KYC Due Diligence

September 21, 2020

When adhering to Know Your Customer (KYC) and Customer Due Diligence (CDD) regulations you need to know what you are looking for and what your company is willing to risk. This process starts with your firm’s risk appetite based off the risk-based approach. The risk-based approach is explained by FATF as “Assess and understand the money laundering and terrorist financing risks to which you are exposed and to take measures equal to those risks to mitigate them”. A risk assessment can be looked at as inherent risk minus control effectiveness which equals residual risk.

Inherent Risk

  • Clients
  • Products & Services
  • Countries
  • Channels

Control Effectiveness

  • Customer Identification
  • Due Diligence
  • Management Approvals/Dual Controls

From this point you can determine what your residual risk may be which will then determine the level of due diligence required. This can be either simplified due diligence or enhanced due diligence dependent on the risk posed by your potential client. There are four important steps to keep in mind when doing full KYC.


  • Determine what you know, what you need to know, and how to collect the information


  • Create a plan and find the answers


  • Make the customer information meaningful and well put together


  • Present information in a purposeful manner and any indication of suspicious activity

Most customers will fall under the low to medium risk rating. In this case simplified due
diligence will be acceptable. Here are some things to keep in mind regarding due diligence.

What is it?

  • Establishing nature and purpose of account
  • Use a risk-based approach
  • Creating a customer profile

What to ask?

  • Why is the account being opened?
  • How will it be used?
  • What sort of transactions should be expected?

How frequently and what amounts the transactions will be?Unless the customer is deemed high-risk there is no need to implement enhanced due diligence. The information obtained here and organized into a customer profile should be suffice for a low to medium risk customer. However, monitoring should never cease and if there is any potential suspicious activity a deeper look may be required. Let’s have a quick overview
Risk Assessment

  • Inherent risk – control effectiveness = residual risk

Know Your Customer and Customer Due Diligence

  • Assess – ask, plan, prepare
  • Explore – investigate, search, interview
  • Organize – gather, align, collect, clarify
  • Present – document, persuade, defend
  • Customer risk rating
  • Dependent on risk appetite

KYC/CDD is one of the first lines of defense against money laundering and terrorist financing. It may seem tedious at times but is more necessary than it may feel. Until next time, stay compliant my friends.


Leave a Reply

Comments made with personal email addresses will not be considered for publication.