Categories
KYC/KYB

Enhanced Due Diligence: How Important is it for Banks?

In today’s business and regulatory climate, a business has to take all precautionary steps to prevent fraud. This means identifying and verifying customers’ identities and meeting KYC guidelines. Whenever a financial institution starts a new business partnership with individuals or organizations without fully knowing their past and present business dealings, it can open the business to huge lawsuits and fines. EDD (Enhanced Due Diligence) can help businesses understand their customers.

As a matter of fact, over the last decade over $26 billion in fines have been imposed across the U.S., Europe, APAC, and the Middle East against financial institutions for KYC/AML. But KYC compliance goes beyond ticking some checkboxes. KYC helps financial institutions understand and serve their customers in a better way.

The KYC process is often carried out by financial institutions while opening new accounts with online users. Customer Due Diligence (CDD) is a vital part of KYC verification, which usually involves background checks to assess the risk they pose to a business. In the financial sector, this usually involves verifying the users for creditworthiness and ensuring that these people aren’t on a money laundering or counter terrorism financing watchlist.

Fortunately, most of these verifications and AML verification processes are becoming automated so businesses can offer a better customer experience during onboarding. With Customer Due Diligence (CDD) financial institutions perform important checks.

What is Enhanced Due Diligence?

(EDD) Enhanced Due Diligence is part of the KYC verification process that offers a greater level of scrutiny of potential business partnerships and highlights risks that can’t be detected by customer due diligence. Enhanced due diligence requirements are an upgraded version of CDD that looks to establish a better level of identity verification by using customer ID data and evaluating the risk category of the customer.

EDD is specifically designed for dealing with high-risk customers and large transactions. These customers and the transactions they conduct pose greater risks to the financial sector, these customers and transactions are continuously monitored to ensure that nothing is out of place. 

There are several characteristics that EDD from regular KYC policies:

  • Rigorous & Robust: EDD policies have to be rigorous and more robust and should require more data for customer authentication.
  • Detailed Documentation: The EDD process has to be documented in detail, and regulators should be able to have immediate access to enhanced due diligence reports.
  • Reasonable Assurance: EDD requirements require “reasonable assurance” while building a risk profile. 
  • Going Through PEPs: Banks and financial institutions need to pay attention to Politically Exposed Persons (PEPs) lists. People on these lists are viewed as being a higher risk because they are in positions that can be exploited for money laundering. 

Another major challenge with EDD is knowing how much information is there to collect. Regulators have consistently favored financial institutions that leverage documented policies & procedures.

More and more companies are combining online identity verification and automated AML screening during the account onboarding process.

KYC Factors for Enhanced Due Diligence

To make sure your enhanced due diligence process is on-point, you need to pay attention to a number of factors. 

These factors include:

  • Location of the business/individual.
  • Purpose of the business transactions. 
  • Occupation and nature of the business. 
  • The pattern of activity (transaction type, dollar volume, and frequency).
  • Expected origination of payments and method of payment. 
  • Document of incorporation, partnerships, and business certificates. 
  • Understanding the customer base. 
  • Ultimate Beneficial Owner verification. 
  • Information about personal and business relationships. 
  • AML policies are set by the business in place. 
  • Third-party documentation. 
  • Reputation in the local market. 

There are some cases that demand EDD verification. In Europe, banks and financial institutions are required to conduct EDD for businesses operating in high-risk countries. 

The requirement also calls for EDD of Politically Exposed Persons. The new 6AMLD compliance has put additional pressure on financial institutions to conduct more vigorous verification. Negligence or non-compliance can lead to hefty fines. 

This pressure has only increased after sanctions on Russian Companies. Banks and financial institutions have to be extra careful about who they onboard. 

In April 2022, the Office of the Comptroller of the Currency put additional light on the need for thorough EDD policies. These include:

  • Maintaining an accurate and complete list of sanctioned companies and high-risk counties. 
  • Evidence of transactions, which includes unexpected activities, and unexpected sources of funds. 
  • Complete analysis of available information. Including red flags in information and making a document of high-risk indicators and suspicious activities. 

Enhanced Due Diligence Checklist

So, what do banks and financial institutions get out of using EDD as part of their KYC verification process? Here’s the Enhanced due diligence checklist:

1. Better Serve Your Customers

The EDD and identity verification process offer a bunch of useful information regarding your customers, including employment status, age, and so on. This data can be used to provide customers with better services.

