Know Your Customer (KYC) Vs. Customer Due Diligence (CDD): What's the difference?

Both Know Your Customer (KYC) and Customer Due Diligence processes (CDD) are parts of the Anti-Money Laundering (AML) system. To follow AML rules, financial institutions must do both KYC and CDD checks. If they don’t, they could get hit with fines and penalties. But while KYC and CDD are linked, they each have their own purpose and goals.

For any bank or financial institution, KYC and CDD are crucial. These processes help law enforcement follow AML rules set by the Financial Action Task Force (FATF) and other government agencies. Let’s explore the difference between CDD and KYC!

What is Know Your Customer (KYC)?

When someone wants to open an account at your bank, the first thing you need to do is check who they are. This is the first step in preventing crimes like fraud and money laundering, and it helps you follow AML rules to avoid fines.

In simple terms, KYC is about making sure a person is who they say they are. It also means checking if there are any risks in doing business with them. You’ll need to collect detailed information about their identity and financial background.

What is Customer Due Diligence (CDD)?

The Customer Due Diligence process is actually part of the broader KYC process. It is the process where you assess and evaluate customers' risk levels. You start by knowing who the customer is by collecting information like their full name and date of birth so that you can assess any risks involved with doing business with them.

So in the CDD process, you need to grasp what kind of business this customer does, why they need to open an account or the service they're looking for, their financial habits, and typical transactions, so that when later on you the bank's team sees anything unusual is going on, they flag it to the relevant team.

Types of Due Diligence

Customer Due Diligence involves different levels, and each level is used for a different category of customers based on how risky the customer is.

1. Simplified Due Diligence

If the customer needs Simplified Due Diligence, this means that the customer poses very minimal or low risk and does not need to be monitored closely.

2. Standard Due Diligence

This level is intended for most customers who pose an average risk level or are commonly known as medium-risk customers. In this scenario, the bank usually collects primary data and information about the customer and monitors their money transfers and transactions periodically. 

3. Enhanced Due Diligence

If the customer is at a high risk of suspicious activity, then the bank needs to conduct Enhanced Due Diligence. Assume a public figure or someone in a powerful governmental position (PEP) came to your bank, you would need to ask them for additional documents to verify their identity, and then you would also need to closely screen and monitor their transactions and sources of funds. While screening those high-risk customers, you need to screen them against global and local sanctions lists and financial watchlists.

The following table summarizes the difference between these three types of customer due diligence in KYC.

KYC vs CDD: Key Objectives

Customer Due Diligence and KYC are sequential processes. The initial step is verifying customers' identities, which is the KYC due diligence part. This is, in most cases, a one-time thing. Then, CDD comes into play and builds upon the KYC due diligence step by conducting continuous and regular monitoring of transactions and patterns.

The goals of customer due diligence and KYC are common as both of these processes aim to identify customers and prevent any act of fraud as well as any action related to money laundering. One of the shared goals or objectives is to comply with AML regulations and create a level of trust between the bank and the customer.

Since the two processes are complementary to each other, they share overall objectives However, the difference between KYC and due diligence (CDD) objectives is that KYC's primary focus is to verify the identity of customers while the primary objective of CDD is to assess the risk level associated with customers and their transactions to understand their behavior and activities looking for any red flags or warning signs to be reported.

KYC Vs CDD: Components and Processes

Due Diligence and KYC differ in the intensity of their processes. While KYC involves collecting basic and essential details ( a straightforward process to verify identity), CDD digs as deeply as the customer requires. CDD includes detailed profiles of customers to manage the associated risks over time.

1. KYC Process

1. Customer Identification: Collect basic information from the customer, such as their full name, date of birth, address, and a government ID (e.g., passport, driver’s license).
   
   
2. Verification Methods:

• Documents: Check the provided information using reliable documents like IDs, utility bills, and bank statements.

• Biometrics: Use things like fingerprints or face scans for extra security and accuracy.
  

