Customer Due Diligence (CDD)

CDD (Customer Due Diligence) is the process of collecting and verifying customer information, assessing their risk profile, and monitoring their transactions. CDD is a critical component of both AML and CTF efforts, enabling financial institutions to identify potential risks and report suspicious activities. Financial institutions are required to apply CDD measures when establishing business relationships, carrying out certain transactions, or when there are suspicions of money laundering or terrorist financing (Citation: UK Money Laundering Regulations 2017 (MLR 2017) – Regulation 28).

Customers unwilling or unable to provide required information for CDD (JMLSG Guidance, Part 1, Section 5.3.3):

Implement a risk-based approach to Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) measures, tailoring them to the level of risk associated with each customer.
Establish clear policies and procedures for the onboarding process, outlining the required documentation and verification processes.
Refuse to establish a business relationship or proceed with a transaction if a customer fails to provide the necessary CDD information.

Complex ownership or control structures that obfuscate beneficial ownership (FATF Recommendation 10, Interpretive Note to Recommendation 10, Paragraph 5(b)):

Implement Enhanced Due Diligence (EDD) measures for customers with complex ownership structures.
Verify the beneficial owner’s identity and obtain information on the purpose and intended nature of the business relationship.
Perform ongoing monitoring to ensure that the customer’s activities are consistent with their profile and risk assessment.

Customers engaging in activities that are not consistent with their profile (JMLSG Guidance, Part 1, Section 5.3.7):

Develop customer risk profiles, including expected transaction patterns and the purpose of the account or relationship.
Conduct ongoing monitoring of customer activities to identify deviations from their risk profile.
Implement EDD measures for high-risk customers, including more frequent monitoring and review of transactions.

Transactions with no apparent economic or legal purpose or transactions that are overly complex (FATF Recommendation 10, Interpretive Note to Recommendation 10, Paragraph 21):

Monitor and analyze transactions to identify those with no apparent economic or legal purpose or that are overly complex.
Require customers to provide explanations and supporting documentation for such transactions.
Escalate suspicious transactions to the appropriate authorities, such as the National Crime Agency (NCA), through a Suspicious Activity Report (SAR).

Sudden increase in transaction volume or frequency without a clear explanation (FATF Recommendation 10, Interpretive Note to Recommendation 10, Paragraph 19):

Establish transaction monitoring systems to detect unusual changes in transaction volume or frequency.
Investigate and require explanations for sudden changes in transaction activity.
Escalate suspicious activities to the appropriate authorities through a SAR.

Customers or transactions involving shell companies (FATF Guidance on Transparency and Beneficial Ownership, Section 3.3):

Perform thorough due diligence on customers associated with shell companies, including verifying beneficial ownership information.
Monitor transactions involving shell companies for unusual patterns or activities.
Escalate suspicious transactions to the appropriate authorities through a SAR.

Customers with known PEP (Politically Exposed Person) status or connections (JMLSG Guidance, Part 1, Section 5.5.7):

Identify customers with PEP status or connections during the onboarding process.
Implement EDD measures for customers with PEP status or connections, including obtaining senior management approval for establishing a business relationship.
Conduct ongoing monitoring of PEP-related customers and transactions.

Transactions with mixing services or privacy coins (5AMLD – Article 47, and UK Money Laundering Regulations 2017 – Regulation 28(12)):

Implement systems to identify and block transactions involving mixing services or privacy coins.
Perform EDD on customers transacting with mixing services or privacy coins, including obtaining information on the source of funds and the purpose of the transaction.
Report any suspicious transactions involving mixing services or privacy coins to the appropriate authorities through a SAR.

Rapid and frequent transactions between multiple wallets without a clear purpose (Joint Money Laundering Steering Group (JMLSG) Guidance, Part 1 – Section 5.3.7):

Establish monitoring systems to detect rapid and frequent transactions between multiple wallets.
Investigate transactions to determine their purpose and require customers to provide an explanation for such activities.
Escalate suspicious transactions to the appropriate authorities through a SAR.

Transactions linked to darknet marketplaces or illegal goods and services (Proceeds of Crime Act 2002 (POCA) – Section 328):

Implement systems to identify and block transactions linked to darknet marketplaces or illegal goods and services.
Perform EDD on customers involved in such transactions, including obtaining information on the source of funds and the purpose of the transaction.
Report any suspicious transactions linked to darknet marketplaces or illegal goods and services to the appropriate authorities through a SAR.

By implementing these preventative measures, compliance leaders can effectively address the financial crime typologies associated with crypto assets, ensuring that their organizations adhere to the relevant regulations and guidelines.

Customer Due Diligence (cDD) Risks	Preventative Measures	Citation
Anonymity of Transactions: Cryptocurrencies enable anonymous transactions, making it difficult to trace the parties involved.	Implement robust Know Your Customer (KYC) procedures. Use advanced blockchain analytics tools to trace transactions.	Financial Action Task Force (FATF) Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (2019).
Peer-to-Peer Exchanges: P2P transactions bypass regulated exchanges, increasing the risk of money laundering.	Establish monitoring systems to detect suspicious transactions. Educate customers about the risks of P2P transactions.	Elliptic Financial Crime Typologies in Crypto assets The Concise Guide for Compliance Leaders.
Decentralized Finance (DeFi) Risks: DeFi platforms are often not subject to regulation, making them attractive for illicit activities.	Work with regulators to develop appropriate DeFi oversight. Use blockchain analytics to identify suspicious activity.	Chainalysis (2021) Crypto Crime Trends for 2021: DeFi, Hacks, and the Future of Money Laundering.
Lack of Standardization: Different cryptocurrencies operate on different protocols, complicating regulatory efforts.	Engage in industry-wide efforts to standardize risk assessment and mitigation measures.	The Wolfsberg Group’s Statement on Cryptocurrency Due Diligence (2019).
Inadequate Regulatory Frameworks: Not all jurisdictions have comprehensive regulations for cryptocurrencies.	Advocate for global regulatory standards. Comply with the most stringent regulations in the absence of local guidance.	The Cambridge Centre for Alternative Finance’s Global Cryptoasset Regulatory Landscape Study (2020).