Go Back

Customer Due Diligence – why does it Matter?

debida diligencia del cliente Customer due diligence

10/12/2023

Articles

Customer due diligence is a term used in many jurisdictions to describe how due diligence information. Customer due diligence is also defined as Knowing your Client, or ‘KYC’ information. 

It is crucial to understand the origin and scope of the information that needs to be requested, and how this should be verified by the regulated entity requesting it. 

 

There are also recommendations issued by the Financial Action Task Force, or FATF, upon which the Anti-money Laundering (AML), Counter Financing of Terrorism (CFT), and Anti-proliferation of weapons of mass destruction (APWMD) legislation in several jurisdictions is based. 

Customer due diligence is essential as part of a risk-based approach to anti-money laundering. 

Customer due diligence is essential to comply with AML, CFT, and APWMD legislation. Legislation is enforced by regulators worldwide.

The role a risk-based approach plays is essential. 

Why does customer due diligence matter?

Before a service can be provided to a client by a regulated entity in any jurisdiction, the requisite customer due diligence procedures must be closely followed in all cases. 

As a basic premise, a regulated entity must understand (in detail) who their client is, their background, what type of service the client requires, and whether that client might pose any increased risk to the regulated entity. 

Essentially regulated entities must understand the risks involved in doing business with any potential customer and as the customer relationship continues. 

Regulated entities need to verify the identities of their clients and ensure that they are being truthful about their business interests by performing adequate customer due diligence, in line with the AML, CFT, and APWMD legislation in the jurisdiction where the regulated entity is licensed and operates. 

This requires regulated entities to collect and analyze data and documentation and verify that data to a sufficient level of confidence. 

Customer due diligence matters because the effectiveness of many critical compliance processes, including accurate checking of sanctions lists and carrying out adverse media checks, depends on the accuracy of verification of customer due diligence during the onboarding and ongoing due diligence process. 

Customer due diligence is an essential tool in the fight against money laundering and the financing of terrorism. Criminals looking to transform illegal funds must find ways to introduce those funds into the financial system by concealing their identities to avoid AML, CFT, and APWMD controls. 

Customer due diligence can provide regulated entities with a way to identify those customers and deploy suitable and adequate compliance measures against them. One of the vital components of customer due diligence is to prevent financial crime and the misuse of corporate and other vehicles by criminal organisations. 

Don’t read a book by its Cover 

In the world of AML, CFT, and APWMD legislation and compliance with that legislation, the saying ‘don’t read a book by its cover’ becomes crucial. 

This is because it is not enough for a regulated entity to identify who their client is by requesting an identification document and closing the file, happily continuing to provide a service. 

It is also crucial to then continue to the next step, which is verification of that identity. 

Sometimes criminals use proxies to access services or provide false or incomplete identifying information which is another reason why customer due diligence must be carried out. 

Verification of customer due diligence 

Reliable, independently sourced documents and information are essential when verifying the client’s identity. 

Regulated entities must not provide services to a client before obtaining adequate identification information. 

Usually, verification of that identifying information involves performing background checks on clients, using databases containing the names of individuals linked with criminal activities, such as World Check or World Compliance, checking reference letters, and ensuring that any client due diligence forms are completed fully and correctly. 

In a nutshell, a regulated entity must ask additional questions where:

  • Information is missing, 
  • Information is incomplete.
  • The information does not match the background of the client. 
  • There is any suspicion of illegal activity.
  • Wherever there is any doubt as to the veracity of the information provided. 

What do the FATF Recommendations state?

The FATF recommendations are extensive. However, some of the key CDD measures that the FATF recommends be taken are as follows:

  • Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data, or information.
  • Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner. For legal entities, this should include regulated institutions understanding the ownership and control structure of the customer.
  • Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship.
  • Conducting ongoing due diligence on the business relationship and scrutiny of transactions, or services provided, throughout the course of that relationship to ensure that the transactions, or services being conducted are consistent with the institution’s knowledge of the customer, their business, and risk profile, and where necessary, the source of funds.

