How can you be sure that the companies and customers you do business with aren’t undertaking criminal operations that could leave you at risk? The answer lies in due diligence checks.
As a business owner or financial lead, how can you be sure that the companies and customers you do business with aren’t undertaking criminal operations that could leave you at risk of financial and reputational damage?
The answer is due diligence checks, which are a required part of anti-money laundering (AML) regulations, and the key to ethical financial conduct.
The risk that justifies due diligence
It’s an unwelcome truth that UK businesses are a popular choice for financial criminals. In the past few years, we’ve seen a sharp rise in suspicious business activity, like organisations being set up with directors based abroad. Plus, The National Crime Agency estimates that money laundering alone costs the UK economy around £290 billion each year[1].
Over the last three years (2021-2023) there’s been a 77% increase in the number of UK businesses that are linked to EU defined high-risk third countries. It’s clear to see the fight against financial crime is a monumental one.
Key Takeaway: Avoid costly damage to your business and reputation
Financial crime is big business for fraudsters and can cause costly damage to your business and reputation. Fortunately, due diligence checks are straightforward ways to mitigate this risk.
Understanding due diligence
As a company within the banking and finance industry, regulations mandated by the Financial Conduct Authority (FCA)[2] require you to implement strict due diligence. As you’re handling financial transactions, you should be completely informed – and confident – on who your customers are and how much of a risk they pose to your business. Fortunately, with the right data and information in hand, you can do exactly this.
Put simply, effective due diligence is a detailed investigation of each potential customer in order to confirm that they are who they say they are, can be trusted, aren’t doing anything illegal, and are safe to do business with. Most importantly, they can drastically cut your company’s risk of financial crime.
Due diligence checks are an integral part of both Know Your Business and Know Your Customer checks, which in turn are fundamental within AML regulatory compliance. These specific regulations set standards that aim to prevent money laundering and terrorist financing.
What is Customer Due Diligence?
Customer Due Diligence (CDD) is a detailed screening of each potential customer during the onboarding and remediation process in order to confirm that they are who they say they are, can be trusted, aren’t doing anything illegal, and are safe to do business with.
It is designed to prevent money laundering and is made up of three key steps:
1. Identify
Identifying the customer.
2. Verify
Verifying the customer’s identity.
3. Assess
Assessing the purpose and intended nature of the business relationship or transaction.
CDD is at the heart of AML and KYC initiatives, and companies must carry out these checks when establishing a new business relationship. In the UK specifically, the FCA sets specific CDD guidelines[3] for financial institutions. All regulated entities must follow these guidelines to ensure they meet regulatory standards.
What is Enhanced Due Diligence?
Enhanced Due Diligence (EDD) is an advanced screening approach used to assess customers and situations that are deemed suspicious or carry a higher risk of financial crimes, such as:
An unusual or excessively complex beneficial ownership structure.
When a customer (or their family member or close associate) is identified as a Politically Exposed Person (PEP). Because a PEP has significant political influence, they are at an increased risk of – and more vulnerable to – being involved with financial crime.
Transactions or business relationships that are anonymous or feature payments from unknown or unassociated third parties.
Unusual elements within a business relationship. For example, an unexplained geographical distance between the business and customer.
When customers have connections with cash-intensive or higher-risk sectors, such as the gambling industry.
Gaps in data or discrepancies in data. While this doesn’t automatically mean a customer is doing anything suspicious, if the missing or incorrect information impacts the risk profile of the individual or business, it should be investigated further.
While CDD is considered the standard process, EDD allows businesses to complete a more complex and thorough investigation that involves a greater level of scrutiny. This can help uncover red flags that may not necessarily have been detected by CDD alone.
It works by:
- Accessing additional identifying information from a wider variety of sources.
- Establishing the source of funds or wealth.
- Verifying the source of funds to ensure they’re not proceeds from a crime.
- More closely analysing the purpose and nature of a business relationship.
Key Takeaway: Cross-reference data
Cross-referencing data can help you join the dots between the information you’d expect to find and the information you’ve been given. Some gaps or data discrepancies could be considered a red flag depending on your risk policy.
