your regulatory requirements.