The 2023 Guide to Customer Due Diligence

Regulatory authorities across the globe are flexing their muscles when it comes to preventing money laundering.

The digital era has ushered in a new wave of financial crime, and regulatory bodies are pushing back by tightening anti-money laundering (AML) regulations and customer due diligence (CDD) responsibilities in an attempt to crack down on the epidemic.

While regulations do help to prevent financial crime from occurring within and across financial institutions, stricter standards also mean increased costs, friction, and compliance staffing.

And, while financial criminals evolve constantly, it appears that CDD practices are still stuck in the dark ages.

Clunky, manual customer due diligence processes mean that AML compliance is slow, expensive and complex. This leads to many financial institutions falling short with inadequate CDD programs.

However, with regulatory authorities hot on the tails of poor AML programs, financial institutions can no longer afford to ignore the need for comprehensive CDD processes. If AML procedures don’t conform with regulations, financial institutions face jaw-dropping non-compliance fines.

Luckily, GetID has the answer. By automating customer identity verification and authentication and monitoring processes, our next-generation solution saves time, money, and manpower while guaranteeing AML compliance now and for the future.

What is Customer Due Diligence?

Customer Due Diligence (CDD) refers to the collection of processes used to identify customers, confirm their identity, and monitor their behavior throughout the business relationship.

A compulsory operation for financial institutions and certain companies, CDD helps to prevent money laundering and other financial crimes. In line with Anti-Money Laundering (AML) regulations, CDD requirements demand that organizations identify and report suspicious activity to the relevant authorities. This weeds out criminal and fraudulent users, as well as ensuring AML compliance.

Which Institutions are Subject to CDD Regulation?

While AML policies and due diligence are often considered as banking regulations, these standards also apply to various non-bank institutions.

While regulation and legislation varies between geographical locations, most places are seeing rule-tightening over which businesses and organizations should have CDD processes in place.

The Banking Secrecy Act in the USA outlines the rules around AML procedures. Section 352 of the USA Patriot Act amended the Banking Secrecy Act to expand the organizations that need to implement due diligence procedures. Where previously only banks felt the full force of AML compliance, now non-bank financial institutions (such as broker-dealers) must also establish AML programs.

The UK also has stringent AML policies under the Money Laundering Regulations 2007. These regulations outline the types of businesses that must install due diligence processes.

These businesses include (but aren’t limited to):

  • Money service businesses
  • High-value dealers
  • Accountancy service providers
  • Telecommunications services
  • Insurers
  • Estate agency services
  • Art market dealers
  • Bill payment services

In 2018, the EU updated their AML regulations with the fifth European Anti-Money Laundering Directive (AMLD 5). This directive expands these business types to include art traders, tax-related services, virtual currency exchanges, and virtual currency wallets. A the end of 2020, the Sixth Directive (AMLD 6) establishing corporate liability for money laundering came into force.

In short, companies that provide financial services, including exchanges and virtual currencies, need to ensure they have AML policies in place. This means completing comprehensive customer due diligence.

When Does CDD Need to be Carried Out?

Customer Due Diligence is an umbrella term that covers onboarding procedures and ongoing monitoring of customer behavior. In this sense, CDD includes everything from Know Your Customer (KYC) processes at the beginning of a business relationship through to monitoring transactions and changes of circumstance.

When does CDD need to be carried out?

For firms and financial institutions that are subject to CDD regulations, there must be processes in place to perform this due diligence when:

  • Onboarding a new customer
  • A customer’s identity is questionable
  • A customer’s documentation is dubious
  • A customer exhibits suspicious activity in line with money laundering or terror funding
  • An existing customer changes their circumstances or personal details, such as new address
  • High value transactions (10,000 EUR in EU; 10,000 USD in USA)
  • One-off high value transactions completed by non-high value customers

The Three Types of Due Diligence

While customer due diligence is mandatory for certain institutions, this doesn’t mean that every user needs to be exposed to an extensive verification and monitoring process.

There are three tiers of customer due diligence, each tailored to the level of risk that a customer poses: simplified, standard and enhanced.

