Skip to main content

What Is Customer Due Diligence? Guide to the CDD Rule & Process

What Is Customer Due Diligence? Guide to the CDD Rule & Process

Customer Due Diligence (CDD) is a process used by banks and financial institutions to collect and evaluate information about a customer or potential customer to identify and mitigate risks like money laundering and terrorist financing. It involves verifying a customer's identity, assessing their risk profile, and continuously monitoring their activities to ensure their risk status is kept up to date. CDD is a key part of an institution's broader Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance efforts.

CDD Meaning: 

TCDD is a process that is used by financial institutions to collect and evaluate information about a customer or potential customer. Its purpose is to uncover any potential risks to the organization that might come as part of doing business with a particular organization or individual. .

At its most basic level, CDD requires organizations to collect a customer’s name and address, information about their business, and what they intend to do with their account. In practice, however, CDD in banking forms a part of wider Know Your Customer (KYC) checks and relies on the analysis of a variety of information sources to help the organization make an informed decision about a potential customer’s risk profile.  

CDD is not a one-time process. Rather, it’s ongoing monitoring also known as perpetual KYC (pKYC), and financial institutions will carry out ongoing monitoring of their customers’ activities to identify any changes that might indicate an increased risk.  

Customer Due Diligence Rule 

The customer due diligence rule, introduced by FinCEN in 2018, requires financial institutions to identify and verify the beneficial owners of legal entity customers. It forms part of a broader effort to improve transparency and strengthen AML compliance.

Under the rule, firms must:

  • Identify and verify customers and their beneficial owners
  • Understand the nature and purpose of customer relationships
    Monitor accounts for suspicious activity on an ongoing basis

This rule ensures institutions can detect and report potential financial crime while meeting regulatory obligations.

What is the Customer Due Diligence Process? 

Customer due diligence for banks and financial institutions is not a one-time process that can be done and forgotten about. Rather, as we’ve already discussed, it’s an ongoing risk assessment and management process that needs to be regularly revisited. 

The process involves gathering and verifying information about a customer and carrying out an ongoing risk assessment. This is typically done through the following key steps:  

1. Customer Identification 

Banks and financial institutions must establish the identity the business activities of a potential customer before beginning a relationship with them. This is what the KYC process is for and is an example of how both CDD and KYC work together to provide organizations with sufficient information to conduct their checks. 

2. Customer Verification 

Nothing can be taken at face value when it comes to financial crime, and that includes documents provided by potential customers. These must be verified by the organization, and a variety of tools and processes can be relied on to do this, including checks against government databases and liveness scans.  

3. Risk Profile Assessment 

After a customer’s identity has been verified, organizations must assess their risk profile by collecting and analyzing information from various sources, including that provided by the customer, any publicly available documents, and adverse media. This will help the organization to apply the correct due diligence process going forward.  

4. Determine Which CDD Measures Are Needed 

Once the customer has been categorized according to their perceived risk level, the next step is to apply the correct customer due diligence measures to them. No and low-risk customers will typically undergo standard CDD whereas higher-risk customers will undergo enhanced CDD which involves a more intensive level of scrutiny.  

5. Activity Monitoring 

Ongoing activity monitoring is the continuous scrutiny of business relationships to ensure that a customer’s risk status is kept up to date. This matters because, although standalone transactions might not appear suspicious, patterns may emerge over time which necessitates a change to their risk status.  

6. Suspicious Activity Reporting 

When CDD measures lead to suspicion that a customer is involved in illicit activity, organizations are legally required to compile and file a Suspicious Activity Report (SAR) in a timely manner to their jurisdiction’s Financial Intelligence Unit (FIU).   

The Three Types of CDD 

Customer due diligence can be broadly separated into three categories: standard, enhanced, and ongoing.  

1. Standard CDD 

Covers the basic information that organizations must verify as a baseline. This is typically applied to customers who pose no or very little risk to the organization. Information should include: 

  • Name and date of birth 
  • Business and home address 
  • Designation of the proposed relationship 
  • Any other data required by regulations 

2. Enhanced CDD 

Involves a more thorough review of a customer’s information and activities. This is typically reserved for customers who are deemed to be a high financial crime risk because of circumstances including: 

  • The customer’s status as a politically exposed person (PEP) 
  • The customer is a non-resident 
  • The customer has resident status in a country with an ineffective AML regime 

Enhanced CDD is designed to give organizations a deeper understanding of their customers’ financial crime risk level and involves much more scrutiny than standard CDD in addition to obtaining more identification materials and establishing their source of funds.  

