Skip to main content
WebID
DeutschEnglishEspañol

Customer Due Diligence (CDD)

Customer Due Diligence (CDD): Facts and insights

The number of countries around the world passing laws to prevent bribery, corruption, and money laundering is on the rise – and many of these national laws have an impact on international trade relations.
For example, companies in Germany are required to comply with the provisions of the Money Laundering Act (AML) as part of the Know Your Customer (KYC) process. However, when operating in an international context, they must also take into account the regulations defined in the UK Bribery Act or the US Foreign Corrupt Practices Act (FCPA).
KYC is indispensable for companies when it comes to checking the trustworthiness of their customers and business partners before onboarding. An essential part of this process is customer or client due diligence (CDD).
Its purpose is to minimize the risks of white-collar crime and fraud. The market offers a range of well-designed and easy-to-integrate solutions to enable companies to carry out customer due diligence measures effectively.

Customer Due Diligence (CDD): Definition

The term due diligence was originally used in a business context to describe the examination of purchase objects. In this context, a due diligence review represents the duty of care that all companies and organizations must fulfill in order to, for example, maintain measures to secure the value chain in the context of M&A activities.
The concept has been transferred to the verification of customers and is referred to in this context as customer due diligence or client due diligence (CDD), which explicitly refers to customers and business partners. By conducting a comprehensive review of customer data, companies – not just banks and financial institutions – can ensure that risks in the areas of money laundering, terrorist financing, or financial and economic fraud are avoided.
Professional customer due diligence helps prevent illegal financial transactions: in this way, companies, banks, and insurance companies can ensure that customers, the economy, and businesses are better protected against attacks on the financial system.

Legal Basis of Customer Due Diligence

One of the objectives of due diligence for companies, banks, and insurance companies, among others, is to protect against illegal financial transactions.
The legal requirements for this process can be found in Section 10 of the Money Laundering Act.

Due Diligence Towards Customers

The due diligence required towards customers and business partners includes the following aspects, among others:

  1. Identification requirement based on official documents (for natural and legal persons)
  2. Obtaining information on the nature and purpose of the business relationship
  3. Verification of beneficial ownership
  4. Continuous monitoring of the ongoing business relationship
  5. Risk classification and, if necessary, enhanced due diligence measures.

Difference Between CDD and EDD

In the context of customer due diligence, the term “enhanced due diligence,” or EDD for short, is often mentioned. While CDD describes the basic process by which companies create risk profiles for their customers, enhanced due diligence goes one step further: Enhanced due diligence (EDD) applies to customers who have already been identified as high-risk during the initial screening process.

Possible causes for an enhanced due diligence check to be required:

  • the political presence of the person (PEP: Politically Exposed Person)
  • involvement in illegal activities
  • an unusually large or particularly complex transaction
  • the person’s place of residence.

In concrete terms, this means that the EDD process takes effect as soon as the CDD reveals that the customer is a high-risk customer.

Customer Due Diligence is Carried Out in Four Steps

The Customer Due Diligence process is carried out in four consecutive steps, which must be performed by the company.

  1. Identify customers
    The first step is to obtain all relevant information about the customer. Proof of identity is provided by means of appropriate identification documents. If the customer or business partner is a company, the additional information required for this purpose must also be obtained (e.g., verification of the company’s ownership structure, legal representation).
  2. Comparison with CDD-relevant lists
    If the person being checked is a politically exposed person (PEP), enhanced due diligence is necessary. The same applies if the person has already been linked to illegal activities. To find this out, customer due diligence involves checking against sanctions lists and lists of PEPs.
  3. Performing a risk assessment
    For a comprehensive risk assessment, the third step is to check where the person comes from and where they currently live. If, for example, they live in a country that has few legal requirements to prevent money laundering or terrorist financing, it is also necessary to check what transactions and contractual activities this person wishes to carry out.
  4. Regular checking of the validity of all data
    Customer due diligence is not only required when the initial business transaction is concluded but is rather a process that must be carried out throughout the entire business relationship. Any change reported by the customer or recorded in any other way therefore requires a new risk assessment.

If, over time, suspicious cases arise that indicate damage to the company or the economy, reporting is legally binding.

Records as security in the CDD process

To prove that customer due diligence has been successfully carried out, it is advisable to record all checks performed – which can be done automatically using a sophisticated software solution.

Consequences of Non-Compliance with Customer Due Diligence

Companies are responsible for protecting their customers, themselves, and the state from white-collar crime. The legal requirements for this can be found in the Money Laundering Act. Failure to comply with the requirements set out here may result in fines.
Damage incurred by a company as a result of inadequate or even non-existent CDD can lead to a significant loss of trust – and increase the economic damage immeasurably.

Customer Due Diligence and the GDPR: What Needs to be Considered?

A key aspect of customer due diligence is data protection.
The General Data Protection Regulation (GDPR), introduced in 2018, is an EU regulation governing the handling of personal data of natural persons. Companies are obliged to provide information and must inform individuals why they are collecting the data, how they are processing it, and how they are storing it. By signing or acknowledging the information, the customer confirms their consent to the relevant data protection agreement.
Where necessary, companies must prove that each step of the CDD check is a necessary processing operation for which there is no alternative, such as anonymized use of the data. Here, too, it is important to document the individual steps in order to be able to meet any potential obligation to provide evidence.

About WebID

With WebID’s legally compliant identification solutions, companies can benefit from innovative solutions that can be seamlessly integrated into existing compliance systems. Simple identity verification via the web, smartphone, or tablet? With WebID’s solutions, that’s no problem. Various identification options, such as VideoID (Live), VideoID (Review) or AccountID, show how easy it is to minimize compliance risks.

The Rising Trend of Reusable Digital Identities

This white paper delves into the emerging trend of reusable digital identities on a global scale, explores their evolution, benefits, challenges and the role they play in shaping the future of digital identity management.
Request now
Whitepaper: The Rising Trend of Reusable Digital Identities