2. Enhance Brand Reputation

Whenever a bank, or financial institution onboards a new customer with EDD, they can help in the prevention of corrupt politicians, criminals, and terrorists from entering the ecosystem. This also means that taking precautions to know your customer at a more fundamental level.

Businesses need to build robust safeguards that help in defending against losses for fraud, non-compliance fines, and loss of brand reputation.

3. Financial Crime Prevention

All the ideas of knowing your customers, verifying identities, making sure they’re real, and cross-referencing customers from PEPs and Sanction lists. Enhanced due diligence and other fraud prevention methods such as bank account verification software allow businesses to focus on scaling their businesses instead.

4. Build Trust

Unfortunately, as more and more cases of data breaches, money laundering, and financial fraud are being uncovered, customers are losing trust in the banking sector. It is high time for banks, financial institutions, payment providers, and others to stop the flow of money laundering and other financial crimes. 

This can happen by integrating identity verification and identity screening technologies into the KYC workflow. With a secure digital-first approach, it is possible for banks to digitally onboard customers from all over the world. While ensuring security and enhancing a positive customer experience.

Measures for Enhanced Due Diligence

Let’s say there’s a client that needs EDD verification, what will you do? Instead of going through the process without proper knowledge, you can take some measures. A lot of financial institutions follow de-risking strategies, but that’s too much hassle for legit companies.

The FATF recommends following a risk-based approach for high-risk customers. In a risk-based approach, the amount of information required increases when the level of risk associated with the business increases. 

The risk-based approach offers several other advantages for financial institutions. Entities can scale it up or down based on the size and scale of the business. It is highly flexible and can adapt to changing conditions, technology, and other factors. 

According to FATF, financial institutions must follow some particular steps while conducting EDD, such as:

  • Institutions should try to gather as much information as possible about a customer. They should use this information to build an ideal risk assessment profile. 
  • Should conduct additional searches to get more information about individual customer risk assessment. 
  • Should build a thorough report on the customer or beneficial owner to better understand the level of risk involved. It is possible that the beneficial owner is part of criminal activities.
  • Institutions should build a number of questions that help them collect additional information about the customer. The questions should also try and uncover the intended nature of the business relationships.

Also, it’s not enough to run checks just once, EDD is an ongoing process. To make sure banks stay on top of all the risky activities, they need to keep track of high-risk customer activities. 

Requirements for Beneficial Owner EDD

To make sure that you’re covering all the bases, you need to verify the identity of the beneficial owner. Often, institutions forget or neglect the need to verify the beneficial owner. This can put them at greater risk of financial crime.

UBO verification is slowly becoming a vital part of EDD. If an account holder does some international transactions, institutions need to know the beneficial owners of the other account holder. This is to comply with the OFAC (Office of Foreign Assets Control). The OFAC requires banks to conduct due diligence of international accounts at the time of transaction. 

Due to the FCPA ACT, an institution has to identify the owner of all the third-party intermediaries. A company can’t comply with regulations properly until they thoroughly check the beneficial owner information. 

 The 4AMLD states that all the member states have to ensure that all the entities are incorporated within their territory according to national law. They need to collect all the vital information about the beneficial ownership alongside all the basic information about the entity itself. 

In the US, there are similar beneficial ownership disclosures that are a part of the FinCEN Customer Due Diligence Final Rule. As per the FinCEN Guidance FIN-2016-G003, “the CDD Rule outlines explicit customer due diligence requirements and imposes a new requirement for these financial institutions to identify and verify the identity of beneficial owners of legal entity customers, subject to certain exclusions and exemptions.”

The FATF did an analysis of the beneficial ownership best practices, and they concluded that the challenges with tracing UBO information while dealing with foreign ownership or directorships suggest the requirement for enhanced measures for these entities.

Procedure for Ultimate Beneficial Ownership Verification

Up until a couple of years ago, verifying beneficial ownership was a challenging and cumbersome process. It included a lot of manual work which led to mistakes. Business entities had to submit official documents to financial institutions.

Businesses that had to go through additional due diligence have to provide other documents based on their level of risk.