1. Simplified due diligence (SDD)

Simplified due diligence can be applied in two cases. In the first, SDD can be applied to customers who pose little to no risk to the organization.

These types of customers would include:

  • Customers in low-risk geographical areas
  • Public administrations
  • Publicly listed companies
  • EU Member states, etc

On the other hand, simplified due diligence is used when the product for which a customer is applying poses little risk.

Low-risk products include:

  • Pensions where contributions are deducted at source
  • Life insurance policies with low premiums
  • Financial products that are designed for financial inclusion
  • Products restricted by purse limits, etc

These customers simply need to be identified with official documentation and personal identifiable information (PII).

2. Standard customer due diligence (CDD)

Standard customer due diligence requirements state that customers must be identified by their PII and official documentation and authenticated by an official third party verifier as per KYC.

Customers should also be subject to ongoing monitoring. CDD is applied to customers that are of moderate risk and should be completed when establishing business relationships, when large transactions are being processed, or when a financial crime is suspected (fraud, money laundering, terror financing, etc).

3. Enhanced due diligence (EDD)

Enhanced due diligence (EDD) must be applied to high-risk customers, customers in high-risk locations, and those engaging in high-risk activities.

For example, an enhanced due diligence process would be used for:

  • Politically-exposed persons
  • Cross-border correspondent relationships
  • Companies with nominee shareholders
  • Cash-intensive businesses
  • Businesses in countries with high levels of corruption or that provide terrorist funding, etc

The three types of due diligence

Ongoing Monitoring

As noted above, customer due diligence isn’t exclusively reserved for onboarding processes.

While KYC and CDD checks help to identify and verify customers at the beginning of a business relationship, AML standards demand that due diligence is an ongoing process.

In this respect, financial institutions must continue to monitor the activity of their customers throughout the entirety of the business relationship.

This means that financial institutions must implement policies that check customer transactions in order to monitor and reclassify risk if any changes occur. By doing this, financial organizations can dog-ear any customers who throw up red flags, such as unusual high-value payments, transfers to suspicious recipients, and suspect cross-border transactions. This process also monitors the changes in customers’ situations to ensure all documentation is kept up-to-date.

Why is CDD so Important?

Customer due diligence processes are the gatekeeper for preventing financial crime. Offering a safeguard against money laundering, tax evasion, fraud, terrorist funding, and more, CDD is a mandatory process which can result in significant fines for non-compliance.

Here are the top reasons CDD is so important for your business.

1. Solid CDD Procedures Function as an Anti-Money Laundering Measure

In 2018, suspicious activity reports (SARs) sent to regulatory authorities prevented $2 billion worth of unauthorized transactions in the UK.

Despite this, between the period of April 2018 and March 2019, reported numbers of SARs relating to money laundering rose by 52% compared to the year before.

While AML regulations are attempting to stamp out international financial crime, studies are showing these types of crimes are increasing to a pandemic level.

Solid CDD procedures function as an anti-money laundering measure

It is estimated that the amount of money laundered globally is between $800 billion and $2 trillion annually.

This is why customer due diligence is so important.

Thanks to more stringent procedures, criminal characters are being caught red-handed and cross-border crime rings are being disbanded.

However, with studies showing that 18 of the 20 biggest European financial institutions have been fined for poor AML measures, it’s no surprise that money laundering is increasing dramatically.

For example, a 2019 HMRC investigation found that one gang selling illegal cigarettes had stolen $44 million in VAT and laundered over $112 million across 50 banks around the world, including Cyprus, Hong Kong, the UK, and Dubai. If these 50 banks had tighter CDD procedures, these criminals may have been caught earlier.

2. Robust CDD Acts as a Fraud Prevention Mechanism

Fraud is a big problem around the world, especially since the digital age has made it easier to hack and crack identity systems.

Social engineering schemes and data beaches that involve the theft of personal data are the largest contributors to fraud. With nearly 450,000 cases of ID fraud and 160,000 cases of credit card fraud in the USA each year, reports show that fraud almost tripled between 2014 and 2018.

In fact, synthetic ID fraud (where fraudsters use fake ID), is the fastest growing type of fraud. It is also the type of fraud that hits financial institutions the hardest.

