Customer due diligence (CDD) is at the heart of Anti-Money Laundering/Combating Financing of Terrorism (AML/CFT) and Know Your Customer (KYC) initiatives, and is designed to help credit unions, banks, insurance companies and other financial institutions; verify if customers are who they say they are, confirm they’re not on any prohibited lists and assess their risk factors.
CDD is simply the act of performing background checks on the customer to ensure that they are properly risk-assessed before they become a member of a credit union or open an account or access other key financial products or services.
When you consider what’s at stake, it starts to make a little more sense why CDD is critical. CDD counters the efforts of drug cartels and a broad range of criminal enterprises who continuously try to get their “dirty” money or proceeds from their crimes into financial institutions.
Here are a few reasons why credit unions take CDD seriously:
- Huge Fines: Monetary penalties imposed by regulators across the globe related to AML/CFT increase significantly each year. Since 2009, regulators have levied approximately $32 billion in AML/CFT-related fines on financial institutions for failure to have robust systems in place to prevent criminals from using their institutions.
- Sophisticated Cyber Threats: Criminals particularly fraudsters are using more sophisticated means to remain undetected, including globally coordinated technological and dark web & e-commerce schemes.
- Reputational Risk: AML/CFT incidents put a financial institution’s reputation on the line. It can result in a credit union’s license being revoked and it having to shutter its doors.
The application of CDD is required when a financial institution covered by money laundering regulations enters into a business relationship with a customer or a potential customer. This includes occasional one-off transactions, even though this may not constitute an actual business relationship. A customer/business relationship is defined as being formed when two or more parties engage for the purposes of conducting regular business or to perform a one-off transaction. The term “business relationship” applies where a professional or commercial relationship will exist with a corporate entity where there is an expectation by the financial institution that it will have an element of duration. When you enter a business relationship, your credit union will request certain information from you in order to conduct its vetting of you. This may include forms of identification, proof of address, source of funds and/or source of wealth.
Q: Why do I need to provide my ID?
A: Your credit union needs to verify that you are the person you claim to be.
The CDD process always starts with an identity verification process. While there are a number of alternative verification methods, more and more financial institutions are now relying on a government-issued ID (e.g., a driver’s license, passport or National ID card). But, this is just the start of the CDD process.
After the person has been verified, the name is then screened against a number of online databases including government watch-lists, PEPs (politically exposed persons), and adverse media. At this point, credit unions can now assign applicants to risk pools — low-to-medium risk individuals (those with no red flags) are allowed to create accounts with little friction. Higher-risk individuals (e.g., those listed on government watch-lists, PEPs) are flagged for further review. These folks necessitate an extra layer of review by credit union personnel who need to capture additional customer information to fully vet these persons.
Q: Why am I asked to produce a utility bill?
A: Since your address is often not included on your ID card, or in the instance of your driver’s license may not be your current abode, the credit union needs to capture proof of your address.
Some institutions may accept a bank statement or credit card statement that shows your current address. These documents are used to conduct background checks on crime and other databases.
Q: Do all members have to produce the same information to their credit union?
A: No. At a minimum all members are required to provide ID, proof of address, and source of funds information. However depending on the risk profile of a customer your credit union may require additional information.
Generally low-risk individuals can be fast-tracked through the approval process. However, the timeline for decision making for higher-risk individuals e.g. politically exposed persons (PEPs) may still take longer because of the extra review time needed to vet these individuals. Generally, more than 90% of applicants will fall into the low-to-medium risk pool.
Q: Why do they need a job letter?
A: Your credit unions needs to verify where your money is coming from i.e. the source of your funds and the size and frequency of transactions they can expect on your account.
Once the customer has been successfully on-boarded, the process isn’t over. After all, credit unions and other financial institutions need to monitor their customers on an ongoing basis to ensure (1) they remain in compliance; and (2) flag any suspicious behavior. This part of CDD is known as transaction monitoring.
With transaction monitoring, financial institutions can better identify changes in customer behavior over time and be alerted to typical money laundering scenarios. This means credit unions need to monitor for suspicious activity and spot patterns that may be indicative of money laundering, financial crimes, corruption, drug trafficking or other criminal activity. Just as individuals were scored and put into risk categories during the identity proofing stage, individual transactions can also be assessed against expected vs. actual transaction behavior.
Ongoing screening needs to occur since a customer may not have been initially on any watch-lists when they created the account, but suddenly they can appear on one today. By continually checking databases (including OFAC, UN and thousands of other government, regulatory, law enforcement, fitness and probity watch-lists) as well as through thousands of subscribed and local and global news sources, financial institutions can be notified immediately via an alert. If a customer appears on one of these PEPs and sanctions lists, the financial institution can mitigate risk and take appropriate next steps. This ensures that the credit union is kept informed of any status changes to its existing member base in real time.
Financial institutions need to constantly do this screening in order to meet the requirements of regulators, their banks and auditors.
Q: Is it only credit unions that require this information?
A: No, your bank, life insurance company and other financial institutions will ask you for this information when you seek to open a bank account, collect on a life insurance policy or otherwise commence a business relationship.
The graphic below walks through 6 steps a financial institution may go through as part of their CDD process to answer these fundamental questions:
- Is the applicant the person who they claim to be?
- Does the risk profile of the applicant raise any red flags?