Financial institutions are susceptible to risks of money laundering, terrorist financing and proliferation financing activities. Therefore, anti-money laundering and combating the financing of terrorism organisations mandate financial and non-financial institutions to implement strict AML policies. Also, they must conduct due diligence procedures to detect ML/TF and PF risks. Now, what is AML due diligence, and how does it work? So, in this blog, we’ll discuss due diligence measures, its operational processes, and more. So, let’s dig into the details:
What is Customer Due Diligence?
Customer Due Diligence (CDD) serves to discover prospective clients while verifying their real identity and genuine nature. The process involves checking customer-provided details for legal accuracy and validity through cross-verification practices.
The fundamental meaning of CDD stays constant, yet industry-specific procedures vary widely. The customer due diligence process consists of four parts: simplified, standard, enhanced and ongoing.
A business performs CDD to reduce the possibility of financial crimes that include money laundering or terrorism financing activities. It is a multi-dimensional method that serves as a base for building business trust and credibility while ensuring anti-money laundering compliance throughout the market.
Role of Due Diligence Measures in AML Compliance Framework
Regulated entities must implement a due diligence policy as an essential step of UAE AML laws, which includes verifying customers thoroughly while assessing their risk profiles and continuously monitoring them from start to end. Well-implemented due diligence ensures reporting entities detect various risk levels among customers while selecting suitable CDD safeguards for AML risk assessment.
Moreover, the regulatory framework of the UAE gives reporting entities an all-encompassing method to combat ML/FT using CDD when working with new and existing customers. CDD is vital for reporting entities to follow regulations and secure themselves from financial misconduct.
Three Types of Anti-Money Laundering Due Diligence
The AML compliance framework mandates that institutions implement simplified due diligence (SDD) and customer due diligence (CDD), followed by high-level scrutiny measures and enhanced due diligence. The customer risk profile determines the boundaries between the three due diligence types:
- Standard Customer Due Diligence: Low-Risk Category
AML UAE demands that every business performs simplified due diligence as the basic level of investigations for customer onboarding. Financial crime risk scoring at lower levels justifies the application of this type of diligence. AML’s SDD procedures aim to identify the customer and verify the documentation.
- Customer Due Diligence: Medium-Risk Category
The financial industry utilises customer due diligence to verify medium-risk clients, which serves as their main standard compliance procedure. Moreover, the procedure seeks to gather user data, enabling investigators to confirm the identity of their customers and evaluate elevated risk factors.
Financial institutions and other institutions must implement AML customer due diligence as mandatory regulatory compliance during low- to medium-risk jurisdictions operations.
- Enhanced Due Diligence Process: High-Risk Category
Employing EDD measures will let organisations effectively evaluate money laundering threats and high-risk customers.
EDD process drives AML-focused due diligence, which turns suspicious measures against money laundering into corporate social responsibility practices.
Businesses must continuously monitor their AML regulatory regimes under global requirements from financial intelligence units based on diverse financial risk assessments.
5 Regulatory Bodies Governing Due Diligence Procedures in AML
The regulatory guidelines for enhanced customer due diligence compliance on AML risks become specific according to the nature of the business and jurisdictional and geographic factors where operations occur.
The following list showcases internationally accepted regulatory organisations which pursue enhanced due diligence measures and AML controls;
- Financial Action Task Force
- EU (European Union)
- Financial Stability Board
- OECD (Organization for Economic Co-operation and Development)
- Basel Committee on Banking Supervision
- Central Bank of the UAE (CBUAE)
What are the Requirements for Anti Money Laundering Customer Due Diligence?
Customer due diligence gives rise to four primary regulatory requirements, which include:
- Identity Verification: Financial institutions must verify the identity of their customers through valid independent documentation that provides reliable information.
- Risk Assessment: Risk evaluation associated with each customer requires financial entities to consider elements such as customer background information, business type, nature of the business relationship, and operational country location.
- Ongoing Monitoring: Entities are required to assess accounts and transactions regularly to identify unexpected activities that differ from what customers expect or their normal business patterns.
- Beneficial Ownership: Institutions serving legal entity clients must determine the ownership and control relationships within their customer base to identify ultimate beneficial owners.
