Customer Due Diligence (CDD) in Money Laundering Prevention: Performing CDD and steps taken to Investigate a customer

First defining a customer to a business/organization and why to Investigate them?

A customer refers to any individual or an entity engaged in a relationship with a business by maintaining an account or utilizing its product offerings or services.
Various circumstances can initiate an investigation into a customer such as alerts from the organization’s transaction monitoring systems or from an ongoing broader investigation or even from intelligence received from law enforcement.
But before we get into the steps Involved while performing a CDD, lets understand the type of CDD required for a customer

The level of Customer Due Diligence (CDD) are we performing?

The level of CDD to be performed is determined by the risk posed by the customer. More the risk, more the level of due diligence is to be performed.
We can break this down to four levels of due diligence (based on jurisdictions, some may only have three or even two) to be performed and they are: Customer Identification Process (CIP), Simplified Due Diligence (SDD), Standard Due Diligence (SDD), and Enhanced Due Diligence (EDD). 

1. Customer Identification Process (CIP):
   • Example: A customer opens an account using seemingly legitimate documents. To verify the authenticity, an organization might use independent sources like government databases or third-party verification services.
2. Simplified Due Diligence (SDD):
   • Example: A low-risk customer, such as a salaried employee, opens a savings account. The bank performs basic checks like verifying identity and employment status because the risk of money laundering is minimal.
3. Standard Due Diligence (SDD):
   • Example: A small business owner opens a business account. The bank reviews public records, conducts interviews, and evaluates the business model to categorize the risk as low or medium.
4. Enhanced Due Diligence (EDD):
   • Example: A politically exposed person (PEP) opens an account. The bank conducts a more detailed investigation, including in-depth background checks, source of funds verification, and ongoing monitoring due to the higher risk of financial crime.
   •  

Four Steps I take to Investigate while performing customer due diligence

Step 1: The first step is assessing what information I already know about the customer and what is it that I want to know?
I examine the customer’s profile, starting with an initial assessment of the customer due diligence (CDD) file. This CDD information provides insights into the customer’s expected activities, location, and the purpose of their relationship with the organization. For corporate entities, the customer file should include information of the company including their structure, the beneficial owners of the company, directors, and shareholders.

Local bakery example: A bank needs to assess what is already known about a new customer, a local bakery owner, and identify gaps in information. The goal is to determine what information is required to complete the customer profile and risk assessment.

Step 2: Exploring and researching the information you want to know about?
The subsequent step often involves exploring the customer’s transactions. Why did a transaction/s trigger an investigation. Did the Customers transactions deviate from the customers expected activity? Did a Senior customer move funds into a high-risk product such as dealing with Crypto currencies? There may be some outliers, however this needs to assessed according to the customers usual behaviour.

How is the customer connected to other entities or individuals. For businesses, this could mean investigating the partners involved in that business or their associates to better understand the operating environment. This part of investigation could include publicly available information such as the company website, corporate registry details, social media searches such as LinkedIn, Facebook etc.

Local bakery example: The bank explores the customer’s background by checking public records, business registration documents, and conducting interviews to gather comprehensive information about the bakery owner’s business operations and financial history.

Step 3: Next is identify What information is relevant to the Investigation? Organizing your information in a structured format
When investigating adverse media, I assess the consistency and reliability of the sources. Is the source a blog or an emerging news portal or from a reliable source and is the information consistent with other sources?

Local bakery example: The bank organizes the collected data into a consistent profile, highlighting the bakery owner’s business model, transaction patterns, and any potential risks. This helps in assessing the overall risk level and deciding on the due diligence approach.

Step 4: The final step is to present the customer and the relevant information you know to the relevant stakeholders and documenting your research including all steps taken

Local bakery example: The bank presents the findings in a detailed report, documenting the bakery owner’s risk profile, due diligence process followed, and any red flags identified. This report is used by compliance and management teams for decision-making and ongoing monitoring.

To conclude by following these steps, organizations can effectively manage ML/TF risks. The process starts with assessing what is known and identifying gaps, exploring to gather necessary information, organizing the data meaningfully, and presenting findings comprehensively. This methodology ensures thorough and efficient due diligence, adapting to different levels of risk and types of customers.

These are just my approaches, there are always better methods to research.

Did I miss out on anything Important, or do you have other approaches you take to research, I am keen to hear in the comments?