Studies show that 85-95% of synthetic ID fraud cannot be identified by traditional fraud detection mechanisms.

Take the example of Maria Michaela, UK’s most notorious female fraudster. Michaela conned banks out of nearly $17 million using fake IDs to submit house offers and default on mortgages.

Alternatively, consider the case of Kelvin Lyles, who used synthetic identities to establish credit histories to scam credit card companies out of $350,000.

Perhaps even worse is the 2019 indictment of five men who collaborated to steal PII from thousands of military members. The fraudsters hacked the Defense and Veterans Affairs benefits websites to steal millions of dollars.

What these examples show is that a great deal of money can be fraudulently acquired using schemes that last a few weeks, months, or years.

And while KYC procedures during onboarding can protect against application fraud, CDD checks are needed for ongoing monitoring of activity. If strict due diligence processes had been carried out in these cases, fraudulent and suspicious transactions may have flagged, which could have prevented such damaging and costly criminal sprees.

3. Strong CDD Programs Comply with Tightening AML Regulations

AML standards and regulations are tightening all around the world to crack down on money laundering and terrorist financing.

Strong CDD programs comply with tightening AML regulations

In 2018, the EU outlined its plan for the fifth Anti-Money Laundering Directive (AMLD5), which was executed in January 2020. This regulation upped the ante from the fourth directive by demanding that financial institutions perform stricter EDD procedures on high risk geographical locations and high value transactions. The directive also imposes CDD conditions on virtual currency organizations, estate agents, and tax accountancy firms.

In December 2019, the UK government followed suit by publishing the Money Laundering and Terrorist Financing (Amendment) Regulations 2019. Amending their predecessor regulations from 2017, these regulations support the more stringent standard imposed by AMLD5.

In the USA, FinCen’s Final Rule acts as the CDD directive for the nation. Introduced in 2018, this piece of legislation demands that covered financial institutions must identify and verify customers and beneficial owners of companies opening accounts, assess the purpose of customer relationships to build a risk profile, and conduct ongoing monitoring to highlight and report suspicious activity.

For financial institutions, complying with geographically relevant regulations is imperative to avoid non-compliance fines and tackle the risks associated with money laundering and terrorist financing.

4. Effective CDD Prevents Non-Compliance Fine

With regulatory standards expanding, it is important that financial institutions stay compliant to avoid the fall out of high non-compliance fines. Regulatory bodies around the world do not take due diligence breaches lightly. In fact, they heavily punish organizations that don’t adhere to AML standards with ineffective CDD programs.

Effective CDD prevents non compliance fines

Take Touma Foreign Exchange in the UK as an example. The Forex firm was hit with an almighty $10.1 million fine after the HMRC found the company’s customer due diligence procedures to be far from adequate. The company breached strict regulations regarding CDD controls, procedures, and measures, appropriate staff training, and risk assessment and record-keeping mechanisms.

Alternatively, consider the $518 million fine imposed on Australia’s biggest lender, Commonwealth Bank. The largest civil fine in Australian corporate history, the bank failed to report 53,000 suspicious transactions, resulting in a massive non-compliance fine.

In fact, figures show that in 2019, CDD and AML fines in the US (alone) totalled nearly $2.2 billion over just 25 cases.

In short, the cost of CDD and AML non-compliance can be a hefty price to pay.

5. Sound CDD Processes Protect Your Company’s Reputation

Sky-high non-compliance fines, money laundering, terrorist financing and fraud can all lead to the death of a financial institution.

Not only are these things expensive to remedy, they can seriously damage your company’s reputation. Negative publicity and costly litigation can all lead to customers taking their business elsewhere, which will inevitably lead to significant revenue reductions.

Take a cue from Danske’s recent money laundering scandal, where over $200 billion of suspicious transactions flowed through the Estonian arm of the company without being monitored. Not only has Danske been accused of hurting the entire reputation of Denmark and Danish banks, customers rapidly lost faith in the bank. This led to Danske losing over 11,000 customers.

Got questions? Talk to our team!

What are the Challenges of CDD?

