Due diligence is a term which is commonly associated with private equity investors when injecting millions of dollars into a business.
What is not known is that it is a term which is used across the finance industry, as every customer (and revenue stream) creates a level of risk.
Customer Due Diligence (CDD) forms an important part of the business, from both a regulatory and internal perspective. For example, in the European Union, many client due diligence measures are undertaken to prevent money laundering and to lessen the risk of money that finances terrorism being moved around.
According to the Third European Directive, CDD should comprise of the following:
- Identifying the customer on the basis of documents, data or information obtained from a reliable and independent source;
- Identifying, where applicable, the beneficial owner and taking risk-based and adequate measures to understand the ownership and control structure of the customer;
- Obtaining information on the purpose and intended nature of the business relationship;
- Conducting ongoing monitoring of the business relationship including ensuring that transactions being conducted are consistent with the knowledge of the customer, and the business and risk profile, including, where necessary, the source of funds and ensuring that documents, data or information held are kept up-to-date.
Through this regulatory process, customers who pose such a risk or threat should be flagged within the bank’s internal systems.
They are often then marked down for Enhanced Due Diligence (EDD), a process critical in understanding anticipated transactions which allows the bank to implement policies that monitor activity, therefore reducing the bank’s reputational and compliance risks.
Under these policies, those deemed as higher risk customers will be reviewed extremely closely by the banks at the point of account opening and will be subject to more frequent checks during the course of the relationship with the bank.
It may not only be for terrorism or money laundering purposes that these measures might be put in place. The bank may determine that a customer poses a higher risk because of the customer’s business activity, ownership structure as well as the volume and types of transactions. These could include transacting with large sums of money or where the customer is operating and transacting in higher risk parts of the world.
Know Your Customer (KYC) policies are becoming much more important globally to prevent identity theft, financial fraud, money laundering and terrorist financing. Apart from regulations, compliance and security, there are other reasons why banks will conduct KYC exercises.
Doing client due diligence will also enable banks to better understand their customers and offer them better and more suitable advice and products as the relationship progresses. These guidelines also enable the bank to be able to manage their own risk more effectively as they can identify the types of customer profile more accurately.
The KYC policies are usually structured into four main verticals. These are Customer Policy; Customer Identification Procedures; Monitoring of Transactions; and Risk management.
Red flags (and therefore EDD) normally apply to people who fulfill certain criteria, including those whose names match against lists of those who are blacklisted or have links to crime or terrorism. It also flags up those with a history of odd transactional behavior.
Even after these criteria have been satisfied, the customers will still be subject to extra scrutiny over their transactions until the banks are satisfied that there is sufficiently little risk.