The term Due Diligence is used in different ways. Its use and application vary depending on the sector, area or type of process in which it is applied. Although KYC (Know Your Customer) and CDD (Customer Due Diligence) are very similar, there are some nuances or differences between them that we will address in this text. It is generally used for concepts and situations where an investigation of a natural or legal person must be carried out prior to a contractual relationship or other type of exchange. It is important to keep in mind that the identification of the entity (company or individual) on which the due diligence procedure will be carried out is an essential preliminary step. KYC and CDD policies are the cornerstone of any AML (Anti-Money Laundering) policy developed in a company and both depend on the need to verify the identity of clients who do business with companies and individuals subject to the implementation of AML measures. Put simply, know-your-customer (KYC) refers to performing customer due diligence (CDD), i.e. verification of the client's identity. Therefore, it is difficult to distinguish between KYC and CDD, as the latter is an integral part of the former.

Customer Due Diligence (CDD) is mandatory for every person bound by the Act that communicates with customers and is covered by Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. Its purpose is to prevent financial crime and reveal any risks to your organization that could arise from doing business with certain clients.

So how are CDD and KYC different?

KYC specifies the checks that are carried out at the beginning of a customer relationship to identify and confirm that those customers are who they say they are. This is especially important for companies subject to anti-money laundering (AML) regulations. Know Your Customer processes therefore allow the creation of a risk profile of the customer by retrieving their data before the start of the business relationship, usually in the process of digital integration by collecting their personal data and identification document.

Due diligence, on the other hand, refers to the investigation itself. In this way, we are talking about the process of legal due diligence or legal audit, which refers to the preliminary review of a person or company in order to assess possible risks when establishing an economic relationship with them. Customer Due Diligence, enables assessment of whether the information provided by clients during registration is correct. Furthermore, CDD checks must be carried out on an ongoing basis for as long as the relationship with the client exists, which requires keeping and updating transaction records. The investigation is aimed at understanding the reality of the company or person and ensuring beyond a reasonable doubt that they have not committed or are not committing any crime and that they don't think about it. It is a process of researching information carried out by one of the participants in a negotiating relationship in order to assess the risks and the situation at the time of the negotiation.

KYC checks are therefore carried out at an early stage of establishing a business relationship, when we check potential customers, while Customer Due Diligence (CDD) continuous monitoring of suspicious activity aimed at money laundering, both of which are a key part of an anti-money laundering (AML) program.

At this point, I'm sure this seems a bit mind-boggling... okay, now you're talking about AML ? And how is that different from KYC?

What is the difference between KYC and AML?

The main difference between AML and KYC is as follows:

• AML is a broader term that describes the framework responsible for monitoring and controlling all suspicious activities to prevent money laundering and includes other actions and checks in addition to KYC activities.
• KYC refers to the process verification and identification of customers carried out using various tools and software.

In addition, AML focuses more on government procedures and measures, while KYC refers to how companies and individuals subject to these procedures comply with these regulations.

What is Customer Due Diligence?

To obtain information about a company or person, the first step is to identify them. In other words, to ensure that the person or company is who they say they are. Once identification has been carried out, relationships of trust can be established and a due diligence process can be developed. This is widely known in the financial sector, where enhanced operational Due Diligence is required, even for existing customers who have not been subject to this procedure. Entities manage risk models that are used to identify high-risk companies and/or clients. In the due diligence process of any company targeting an individual or self-employed person, the KYC process is the first step in conducting an investigation.

As a result, every financial company must adhere to legal due diligence, financial due diligence, customer or client due diligence, operational due diligence and technical due diligence in all its processes.

Legal due diligence and regulations related to KYC

Like all legal processes, legal Due Diligence must comply with all applicable regulations that affect it, given the nature of the process. In this regard, the regulations involved are:

• GDPR: The General Data Protection Regulation regulates the protection of people in relation to the handling and use of their personal data. Any due diligence process must comply with the GDPR due to the handling of the data of the entity under investigation by the company.
• KYC/AML and Customer Due Diligence: The Fifth Anti-Money Laundering Directive, or 5AMLD, regulates all aspects of anti-money laundering actions in all types of processes, both offline and online. It is a mandatory standard that affects all industries, but especially the financial and banking sector, developing techniques to prevent fraud and money laundering with ongoing Due Diligence focused on AML.

