top of page

Customer Due Diligence (CDD): Everything You Need to Know

  • Jeri-Lea Brown
  • Feb 21
  • 5 min read

Image of two employees looking at a laptop screen

We work in a complex business environment. What was once a question of gut instinct and relationships to know who to do business with is now much more complicated as businesses operate globally in a much more autonomous manner. Valuable deals and contracts are often agreed between parties who have never met and have no existing relationship. Knowing who you're doing business with is more crucial than ever.


Customer Due Diligence (CDD) is a fundamental process that helps organisations do just that. This guide delves into what customer due diligence (CDD) is, why it matters, and how to conduct customer due diligence effectively.


What is Customer Due Diligence (CDD)?

CDD is a series of checks and procedures to help you verify your customers' identities, assess potential risks, and ensure compliance with legal obligations. CDD is a regulatory requirement for companies entering into business relationships and is a big part of anti-money laundering (AML) and know your customer (KYC) directives.


The primary goal of CDD is to confirm a customer's identity and understand the nature of the business relationship to prevent involvement in illicit activities such as money laundering or terrorist financing.


In the UK, legal requirements for KYC and customer due diligence are outlined in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. These regulations mandate that businesses perform CDD in specific situations, including:


  • Establishing a new business relationship.

  • Conducting occasional transactions amounting to €15,000 or more.

  • Suspecting money laundering or terrorist financing.

  • Doubting the veracity of previously obtained customer identification data.


These regulations require businesses to verify their clients' identities using reliable, independent sources, such as passports or other government-issued identification documents. Additionally, if there's a beneficial owner who isn't the direct client, reasonable measures must be taken to identify and verify them.


Why is Customer Due Diligence Important?

Implementing robust CDD processes offers several benefits:


  • Regulatory Compliance: Adhering to CDD requirements ensures compliance with UK laws and regulatory bodies helping businesses avoid legal penalties and reputational damage.

  • Risk Management: Understanding your customer's background helps identify potential risks, protecting the business from fraud, financial crime and prevent money laundering.

  • Trust Building: Demonstrating a commitment to due diligence fosters trust with clients, partners, and regulators. It is a tangible process of risk assessment to prevent money laundering and other financial crimes. For customers who have no red flags, it serves as a solid basis from which to do business.


The Difference Between KYC and Customer Due Diligence

While often used interchangeably to assess customer risk, Know Your Customer (KYC) and Customer Due Diligence (CDD) are distinct concepts:


  • Know Your Customer (KYC): This involves the initial identification and verification of a customer's identity during the onboarding process.

  • Customer Due Diligence (CDD): A broader, ongoing process that includes KYC but also encompasses continuous risk assessment and monitoring of customer activities to assess the risk profile throughout the business relationship.


In essence, KYC is a component of the comprehensive know your customer due diligence framework.


Understanding Normal, Simplified & Enhanced CDD

Businesses apply different levels of due diligence depending on the assessed risk level of the customer:


  • Normal CDD: Standard due diligence measures applied to most customers.

  • Simplified Due Diligence (SDD): Applied to low-risk customers, such as regulated institutions, where full due diligence isn't necessary.

  • Enhanced Due Diligence (EDD): Used for higher risk customers, such as politically exposed persons (PEPs) or those in high-risk jurisdictions, requiring deeper scrutiny and additional verification.


How to Conduct Customer Due Diligence Effectively: Step-by-Step

  1. Customer Identification and Verification: Collect and verify information such as the customer's full name, date of birth, and residential address using reliable documents like passports or utility bills.

  2. Beneficial Ownership Identification: Identify individuals who ultimately own or control a business entity, especially those with a significant ownership stake.

  3. Understanding the Business Relationship: Gather information about the purpose and intended nature of the business relationship to assess potential red flags and identify higher risk clients.

  4. Ongoing Monitoring: Regularly review and monitor customer transactions to ensure they align with the established risk profile and to detect any unusual or suspicious activities.


Legal Requirements for Customer Due Diligence (CDD)

Businesses operating in the UK must comply with several regulatory frameworks:


  • Money Laundering Regulations 2017: Outlines when and how businesses must conduct CDD.

  • Proceeds of Crime Act 2002: Defines money laundering offenses and obligations for businesses to report suspicious activities.

  • Terrorism Act 2000: Imposes measures to prevent terrorist financing.


Non-compliance with these laws can result in severe penalties, including fines and imprisonment.


Common Challenges in Customer Due Diligence & How to Overcome Them

  • Complex Ownership Structures: Identifying beneficial owners in layered corporate structures can be difficult. The solution is to use specialised tools to trace ownership and verify identities.

  • Data Privacy Concerns: Balancing data collection with privacy regulations in line with regulatory bodies requires careful handling. The mitigate any risk, ensure data collection complies with GDPR and data protection laws.

  • Resource Constraints: Smaller businesses may lack resources for comprehensive CDD, leaving them more vulnerable to financial crime. In this case, consider outsourcing business services to conduct a thorough CDD process and risk assessment.


Best Practices for Effective Customer Due Diligence

  • Adopt a Risk-Based Approach: Tailor the depth of due diligence to the assessed risk level of each customer.

  • Stay Updated with Regulations: Regularly review and update your policies to align with current laws and legal requirements.

  • Invest in Training: Equip your staff with knowledge and tools to perform CDD effectively and evaluate customer risk.

  • Leverage Expertise: Outsource CDD and use automated technology solutions from trusted providers to enhance efficiency.


Customer Due Diligence Checklist for Businesses

Use this comprehensive checklist to guide you through a thorough CDD process and give you the basis from which to develop a mutually beneficial business relationship with new and existing customers. 


1. Customer Identification & Verification

☐ Obtain full name, date of birth, and residential address.☐ Verify identity using official documents (passport, driving licence).☐ Cross-check information against government databases or electronic verification tools.


2. Beneficial Ownership Identification

☐ Determine if the customer is acting on behalf of another entity.☐ Identify and verify beneficial owners with 25%+ ownership in a company.


3. Understanding the Business Relationship

☐ Establish the purpose and intended nature of the relationship.☐ Assess the customer's industry, source of funds, and transaction patterns.


4. Risk Assessment & Categorisation

☐ Assign a risk rating (low, medium, high).☐ Apply Enhanced Due Diligence (EDD) for high-risk customers.☐ Apply Simplified Due Diligence (SDD) for low-risk customers.


5. Ongoing Monitoring

☐ Implement transaction monitoring.☐ Flag and investigate unusual activity.☐ Update customer information periodically.


6. Record-Keeping & Compliance

☐ Maintain CDD records for at least five years.☐ Ensure compliance with Money Laundering Regulations 2017.☐ Report suspicious activities to the National Crime Agency (NCA) if required.


7. Staff Training & Awareness

☐ Train employees on CDD regulations and risk indicators.☐ Keep staff updated on evolving laws and best practices.


Customer Due Diligence is a critical component of compliance and risk management. By following this checklist and maintaining a risk-based approach, businesses can protect themselves from financial crime while fostering secure and trustworthy relationships with their customers.


Need expert guidance on conducting professional CDD? Contact us today to ensure your business stays compliant and protected.

graphic-texture-bg-coral.jpg

Ready to elevate your corporate governance and company secretarial processes?

Discover how our bespoke, strategic expertise can support your business with hands-on, innovative solutions.

bottom of page