What Is Standard Due Diligence

Customer Due Diligence (CDD) is a significant part of Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Counter Proliferation Financing (CPF) regulatory regime. By using a risk-based approach, businesses determine the level of CDD needed for each customer. In this article we shall explore standard due diligence to meet regulatory obligations around it.

Simplified Due Diligence (SDD) is the level of CDD for low-risk customers, whereas Enhanced Due Diligence (EDD) is applicable for high-risk customers. If neither SDD nor EDD are applicable on a customer, a standardised form of CDD may be adopted. This is called Standard Due Diligence. Ongoing CDD is appliable on all three levels of CDDs to routinely monitor the business relationship with the client.

Therefore, Standard Due Diligence is a form of CDD that is applied on most customers that fall outside the lower risk or higher risk categories.

Let us first discuss the meaning and components of CDD, before diving into Standard Due Diligence in detail.

Customer Due Diligence

CDD is the process that businesses regulated under AML/CFT/CPF laws of a country are mandated to conduct to verify the legitimacy of customer identity and detect, mitigate, and prevent any ML/TF and PF risks emanating from the customer. The various types of CDD include the following:

Type of Customer Due Diligence	Risk Category of Customer	Description
Simplified Due Diligence (SDD)	Low	This involves conducting Know Your Customer (KYC) procedures and Name Screening.
Enhanced Due Diligence (EDD)	High	Conducted on customers that are categorised as high-risk. It involves conducting Standard Due Diligence, and other procedures such as source of funds, source of wealth, senior management approval before onboarding, first payment from the customer’s own bank account, etc.
Standard Due Diligence	Neither low risk nor high risk	Conducted on customers that are neither low nor high risk. It involves conducting KYC, Name Screening, obtaining address and address proof information, occupational and employment details, understanding the nature of business, the purpose of transaction, etc.
Ongoing Customer Due Diligence		The frequency of monitoring depends on the risk category of the customer. Low-risk customers will require less frequent monitoring, and high-risk customers will require frequent monitoring. Other customers will require regular monitoring.

Purpose of CDD

The fundamental purpose of performing CDD is to evaluate any potential risks associated with a customer. By thoroughly understanding customers, businesses can detect and prevent illegal activities like ML/TF and PF. CDD is critical to comply with regional and international AML/CFT/CPF standards. Assessing customers’ risk profiles helps in identifying and applying risk-based due diligence measures.

Engaging in transactions with unlawful customers can damage a business’s reputation. CDD protects against such risks by ensuring that the customers are legitimate, and their transactions are lawful.

ID Verification

Identity verification is the process of verifying and confirming the legitimacy of a customer’s identity. It is the first step of the CDD process. This involves verifying information like name, date of birth, address, residential status, nationality, etc., through official documents like passports, government ID, or driving license.

The collected data is cross examined with official databases or by running checks to ensure authenticity. Verified information and official documents are stored for compliance purposes and future references. This is critical in preventing identity theft or false identities leading to ML/TF and PF activities.

Risk Assessment

In the CDD process, the next step is to conduct Customer Risk Assessment. It is the evaluation of various risk factors to assess the ML/TF and PF risks associated with a customer. After thorough assessment, customers are assigned a risk rating – low, medium, and high. This helps in deciding the level of due diligence and monitoring required.

Transaction Monitoring

Transaction monitoring is a process of conducting systematic review of transactions to detect any suspicious activity that might hint of ML/TF and PF.

The primary purpose of transaction monitoring is to detect, analyse, and report any unusual or irregular transaction. Identifying and mitigating such activities early helps prevent the businesses from becoming the victim of financial crimes, thereby saving them from regulatory penalties, legal consequences, and reputational damage. Moreover, transaction monitoring also fulfils record-keeping requirements, which is important for audits. These records are regulatory requirements and when needed serves as crucial evidence.

