Skip to content

Chapter 1 of 3 · 3 min · 1 copyable asset

What is customer due diligence (CDD) and how does the process work?

Learn what customer due diligence (CDD) is, how the KYC process works, and how compliance teams assess and categorize customer risk.

TL;DW

CDD verifies who a customer is and assesses their financial crime risk before and during onboarding. It combines identification, KYC background checks, and a risk rating that determines how closely the relationship is monitored going forward.

CUSTOMER DUE DILIGENCE

Customer Due Diligence (CDD): A Practical Compliance Guide

3 chapters · 10 min · Beginner · Certificate

Lesson · 3 parts

Customer due diligence sits at the foundation of anti-money laundering compliance. Before a bank or financial institution opens an account or processes a transaction, it must understand exactly who it is dealing with. CDD is the investigative process that stands between a criminal and the financial system, screening out bad actors before they gain access. In an era of instant digital transactions, this screening function matters more than ever: the faster money moves, the faster illicit funds can be layered and hidden, which is why a disciplined CDD process has become non-negotiable for regulated firms worldwide.

The CDD process unfolds like assembling a puzzle, one piece at a time. It begins with customer identification: confirming who the applicant actually is using reliable, independent documentation such as a passport, national ID, or corporate registration record. From there you move into the know your customer, or KYC, phase, where you dig into the background behind the application. Why is this person or company opening the account? What is the stated purpose of the relationship, and does it match the transactions you would expect to see once the account is active?

Customer risk assessment is where CDD earns its keep. Rather than treating every customer identically, you categorize each one against a set of financial crime risk factors: country of residence and operation, industry sector, whether the customer is retail or corporate, and any politically exposed person, or PEP, status. A customer flagged as higher risk needs enhanced due diligence, or EDD, layered on top of standard checks, along with more frequent profile reviews. A lower risk customer can be reviewed less often. The goal is balancing thorough scrutiny against operational efficiency, not treating every customer as a suspect.

Customer risk assessment checklist

  • Country of residence, incorporation, and operation
  • Industry sector and whether cash-intensive
  • Customer type: retail, corporate, or complex ownership structure
  • PEP status of the customer or beneficial owners
  • Sanctions exposure
  • Expected transaction volume, frequency, and counterparties
  • Source of funds and source of wealth
  • Overall risk rating: low, medium, or high, with EDD flagged if high

Key terms

CDD
Customer Due Diligence: the process of verifying a customer's identity and understanding their background and expected activity before and during a business relationship.
KYC
Know Your Customer: the phase of CDD focused on understanding why a customer wants the relationship and what activity to expect from it.
EDD
Enhanced Due Diligence: additional scrutiny and more frequent review applied to higher-risk customers, such as PEPs or those in high-risk jurisdictions.
PEP
Politically Exposed Person: an individual who holds or has held a prominent public position, treated as higher risk due to potential exposure to bribery or corruption.
Risk-based approach
An AML principle requiring that the intensity of due diligence and monitoring scale with a customer's assessed financial crime risk rather than being applied uniformly.

Key takeaways

  1. CDD is preventative: it screens customers before onboarding rather than catching financial crime after the fact.
  2. The CDD process runs from customer identification through KYC background checks to a documented risk rating.
  3. Risk-based CDD means enhanced due diligence for high-risk and PEP customers, and lighter-touch reviews for low-risk ones.

Watch out

  • Treating every customer with the same checklist regardless of risk rating is a common and costly CDD mistake.

Check your understanding

A corporate customer's beneficial owner is based in a high-risk jurisdiction with no connection to the company's stated trading activity. What should this trigger?

This mismatch between the beneficial owner's location and the stated business purpose is a red flag that should trigger enhanced due diligence, deeper investigation into the source of funds and true purpose of the account, and likely a higher risk rating before the relationship is approved.