top of page

Subscribe to our Resources Mailing List

Thanks for submitting!

There’s a Right Way – and a Wrong Way - To Do Customer Due Diligence, Say the Regulators.

Customer due diligence, also known as CDD, is an easy thing to get wrong.

For this reason, major banking regulators issued a joint statement this July drawing renewed attention to the risk-based approach that financial institutions should take when assessing customer relationships and conducting CDD. The statement did not change Bank Secrecy Act/Anti-Money Laundering (BSA/AML) legal or regulatory requirements one iota. Instead, the statement clarified the rules so that customers acting lawfully would be able to gain access to financial services.

In the statement, the Federal Reserve, the FDIC, FinCEN, the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) reiterated what they described as a longstanding position: “that no customer type presents a single level of uniform risk or a particular risk profile related to money laundering, terrorist financing, or other illicit financial activity.”

What the regulators are speaking out against are practices similar to “profiling” in airline security or other types of law enforcement. They are concerned about the possibility that financial institutions might “decline to provide banking services to entire categories of customers.” This is both unnecessary and deprives legitimate customers of the financial services they need.

Making Better BSA/AML Assessments

The regulators say that appropriate risk-based procedures for conducting ongoing CDD rest on two things:

  1. An understanding of the nature and purpose of customer relationships – a necessary ingredient in developing a risk profile for a customer.

  2. Ongoing monitoring to identify and report suspicious transactions—and to maintain and update customer information (on a risk basis).

According to the joint statement, “Banks that operate in compliance with applicable BSA/AML legal and regulatory requirements, and effectively manage and mitigate risks related to the unique characteristics of customer relationships, are neither prohibited nor discouraged from providing banking services to customers of any specific class or type.”

To read the joint statement in its entirety, click here.

Enhanced Due Diligence

When it comes to higher-risk businesses and individuals, such as cannabis-related businesses, cryptocurrency, ATMs, non-resident aliens, politically exposed persons, and so on, additional procedures must be put in place to ensure a BSA/AML program is adhering to regulatory requirements. For many institutions, a compliance check-up can determine whether the proper processes are in place to apply a truly risk-based approach to CDD, and to EDD, which stands for “enhanced due diligence.” You can schedule a FREE compliance check-up with RiskScout here.

The regulators have not published prescriptive rules for EDD. Instead, financial institutions must have proper risk assessment and control procedures so that they themselves can determine when EDD makes sense.

Often, a financial institution will have enhanced due diligence requirements for whole industries, such as casinos or gambling, in which the risk of money laundering is higher than average. Others will set financial thresholds based on specific transaction amounts. When these amounts are exceeded, EDD procedures will automatically be triggered.

Technology solutions, such as commercial BSA platforms, are making enhanced due diligence a real possibility for a much broader range of financial institutions. RiskScout can help ensure that you’re approaching EDD reviews the right way and not turning away customer prospects unnecessarily.


Join the Higher Risk Banking Group

This is your private resource group for financial institutions to ask questions, get advice, and learn from experts on providing financial services to higher-risk specialty business markets including: Private ATM, Hemp & CBD, Crypto, MSB, Cannabis (THC), Fintech, and more.