DA huge case of money laundering shook the financial world in 2020 when the Swedish bank and broker, SEB was fined over $107 million. They were found to have breached anti-money laundering laws when a huge proportion of their customers were based in high-risk countries, without the bank’s knowledge. Due diligence can help avoid cases like this, both in financial and non-financial industries. Read on to find out the best anti-money laundering (AML) practices, alongside exactly how to perform customer due diligence.
Trustpair helps companies avoid money laundering and be compliant with international regulatory requirements through the ongoing and automated verification of bank accounts. Request a demo to learn more!
Anti-Money laundering overview
Money laundering is the obscurement of an income source, typically because this income was generated through illegal activity. Cyberattackers, drug dealers, terrorist financers – each of these groups uses money laundering to ‘clean’ their cash, and make it look legitimate and legal.
Therefore, anti-money laundering refers to the measures that financial institutions are required to take, to make transactions transparent. In turn, this means performing customer due diligence checks to confirm their identity, averting the attempts of illegal financial activity. Reaching compliance means safeguarding against suspicious and illicit dealings.
In 2016, Hewlett Packard was fooled into acquiring UK software firm, Autonomy, for $11.1 billion, well above the genuine valuation. It happened because the firm inflated its revenues by laundering through reseller and backdated transactions, as opposed to genuine end-user income from customers. With the proper data monitoring and due diligence, this wouldn’t have happened.
There were several tell-tale signs, such as Autonomy always hitting within 4% of analyst expectations (which is, in practice, almost impossible over 10 quarters). But HP’s due diligence checks failed them because they didn’t spot these signs and ended up paying over the odds for Autonomy. It led to huge losses in the following year.
Last year, a UK online gambling organization was exposed for failing to perform their anti-money laundering checks and not being compliant with international requirements.. A customer was able to open a new account and spend almost $30,000 in just 20 minutes, all without verifying their identity, or having to explain where they acquired the money.
This type of hack could be an attractive route for money launderers since it offered a method of effectively ‘cleaning’ funds. As such, the company was fined approximately $25 million for failing to meet anti-money laundering and due diligence requirements.
Customer due diligence explained
So you’ve got the core concept of customer due diligence, but what are the rule specifics?
Customer Due Diligence (CDD) is a regulatory requirement set forth by the Financial Action Task Force (FATF). It was first introduced in their 40 Recommendations document in October 2004 (later updated). CD has since then been adopted by regulators around the world. It includes the Know Your Customer (KYC) process, which helps an entity to identify risks within its customer profile, including foreign accounts based in high-risk countries that have fewer legal requirements and controls.
Another regulatory institution is FinCEN, which oversees money laundering procedures, monitors suspicious account activity, and penalizes wrongdoings.
The two key takeaways of this advisory document are the when, and what to check. Here’s a summary of what they include:
When to perform CDD | What to check under due diligence |
Establishing a new business relationship | Verify customer-provided identity information against external data sources |
Transactions exceed $15,000 | Identify beneficial owners |
Suspicions arise (due to ongoing monitoring or anomalous behavior) | Gain insight into the reasons for business and personal transactions (ie partnerships) |
Doubt has arisen (due to customer-provided information not matching external sources) | Monitor transactions on an ongoing basis |
But CDD doesn’t just apply to legal and financial institutions – businesses in all industries should be implementing the risk checks across their customers, brokers, and partners. It’s the only way to safeguard against financial and compliance risks.
For example, The Prince’s Foundation, King Charles’ charity, came under police investigation due to its failure to maintain proper customer due diligence and not following KYC requirements.
Dubbed the “cash for honors” scandal, it became exposed after the charity’s middlemen began accepting bribes from patrons. By paying up to $130,000, individuals could guarantee themselves a dinner with the then Prince, and the middlemen dealers took approximately 25% as a cut.
Because strong due diligence procedures were not in place, customers were able to bypass standard identity verification methods. This put the then Prince at risk of huge reputational damage, having met with potential money launderers and criminals.
Couple this failure with the need to verify thousands, or even hundreds of thousands of customers, and financial institutions might start to sweat about compliance.
Best practices for customer due diligence
It takes a lot of efficiency within operations, automation, and defined processes to achieve the heavy lifting that customer due diligence requires to effectively prevent money laundering.
Here are some of the best practices for the beneficial impact of due diligence:
- Design and implement a robust customer due diligence process
- Select and validate supporting parties
- Create a secure record-keeping system
- Define the investigation procedures
Design and implement a robust customer due diligence process
While the principles of CDD are set out, it’s up to the regulated organizations themselves to come up with the best ways to carry out their checks. This can depend on factors like budget, team size, available technology, and legacy systems.
For example, one way to verify customer identity is to ask for their basic details, like name and address. Then, asking for a copy of their passport or another legally binding identification document, and the reason for their activity, such as opening an account or requesting a loan. Companies can then compare these details with financial databases, ensuring that both the personal information and financial transactions match.
Select and validate supporting parties
Often, banks and financial institutions under compliance with the FATF guidelines will choose to work with external third parties to facilitate their CDD checks. This could be because it’s too intensive and costly to develop this technology in-house, for example.
Working with third parties can ensure you’re compliant with CDD regulations, but it’s important to validate these third parties. That’s because combining your systems with any external business exposes your business to a potential point of failure.
For example, an unverified system could create fake, unidentifiable customer accounts within your system to facilitate the exact problem they claim to prevent: money laundering. It’s pretty meta.
Validating any supporting third parties requires confirming reliability, and setting your internal controls to standardize operating practices.
Create a secure record-keeping system
As per the regulations, financial institutions must keep records that go back to five years, at a minimum. However, this is a huge amount of transaction data, especially when considering that the NACHA network processed 84 million transactions per day in Q3 of 2023.
Therefore, building a secure bank that can accommodate such large amounts of data is necessary. Best practices here involve securing the system with:
- Encryption to prevent unauthorized access
- Internal controls to limit access
- Tokenization to anonymize transactions even to internal staff
Define investigation procedure
Finally, financial services firms must be proactive in their money laundering detection efforts. If suspicious transactions are discovered, for example, what are the next steps for your firm?
Here, concepts like risk rules can help to automate the reaction. These operate on logic, such as, if the customer’s identification documents don’t match bank records, suspend account access and ask for confirmation with additional documentation.
By using risk rules and prescribing other investigation requirements, firms can ensure that they meet regulatory obligations. They will also prevent money laundering in the most effective ways possible.
While Trustpair doesn’t focus on customer due diligence, it can help companies to complete their third-party checks. Enhanced vendor due diligence is required to prevent false representation, the approval of shell companies, and invoice fraud, to name a few. Get your Trustpair demo to find out how we can protect your firm.
To recap…
Customer due diligence is required to prevent money laundering in financial institutions and other business types. Organizations are mandated to perform CDD when they are suspicious about customer identity. They should design a process that’s both secure and backed by data. Trustpair can facilitate enhanced due diligence on suppliers.