Customer Due Diligence, commonly referred to as CDD, is a foundational control used by organisations to manage money laundering, terrorism financing, and broader financial crime risks. Across financial services, professional services, fintech, and regulated industries, effective CDD supports both regulatory compliance and sound risk management.
This article explains what Customer Due Diligence involves, when Enhanced Due Diligence is required, and how organisations can apply a risk-based approach in line with global AML and CTF expectations.
What is Customer Due Diligence
Customer Due Diligence is the process of identifying customers, verifying their identity, understanding the purpose of the relationship, and assessing the level of risk they present.
CDD is a core requirement under most AML and CTF frameworks worldwide and is designed to ensure organisations understand who they are dealing with and how their services are being used.
At a practical level, Customer Due Diligence typically includes:
- Identifying and verifying customers and beneficial owners
- Understanding the intended nature of the relationship
- Monitoring activity throughout the lifecycle of the customer
The depth of CDD applied depends on the customer’s risk profile and the nature of the service being provided.
When Enhanced Customer Due Diligence is Required
Enhanced Customer Due Diligence, often referred to as EDD, is required when a customer or transaction presents a higher level of financial crime risk.
Common scenarios that may trigger Enhanced Due Diligence include:
- Politically Exposed Persons
- Customers connected to higher-risk jurisdictions
- Complex or unusually large transactions
- Non face-to-face relationships
- Structures that obscure ownership or control
EDD involves applying additional controls to gain a deeper understanding of the customer and their activity.
This may include:
- Obtaining supplementary identification information
- Verifying the source of funds or the source of wealth
- Increasing the frequency and depth of monitoring
- Applying senior oversight before establishing or continuing the relationship
The objective of Enhanced Due Diligence is not to exclude higher-risk customers by default, but to ensure risks are understood and managed appropriately.
Customer Due Diligence in AML and CTF Programmes
Customer Due Diligence is not a standalone requirement. It sits at the centre of broader AML and CTF compliance programmes and directly supports other controls such as sanctions screening, transaction monitoring, and suspicious activity reporting.
Most global AML frameworks require organisations to apply a risk-based approach, meaning controls should be proportionate to the identified risk.
Under a risk-based model, organisations are expected to:
- Identify and assess money laundering and terrorism financing risks
- Apply enhanced controls where risks are higher
- Review and adjust controls as risks change
This approach allows compliance resources to be focused where they are most effective.
Ongoing Monitoring and Risk Review
Customer Due Diligence does not end once onboarding is complete. Ongoing monitoring is required to ensure customer behaviour remains consistent with what is known about them.
Ongoing CDD may include:
- Periodic reviews of customer information
- Monitoring transactions against expected activity
- Reassessing risk when new information emerges
Higher-risk customers typically require more frequent reviews and deeper scrutiny, while lower-risk relationships may be reviewed at longer intervals.
Record Keeping and Documentation
Accurate record keeping is a critical part of Customer Due Diligence.
Organisations are generally required to retain:
- Customer identification and verification records
- Risk assessments and customer profiles
- Enhanced Due Diligence documentation
- Monitoring and reviewing records
Records must be sufficient to demonstrate how decisions were made and how risks were assessed over time.
The Role of Technology in Customer Due Diligence
As compliance requirements grow more complex, many organisations rely on technology to support CDD processes.
CDD technology may assist with:
- Digital identity verification
- Screening against sanctions and watchlists
- Transaction monitoring and alerting
- Risk scoring and customer segmentation
Technology improves efficiency and consistency, but it does not replace accountability. Human oversight remains essential to interpret results, manage exceptions, and make informed decisions.
Common Challenges with Customer Due Diligence
Implementing effective CDD at scale can be challenging.
Common issues include:
- Incomplete or inconsistent customer data
- Manual processes that introduce errors
- Managing regulatory requirements alongside customer experience
Addressing these challenges typically requires a combination of clear policies, staff training, and well-integrated systems.
Final Thoughts
Customer Due Diligence plays a central role in protecting organisations and financial systems from misuse. When applied through a risk-based framework, CDD supports regulatory compliance while enabling legitimate businesses to operate efficiently.
A well-designed CDD programme is scalable, proportionate, and aligned with broader AML and CTF objectives.
FAQs
What is Customer Due Diligence
Customer Due Diligence is the process of identifying customers, assessing their risk, and monitoring activity to prevent money laundering and terrorism financing.
When is Enhanced Due Diligence required
Enhanced Due Diligence is required when customers or transactions present higher risk, such as PEPs, complex structures, or high-risk jurisdictions.
What is the difference between CDD and EDD
CDD applies to standard risk customers, while EDD applies additional controls to higher-risk relationships.
Is CDD a one-time process
No. Customer Due Diligence requires ongoing monitoring and periodic review.