How Customer Due Diligence and Enhanced Due Diligence benefit your business
Financial crime prevention
Financial crime is said to cost the UK economy around £290 billion per year. Ensuring due diligence and subsequent AML compliance allows you to help prevent the illegal financial activities that add to this colossal bill.
It’s important to remember that financial crime isn’t just about the money either. There is a direct social impact to these illegal activities, such as human trafficking, and undertaking due diligence can ensure you do right by consumers and society too.
Increased customer trust and financial protection
As well as helping you avoid costly fines, effective due diligence can build trust with clients and stakeholders and preserve your reputation within the financial system. Prioritising security and compliance also helps assert your responsibility and foster positive sentiment across your customer base, stakeholders, and the wider industry as a whole.
Regulation compliance
Adhering to due diligence requirements ensures wider compliance across global AML regulations that regulated businesses – particularly within financial services – must adhere to. This in turn reduces your risk of legal repercussions and reputational damage.
Risk mitigation and cost savings
Being exposed to financial crime can be costly. It’s reported that large companies can spend over £100 million on remediation activity per year. By better understanding your customers and performing these checks, you can better detect and prevent suspicious financial activity. It’s one of the most essential and straightforward ways to mitigate your risk of financial crime.
Putting due diligence into practice
Due diligence is essentially a customer risk assessment. You must constantly pose questions in order to stress test the data in front of you, and ultimately answer whether you know your customer well enough to confidently do business with them.
The introduction of the Economic Crime and Corporate Transparency Act[4] in late 2023 helps with this goal too. The Act encourages the sharing of data and insights between businesses and industries to prevent, detect, and investigate economic crime together. By sharing this intelligence around bad customers, you can help the rest of your ecosystem avoid financial crime risks.
The Customer Due Diligence process
1. Customer identification and verification
For individuals, you must obtain information such as their name, address, and date of birth. You then need to acquire photo ID, like a passport or driving licence, in order to verify they are who they say they are.
2. Corporate identification and verification
For businesses, you must screen the business as a whole and its directors, with the most vital element being the beneficial ownership verification. This means determining who ultimately owns, controls, and benefits from the business in question.
3. Risk assessments
Based on the customer’s identity, location, and type of business, you can then sort them into the appropriate money laundering risk level – standard or high. If standard, then the initial CDD is complete and you can move on to ongoing monitoring. If high, EDD will be needed.
4. Ongoing monitoring
CDD isn’t a one-time thing, only to be used during onboarding or one off remediation. As such, processes should be put in place to regularly monitor, review, detect, and report customers’ changing risk profiles and suspicious transactions. This will also help your business more easily adhere to any changing regulatory requirements.
Key Takeaway: Ongoing monitoring is an essential part of due diligence
Fraudsters may lie in wait before using your products or services to commit financial crimes, so regular monitoring to review suspicious activity is vital.
The Enhanced Due Diligence process
Determining when a customer is subject to a more comprehensive due diligence check doesn’t have to be complicated. There are a few key things to look out for, and it starts with a customer risk assessment.
If, during the risk assessment, a customer has been flagged as high risk, they will be required to undertake an EDD check.
A graphic of a horizontal timeline introducing and identifying each header as a specific point.
1. Customer identification and verification
Much like CDD, customers need to be identified and verified before their level of risk is determined. According to the Financial Action Task Force (FATF)[5], who are the global money laundering and terrorist financing watchdog, a flexible set of measures can mean more effective risk analysis. By not being bound to a strict checklist to tick suspicions or concerns against, your assessments can be better tailored to your business.
2. Obtaining additional data and information
You should seek additional information from those deemed high risk. This can be from a specifically designed questionnaire or the documents listed below, depending on who the customer is.