Some common examples include:

  • Official company documents from the official registry to verify information submitted by the account holders. 
  • UBO identification and verification.
  • Performing KYC checks on ultimate beneficial owners. 

With the help of DIRO’s ultimate beneficial ownership verification, financial institutions can now say goodbye to old manual methods.

DIRO can instantly verify incorporation documents with automated user consent in over 195 countries. It helps in eliminating fraud in merchant onboarding and complying with vendor due diligence rules. Moreover, banks can use it for UBO identity verification and cut down on the risk of UBO fraud. 

Conclusion – Growing Need for EDD

Changing regulations and policies are increasing the need for enhanced due diligence. As the scope and need for due diligence requirements are growing, the need for technologies that can handle these requirements is also growing. DIRO document verification and KYC verification solution can help institutions stay on top of these changing requirements with instant and accurate document verification.

Categories
Onboarding

Customer Due Diligence

Security should be the first and foremost priority of financial institutions and banks. You wouldn’t want to provide access to financial systems to fraudsters of any kind? It makes sense for banks and financial services institutions to vet their customers and potential customers thoroughly. Verifying customers before giving them access to financial services is crucial. This is needed to prevent money laundering, embezzlement, account takeover fraud, and all types of fraud. And this is why customer due diligence is an important part of onboarding new customers. 

In this guide, we’ll walk you through what is customer due diligence and what it means for banks and other financial institutions.

What Is Customer Due Diligence?

Customer Due Diligence (CDD) is the process of identifying your customers and checking if they are who they claim to be. Organizations need to properly risk-assess customers and give them a risk profile before onboarding them. To achieve CDD, businesses need to obtain a customer’s details and cross-reference them with those of an official document that confirms their identity. 

CDD is a regulatory requirement for banks, financial institutions, and other businesses starting a relationship with a new customer. The purpose of this is to prevent financial crime and prevent potential crimes that can happen by doing business with highly risky customers. 

In the customer due diligence, FIs have to analyze customer information from several sources, including the customer sanction lists as well as public and private data sources. The amount of information you collect depends on the risk profile of your customers. Basic customer due diligence requires the following:

  • Information about the identity of your customers, including their name, address, and a photograph of an official ID document.
  • An overview of your customer’s activities and the markets they do business in
  • Basic understanding of other entities that your customers do business with

Customer Due Diligence is at the foundation of Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance. CDD is aimed to help financial institutions verify their customers, confirm they’re not on any sanctioned lists, and assess the risk factors.

Customer Due Diligence Practice for Banks

Financial institutions have to build and follow a risk-based strategy to comply with customer due diligence as part of KYC and other regulations. This helps in making sure that the organizations remain compliant with basic regulatory laws and regulations of the markets that they operate in. 

The level of CDD in banking depends on the type of business-customer relationship and the customer’s risk profile. In a broader sense, banks need to take the necessary steps to make sure that a customer is who they claim to be. This can help in preventing fraudulent activities such as identity fraud or impersonation.

What does a Customer Due Diligence Process Look Like?

An effective customer due diligence process includes collecting a series of detailed customer information before initiating a customer-business relationship. But that’s not all, a customer due diligence process is operational long after the customer is part of a business. Here are the requirements for a robust customer due diligence process.

  • Customer Information: To make sure that customers are who they claim to be, businesses need to collect customers’ basic information. This basic information is the full name, photo identification, address, phone number, email address, occupation, tax identification, and more. 
  • Business Information: CDD processes should have additional information regarding a customer’s business model, source of funds, and UBO.
  • Customer Risk Profile: Another crucial part of customer due diligence is building a risk profile for every customer. This risk profile is made by collecting information such as location, business type, and customer identity. Based on this information, a risk profile is built (low, medium, high), which is to show the level of money laundering risk they pose. A customer’s risk profile determines how much due diligence is needed for a customer. High-risk customers need more detailed diligence compared to low and medium-risk customers. 
  • Continuous Monitoring: The customer due diligence process doesn’t stop after customer onboarding by a bank/financial services industry. An ideal CDD measure should include some kind of ongoing monitoring system and keep an eye on high-risk clients, suspicious transactions, sudden changes to customer profiles, and so on. 

Your customer due diligence process should answer all the fundamental questions:

  • Is the applicant the person claiming online?
  • Does the risk profile of the applicant raise any red flags?