While the importance of customer due diligence is abundantly apparent, reports by the Solicitors Regulation Authority (SRA) and the Council for Licensed Conveyors (CLC) show that 60% of firms (out of 400) lacked adequate AML and CDD processes and failed to meet regulatory standards.

If customer due diligence is quite clearly such an important measure (and failure to comply so damaging), why are financial institutions simply not cutting the mustard?

There are a few primary reasons.

1. Lengthy CDD Processes Cause Onboarding Friction

While financial institutions may have it in mind to stay compliant with AML and CDD regulations, their own commitments to onboarding customers often stand in the way.

It’s no secret that swift onboarding leads to better customer retention and that slow, glitchy onboarding processes cause high customer drop-out rates. Due to this, companies tend to focus on easing customer onboarding friction to speed up the process. This often results in customer due diligence compliance to falling by the wayside.

In 2017, for example, financial institutions claimed that it took 26 days to onboard new clients; up two days from the previous year. These same institutions said that it took up to 32 days to onboard corporate clients. Worst still, other studies have shown that complex customers needing enhanced due diligence can take up to 34 weeks to onboard using clunky, manual onboarding processes.

With these lengthy processing times in mind, it’s no wonder that financial institutions are slacking on customer due diligence processes.

In fact, with onboarding times rising so dramatically, studies show that 52% of wealth managers fear an increase in drop-out rates. While the digital era may be encroaching rapidly, reports show that while the conversion rate for in-branch sales in banks is 85%, the rate for digital onboarding is is only 15%.

While currently companies are cutting corners via CDD non-compliance, increased regulation and hefty non-compliance fines point to the need for better solutions to reduce friction in onboarding.

Online KYC providers, such as GetID, offer a viable answer to this problem by speeding up onboarding with automatic KYC while still complying with AML regulations.

2. Costs of Compliance Are Dramatically Rising

As regulation increases, so does the cost of compliance.

For banks and financial institutions, bigger budgets need to be assigned to cover the extra costs needed for more compliance staff, stricter KYC checks, more frequent transaction monitoring, and so on.

According to Thomson Reuters, major financial institutions are now spending up to $500 million each year on KYC and customer due diligence procedures, while middle-of-the-road firms spent up to $48 million a year in 2018.

When this is considered on a per client basis — taking into account the skyrocketing drop-out rates — some reports show that the cost of customer acquisition is in excess of $650 per client.

When it comes to corporate clients, 2019 surveys demonstrate that it costs up to $25,000 to onboard a client, with the average cost sitting at $6000 per new client.

This is unsustainable for even large financial organizations, let alone smaller financial institutions and upcoming startups.

As a result, deploying a cost-effective solution such as GetID to take care of KYC and CDD will dramatically reduce the outgoing costs for regulatory compliance and customer onboarding.

3. Inconsistent Standards for Verification Create Poor Quality Data

While regulation makes it clear that financial institutions need to implement customer due diligence processes to verify their customers, these standards don’t stipulate how this should be done. In fact, there is no standardized method for verification and no systematized route to authenticating customers. This means that financial institutions are forced to rely on third-party verifiers, trusting in their data to be correct and their method to be secure.

The problem with this is that these verification processes are rife with data errors where third-party verifiers are using incomplete and outdated databases to authenticate users.

Fragmented sources, non-standard data structures, and poor quality data make the verification process slow, difficult, and error-prone.

Where these procedures should be returning an accurate customer risk profile for financial institutions, these risk scores are frequently incorrect. This is often due to insufficient availability to data and gaps in the databases, which can be blamed on the absence of a centralized KYC database. Incorrect risk assessments lead to a high number of low-risk applicants being flagged accidentally.

Not only that, but inconsistent ongoing customer due diligence monitoring systems also produce unreliable results, returning high rates of false positives on non-suspicious accounts and transactions.

In fact, in 2018, banks had a false positive rate of 95-99%, meaning that all but 1% of cases had to be double-checked by a human investigator, significantly slowing the process and increasing the costs.

