Skip to main content

What is Customer Due Diligence (CDD)?

What is Customer Due Diligence? 

At the start of any new relationship, banks and financial institutions must verify the identities of their customers and build out the bigger picture as to the nature of the business that they’re involved with.  

Doing so is important for not only complying with applicable regulations but also uncovering and understanding any money laundering and other financial crime risks, such as terrorist financing and fraud, that might come with individual customers.  

CDD Meaning: Customer Due Diligence 

This is known as customer due diligence (CDD); a process that is used by financial institutions to collect and evaluate information about a customer or potential customer. Its purpose is to uncover any potential risks to the organization that might come as part of doing business with a particular organization or individual. 

At its most basic level, CDD requires organizations to collect a customer’s name and address, information about their business, and what they intend to do with their account. In practice, however, CDD in banking forms a part of wider Know Your Customer (KYC) checks and relies on the analysis of a variety of information sources to help the organization make an informed decision about a potential customer’s risk profile.  

CDD is not a one-time process. Rather, it’s ongoing monitoring also known as perpetual KYC (pKYC), and financial institutions will carry out ongoing monitoring of their customers’ activities to identify any changes that might indicate an increased risk.  


Money launderers often use financial institutions to transfer and conceal illicit funds. This is particularly true for modern so-called “challenger banks” that operate online entirely; it’s very quick and simple to open an account, making them an attractive target for criminals.  

Anti-money laundering (AML) covers a broad range of processes and efforts that are designed to detect and prevent this type of illicit activity. All banks and financial institutions have AML measures in place, and the customer due diligence process is simply a constituent part of the wider AML process, which also includes measures such as KYC and transaction monitoring.  

The CDD process for AML enables organizations to fulfill their legal obligations to detect and report suspicious activity and comply with laws and regulations designed to prevent these crimes. 

CDD & The KYC Process 

In a similar vein, CDD is also closely related to KYC: the process of collecting and verifying information about a customer’s identity and activities to assess their risk profile. 

Although CDD and KYC are often used interchangeably, the two processes have some differences. KYC, for example, is typically focused on the initial onboarding of a new customer whereas CDD involves regular, ongoing monitoring and assessment of a customer’s activity—the extent to which depends on the customer’s risk level.  

The Three Types of CDD 

Customer due diligence can be broadly separated into three categories: standard, enhanced, and ongoing.  

Standard CDD 

Covers the basic information that organizations must verify as a baseline. This is typically applied to customers who pose no or very little risk to the organization. Information should include: 

  • Name and date of birth 
  • Business and home address 
  • Designation of the proposed relationship 
  • Any other data required by regulations 

Enhanced CDD 

Involves a more thorough review of a customer’s information and activities. This is typically reserved for customers who are deemed to be a high financial crime risk because of circumstances including: 

  • The customer’s status as a politically exposed person (PEP) 
  • The customer is a non-resident 
  • The customer has resident status in a country with an ineffective AML regime 

Enhanced CDD is designed to give organizations a deeper understanding of their customers’ financial crime risk level and involves much more scrutiny than standard CDD in addition to obtaining more identification materials and establishing their source of funds.  

Ongoing CDD  

Is the continuous monitoring of a customer’s activities at intervals dictated by the customer’s risk level. Ongoing monitoring can help organizations identify any changes that might indicate an increased risk of illicit activity, enabling them to act accordingly.  

  • Low-risk customers should undergo an annual CDD confirmation. 
  • Medium and high-risk customers should undergo the confirmation process at least once every six months if not more.  

Customer Due Diligence Checks 

CDD checks are a core component of the customer due diligence process and focus on information collection and verification. Although the exact nature of these checks might vary between different financial institutions, their purpose is the same: To help organizations assess the risk posed by a customer and identify red flags that might indicate an increased risk of being exposed to illicit activity, such as money laundering and terrorist financing.  

CDD checks will typically be conducted during the early stages of establishing a new customer relationship. They might also be conducted regularly to ensure that a customer’s risk profile stays current and that any new risk factors don’t slip through the net. The precise nature of checks and the level of detail needed will vary based on the customer's risk profile and the nature of the relationship. 

Customer Due Diligence Checklist 

Customer due diligence for banks and financial institutions is not a one-time process that can be done and forgotten about. Rather, as we’ve already discussed, it’s an ongoing risk assessment and management process that needs to be regularly revisited. 

The process involves gathering and verifying information about a customer and carrying out an ongoing risk assessment. This is typically done through the following key steps:  

1. Customer Identification 

Banks and financial institutions must establish the identity the business activities of a potential customer before beginning a relationship with them. This is what the Know Your Customer process is for and is an example of how both CDD and KYC work together to provide organizations with sufficient information to conduct their checks.  For more on how to verify a business is legitimate, check out our blog. 

2. Customer Verification 

Nothing can be taken at face value when it comes to financial crime, and that includes documents provided by potential customers. These must be verified by the organization, and a variety of tools and processes can be relied on to do this, including checks against government databases and liveness scans.  

3. Risk Profile Assessment 

After a customer’s identity has been verified, organizations must assess their risk profile by collecting and analyzing information from various sources, including that provided by the customer, any publicly available documents, and adverse media. This will help the organization to apply the correct due diligence process going forward.  

4. Determine Which CDD Measures Are Needed 

Once the customer has been categorized according to their perceived risk level, the next step is to apply the correct customer due diligence measures to them. No and low-risk customers will typically undergo standard CDD whereas higher-risk customers will undergo enhanced CDD which involves a more intensive level of scrutiny.  

5. Activity Monitoring 

Ongoing activity monitoring is the continuous scrutiny of business relationships to ensure that a customer’s risk status is kept up to date. This matters because, although standalone transactions might not appear suspicious, patterns may emerge over time which necessitates a change to their risk status.  

6. Suspicious Activity Reporting 

When CDD measures lead to suspicion that a customer is involved in illicit activity, organizations are legally required to compile and file a Suspicious Activity Report (SAR) in a timely manner to their jurisdiction’s Financial Intelligence Unit (FIU).   

Benefits of CDD for Banking & Financial Institutions 

Risk Mitigation: CDD helps banks and financial institutions identify and assess the risks associated with their customers. By conducting a thorough review of a customer's background, financial history, and business activities, institutions can identify potential red flags, such as money laundering, terrorist financing, fraud, or other illegal activities.  

Regulatory Compliance: Compliance with AML and KYC regulations is a legal requirement for banks and financial institutions in many jurisdictions. CDD is a fundamental component of AML and KYC compliance. By implementing robust CDD processes, institutions can demonstrate their commitment to complying with these regulations.  

Enhanced Reputation and Trust: Conducting thorough CDD instills confidence in customers, investors, and partners. When individuals and businesses know that a financial institution takes steps to verify the identity and legitimacy of its customers, they are more likely to trust that institution with their financial transactions and investments. Building a reputation for strong CDD practices can attract more customers and investors, ultimately leading to increased business and growth opportunities. 

Customer Due Diligence Software & Automation 

Customer Due Diligence software and automation tools have become increasingly important for banks and financial institutions to streamline and enhance their CDD processes as they deal with more customers and, as a result, more data than ever before.  

These tools now play a critical role in helping banks and financial institutions not only improve their efficiency and accuracy but also keep on top of the burgeoning due diligence workload, enabling them to stay within compliance and mitigate risks in the fast-moving global financial landscape. 

Contact Fenergo to find out more about how automation could help your compliance team improve their CDD, KYC, and general AML processes.