Low-risk customers can be fast-tracked through the approval process. All because of the online customer verification software and online bank account verification software. Because of the automation, customer verification has become 40% more streamlined. This means that the customer onboarding process for low-risk customers should be cut down to under 2 hours. 

However, the decision time for higher-risk individuals may still take longer. Most of the time it takes around 48-72 hours to onboard high-risk customers. Assuming that 90% of the customers will be low to medium-risk customers, the cost and efficiency gains of automated ID verification and AML screening can reduce the costs dramatically and improve user experience.

Streamlining Customer Due Diligence Process

Complying with KYC and AML requirements has made the account opening process complex and time-consuming for most businesses. Different banks take different amounts of time for onboarding new customers. But, on average a bank takes 24 days to complete the customer onboarding process. And with a growing number of regulations, it’s only going to get worse. 

Moreover, increased onboarding time and friction will cause higher abandonment rates by customers. These costs can exceed the costs of any type of fraud considering the lifetime value of lost customers. 

This is why it’s high time businesses need to streamline the CDD process to save money and get new customers.

1. Identity Verification

While there are a series of other ID verification methods, more and more businesses are now relying on automated identity verification to smooth out the onboarding process. Automated ID verification relies on AI, machine learning, and biometric verification to authenticate identity documents. In some cases, banks may even ask customers to perform a liveness check to ensure that the applicant is physically present instead of customers using a pre-recorded video.

2. Ongoing Monitoring & Screening

Not just ID verification, AI and machine learning software can easily provide financial institutions with a more effective transaction monitoring system. This reduces the risk of false positives for suspicious activity.

Same as building risk profiles, individual transactions can also be scored and combined with advanced algorithms that track expected vs actual transaction behavior and update customer risk ratings in real-time. 

Better ID verification, AML screening, and transaction monitoring solutions are enabling financial institutions to keep up with the changes made by regulatory bodies. These technological solutions can help financial services institutions to spot patterns and suspicious transactions by monitoring current transaction data and comparing them with historical transaction data.

Importance of CDD

When you consider the amount of harm fraudulent activities can do, it makes sense the amount financial institutions spend on complying with KYC and AML compliance. These countermeasures are designed to prevent money laundering and other financial frauds. 

Here are the main reasons why banks need to take CDD seriously:

  • Big compliance fines: The enforcement of AML regulations is on the rise, since 2009, regulators have levied over $32 billion in AML non-compliance fines. In 2020 itself, FinCEN fined banks in the United States for over $11.11 billion.
  • Sophisticated Cyber Crimes: Criminal are using more sophisticated methods to remain undetected, including globally coordinated tech, insider information, the dark web, and e-commerce.
  • Reputational Risk: AML non-compliance puts financial institutions’ reputations on the line. The average value of the top 10 banks is $45 billion. 
  • Rising Costs: Most AML compliance activities require a huge manual effort, making them inefficient and difficult to scale.

Enlightened Approach to CDD

A growing number of banks and FinTechs are discovering how to automate their CDD process and if needed the enhanced due diligence process. By using the latest tools and technologies such as online document verification and online KYC verification software, businesses can improve the customer due diligence process.

When is CDD Necessary in Banking?

  • Starting a Business Relationship: Before starting a new customer-business relationship, banks have to perform due diligence checks, verify who the customers and ensure if they aren’t using a fake identity. 
  • Occasional Transactions: Certain transactions may require you to follow CDD strategies. For example, transactions over a certain monetary amount (over USD 10,000) or if the customer is transacting with high-risk persons or regions.
  • Suspicious Activity: Banks have to implement CDD checks if the customers have a suspicious history and a shady activity related to money laundering or financing terrorism.

Unreliable Identification: If the information offered by your customer is unreliable, suspicious, or doesn’t meet requirements, banks should implement additional CDD measures. 

Reducing Customer Due Diligence Time: How to Go From Weeks to Minutes?

The regulations made for saving customers and businesses from fraud are diverse and institutions have to keep pace with developing strategies to remain compliant. As such, creating a smooth onboarding process that is robust and efficient isn’t a mean feat. The biggest challenge in staying compliant is for businesses to keep evolving requirements while reducing friction and delays. A process full of friction and delays lead to increased poor customer frustration and drop-offs. 

