LogoAI Finance Tools

CDD (Customer Due Diligence)

Process of verifying customer identity and assessing risk before and during a financial relationship.

Customer Due Diligence (CDD) is the process by which financial institutions identify and verify the identity of their customers, understand the nature and purpose of customer relationships, and assess the money laundering and terrorist financing risk those customers present. CDD is the foundation of AML compliance programs and is required by FinCEN's CDD Rule (effective 2018), FATF Recommendations, and national AML legislation worldwide.

CDD encompasses four core elements: customer identification and verification (collecting government-issued ID, verifying against watchlists); beneficial ownership identification (for legal entity customers—identifying natural persons with 25%+ ownership or control); understanding the nature and purpose of the relationship (what business does the customer conduct, why do they need this product); and ongoing monitoring (reviewing transactions for consistency with the expected risk profile, updating CDD when circumstances change).

Three CDD tiers apply based on assessed risk: Simplified Due Diligence (SDD) for demonstrably lower-risk customers (listed public companies, government agencies, where extensive documentation is unnecessary); Standard CDD for typical customers; and Enhanced Due Diligence (EDD) for higher-risk customers (PEPs, high-risk geographies, complex ownership structures, unusual transaction patterns).

CDD failure is among the most common regulatory violations in financial services. Banks have paid billions in fines for CDD deficiencies: inadequate KYC documentation, failure to identify beneficial owners, insufficient understanding of customer business purpose, and inadequate ongoing monitoring.

Modern CDD programs use digital onboarding workflows, ID verification APIs (scanning passports, driver's licenses), sanctions screening APIs, and CRM/KYC platforms to automate much of the data collection and initial screening, with human review reserved for complex cases and EDD situations.

FAQs

What documents are typically collected in standard CDD?

For individual customers, standard CDD typically collects: government-issued photo ID (passport, driver's license), proof of address (utility bill, bank statement within 3 months), and sometimes additional verification for high-value accounts (source of wealth/funds documentation). For business entities, CDD collects: certificate of incorporation or formation, articles of incorporation/operating agreement, corporate resolution authorizing the relationship, beneficial ownership certification for 25%+ owners, government-issued ID for each beneficial owner, and a description of the business purpose and anticipated transaction activity. Document requirements vary by jurisdiction and institution risk appetite.

What is perpetual KYC (pKYC) and how does it differ from periodic review?

Traditional KYC refresh involves scheduled periodic reviews (annual for high-risk customers, every 2–3 years for standard risk, every 5+ years for lower risk) where the institution updates customer information regardless of whether anything has changed. Perpetual KYC (pKYC) is an event-driven approach that monitors customers continuously and triggers reviews only when meaningful changes occur—ownership changes, adverse media hits, new sanctions designations, significant transaction pattern changes, or customer-provided updates. pKYC is more efficient (resources focus on customers with actual changes), more timely (a new sanctions designation triggers immediate review rather than waiting for the annual cycle), and increasingly required by regulators seeking more dynamic risk management.

What triggers a CDD review for an existing customer?

CDD reviews for existing customers are triggered by: periodic review schedules based on risk tier, material changes in customer information (name, address, ownership changes), unusual transaction activity inconsistent with the established risk profile, adverse media or watchlist hits in ongoing screening, customer-initiated requests (adding new products or significantly increasing transaction volumes), escalations from transaction monitoring alerts, and regulatory examination findings. Proactive monitoring of adverse media and automated re-screening when watchlists update allows institutions to identify need for review events between scheduled reviews, maintaining current customer risk assessments.

Related Terms

Tools for this concept

Ideagen is a governance, risk, and compliance software provider specializing in quality management, audit management, and safety compliance for highly regulated industries including aviation, banking, life sciences, and manufacturing. Founded in the UK in 1993, Ideagen has grown through acquisitions to serve over 11,500 customers globally. The Ideagen platform covers internal audit management, quality management systems, document control, CAPA management, incident reporting, and supplier quality. PaperLess provides document management and audit evidence organization for accounting firms. Huddle is a secure collaboration and document management platform for regulated industries. Medforce serves healthcare with compliance and quality management tools. Internal audit capabilities include risk-based planning, fieldwork documentation, and finding management similar to dedicated audit tools. Quality management modules support ISO 9001, ISO 14001, AS9100, and other quality standards with document control, non-conformance management, and audit scheduling. Aviation clients use Ideagen's ACAS (Aviation Compliance and Safety) solution for regulatory compliance, safety management, and occurrence reporting. Banking clients leverage audit and regulatory change management capabilities. Ideagen's strength is the breadth of compliance disciplines covered in a single platform, making it attractive for organizations managing multiple compliance programs across quality, safety, and audit. The company continues to expand through strategic acquisitions in the GRC and quality management space.

CaseWare is a leading provider of cloud audit, assurance, and financial reporting software used by accounting firms, corporate finance teams, and government auditors worldwide. Founded in Toronto in 1988, CaseWare has served the accounting profession for over 35 years with tools that streamline audit engagements and financial statement preparation. CaseWare Working Papers is the flagship product—a structured workpaper environment for external audit engagements that organizes evidence, links to financial statements, and facilitates review and sign-off workflows. Cloud-based deployment enables distributed audit teams to collaborate in real time on engagement files. Financial statement preparation tools support local GAAP, IFRS, and other accounting standards with automated disclosure checklists and ratio analysis. CaseWare Analytics provides data analytics capabilities for sampling, population analysis, and exception testing within audit workflows. IDEA (now CaseWare IDEA) is a standalone data analysis tool widely used for audit analytics, fraud detection, and continuous monitoring. CaseWare's cloud migration has modernized the platform with improved collaboration and real-time data access. The platform is particularly popular with public accounting firms, government audit offices, and large internal audit departments. Its audit evidence organization, review workflow, and financial statement linkage capabilities are tailored specifically for assurance professionals. CaseWare's deep accounting focus differentiates it from broader GRC platforms.

Wolters Kluwer TeamMate is a comprehensive audit management platform specifically designed for internal audit departments, providing dedicated tools for risk-based audit planning, fieldwork execution, issue management, and reporting. Part of Wolters Kluwer's financial and risk advisory solutions, TeamMate has served internal audit professionals for over 30 years and is deployed at thousands of organizations worldwide. TeamMate+ is the current cloud-based version, supporting the complete internal audit lifecycle from risk assessment through audit reporting. Risk Assessment tools enable auditors to evaluate and prioritize risk across the audit universe, creating defensible risk-based audit plans. Audit Project Management provides structured workpaper management, task assignment, and review workflows. Time Tracking captures audit hours for budgeting and efficiency analysis. Issue Management tracks findings, root causes, and management action plans through resolution. Analytics and Reporting provide real-time dashboards on audit status, key risk indicators, and portfolio metrics. The platform integrates with data analytics tools including IDEA and ACL for transaction-level testing. Wolters Kluwer's regulatory content expertise complements TeamMate's process capabilities with up-to-date guidance on audit standards and regulatory changes. TeamMate is particularly popular with financial services internal audit departments, government internal auditors, and large corporate audit functions. Its dedicated audit focus—as opposed to broader GRC platforms—means features are optimized for auditor workflows.