Types of Due Diligence

There are different types of CDD, from simplified SDD to extensive Due Diligence (EDD). In this article, we will focus on the standard CDD requirements. Customer Due Diligence (CDD) is a series of checks that help you confirm the identity of your customers and assess their risk profiles.

CDD is a regulatory requirement for companies that engage in customer relationships and is a large part of anti-money laundering (AML) and know-your-customer (KYC) guidelines.

CDD involves analyzing information from a variety of sources, including customer, sanctions lists, and public and private data sources. The information you collect depends on your customer’s risk profile, but a basic customer due diligence requires the following:

• Information about the identity of your customers, such as their name, address, and a photo of a government-issued ID.
• An overview of your customers’ activities and the markets they operate in.
• An overview of any other entities your customer does business with.

CDD Meaning: Different Types of CDD

CDD is an important part of your company’s risk management. Different customers pose different levels of risk, so CDD is conducted using a risk-based approach. You should assess the potential level of risk for each customer and tailor your due diligence approach accordingly. For most customers, standard due diligence practices — which require you to identify and verify the identity of customers — are appropriate.

In certain lower-risk scenarios, simplified due diligence may be sufficient. When performing simplified due diligence, you only need to identify your customers, not identify and verify them. On the other hand, there may be cases where standard due diligence is not sufficient. In this case, you should adopt enhanced due diligence.

Who does CDD apply to?

Customer due diligence primarily applies to financial services. All companies operating in member countries of the Financial Action Task Force (FATF) are required to conduct CDD on customers — as outlined in the FATF’s 40 Recommendations. For example, this would apply to someone applying for a loan, opening a remittance account, or opening a bank account.

Customer due diligence for banks

Financial institutions are required to take a risk-based approach to customer due diligence as part of their KYC and other regulations. This ensures that the organization remains compliant with the local laws and regulations of the markets in which they operate. The level of CDD in banking will depend on the type of relationship between the bank and the customer and their risk profile. However, in general, banks must take the necessary steps to ensure that the customer is who they say they are in order to prevent fraudulent activities such as identity fraud or impersonation.

When should you apply CDD in banking?

When establishing a business relationship, or before a new business relationship between a client and a client, banks must conduct due diligence to verify the client’s risk profile, verify who they are and ensure that they are not using a false identity.

• Occasional transactions: Certain transactions may require further CDD measures. For example, transactions above a certain monetary amount (EUR 10,000) or if the client transacts with high-risk individuals or regions.
• Suspicious activity: Banks must conduct CDD checks if the client is suspected of activity related to money laundering or terrorist financing.
• Unreliable identification: If the information provided by your client is unreliable, suspicious or does not meet the requirements, banks should apply additional CDD measures.

What are the 4 requirements of customer due diligence?

In the United States, the FinCEN Customer Due Diligence Rule requires financial institutions to establish and maintain policies around four specific activities:

• Identifying and verifying the identity of customers.
• Identifying and verifying the identity of company ownership.
• Understanding the nature and purpose of customer or client relationships to develop customer risk profiles.
• Conducting ongoing monitoring to identify and report suspicious activities or transactions, and maintaining and updating customer data related to risks and risk levels.

Customer Due Diligence checklist

The first step is to conduct simple investigations, such as customer identification and verification. Companies are required to verify the identity of their customers before or during the initiation of that company-customer relationship. These requirements apply to all new customers as part of the Know Your Customer (KYC) policy.

There are several ways that companies can verify the identity of customers. One approach is online document verification, which involves digitally assessing the legitimacy of the customer’s identification document as part of the onboarding process.

In addition to identity verification, companies should also consider the customer’s financial information (current and prior) as well as their business activity.