3. Record-Keeping Requirements: Keep accurate and up-to-date records of all customer information, verification documents, and interactions. Ensure these records follow the rules and can be easily found for audits or investigations.

2. CDD Process

1. Customer Identification and Verification (Enhanced): Collect and verify more detailed information for customers considered higher risk. This includes understanding their business activities, where their money comes from, and why they need the account.
   
   
2. Ongoing Monitoring and Updating Information: Keep an eye on customer transactions to spot any unusual or suspicious activities. Regularly update customer information to reflect any changes in their risk level, business activities, or personal details.
   
   
3. Risk Assessment and Management: Evaluate the risk level of each customer based on factors like their business type, transaction patterns, and where they are located. Use strategies to manage identified risks, which may include more frequent reviews, transaction limits, or extra verification steps.

Know Your Customer Due Diligence: Practical Example

Let's look at two illustrative scenarios, one with a regular customer and one with a high-risk customer. These real-life examples will show how KYC and CDD differ in practice.

Scenario 1: Low-Risk Customer

Customer: Ahmad Naji, a local teacher opening a savings account.

1. KYC Process

• Customer Identification: Ahmad visits the bank and provides his ID and proof of address. The bank collects his full name, date of birth, address, and ID details.

• Verification Methods: The bank verifies Ahmad’s ID by checking it against government records. It then confirms his address using a recent utility bill.
  

2. CDD Process

• Risk Assessment: Ahmad is considered low risk due to his occupation and straightforward financial needs; hence, the bank assigns him a low-risk profile.
  

• Ongoing Monitoring: The bank periodically reviews Ahmad’s account for any unusual activity but expects no issues due to his low-risk status. Ahmad’s profile needs minimal updates unless his situation changes significantly.

Scenario 2: High-Risk Customer

Customer: Rami Younes, an international business owner opening a business account.

1. KYC Process:

• Customer Identification: Rami provides his passport, business documents, and proof of address. The bank collects his full name, date of birth, address, business details, and ID details.
  

• Verification Methods: The bank verifies Rami’s passport with the issuing country’s database. His business documents are checked for authenticity and accuracy.

2. CDD Process:

• Enhanced Identification and Verification: Due to Rami’s international business, the bank gathers more information about his business operations, source of funds, and financial history. The bank also conducts background checks and verifies the legitimacy of his business.
  

• Ongoing Monitoring and Updating Information: Rami’s transactions are closely monitored for any signs of unusual or suspicious activity. The bank updates his information regularly, including periodic reviews of his business activities and financial transactions.
  

• Risk Assessment and Management: Rami is assigned a high-risk profile due to his international dealings and high transaction volumes. The bank implements stricter controls and more frequent reviews of his account to manage the higher risk.

KYC vs CDD: A Comparison Table

This table outlines the difference between KYC and CDD:

Enhance Your Bank's KYC and CDD with FOCAL

FOCAL, a platform powered by AI, changes how banks handle KYC and CDD. It makes these processes smoother and more accurate. Instead of the old, slow ways of doing KYC, FOCAL uses advanced technology to speed things up. With FOCAL, verifying someone's identity happens in just seconds. Automating the onboarding process reduces the friction between the bank and the customers while keeping the customers satisfied with their interaction.

Beyond just checking IDs, FOCAL also uses data analytics to conduct comprehensive risk assessments and watch over transactions in real time. It looks for any unusual or risky activities that could be linked to illegal activities like money laundering or fraud.

Conclusion

CDD in KYC plays a crucial role in the financial industry by ensuring that institutions have a thorough understanding of who their customers are. CDD in KYC involves a detailed process where banks and other financial entities collect, verify, and analyze customer information to assess potential risks.

In this article, we explored the differences between KYC and CDD, in terms of their key objectives and components, and when you understand these differences, you will be able to implement these two processes efficiently in your job. What also can enhance your bank's ability to meet compliance regulations is to utilize the FOCAL platform, which is the #1 AML compliance platform in Saudi Arabia, UAE, and the overall GCC region.