CDD in Anti-Money Laundering: all you need to know

cdd anti money laundering
IN THIS ARTICLE
Table of Contents
Like it? Share it

US company Bittrex was fined $53M for not implementing appropriate CDD anti-money laundering regulations. The virtual currency company allowed customers from sanctioned countries to exchange money online, going against AML regulations. Keep reading to learn about the role of Customer Due Diligence (CDD) in money laundering, and what you need to implement in your company.

Trustpair helps you fight money laundering by constantly auditing and securing your supplier data, ensuring you’re not working with fraudulent partners. Chat with an expert to learn more!

New call-to-action

What is CDD in money laundering?

Definition of CDD

CDD stands for Customer Due Diligence (or Client Due Diligence). It’s a process by which organizations check their customer identity and monitor their activity.

Its goal is to identify and mitigate risks that customers represent, preventing money laundering terrorist financing, and other illegal activities. CDD anti-money laundering processes are here to ensure that companies don’t do business with clients from sanctioned countries lists (like in our example in the introduction) or with suspicious individuals.

It applies to the US as well as every member state that’s part of the Financial Action Task Force (FATF), the international organization in charge of setting standards against money laundering and terrorist financing.

The US, UK, and UE also have their own customer diligence requirements. In the US, CDD is mandatory for AML compliance (Anti Money Laundering) and the Bank Secrecy Act (BSA).

The link between CCD and Money Laundering

Customer Due Diligence is an integral part of AML regulations. It helps companies protect themselves from being used as a vehicle to launder money obtained illegally.

According to Verafin’s global Financial Crime Report, $3,1 trillion circulated through the financial system worldwide in 2023.

Not knowing who your clients are means you could be in business with people or organizations with bad motives. Being implicated in a money laundering scheme exposes you to hefty fines and huge reputational losses.

CDD Anti Money Laundering laws are here to help companies monitor suspicious activities and report them to the relevant law enforcement agencies — in the US and worldwide.

What are the main CDD requirements?

While CDD anti-money laundering regulations’ requirements are specific to each country, the base customer diligence requirements for organizations and financial institutions are the same.

To complete your Customer Diligence CDD, you must gather data:

  • Directly from your customers,
  • From applicable sanction lists,
  • And private and public databases.

The core CDD requirements as stated by the US Treasury’s Financial Crimes Enforcement Network are the following:

  1. Identify and verify your customers’ identity to ensure they say who they say they are.
  2. Assess your customer’s risk profile to decide if further CDD is needed. This depends on factors like their identity, background, the nature of your relationship.
  3. Identify ultimate beneficial ownership. Verify the identity of the Ultimate Beneficial Owner (UBO) of your client. In the US, beneficial ownership requirements kick in if someone owns more than 25% of a company.
  4. Continuously update and monitor your customer’s activity to detect any suspicious transactions.

What are the different types of CDD?

CDD anti-money laundering has different levels depending on the risk levels. As it’s an important part of your risk assessment and management strategy, it makes sense to a risk-based approach with various risk-based CDD levels.

Financial institutions and companies assess the level of risk based on:

  • Your industry,
  • The nature of your business relationship,
  • Your client’s risk profile.

There are 3 types of CDD:

  • Simplified Due Diligence, where you only need to identify your customers (not verify them).
  • Standard Due Diligence, where you need to identify and verify your customers (the most common).
  • Enhanced Due Diligence, where you need to do extra checks. Enhanced diligence is triggered by your industry or client, or if a transaction involves a large sum of money.

The personalized approach is one of the key differences with the Know Your Customer (KYC) regulation, both being part of AML. Customer Diligence and KYC work together, but CDD:

  • Is tailored to your customer’s profile (where KYC has a one-size-fits-all approach).
  • Is more in-depth than KYC.
  • Includes ongoing monitoring of the customer’s activities. KYC is only done during onboarding.

At Trustpair, we recommend ongoing verifications of your customers and your suppliers. Our anti-fraud software does automatic and ongoing checks of your vendors’ data to ensure you are paying your intended recipient.