3. Ongoing CDD  

Is the continuous monitoring of a customer’s activities at intervals dictated by the customer’s risk level. Ongoing monitoring can help organizations identify any changes that might indicate an increased risk of illicit activity, enabling them to act accordingly.  

  • Low-risk customers should undergo an annual CDD confirmation. 
  • Medium and high-risk customers should undergo the confirmation process at least once every six months if not more.  

4. Customer Due Diligence Checklists 

CDD checks are a core component of the customer due diligence process and focus on information collection and verification. Although the exact nature of these checks might vary between different financial institutions, their purpose is the same: To help organizations assess the risk posed by a customer and identify red flags that might indicate an increased risk of being exposed to illicit activity, such as money laundering and terrorist financing.  

CDD checks will typically be conducted during the early stages of establishing a new customer relationship. They might also be conducted regularly to ensure that a customer’s risk profile stays current and that any new risk factors don’t slip through the net. The precise nature of checks and the level of detail needed will vary based on the customer's risk profile and the nature of the relationship. 

Benefits of CDD for Banks & Financial Institutions 

  1. Risk Mitigation: CDD helps banks and financial institutions identify and assess the risks associated with their customers. By conducting a thorough review of a customer's background, financial history, and business activities, institutions can identify potential red flags, such as money laundering, terrorist financing, fraud, or other illegal activities.  
  2. Regulatory Compliance: Compliance with AML and KYC regulations is a legal requirement for banks and financial institutions in many jurisdictions. CDD is a fundamental component of AML and KYC compliance. By implementing robust CDD processes, institutions can demonstrate their commitment to complying with these regulations.  
  3. Enhanced Reputation and Trust: Conducting thorough CDD instills confidence in customers, investors, and partners. When individuals and businesses know that a financial institution takes steps to verify the identity and legitimacy of its customers, they are more likely to trust that institution with their financial transactions and investments. Building a reputation for strong CDD practices can attract more customers and investors, ultimately leading to increased business and growth opportunities. 

Customer Due Diligence Software & Automation 

CDD software and automation tools have become increasingly important for banks and financial institutions to streamline and enhance their CDD processes as they deal with more customers and, as a result, more data than ever before.  

These tools now play a critical role in helping banks and financial institutions not only improve their efficiency and accuracy but also keep on top of the burgeoning due diligence workload, enabling them to stay within compliance and mitigate risks in the fast-moving global financial landscape. 


Contact Fenergo to find out more about how automation could help your compliance team improve their CDD, KYC, and general AML processes.  

CDD FAQs

What are the 4 customer due diligence requirements?

The 4 customer due diligence requirements are:

  1. Identifying the customer,
  2. Verifying the customer’s identity,
  3. Identifying beneficial owners of legal entity customers, and
  4. Understanding the nature and purpose of customer relationships to develop a risk profile.

What is the FinCEN customer due diligence rule?

The FinCEN customer due diligence rule, effective since May 2018, requires covered financial institutions to collect and verify information about the beneficial owners of legal entity customers. This rule enhances transparency in financial transactions and helps institutions assess and mitigate money laundering and terrorist financing risks. It also codifies the four key elements of customer due diligence.

What is the relationship between CDD & AML?

The connection between CDD & AML is foundational in financial compliance. CDD is a key component of the broader AML framework. While AML programs aim to prevent financial crime and detect suspicious activity, CDD specifically helps institutions identify customers, assess risk levels, and monitor for red flags. It ensures that banks and financial institutions can meet legal obligations and maintain compliance with AML regulations.

How do CDD & The KYC process differ?

While CDD & The KYC process are closely linked, they serve slightly different purposes. KYC refers to the initial collection and verification of customer identity during onboarding. CDD, however, includes not just identity verification but also ongoing monitoring based on the customer’s risk profile. CDD ensures continuous compliance, whereas KYC is typically a one-time activity at the start of a customer relationship.