AML Customer Due Diligence Checklist: Step-by-Step Process
Below, we’ve discussed the essential steps to carry out customer due diligence properly:
1# KYC: Identification and Verification
The initial CDD requirement demands the establishment of customer identification alongside verification before starting any business connection. The identification procedure for clients, which leads to understanding who they are, becomes known as Know-Your-Customer (KYC). Customer verification stands as the primary part of this process. The customer identity identification step, followed by verification, constitutes the two main segments of KYC, which are as follows:
- Identification and Collection of Customer Information
As part of CDD, current and potential customers must initially acquire vital data. Business organisations should employ a Know Your Customer to accomplish this task. The customer due diligence checklist requires collecting all the following items of information:
KYC for Natural Persons
The below information needs to be obtained from every customer during the CDD process:
- Complete Name
- Address of the customer
- Contact numbers
- Additional/ alternative contact numbers
- Legit, accessible, and working email address
- Place of birth
- Date of birth
- Nationality
- Gender
- Government-issued identification number
- Occupation
- Signature
A minimum set of requirements includes acquiring documentation consisting of ID records and proof of residence.
KYC for Legal Entities
The following details need to be obtained from business entity customers:
- Name of the business entity
- Type of the business entity
- The entity declares what type of business activities it conducts.
- Date and place of establishment
- Documentation enclosing data about directors serving on the board is necessary.
- Certificate of establishment/incorporation
- The procedure involves gathering all information regarding shareholders and ultimate beneficial owners.
- Annual report for the previous year
- Information about senior management
A trade license, Memorandum of Association, Articles of Association, address proof, UBO details, an organisation chart and a copy of the incorporation certificate should also be obtained.
- Verification of the customer
The next stage of KYC during CDD requires businesses to authenticate the details obtained in the identification phase. Most gathered information has a confirmatory value from either government websites or independent, credible institutions. Customers can verify identity cards or passports with tax receipts using their specific numbers on official government websites.
2# Name Screening
This process confirms whether the customer belongs to sanctioned groups, is politically exposed or possesses a criminal past with media reports. The purpose of name screening consists of verifying that the customers do not belong to any of these categories:
- A sanctioned individual or an entity
- Politically Exposed Persons (PEPs)
- A person reported by media about any kind of money laundering activities
3# Customer Risk Profiling
The AML compliance officer considers various factors when evaluating and determining customer risk levels during this stage. The following risk indicators guide the risk-based customer due diligence operations:
- Type and nature of business relationship/transaction
- Nationality of the customer
- Political exposure of the customer
- The payment methods include cash and bank transfers or cheques.
- Net worth of the individual
- Documentary evidence available
- Amount of transaction
- The complexity of the business structure
- Local/international business
- The business deal with a blacklisted country-based customer\
- The company conducts business deals with residents from grey-listed jurisdictions.
Customer Risk Rating
After profiling customer risks, DNFBPs and FIs should select their protective monitoring systems and control measures for high-risk customer scrutiny. The customers receive classifications as low-risk, medium-risk, and high-risk, establishing their necessary monitoring criteria, including frequency.
4# Ongoing Due Diligence Monitoring
After completing due diligence and establishing an adequate risk classification, the organisation must continuously observe its customers’ risk profiles. Frequent monitoring procedures must be conducted on all payment records for accounts that received identification purposes.
Customers should engage in normal business operations while their behaviour and financial transactions must stay consistent with standard activities, which needs continuous review. Moreover, risk factors determine the frequency of the ongoing due diligence process.
5# Reporting Suspicion
To identify high-risk customers, reporting entities must investigate potential suspicions and valid concerns which arise while implementing CDD measures. To fulfil the reporting requirement, the platform goAML uses suspicious activity reports (SARs). Employees, company directors, and officers have an absolute restriction against warning customers when a SAR/STR has been filed regarding them.
The reporting system requires personnel to submit HRC and HRCA documents for customers from risk-designated areas.
6# Record Keeping
The record-keeping procedure concludes the entire AML CDD process. Organisations must keep CDD-related records in agreement with their document retention policies and requirements stated in AML/CFT law. Further, AML/CFT regulations in the UAE require businesses to store client due diligence records and equivalent AML/CFT documentation for five years starting from the relevant dates.