For businesses, banks, and financial institutions | For Politically Exposed Persons* |
Registration documents from the local Registrar of Companies. | Title and details on the PEP’s position (either currently or previously). |
Banking information and their relationships with other financial institutions. | Whether the PEP is a close associate or family member, and if so, their identity, title, and role. |
Identity of board members and beneficiaries. Articles of incorporation, partnership agreements, and business certificates. |
*It’s important to note that as of January 2023, an amendment to government legislations[6] means that UK PEPs are treated slightly differently to overseas PEPs. They are all still subject to EDD, but those from the UK must be deemed as lower risk. |
Cross-referencing data is the key to success
In order to corroborate the story being told, ask whether you can join the dots between all of the information being provided and all the information you’d expect to find.
Let’s say you’re checking the data and information of a customer who is a restaurant. As well as being an established business on Companies House, it’s important to take a deeper look into industry-specific data sets to ensure no missing gaps. For example, are they registered with the expected health and safety or catering regulators?
3. Analysis of source funds and Ultimate Beneficial Owner
This step is to verify the legitimacy of the source of funds and wealth for individuals, companies, and a company’s Ultimate Beneficial Owner (UBO). Any inconsistencies found in the earnings, source of wealth and funds, or a customer’s net worth will require additional documentation to explain. Information and documents for analysis here can include:
- Assets
- Bonuses
- Dividends
- Inheritance
- Investments
- Property
- Salary
- Shares
4. Transaction monitoring
To better understand where money is coming and going, getting a detailed view of a customer’s transaction history is critical. This monitoring includes looking at the:
- Background of a transaction
- Purpose of a transaction
- Duration of a transaction
- Parties involved – for example, is the money going to a high-risk jurisdiction or staying in the UK?
5. Adverse and negative media checks
Researching press articles, news reports, media content, and social networks can help create a rounded profile of a customer. Anything that contributes to the reputation of a company should be taken into consideration and regularly monitored.
6. In-person visits
All financial institutions should have a physical address that can be verified. The absence of this, or having an address that doesn’t correspond with official documents, should be considered a red flag.
7. Ongoing monitoring
As with CDD, ongoing monitoring is vital in order to review and detect risk profiles and suspicious activity. It will also enable you to keep up to date on new regulatory requirements and compliance.
Key Takeaway: Due diligence works both ways
It’s important to remember that due diligence isn’t solely outward facing. Looking at the types of products and services you offer, and determining whether they are low- or high-risk in terms of being vehicles for financial crime, can help your assessments.
For example, an overseas wire transfer service is arguably more high risk than a standard savings account. Therefore, a customer seeking that particular service may be worth investigating more deeply. Take an audit of your products and services to determine which ones are most high risk.
Your organisation’s due diligence checklist
Due diligence is an essential part of AML compliance and helps you avoid doing business with high-risk individuals and companies. As well as this, it helps to display your company’s ethical financial conduct and can protect against reputational damage and fines.
In most circumstances a straightforward CDD is enough to determine whether a new customer is safe to do business with. However, any suspicions or red flags should compel you to seek a more detailed EDD. Due diligence doesn’t have to be complicated, it just takes a watertight process and well-trained employees to execute it.
Due diligence checklist
Assess and understand each of your customers’ risk profiles. |
|
---|---|
Undertake extensive background checks and transaction monitoring. |
|
Obtain additional information where necessary. |
|
Organise and secure data in line with compliance standards. |
|
Undertake regular monitoring of all customers (both low- and high-risk). |
Let us help
If you need to establish or evaluate your organisation’s due diligence processes, we can help.
Our range of tools and platforms – such as CrossCore, KYC, KYB and FRAML Score – will help you carry out effective due diligence that are in line with regulations. Or you can talk with one of our experts to see how we can support your company’s specific needs.
Related products
[1] Press release: Government spends equivalent of just 0.042% of GDP on fighting economic crime – new analysis, Spotlight on Corruption
[2] FCA, The Financial Conduct Authority
[3] FCA Handbook, The Financial Conduct Authority
[4] Economic Crime and Corporate Transparency Act 2023, legislation.gov.uk
[5] FATF, Financial Action Task Force
[6] The Money Laundering and Terrorist Financing (Amendment) Regulations 2023, legislation.gov.uk