What happens if a regulated entity cannot comply with the client due diligence requirements in line with the FATF Recommendations?

In a nutshell, the FATF Recommendations and Guidance states that where a regulated entity is unable to comply with the applicable requirements (subject to appropriate modification of the extent of the measures on a risk-based approach), it should be required not to provide a service, commence business relations,  or should terminate the business relationship. 

The regulated entity should also consider making a suspicious transactions report about the customer.

What does customer due diligence involve?

At its core, the process can be broken down into two main elements as follows:

  • Identifying information.

The data that a regulated entity must collect to establish a client’s identity includes basic information such as the name, address, date of birth, company incorporation number, and any other information and documents that are considered necessary in line with their risk profile. 

Data must be sourced from official documents, such as passports and driving licenses, and verified by the collecting institution. 

  • Beneficial ownership information.

Where the customer is a commercial entity rather than an individual customer, regulated entities must work to establish ultimate beneficial ownership or UBO. 

This is vital to ensure that criminals are not using corporate infrastructure to evade compliance controls. 

Regulated entities (such as OMC) that are law firms or who act as registered agents cross-jurisdiction are required to verify the client’s identity and the beneficial owner of any company, trust, or other entity sold to a client. 

Do these requirements only apply to new customers?

These requirements apply to all new customers. As mentioned above, regulated entities must also apply this to existing customers. 

They should conduct ongoing due diligence on such existing relationships, based on their risk assessment of each customer. 

What is risk-based customer due diligence? 

FATF guidance stipulates that the customer due diligence process must form part of a risk-based compliance solution.

Risk-based compliance requires firms to assess their customers individually to establish the risk level and then deploy a compliance response in line with that risk.

Risk-based customer due diligence is also a way for regulated entities to balance their regulatory obligations with budgetary needs by ensuring that AML, CFT, and APWMD resources are directed toward worthwhile targets. 

Clients classified as high-risk must be subject to more intense, or ‘enhanced’ measures. Lower-risk clients may be subject to simplified procedures.

What does the FATF recommend countries do to assess and mitigate money laundering,  terrorism financing, and proliferation of weapons of mass destruction risks?

The FATF guidance states that countries should take appropriate steps to identify and assess the Money Laundering (ML), Terrorist Financing (TF), and Proliferation of weapons of mass destruction (PWMD) risks for their countries on an ongoing basis and to make changes to the country’s laws and regulations, allocate resources and make information available to regulated entities which they can, in turn, include in their risk assessments. 

The FATF emphasizes the importance of keeping risk assessments up to date (in each country) and using the necessary measures to provide appropriate information on the results of regular risk assessments to relevant competent authorities and regulated entities. 

High-risk customers and activities 

Some FATF recommendations identify higher-risk customers and activities, for which enhanced or specific measures are required (see below). 

The extent of such measures may vary according to the specific level of risk. 

Governments and regulators in their respective countries must, in turn, identify high-risk customers and activities. 

They must prescribe that regulated entities take enhanced measures to manage and mitigate the risks. This may be achieved in various ways. 

The most important and well-known ways to achieve this are by updating AML, CFT, and APWMD legislation and ensuring that the information is incorporated into risk assessments carried out by regulatory entities. 

These risk assessments are vital for regulated entities to manage and mitigate risks appropriately.

Low-risk customers and activities 

Countries may decide to allow simplified measures for some of the FATF recommendations, provided that a lower risk has been identified and is consistent with the country’s assessment of its ML, TF, and PWMD risks. 

Risk factors

The FATF highlights specific risk factors that regulated entities must evaluate when dealing with new and existing customers. 

These are divided into customer, country, and product risks. 

Examples of customer risks include:

  • Businesses that are cash intensive, or 
  • Ownership structures that appear unusual or excessively complex given the nature of the company’s business. 

Examples of country risks include:

  • Countries identified by credible sources, such as mutual evaluation or detailed assessment reports as not having adequate AML/CFT/APWMD systems.
  • Countries are subject to sanctions, embargoes, or similar measures issued by, for example, the United Nations. 
  • Countries are identified as having significant levels of corruption or other levels of criminal activity.