Different supervisory agencies implement their requirements regarding how long records should be maintained:
- Online asset operators (VASPs) have to operate under the regulatory demands of the Virtual Assets Regulatory Authority (VARA) and keep records for 8 years.
- Senior finance professionals and DNFBPs in Dubai International Financial Centre (DIFC) must store both AML/CFT documentation and CDD records for six years.
- The AML/CFT compliance and CDD records of DNFBPs and VASPs in the Abu Dhabi Global Market (ADGM) must be kept for 6 years.
A systematic record system enables DNFBPs to fulfil their reporting duties under AML/CFT regulations. Thus, the necessary details are provided to supervisory authorities upon request after any Suspicious Transaction Report submission.
Best Practices to Implement Effective CDD Program
Reporting entities need to follow the below steps to implement a robust due diligence program:
- Adopting a Risk-Based Approach
Different levels of risk must be considered when reporting entity engagements with their diverse range of customers. Weakening risk-based customer due diligence methods to fit individual customer assessment results is essential for entities.
Reporting entities should use a risk-based approach to develop CDD measures incorporating various risk factors from their industry position, geographical location, transaction volume, and product service usage. Organisations must choose the most critical risks from all possible risks before putting appropriate safeguards into action.
- Sanctions Name Screening, PEP Screening and Adverse Media Checks
The entire essence of CDD revolves around evaluating client risk through processes that identify and confirm customer profiles and their behaviours. Reporting entities must deploy thorough screening systems to locate matches with sanctioned entities and politically exposed persons (PEPs) through sanction lists and adverse media findings as part of their CDD screening process.
Such processes allow reporting entities to reduce their exposure to risky customers performing illicit or high-risk activities.
- CDD Process Automation
Modern automated CDD systems enable reporting entities to access data retrieval platforms while assessing the data and evaluating risk levels to generate decisions about accepting new customers. The automated systems improve AML compliance operations for entities while minimising human errors and boosting their ability to handle ML/FT and PF dangers.
- Regulatory Reporting
Reporting requires entities to evaluate suspicious activities before making accurate reports to relevant authorised authorities according to regulatory rules. Staff members must pay full attention to assessments of customer risk levels through CDD procedures that evaluate suspicious activities and transactions.
Moreover, the assessment outcome requires reporting entities to submit STR/SAR with other necessary regulatory documents through the goAML portal without delay.
- CDD Training Programs
Conducting CDD requires expertise. Organisations need reporting entities to deliver detailed educational training about CDD processes to staff members who execute this duty. Organisations must establish training sessions that teach employees about CDD standards, risk analysis methods, and CDD software system usage.
- Record Keeping
The compliance requirement for reporting entities includes maintaining documentation on AML measures. The proper maintenance of complete and precise documentation for CDD operations becomes essential.
Thus, reporting entities must keep detailed records of KYC documents, including their risk assessments and transaction logs, to ensure that the customer experience is well-sustained.
Final Words
Implementing Customer Due Diligence (CDD) becomes essential to maintaining AML compliance and lowering business financial threats. Financial institutions can protect themselves from money laundering and terrorist financing by using a systematic approach that includes identity verification procedures, risk assessment, and proper documentation. Moreover, a solid AML due diligence framework creates trust and safeguards the financial ecosystem through fraud reduction and expanded transparency.
Modern business operations face money laundering risks when they fail to maintain proper AML compliance standards. Therefore, Xpert Advisory provides comprehensive end-to-end AML solutions, including advanced customer due diligence measures to meet your business security requirements. Contact us right now to improve your AML plan of action!
FAQs
What are the Four P’s of Due Diligence?
Due diligence includes four essential components: people, performance, philosophy, and process. These fundamental factors create the basic structure enabling proper due diligence evaluation, which examines personnel involvement, performance tracking, investment strategy, and operational procedures.
What is CDD and EDD?
The implementation of know your customer (KYC) processes by businesses consists of two linked stages called customer due diligence (CDD) and enhanced due diligence (EDD). The financial services industry becomes the primary area where these requirements exist despite regulatory bodies requiring them in multiple sectors.
What are the 3 Categories of AML Due Diligence?
All types of due diligence procedures performed in businesses fall under 3 categories: legal, financial, and commercial due diligence.
