MAY 19th, 2022
It’s time for new M&A ideas to bloom, register for the M&A Science Spring Summit on May 19th!
Register Now!
No items found.
 min read time

What is a Customer Due Diligence (CDD) and Know Your Customer (KYC) Process?

So, what is customer due diligence meaning?

What is Customer Due Diligence

Customer Due Diligence (CDD), sometimes referred to as Know Your Customer (KYC) is the process in which a bank or financial institution conducts an audit or analysis of a customer or organization, with the aim of assessing the potential risks that they pose to the company.

At its core, CDD is banks being compliant with anti- money launder regulations, but the process also allows them to avoid money used to finance terrorism, stop criminals exploiting the financial system, and to distance itself from corrupt practices in general.

Why It's Needed?

Customer due diligence is carried out to gain insight on potential customers or clients, enabling the organization to know just how much of a risk a customer presents with the most prominent risks being fraud and bad actors.

This form of due diligence is actually a legal requirement in many countries before any business can be done between two entities.

Take for instance, organization "A" that wants to do business with a customer "B". Organization "A" deems it right to perform a due diligence on customer "B".

Organization "A" is then obliged to obtain facts and pieces of information about customer "B" from reliable sources. In the course of this process, it is determined whether customer "B" is viable and follows set legal guidelines.

Simply put, customer due diligence is carried out by an organization in order to determine the risk level they are being exposed to when dealing with a customer. It can also be referred to as know your customer (KYC) or customer due diligence (CDD).

Where is Customer Due Diligence Needed?

To be frank, CDD is needed in any financial institution or other establishments that are involved in long term business relationships with clients.

This is especially true when the commodity to be traded or the services to be rendered are on a large scale financially and in volume.

CDD for Banks and Financial Institutions

Customer Due Diligence in banks and financial institutions commonly find themselves interacting and getting into business relationships with customers. It is necessary to KYC and perform rigorous CDD on all their clients.

Financial institutions should go through a risk-based approach to customer due diligence in order to save time and resources later on.

Also, they are advised to follow the processes discussed above to help make the whole due diligence process simple.

KYC meaning in Due Diligence process

Knowing the customer whom an organization is dealing with is important for the following reasons:

  • It allows the organization to know if a client is involved in fraudulent or illegal activities before going into business together. After the business relationship has begun, organizations are able to determine any unusual activities on the part of the customer.
  • If unusual activities are uncovered during the customer due diligence process, the organization can provide law enforcement with information on the client. Failure to do this might lead to the organization being associated with the client's crimes.
  • Knowledge of the customer is essential to helping the organization determine whether the customer has the financial ability to work with them.
  • Very useful in examining the risk profile of the client. If a client has a high risk profile, an enhanced due diligence is carried out on such client. Enhanced due diligence simply stands in as another term for extra-thorough due diligence. This kind of due diligence requires additional information to be able to ensure that a client is well understood.
  • In some countries, this form of due diligence is required by law.

Customer Due Diligence Checklist

The Financial Action Task Force (FATF), an intergovernmental organization founded by the G7 with the aim of combating money laundering, provides an excellent checklist into customer due diligence (see here), which has become the industry gold standard.

The list is as follows:

1. Verify identity before doing business

  • A key component of the Know Your Customer (KYC) regulations is that financial institutions need to take full responsibility for who they deal with. Thus, before any transactions can occur, they need to have a handle on who they’re dealing with, and whether that’s an individual or an organization.

2. Record keeping

  • Financial institutions now need to keep track of all transactions for at least five years. This includes the results of any analysis that the institution has undertaken, and applies for five years after the business relationship witht the client has ended. 

3. Identifying politically exposed individuals

  • Similar to verifying client identities before doing business, banks now must go one step beyond and check whether a client is a politically exposed person, the source of their wealth and funds, and to conduct enhanced monitoring of the relationship if anything out of the ordinary is assumed.

4. Correspondent banking

  • Correspondent banking refers to financial institutions’ relationships with other financial institutions. When a customer’s account is with an unfamiliar bank, for example, a financial institution must assess that institution’s AML/CFT controls and be satisfied that it has conducted its own customer due diligence.

5. New technologies

  • New technologies often create opportunities for fraud that previously didn’t exist. It is the responsibility of financial institutions to remain fully aware of the advances as they arise, and to undertake risk management practices on an ongoing basis when dealing with customers using these technologies.