When onboarding new customers, financial institutions need to know who they are dealing with before getting into a full-fledged business relationship. To verify customer identities, due diligence is important.

Customer due diligence is an important part of your businesses’ risk management. Different customers have different levels of risks, so CDD is conducted based on risk level. You should assess the potential risk level of each customer, and adjust your due diligence strategy. For the majority of clientele, standard due diligence practices that just require the authentication of customer identities will suffice. 

In certain lower-risk scenarios, simplified due diligence is enough. When carrying out simplified due diligence, you just need to identify your customers instead of identifying and verifying them.

On other hand, there might be instances where standard due diligence isn’t enough, in this case, you’d need to adopt an enhanced due diligence process. 

Let’s break down 3 different levels of customer due diligence:

  1. Simplified Due Diligence (SDD): Simplified Due Diligence is used in situations where the risk of money laundering or terrorist funding is minimal and CDD isn’t important. SDD happens in accounts that have low transactional value, the risk of illegal activities is minimal at best.
  1. Customer Due Diligence (CDD): This type of diligence happens when information is obtained on customers to verify their identity and assess the risk profile of customers. These types of diligence checks are done on customers when opening a financial account in some form. 
  1. Enhanced Due Diligence (EDD): EDD is done for customers to assess the identities of high-risk customers and monitor their transactional history to mitigate the chances of future risks. Most jurisdictions need politically exposed people lists (PEPs) to go through the EDD process. Other factors that require EDD for a customer are high transaction/value accounts, or accounts that deal with high-risk countries, or accounts that deal with high-risk activities. 

Due diligence is vital for mitigating fraud, not only to comply with regulations and avoid hefty fines, but it is also a smart business strategy. Not knowing your customer identity is a risk factor for most businesses. 

International standards require a risk-based approach to be added to the customer due diligence. Companies have to assess the money laundering risks each customer poses and adjust their due diligence checks. 

Customer Due Diligence Checklist

1. Conduct Basic Customer Due Diligence

The first step is to conduct a simple investigation, such as identifying and verifying a customer’s identity. Businesses are needed to verify the identity of the customers they’re dealing with. These requirements apply to all new customers as part of Know Your Customer regulations. 

There are multiple methods businesses can verify customer identities. The first step is online document verification, which involves assessing the legitimacy of a customer’s identity document.

In addition to online ID verification, businesses should also look forward to verifying customers’ financial information and their business activities. 

2. Take Help from Third Parties

Most of the time, businesses will opt to work with third-party solution providers while conducting customer due diligence. Third-party solution providers can be auditors and providers of CDD solutions such as online document verification. Businesses need to make sure that any third parties they work with are reliable and are trusted enough to share confidential data.

3. Figure Out if EDD is Needed

If the customer is considered as high risk, the businesses may need to go beyond ordinary customer due diligence. Enhanced due diligence is necessary if you’re entering into a business relationship with a politically exposed person (PEP), and if the transaction involves a person from a high-risk country. 

4. Keep a Thorough Record

A bank/financial institution is forced by law to keep a record of all the financial transactions for at least 5 years. This includes any information collected through CDD measures, account files, and any related analysis.

Businesses also have to securely document and store all the information, as this information contains sensitive information, it would be challenging if the information was lost.

5. Keep Up-to-Date Records

It’s vital for businesses to keep records of their customers. If any changes happen regarding your customers, you’ll need to redo their risk assessment and carry out further due diligence if it’s required.

Speeding Up the Process

Regulated businesses have to apply risk-based customer due diligence measures to prevent their businesses from getting threatened by money laundering or terrorist financiers. To avoid these financial frauds, KYC & AML checks have to be completed. With proper due diligence checks, businesses can reduce the financial, reputational, regulatory, and strategic risks from other entities. 

Traditionally, businesses perform due diligence checks using manual paper-based processes. Manual work requires a human, and it takes up a lot of time, the process is full of errors and offers no visibility to the customers. The manual process usually is frustrating, and time-consuming. That’s why integrating new technologies into the CDD process is always a good idea. 

How does DIRO Help?

DIRO’s online document verification software offers instantaneous document verification that can easily strengthen the KYC & AML process. DIRO offers stronger proof of authentication with verifiable credentials. With DIRO being able to verify over 7000 document types from all over the globe, it can strengthen the AML and KYC verification process.