Role of KYC in Standard Due Diligence

Know Your Customer (KYC) is a standard and mandatory procedure in AML/CFT/CPF framework of a business regulated under AML/CFT/CPF regulations of a country. KYC plays a crucial role in conducting Standard Due Diligence in following ways:

• Customer Identification and Verification: Customers identify is verified to ensure reliability and legitimacy. Official documents are cross-checked with various databases to ensure they are who they are claiming to be.
• Customer Risk Assessment: Information obtained through KYC enables the business in conducting Customer Risk Assessment, i.e., assessing the ML/TF and PF risks associated with customers and assigning them a risk category accordingly. Standard Due Diligence is to be adopted for customers that are neither low-risk nor high-risk according to the Customer Risk Assessment.
• Ongoing Monitoring: Continuously tracking customer profile and transactions helps in detecting their unusual behaviour and ensures prompt reporting for further investigation. It also ensures that Standard Due Diligence is conducted whenever the customer risk profile changes.
• Regulatory Compliance: Conducting KYC procedure and adopting Standard Due Diligence process based on the Customer Risk Assessment ensures AML/CFT/CPF regulatory compliance.
• Record-Keeping: Record-keeping is a regulatory requirement. Maintaining extensive record of data collected from customers while conducting KYC and Standard Due Diligence provides a clear audit trail for regulatory inspections.
• Customer Relations: KYC and Standard Due Diligence procedure fosters a transparent client-business relationship. This helps in keeping intact the trust of various stakeholders and ensures thorough understanding and clear communication.
• Protecting Financial Integrity: KYC is conducted at an initial stage, followed by Standard Due Diligence, which helps in combating any illegal activities at a very early stage. This projects a business’s commitment towards preventing financial system from financial frauds and maintaining the integrity of AML compliance system.

What is Standard Due Diligence?

While applying CDD procedures, entities are required to take a risk-based approach. This means that the entity should adopt ML/TF and PF risk mitigation measures that are proportionate to the level of risks posed by the customer. Therefore, entities are required to undertake a Customer Risk Assessment (CRA) to gauge the ML/TF and PF risks posed by the customer before deciding the type of CDD measures that they should apply on the customer.

When the customer is assessed as neither low-risk nor high-risk, standardised version of CDD, or Standard Due Diligence is applicable. Therefore when customers fall outside the category or low-risk or high-risk, Standard Due Diligence may be adopted.

Regulatory Framework for Standard Due Diligence

CDD is a mandatory process in AML/CFT/CPF regulatory regimes of most countries. These regimes provide situations for application of Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD), to be applied after Customer Risk Assessment based on a risk-based approach. A standardised version of CDD may be adopted for customers falling outside the applicability of SDD and EDD.

Recommendation 10 of the Financial Action Task Force (FATF) discusses CDD and provides that the provisions of mandatorily conducting of CDD should be legally set out. Countries such as the following, set out detailed provisions for the implementation of CDD processed by entities regulated by the AML/CFT/CPF laws of that country:

• Australia: Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, Customer Identification and Verification and conducting Ongoing CDD is mandatory for Reporting Entities such as Financial Institutions and other persons providing designated services (e.g. banking services, bullion services, gambling services, etc.). The entities included under the definition of Reporting Entities and the CDD process have been significantly amended under the Anti-Money Laundering and Counter-Terrorism Financing Amendment Bill 2024, which is expected to come into force in 2026.

• India: Reporting Entities under the Prevention of Money Laundering Act, 2002, are required to implement CDD procedures as part of their AML/CFT/CPF programs. Reporting Entities include Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs) such as Real Estate Agents, Dealers in Precious Metals and Stones, Trust and Company Service providers, Casinos, Lawyers, Chartered Accountants, etc., and Virtual Digital Asset Service Providers (VDASPs).

• Nigeria: Money Laundering (Prevention and Prohibition) Act, 2022, requires Financial Institutions and DNFBPs to ensure CDD procedures are implemented as part of the AML/CFT/CPF program. DNFBPs in Nigeria include Automotive Dealers, Casinos, Businesses involved in Hospitality Industry, Clearing and Settlement Companies, Consultants and Consulting Companies, Dealers in Jewellery, Dealers in Precious Metals and Stones, etc.

