The Compliance Team’s Guide to Customer Onboarding
Learn how to prioritize risk and effectively manage it in our 5-part training series for compliance professionals.
Download nowBefore entering into a relationship with a new customer, financial institutions must establish what level of due diligence to perform. This decision will be determined by a number of factors that, combined, provide a customer risk score, highlighting whether they pose a low, medium, or high risk of money laundering and/or terrorist financing (ML/TF).
Simplified due diligence (SDD) is the lowest level of customer due diligence (CDD) that a financial institution can employ. It is a brief identity verification process that can be applied to eligible customers when the risk of money laundering or terrorist financing is deemed very “low”. It precedes standard due diligence – the most common level applied to low and medium-risk customers – and enhanced due diligence (EDD) – applied to high-risk customers.
Compared to higher levels of due diligence, SDD entails less intensive means of gathering information. Despite this, SDD must still respond to the four components of CDD outlined by the global financial crime watchdog, the Financial Action Task Force (FATF). These include:
While every new prospective customer must undergo identity checks and verification, not every customer will qualify for SDD. Generally, the following customer types qualify for SDD because of their inherent low risk of ML/TF:
However, the above list may vary depending on the jurisdiction, as not all countries permit SDD to be performed in the same way or under the same circumstances. In the EU, the Fourth Anti-Money Laundering Directive (4AMLD) noted that firms could no longer automatically apply SDD measures to a “pre-defined” list of customers. Instead, firms must now actively demonstrate low risk and provide robust rationale for using SDD.
In Canada, firms can apply the “simplified identification method” to seven specific types of entities issued by Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), provided firms also record their grounds for considering there is a low risk of ML/TF. By contrast, New Zealand’s Anti-Money Laundering and Countering Financing of Terrorism Act 2009 defines 19 customer types eligible for SDD.
Of the 40 Recommendations provided by the FATF, Recommendation 10 focuses on CDD, which includes SDD. The FATF recommends that due diligence measures should be undertaken when:
In these instances, firms will often undertake due diligence measures to identify the account’s beneficial owner, obtain information on the intended purpose of the business relationship, and complete source of wealth (SOW) and source of funds (SOF) checks. But, if there is a proven low risk of ML/TF and the account relates to a particular type of financial institution or activity, firms may decide to undertake a simplified set of due diligence measures.
The FATF provides a non-prescriptive list of instances when SDD may be required:
When identifying lower-risk situations suitable for SDD, compliance staff should ensure the scenarios are consistent with the assessment of overall ML/TF risks identified on a country and company-wide level.
Learn how to prioritize risk and effectively manage it in our 5-part training series for compliance professionals.
Download now1. The first stage of SDD is known as the customer identification process (CIP). This occurs during the customer onboarding phase before a business relationship has been established. During this stage, firms must ensure the sources they use to identify their customers are reliable and independent to mitigate the risk of criminals being onboarded with expertly forged documents.
2. Once a customer has been identified, firms must then determine the level of due diligence to perform. This decision should be made in light of an organization’s risk appetite informed by its business-wide risk assessment, which should also form the basis of a firm’s policies and procedures. These policies should indicate the type of customers and industries a firm is willing to do business with.
When assessing whether SDD is the appropriate level of due diligence to perform, compliance teams should consider their firm’s risk ratings related to:
3. If the customer is deemed low-risk across the factors listed above, a simplified, less detailed identity verification process can begin. At this stage, firms can use public information or rely on fewer documents to verify a customer’s identity. Beneficial owners may also be identified without seeking additional information or documents to verify their identities. The purpose and nature of a proposed business relationship can also be inferred from the nature/type of both the client and the desired product or service.
4. Once the customer’s identity has been verified and they have been successfully onboarded, firms must undertake ongoing monitoring measures to ensure the client remains low-risk. If any unusual activity is flagged during this stage that is not commensurate with the customer’s risk profile, firms may decide to employ greater levels of CDD.
Making up both ends of the due diligence spectrum, SDD and EDD differ in many ways. The table below outlines where they diverge across each element of the know-your-customer (KYC) process.
Simplified Due Diligence (SDD) |
Enhanced Due Diligence (EDD) |
|
Customer-Type | Low-risk entities that are subject to money laundering requirements or offer certain low-risk products and services. | High-risk or high-net-worth customers or those who conduct large or unusual transactions. |
Identification and Verification | Customers can provide fewer identification documents. Identities can also be verified using public information. | Additional identifying information is required from a wider variety of sources. |
Beneficial Ownership Structures | Beneficial owners can be identified without seeking additional information to verify their identities. | When verifying an account’s ownership structure, the ultimate beneficial owner (UBO) should be established. This may also include commissioning an intelligence report on the UBO. |
Politically Exposed Person (PEP) Screening |
While SDD does not release firms from the requirement to determine a customer’s domestic PEP status, it can limit the extent of what are reasonable measures for PEP determination. |
Customers with a high profile political role are screened against government-issued PEP lists and sanctions lists to determine their risk score. |
Relatives and Close Associate (RCA) Checks | N/A | The RCAs of customers with a PEP status are screened at the start of the business relationship and periodically throughout the relationship. |
Source of Funds (SOF) and Source of Wealth (SOW) Checks | N/A | The customer’s SOF and SOW is verified to ensure they are not proceeds from crime. |
Adverse Media Screening | SDD best practice involves using adverse media searches to determine whether a customer is low risk and eligible for SDD. | Customers are screened to detect any relevant negative news that could impact their account’s risk score. |
Sanctions Screening | Customers are screened against sanctions lists and watchlists lest account activity needs to cease following a designation. | |
Ongoing Monitoring | Account activity is monitored using a risk-based approach to detect any changes in the customer’s risk profile. |
Ultimately, effective CDD measures are built on a combination of expertise and technology. As customer risk scores and criminal threats evolve, firms must be prepared to be flexible with their due diligence process. While SDD measures are less time and resource intensive than standard due diligence or EDD, firms should still utilize autonomous systems that refresh entity profiles within minutes of a change, lest a customer’s risk profile changes and they are no longer eligible for SDD.
Screen any name or entity against live sanctions, PEPs, and adverse media data and insights.
Request demoOriginally published 21 March 2023, updated 21 March 2023
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).