Customer Due Diligence (CDD) - one of the five pillars of institutional AML programs - can be boiled down to this: Financial Institutions have the obligation to know their customers. But what does “know your customer” actually mean?
The objective of CDD is to enable financial institutions to understand the nature and purpose of customer relationships. FinCEN guidance demands financial institutions develop CDD procedures that address:
Obtaining and analyzing sufficient customer information to understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile; and
Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information, including information regarding the beneficial owner(s) of legal entity customers.
CDD requirements, especially ongoing, can be overwhelming and an enormous burden for a financial institution. Nevertheless, there are ways to lighten the workload of CDD. Below are ways to reduce your workload while still fulfilling FinCEN’s CDD requirements.
1. Ensure robust questioning is built into your financial institution’s account opening process for both consumers and businesses. This process will ensure you have the most up-to-date information and understanding of the anticipated customer activity at the time of account opening so you may properly assess potential risks the customer may pose to your financial institution.
2. Remember not every customer presents the same type of risk. Your financial institution may bank thousands of customers, but not every customer requires the same level of scrutiny. Take the time to assess the results of your customer onboarding questioning and identify customers that:
May be outside of your bank’s risk tolerance;
may trigger additional recurring manual due diligence efforts per your FI’s policies and FinCEN expectations;
may require approval from Compliance/BSA personnel before the full customer relationship is approved.
These are the customers you’ll want to focus on for triggering events such as declination of a relationship or varying initial and ongoing due diligence requirements including ensuring your customer is compliant with local and state laws, if required per their business type. Customers that don’t trigger additional manual initial or recurring due diligence efforts will still need continuous transaction monitoring through the financial institution transaction monitoring efforts, but are typically considered “lower-risk” in terms of customer risk rating, at least initially.
3. Optimize initial and ongoing due diligence program for customers requiring recurring (traditionally manual) due diligence efforts. If your financial institution has a banking program for businesses that requires additional due diligence efforts on a recurring basis, such as higher risk banking programs like money service businesses, hemp, digital currency, THC cannabis, or independently owned ATMs, it’s important to create an organized way to collect updated information from customers and document periodic due diligence reviews. In doing so, you will ensure your financial institution is adhering to ongoing due diligence requirements laid out by regulations and internal policies and procedures.
4. Automate where possible. Consider adopting a technology solution to help automate initial and ongoing due diligence efforts. Thinking about banking higher risk banking programs? If so, know that manual due diligence efforts at time of onboarding and hereafter is time consuming and unsustainable. As such, a program is not scalable or sustainable without proper tools in place to cover regulatory burdens required when banking higher risk banking programs.
Key Takeaway: Adopting a due diligence solution will minimize manual tasks, automate customer information update collections, streamline customer communications, automate periodic review reminders, and serve as a digital audit trail to make your audit and exam prep-life easy.