Utilize Due Diligence Checklist

Click the link to review our Due Diligence Playbooks

Check the full collection of M&A Integration Playbooks

Customer Due Diligence Process

CDD Requirements

The following steps help simplify an organization's CDD process:

Customer Due Diligence Process
  • Perform simple due diligence measures. This involves simple investigations such as verifying and identifying the customer, knowing their financial sources and capacity, and getting to understand their business activities.
  • Choosing the right third parties. third party input is often required when handling customer due diligence. The third party could be either auditors or lawyers. However, it is important to only accept inputs from reliable and trusted third parties for the safety of all stakeholders involved.
  • Ensure comprehensive document collection. In order to complete successful CDD, all necessary documents must be comprehensively collected and analyzed. Any documents proving a potential customer’s legal history and financial legitimacy will provide great insight. If the customer is a company, especially one that is privately held, CDD should be expanded to the investigation of all major stakeholders as well.   
  • Determine if enhanced due diligence (EDD) is required. In the course of performing those previous steps, the risk profile of the customer must have been determined. Usually, high risk clients always require EDD. Customers with political associations often fall into this category.
  • Securely store all sensitive records. All the facts and pieces of information collected throughout the previous steps must be carefully documented and kept. This is due to the fact that the information collected is usually very sensitive and could do a lot of damage if leaked.

The whole process can be initiated by giving the client a customer due diligence form or questionnaire to fill out.

Customer Due Diligence Rules

As CDD is often a legal requirement, organizations must follow specific rules when performing the due diligence. According to Financial Crimes Enforcement Network (FinCEN), there are five customer due diligence rules, and they are:

  • Identifying and verifying the client. It is important to ensure that clients are who they claim they are. An organization may seek the input of trusted sources to confirm this.
  • Identifying and verifying the beneficial ownership of the customer. A beneficial owner is an individual that is responsible for managing and controlling a legal entity customer. A beneficial owner is also an individual who owns at least 25% of the equity interests of a legal entity customer. It is required by law that this individual be identified and verified before an organization gets into a business relationship with the customer.
  • Comprehend the business nature and purpose of the Client. Understanding the business nature and purpose of the client helps determine the risk profile of the client. After the customer and its beneficial ownership are verified, it is important that the risk profile of the customer be determined.
  • Consistent monitoring and updating of customer information. The process of CDD is a continuous one even after a business relationship has been entered with the client. In the case of the discovery of unusual activities by a customer, it is necessary that the organization inform the appropriate authorities.
  • Collection Beneficial Ownership Information. Collect and maintain the information on the beneficial ownership.

The Risk-based Approach to CDD

The risk based approach to CDD was imposed on organizations by the fourth anti money laundering directive of the EU.

The directive involves the determination of the areas that are liable to pose the greatest risks and creation of a system to constantly monitor these areas.

This approach enables an organization to know which customers deserve to be put through stricter CDD after determining their risk profile. This system should be able to do the following.

  • Determine the risk level of these areas. This allows organizations to know when they are obliged to carry out a more thorough CDD. This way, organizations are able to prioritize and determine which areas need more resources.
  • Actively notify the organization in the case where the system discovers any unusual activity. It could be the expiration of some documents, the transfer of a particular amount of money, or more concerning issues.

The risk-based approach to CDD enables organizations to best prioritize the use of resources in the CDD process while, at the same time, making the process easier for all the parties involved. It allows organizations to know what areas require extra attention.

As mentioned earlier, clients that have political associations often require EDD. Clients that are also making financial transfers over a particular amount often require EDD.

The risk-based approach must be handled by well trained personnel and professionals, and by those who know where to concentrate resources.


In summary, Customer due diligence is a process that should be done thoroughly.

Rushing this process could culminate in certain lapses that could  go on to hurt the organization in future.

Also, the parties involved should be knowledgeable of the process and understand just how intense it has to be.

Lastly, only qualified professionals should be involved in the process to prevent waste of time and resources.   

Customer Due Diligence Explained in Video

due diligence case study

Get your M&A process in order. Use DealRoom as a single source of truth and align your team.

Join 2,000+ forward-thinking M&A practitioners

Get weekly updates about M&A Science upcoming webinars, podcasts and events!

Subscribe for free
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.