With vendor fraud on the rise, now is the time to be proactive to protect your company against the potential financial (and reputational) losses that come with fraud.

Cybercriminals are leveraging technology and AI to create more elaborate cyber schemes. Anti-fraud software is the only adequate protection against third-party fraud.

A CDD checklist

CDD anti-money laundering requirements can translate into a straightforward checklist. Here’s what you must do in your business:

Conduct standard Customer Due Diligence

That’s when you identify and verify your client’s identity, before starting to work together. You do this by asking them to submit personal information that confirms their identity.

Although CDD applies to financial establishments, they are required to ask you to conduct it (or the KYC process) with your own clients.

By ensuring your clients aren’t laundering money through your company, they’re not indirectly contributing to it neither. This is why banks and financial establishments ask you to verify your customers’ identity.

This can be done through online assessment, as part of your onboarding process. You can also check their financial information and business activity.

If your client is a legal entity, you’ll need to find out their ultimate beneficial owner.

Select third-parties to help you

CDD nowadays is done digitally. Your customers can upload the information you require online, through a third-party solution of your choosing.

Software specializing in CDD and KYC can help streamline your Customer Due Diligence, making it more efficient and reducing friction for your clients.

Sumsum and Persona are examples of software that help you remain compliant with AML laws. Software solutions can make automated in-depth checks for you, reducing the time it takes your teams to carry out manual verifications. They also help with storing the data you gathered safely.

On the vendors’ side, Trustpair helps you verify your suppliers’ identity so stay compliant and are protected from third-party fraud.

You can also decide to work with lawyers or auditors (internally or externally) to ensure your process is thorough and legal.

Assess your risk level

Once the basic CDD is completed, you can decide to conduct Enhanced Due Diligence EDD if needed. This depends on your industry and your customer risk profile.

For example, if they figure on the PEP (Politically Exposed Person) list or there is a higher likelihood of money laundering AML, you’ll need to carry out a more thorough CDD.

Secure the data

Organizations must keep a record of financial transactions for 5 years minimum. This regulation also includes all the information you gathered in your CDD, such as personal information and other data you collected in the process.

Make sure that this data is safely stored as you also need to comply with privacy laws. Using software can also help you here, as long as you choose solutions with high-security protocols.

Update your records

CDD anti-money laundering is an ongoing process. You need to carefully monitor any changes in your customer’s activities and keep your records up-to-date with the latest information available.

For example if your customer’s ownership or structure changes, you’ll need to carry out your Customer Due Diligence once again. This ensures you remain compliant and protected against the risk of money laundering.

Report suspicious activity

If you come across any suspicious activity or information during your CDD process, you must notify the relevant authorities. Any red flag when starting or during your relationship with your customer must be passed on to law enforcement to be investigated.

This is how governments keep track of money laundering AML and illegal activities, and the whole point of CDD anti-money laundering regulations is to identify and report suspicious activity.

You’re now all set when it comes to Customer Due Diligence! But CDD is only one part of the equation. To be compliant with AML regulations and protect your company against fraud, you also need to Know Your Supplier (KYS).

That’s what Trustpair helps you to achieve! Our anti-fraud software secures your B2B payments by automatically checking your third party bank account information. We leverage AI and our access to international database to establish if a recipient is really who they state before any transactions is sent their way.

Key Takeaways:

  • Customer Due Diligence (CDD) exists to protect companies against the risk of money laundering.
  • It’s an ongoing process with set rules.
  • Using software to carry out your CDD streamlines your processes and reduces friction with your customers.
  • Consider using Trustpair to carry out the equivalent with your suppliers.

You’d like these articles

FAQ
Frequently asked questions
Browse through our different sections and find the answer to your question.

There are 3 types of Customer Due Diligence: Standard, Simplified and Enhanced. The level required depends on your customer risk profile (high risk or low risk) and your organization’s specificities (industry, country, type of operations)

According to the US Treasury, there are 4 core CDD requirements: identify and verify your customer, assess their risk level, find their Ultimate Beneficial Owner, and monitor their activity.

Webinar: 2025 Fraud Trends and Insights