Introduction
Customer Due Diligence (CDD) is an obligation that reporting entities like financial institutions (thinkđĄ banks and investment fund managers like KiwiSaver providers), and other regulated businesses such as accounting and law firms, must conduct on their customers to understand the money laundering and terrorism financing risk their customers pose to the reporting entity. Â
Knowing each customer, the services you will provide them, and assessing the risk they pose means identifying and verifying the people who are the beneficial owners. In this article weâll discuss:
- What CDD is,
- Howâs it conducted,
- The different levels of CDD,
- Ongoing CDD.
What is Customer Due Diligence?
In New Zealand, CDD is a requirement of the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (the AML/CFT Act) and its regulations place certain obligations on reporting entities to detect exposure to their customer risk of money laundering and terrorism financing. The ultimate goal of carrying out CDD is to understand the nature and purpose of the business relationship based on the services you will provide your customer, and to gather sufficient information about the customer's beneficial owners by identifying and verifying them, and in some scenarios, understanding the source of their wealth or funds. This allows informed decision-making about the risk level of their activities and whether or not itâs wise to enter into a business relationship with them.Â
Not all CDD is made equal and certain transactions, or associations come with heightened risks that require more information. There are three levels of CDD that you can carry out which include simplified, standard, and enhanced (EDD) â weâll dive into what those different levels involve, and when you might need to use them later in the article.
Carrying out CDD is crucial to ensure that the people behind the customer you are engaging are who they claim they are and they're not involved in any illegal activities like money laundering, terrorist financing, or fraud. It helps reporting entities meet their statutory obligations and reduces the risk of you unwittingly facilitating criminal activities.
â
How is CDD conducted?
CDD involves a series of steps that are usually part of the onboarding/KYC process, beginning with collecting information from the customer and verifying its authenticity, the process itself includes the following three steps:
1ď¸âŁ Identifying the customer
Collecting relevant information, such as the structure of the customerâs entity to identify beneficial owners and those acting for the customer, their name, address, date of birth, identifying documents, and any other necessary particulars.
2ď¸âŁ Verifying the customer
Validating the customer's identity by reviewing authentic documents such as a passport, driver's licence, or government-issued ID for each beneficial owner or person acting on behalf of the customer.
3ď¸âŁ Assessing the customerâs risk
Analysing the customer's activities, intended transactions, and where relevant the source of funding to check if they pose any threat to the reporting entity or expose it to potential legal or regulatory risk.
â
Levels of CDD
Earlier I mentioned that not all CDD is made equal, and this will all be dependent on the type of customer and the services provided to the customer, the reality is that for both accounting and law firms, itâs extremely unlikely simplified CDD is ever going to fly due to the nature of the work and transactions youâre dealing with.
đ Simplified CDD
This relates to specific types of customers like publicly listed companies, state-owned enterprises or crown entities. You need to record the full legal name of the company and a brief explanation of how it qualifies for simplified CDD. You also need to collect information about the nature and purpose of your proposed business relationship with the company.
đ Standard CDD
This is the norm for most customers and involves understanding the structure of the company and verification of beneficial owners to ensure the details you might have collected so far are true and arenât misleading or fraudulent, or on sanction lists for example. At this point, youâll often have enough information to be able to understand the nature and purpose of the proposed business relationship and the potential risk of who youâre dealing with â if youâre comfortable with this, you may not need to ask for any further documentation.
đ¨ Enhanced CDD
In certain circumstances, additional information is required about the customer, perhaps due to the type, or complexity of the customer or if the service requested is unusual or complex. This will involve understanding the source of wealth or source of funds, and perhaps more sophisticated measures will be required to obtain and verify beneficial owners of the customer.
â
Ongoing Due Diligence (ODD)
Running CDD as part of your onboarding/KYC process is only one part of the puzzle â youâre also expected to monitor your clients on an ongoing basis, this is to ensure that you are on top of any emerging or evolving risk.
Not only does it help you make sure you continue to meet your obligations to the AML/CFT Act, but it also ensures that you have a good understanding of the potential exposure to risk that your firm might be holding at any given time.
At the moment, the expectation is that you perform ODD either periodically or when a transaction/interaction requires it, this might involve checking the structure of the customer, updating IDs, or re-checking the source of funds, for example. There are other situations, such as a change in control where ODD is equally pertinent, an example of that might be when a new shareholder or director is appointed. Whilst there is software out there to help you monitor financial transactions in an automated manner, the reality for an accounting firm is that itâs unlikely youâll need to have seriously complex systems in place, especially given youâre probably not âsetting and forgettingâ your relationship with your client, instead itâs likely youâll be regularly dealing with their tax affairs and their transactions, so if something seems out of sorts when youâre doing other work, thatâs a good time to consider how you might want to follow up.
For example, if youâre the registered office for a Fish and Chip shop or a Barbers, youâd expect regular cash deposits into their bank accounts as people typically are more likely to use cash in these environments, but if youâre seeing large cash deposits from an online retailer who sells exclusively over the internet, that might seem a little odd, and raise a few eyebrows â this is where your internal process and understanding of your customer comes into play.
Wrap-up
Ultimately CDD is all about managing risk and getting to know your customers in a way you can best serve them â building a robust onboarding process will help you to have confidence in your approach and that youâre meeting the compliance obligations you need to. The Financial Marketing Authority (FMA) has a number of downloadable assets that can help you build out your AML/CFT programme for you â here youâll find guidance for CDD when working with Companies, and this document talks about the specifics for dealing with Trusts. As weâve spoken about how you monitor, maintain and carry out CDD is ultimately your decision, as long as you meet the requirement of the AML/CFT act â with that in mind weâve summarised the Department for Internal Affairs (DIA) requirements to meet the AML/CFT act in this article.