First defining a customer to a business / organization and why to Investigate them?
A customer refers to any individual or an entity engaged in a relationship with a business by
maintaining an account or utilizing its product offerings or services.
Various circumstances can initiate an investigation into a customer such as alerts from the
organization’s transaction monitoring systems or from an ongoing broader investigation or
even from intelligence received from law enforcement.
But before we get into the steps Involved while performing a CDD, lets understand the type
of CDD required for a customer
The level of Customer Due Diligence (CDD) are we performing?
The level of CDD to be performed is determined by the risk posed by the customer. More
the risk, more the level of due diligence is to be performed.
We can break this down to four levels of due diligence (based on jurisdictions, some may
only have three or even two) to be performed and they are: Customer Identification Process
(CIP), Simplified Due Diligence (SDD), Standard Due Diligence (SDD), and Enhanced Due
Diligence (EDD).
- Customer Identification Process (CIP):
o Example: A customer opens an account using seemingly legitimate
documents. To verify the authenticity, an organization might use
independent sources like government databases or third-party verification
services. - Simplified Due Diligence (SDD):
o Example: A low-risk customer, such as a salaried employee, opens a savings
account. The bank performs basic checks like verifying identity and
employment status because the risk of money laundering is minimal. - Standard Due Diligence (SDD):
o Example: A small business owner opens a business account. The bank
reviews public records, conducts interviews, and evaluates the business
model to categorize the risk as low or medium. - Enhanced Due Diligence (EDD):
o Example: A politically exposed person (PEP) opens an account. The bank
conducts a more detailed investigation, including in-depth background
checks, source of funds verification, and ongoing monitoring due to the
higher risk of financial crime.
Four Steps I take to Investigate while performing customer due diligence
Step 1: The first step is assessing what information I already know about the customer and
what is it that I want to know?
I examine the customer’s profile, starting with an initial assessment of the customer due
diligence (CDD) file. This CDD information provides insights into the customer’s expected
activities, location, and the purpose of their relationship with the organization. For
corporate entities, the customer file should include information of the company including
their structure, the beneficial owners of the company, directors, and shareholders.
Local bakery example: A bank needs to assess what is already known about a new
customer, a local bakery owner, and identify gaps in information. The goal is to determine
what information is required to complete the customer profile and risk assessment.
Step 2: Exploring and researching the information you want to know about?
The subsequent step often involves exploring the customer’s transactions. Why did a
transaction/s trigger an investigation. Did the Customers transactions deviate from the
customers expected activity? Did a Senior customer move funds into a high-risk product
such as dealing with Crypto currencies? There may be some outliers, however this needs to
assessed according to the customers usual behaviour.
How is the customer connected to other entities or individuals. For businesses, this could
mean investigating the partners involved in that business or their associates to better
understand the operating environment. This part of investigation could include publicly
available information such as the company website, corporate registry details, social media
searches such as LinkedIn, Facebook etc.
Local bakery example: The bank explores the customer’s background by checking public
records, business registration documents, and conducting interviews to gather
comprehensive information about the bakery owner’s business operations and financial
history.
Step 3: Next is identify What information is relevant to the Investigation? Organizing your
information in a structured format
When investigating adverse media, I assess the consistency and reliability of the sources. Is
the source a blog or an emerging news portal or from a reliable source and is the
information consistent with other sources?
Local bakery example: The bank organizes the collected data into a consistent profile,
highlighting the bakery owner’s business model, transaction patterns, and any potential
risks. This helps in assessing the overall risk level and deciding on the due diligence
approach.
Step 4: The final step is to present the customer and the relevant information you know to
the relevant stakeholders and documenting your research including all steps taken
Local bakery example: The bank presents the findings in a detailed report, documenting the
bakery owner’s risk profile, due diligence process followed, and any red flags identified. This report is used by compliance and management teams for decision-making and ongoing
monitoring.
To conclude, by following these steps, organizations can effectively manage ML/TF risks. The
process starts with assessing what is known and identifying gaps, exploring to gather
necessary information, organizing the data meaningfully, and presenting findings
comprehensively. This methodology ensures thorough and efficient due diligence, adapting
to different levels of risk and types of customers.