• Singapore: Financial Institutions and DNFBPs, under their respective AML/CFT/CPF regulations, need to implement CDD procedures in their businesses. For instance, Precious Stones and Precious Metals Dealers need to mandatorily adopt CDD measures under the Precious Stones and Precious Metals (Prevention of Money Laundering, Terrorism Financing, and Proliferation Financing) Act 2019.

• United Arab Emirates (UAE): Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations provides the procedure for implementation of CDD for Financial Institutions and DNFBPs such as Real Estate Agents, Dealers in Precious Metals and Stones, Lawyers, Notaries and other Independent Legal Professionals and Independent Accountants.

• United Kingdom (UK): Under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, conducting Customer Diligence is compulsory for ‘Relevant Persons’ such as Financial Institutions, Money Service Businesses, Trust or Company Service Providers, Auction Platforms, Cryptoasset Exchange Providers, High Value Dealers, Auditors, Accountants, Estate Agents, Letting Agents, Legal Professionals, Casinos, etc.

When Should Standard Due Diligence Be Performed?

Standard Due Diligence should be performed in the following circumstances:

• Onboarding New Clients
  • Standard Due Diligence is performed when onboarding new clients who pose a moderate risk level.
• Performing Ongoing Due Diligence
  • Standard Due Diligence may be performed when conducting ongoing due diligence or a KYC refresh for clients posing moderate risks.
• Changes in Customer Risk Category
  • In cases where a high-risk or low-risk client becomes a moderate risk, Standard Due Diligence may be performed

Benefits of Standard Due Diligence

The following are the benefits of conducting Standard Due Diligence in a timely manner:

• Comprehensive Customer Profile: Under Standard Due Diligence requirements, extensive information is gathered from customers and maintained in the form of records. This helps businesses to gain a thorough understanding of their customers and their financial activities.
• ML/TF/PF Detection: The primary goal of conducting CDD process is to detect and prevent ML/TF and PF at an early stage. Through Standard Due Diligence, businesses get a deeper insight into customers activities. This helps them to thoroughly investigate, identify, and manage any potential risks effectively.
• Regulatory Compliance: Standard Due Diligence is a regulatory requirement. Conducting this process helps in complying with regional and international AML/CFT/CPF regulations. This demonstrates business’s commitment towards AML/CFT/CPF compliance and saves from severe penalties, legal consequences, and reputational damage.
• Adoption of Risk-Based Approach: Standard Due Diligence is rooted in a risk-based approach. It allows entities regulated under the AML/CFT/CPF laws of a country to adopt ML/TF/PF risk mitigation measures based on the risk profile of the customer.

Limitations of Standard Due Diligence

While Standard Due Diligence is essential for managing risks and ensuring compliance, it has several limitations. Here is an explanation of these limitations:

1. Poor Customer Experience: Standard Due Diligence involves multiple steps such as customer identity verification, background checks, document verification, and so on. These processes could be lengthy for customers expecting rapid and seamless procedures. Moreover, repetitive requests might irritate customers.
2. Financial Crimes Can Still Happen: Despite the checks conducted under Standard Due Diligence, criminals are still capable of exploiting the gaps in the system and utilising novel and sophisticated techniques to commit financial crimes. Additionally, it is difficult to identify internal risks such as employee fraud.
3. Time-Consuming: Standard Due Diligence can be time-consuming due to manual verification, multiple approval layers, rigorous document checks, regulatory requirements, etc., which can slow down the process.
4. Resource Intensive: Standard Due diligence process is resource intensive. It requires skilled employees, investment in expensive technology, robust ongoing monitoring system and so on. It can be difficult for businesses, especially small ones, to invest large amounts in AML compliance procedure.

