Background
Customer Due Diligence (CDD) is a central concept in the fight against money laundering and terrorist financing. A common misconception is that CDD is only about collecting basic data and information such as name, address, industry and personal ID number. The truth is that CDD is a collective term for the process that, in addition to collecting information, includes a range of activities, assessments and analyzes.
Identification
Admittedly, the CDD process often begins with a basic identification of the customer where personal and/or company information is obtained. But that is just the beginning. After the collection of basic data, a number of other steps follow where the information must be analyzed, verified, assessed and updated.
Verification
Another important step is to verify the information that has been collected. It’s not always enough to just take the customer’s word for it. In many cases, it’s necessary to confirm the information with, for example, identification documents or through public and reliable third-party sources, such as the Swedish Companies Registration Office. The verification process is crucial to ensure that the information collected is both accurate and relevant.
Purpose and nature of the business relationship
In order to fully understand the purpose and nature of the business relationship you have or intend to enter into, you’re expected to evaluate and document whether the purpose stated by the customer actually matches your own understanding of the customer’s intention. It’s therefore not enough to simply obtain information directly from the customer. The evaluation may, for example, include assessments of the customer’s history and expectations. The aim is to create a nuanced picture that helps to identify any deviations or risks that are not obvious at first glance.
Assessment of Customer Risk (Customer Risk Assessment)
Conducting a customer risk assessment is one of the most critical steps in the CDD process. Customer Risk Assessment is about evaluating the totality of the collected and verified information in light of potential risks. According to the Money Laundering Act, you’re obliged to assess the risk associated with each individual customer relationship both before it is initiated and continuously over time. The end product is often a risk categorization of the customer on a scale of low, medium or high risk profile.
Updating and follow-up
CDD is not a one-time activity but an ongoing process. It’s important to continuously update and evaluate the information you have and to follow up on any changes that may affect the customer’s risk profile.
Ensuring good Customer Due Diligence involves much more than just collecting basic information. A thorough and nuanced analysis is often required, which includes several different steps and activities. By viewing CDD as a broader and more in-depth process, rather than a simple collection of information, companies covered by the Money Laundering Act can better protect themselves from risks and increase the chances of avoiding expensive sanctions from the authorities.