Examples of product risk include:

  • Anonymous transactions.
  • Non-face-to-face business relationships or transactions.
  • Payments made by unknown or un-associated third parties.

Examples of high-risk customers and activities

Examples of high-risk customers and activities included in the FATF Recommendations are the following:

  • Politically Exposed Persons or ‘PEPs.’
  • Correspondent Banking.
  • Money or value transfer services. 
  • New Technologies, and. 
  • Wire transfers. 

The EU recently introduced updated legislation on Virtual Assets and Virtual Asset Service Providers, or ‘VASPs’ in line with FATF Recommendations 15 and 16 on New Technologies and Wire Transfers. 

In practice, regulated entities must identify high-risk customers and activities based on their business activities and client base and in line with the AML, CFT, and APWMD legislation applicable in the country where they are licensed and operational. 

There is no one size fits all approach to customer due diligence or risk-based due diligence. 

Examples of Enhanced and Simplified Due diligence measures 

Examples of enhanced due diligence measures and when they may be required include:

  • Obtaining additional information on the customer and updating the identification data on the customer and beneficial owner more regularly.
  • Obtaining the approval of senior management to commence or continue the business relationship.
  • Obtaining additional information on the source of funds or wealth of the customer.
  • Requesting additional information where there is a suspicion of money laundering or any other illegal activity.
  • Whenever a regulated entity decides that further customer due diligence is needed to resolve discrepancies when clients provide inadequate identification documents. 

Conversely, there are instances where simplified due diligence measures may be permitted.

Examples of simplified due diligence measures include:

  • Reducing the frequency of customer identification updates.
  • Reducing the degree of ongoing monitoring.

AML, CFT, and APWD legislation in force in several jurisdictions allows for this. 

Simplified due diligence should be implemented with caution and should always be commensurate with all AML, CFT, and APWD legislation in force in the jurisdiction (where a regulated entity is based). 

Again, it is vital to understand that each regulated entity needs to assess its approach to customer due diligence based on the legislation in force where it is licensed and operational, its customer base, and the type of services it provides. 

Closing comments 

In addition to its role in detecting and preventing money laundering, client due diligence is also vital for identifying other financial crimes such as financing terrorism and corruption.  

In recent years it has also become vital in the fight against the proliferation of weapons of mass destruction and in the fight to target issues such as ML, CFT, and PWMD risks posed by the use of virtual assets. 

It is a complex and extensive subject.  It is also constantly changing to meet the evolving regulatory environment. 

While AML, CFT, and APWD legislation varies depending on several factors, including each country and its circumstances, we hope the above provides a brief overview of some essential elements. 

Learn more about our compliance and corporate solutions at omcgroup.com.

 

 

LinkedIn

Get exclusive content, expert tips, and industry news that will help you keep up to date.

Corporate

Tailoring services for business set up and estate planning.

Fiduciary

Safeguarding and preserving your wealth.

Compliance

Ensuring compliance for business success.

Administrative

Simplifying operations to optimize results.

We are a global corporate, fiduciary, and administrative services provider delivering tailor-made solutions compliant with regulatory requirements in key jurisdictions.

We aim to become your most trusted partner in solving challenges, protecting your wealth, and preserving your legacy for the future.

HOME

CORPORATE

FIDUCIARY

COMPLIANCE

ADMINISTRATIVE

OTHER SOLUTIONS

ABOUT US

SOCIAL OUTREACH

RESOURCES

CONTACT

DUBAI

GENEVA

HONG KONG

URUGUAY

PANAMA

Hello!

Want to reach out to one of
our experts?

OMC GROUP ©

OMC GROUP © 2023 ALL RIGHTS RESERVED

2025 ALL RIGHTS RESERVED

PRIVACY POLICY

COOKIES PREFERENCES

LEGAL NOTICE

Let's work together

Please enable JavaScript in your browser to complete this form.
Choose the area that you are interested in:
Checkboxes
Checkboxes (copy)