Best Practices for implementing Standard Due Diligence

• Conducting Comprehensive and Relevant Enterprise-Wide Risk Assessment (EWRA): Conducting a thorough EWRA allows businesses to understand the ML/TF/PF risks they are exposed to and assign relevant weightage to the risk parameters in Customer Risk Assessment. This enables Standard Due Diligence to be conducted for relevant customers.
• Implementing Risk-Based ML/TF/PF Risk Control Measures: EWRA allows entities to understand the ML/TF/PF risks they face and adopt risk control measures accordingly. Standard Due Diligence, being a risk control measure, should be adopted keeping in mind the risk-based approach. This means that it should be adopted for relevant customers, and not all customers.
• Adopting RegTech: Adopting RegTech such as AML software automates the Standard Due Diligence process, making it swifter and smoother. It also reduces errors which may otherwise crop up if the Standard Due Diligence process is conducted manually.
• Defining Roles in AML/CFT/CPF Program: Clearly defined roles and responsibilities enable the stakeholders to implement the Standard Due Diligence process smoothly.
• Conducting Staff Training: The staff involved in the Standard Due Diligence process must be trained to understand their responsibilities and perform them in a timely and efficient manner.
• Developing a Strong Compliance Culture: The senior management must set the tone from the top of a strong AML/CFT/CPF compliance culture. This ensures that the Standard Due Diligence process is not trivialised, and adequate attention is given to conducting this process.
• Conducting Regular Health Checks and Independent Audits: Regular health check and independent audits of the AML/CFT/CPF process, including the Standard Due Diligence process, ensures that any shortcomings are detected and remedies adopted accordingly.
• Collaboration with Regulatory Authorities:  Maintaining collaboration with regulatory authorities helps in ensuring transparent communication, promotes idea of strong compliance culture, helps to stay updated with industry standards, etc. Overall, it enhances the credibility of a business within the community.

The Role of AML Software in Performing Standard Due Diligence

AML Software provides a multitude of benefits for implementation of Standard Due Diligence procedures. These include the following:

• Data-Driven KYC with Self-KYC Functionality: KYC is the first step of the CDD process. AML Software enables automatic, data-driven KYC functionality with auto-filling and pre-filling of data, assistance in ID documents authentication and record-keeping, etc. It also facilitates Self-KYC for smooth customer onboarding.
• Real-Time Name Screening: Name Screening process includes Sanctions Screening, Adverse Media Screening, and Politically Exposed Persons (PEP) Screening. AML Software is integrated with authentic watchlists, which are regularly updated to ensure real-time alert generation.
• Dynamic Customer Risk Assessment: AML Software provides inbuilt Customer Risk Assessment parameters, with configurability for customisation. It also assists in assigning risk weightage to various risk factors, depending on the nature of the business. AML software allows integration between Enterprise-Wide Risk Assessment, and Customer Risk Assessment, with ongoing monitoring of the relationship with the customer. This ensures timely updating of information when customer risk profile changes, enabling Standard Due Diligence to be conducted as soon as required.
• Customer Lifecycle Management: AML Software provides comprehensive customer lifecycle management to ensure integrated and configurable workflows with a 360-degree view on a single screen. This enables the businesses to take informed decisions regarding customer relationship and AML/CFT/CPF compliance.
• Ongoing CDD: AML Software regularly monitors CDD processes of the business, to ensure that customer information is up to date and no red flags indicating ML/TF and OF risks are missed.
• Streamlined Regulatory Reporting: AML Software generates automatic alerts for timely regulatory reporting whenever situation arises that requires reporting. It also assists in drafting of reports to be submitted as per latest AML/CFT/CPF laws and regulations.

Conclusion
The dynamic nature of financial system and increasing rate of financial crimes make Standard Due Diligence an important AML/CFT/CPF compliance process. Under Standard Due Diligence, efforts are made to prevent ML/TF and PF activities at an early stage and saves the business from indulging in unlawful transactions.