With 45% of financial institutions claiming that it is ‘fairly’ or ‘very’ difficult to monitor the ongoing compliance status of their customers, there needs to be a more efficient standard for verification to ensure CDD compliance.

With GetID’s fully compliant solution, users can enjoy accurate verification in minutes using biometric personal data and consistent automated authentication methods. This cuts out inaccuracies and friction from poor quality data and previously-used incompatible verification standards.

4. Increased Regulation Means a Shortage of Compliance Staffing

As global AML regulations tighten, more and more compliance staff are needed to ensure that customer due diligence responsibilities are being met.

In the US alone, AML compliance teams have grown tenfold between 2012 and 2017.

Increased regulation means a shortage of comliance staffing

With the introduction of FinCEN’s Final Rule, firms were forced to shift hiring from other areas of the business to focus on compliance teams that could implement the increased customer due diligence practices to prevent non-compliance fines.

These figures will only continue to grow as extra staff are needed to remedy the inefficiencies in inefficient CDD processes.

The high false positive rates we mentioned above demand an influx of compliance officers to double check all high risk transactions and accounts flagged by the system. This means banks have been rushing to hire thousands of new compliance team members.

At the close of 2008, a little over 4% of the entire staff of Citigroup worked in compliance. By the end of 2018, this figure had risen to 15%, with 30,000 out of 204,000 employees working in compliance and risk management.

While big banks like Citigroup can afford to poach compliance staff from elsewhere, the issue lies in the lack of compliance staff around the world.

With demand far outstripping supply, big banks and organizations can offer higher salaries and better positions, leaving many smaller financial institutions struggling to find the staff they need.

With the average UK compliance salary reaching over $140,000 a year, it’s no wonder that smaller companies are struggling to afford the staff they need to stay compliant.

Due to this, over 34% of businesses say they don’t have enough human resources to cover the demand for their customer due diligence practices. Not only that, those that have tried to increase compliance teams are significantly falling short when it comes to compliance training.

While heightened regulation attempts to admonish money laundering and financial crime, statistics show that financial criminals are only becoming more sophisticated.

This has become a ‘cat and mouse’ issue for businesses: as regulations continue to tighten, more compliance staff are needed. With such shortages in staffing, this trend cannot continue. Instead, a more effective solution is needed, which is where GetID comes into play. Using our automated verification system and ongoing monitoring, financial institutions can ensure AML and CDD compliance without the need for such sizable compliance teams. This saves institutions a significant amount of money.

Stay CDD Compliant with GetID

When the challenges above are considered, it’s clear that financial institutions need more effective customer due diligence practices for sleeker onboarding, better data management, and more cost-effective compliance solutions.

Thankfully, GetID has all of that covered with one handy omnichannel solution.

GetID utilizes Optical Character Recognition for document verification, Biometric Facial Recognition, and Liveness Detection technology to identify and verify customers automatically and provide ongoing monitoring.

These cutting-edge technologies provide a multilayered architecture to ensure high-quality data.

Moreover, our state-of-the-art system flags high-risk customers, accounts, and transactions, without the need to an expensive and extensive compliance team.

Our solution helps optimize the onboarding process, making it faster and more cost-effective for financial institutions. It also reduces drop-out rates as customers’ identities can be verified within minutes. This seamless process means full compliance without the headache.

Thanks to our automated verification and monitoring system, GetID ensures that your company is fully compliant with all CDD and AML regulations, now and into the future.


There is no way of escaping it, AML regulations are increasing. More stringent customer due diligence practices come hand in hand with this, meaning a rise in compliance costs and onboarding times.

This doesn’t have to be the case, however. While outdated, manual KYC and CDD processes offer slow, expensive, error-prone routes to compliance, GetID is presenting the world with a sleeker compliance solution. Faster and cheaper, our fully automated system cuts out the need for expensive compliance staff. Instead, GetID offers a lightweight multilayered due diligence solution that’s highly scalable and extremely secure, combating inaccuracies and friction in the onboarding and monitoring process.

Ready for a solution that checks off everything on your customer due diligence checklist? Looking for a CDD tool that future-proofs your business against increasing AML compliance? Contact us to find out how GetID can help your business today.