Banking & Finance

What Are the 5 Types of Customer Due Diligence?

With CDD requirements becoming more complex, financial institutions must understand the different kinds of CDD processes. Here are 5 types of CDD processes.


CDD, AML & KYC are the three important terms commonly used in the realm of customer identification and risk management. CDD is about assessing the customer's identity, AML is about preventing money laundering, and KYC is the overall process of knowing your customer. Understanding and applying these concepts is crucial for businesses in regulated industries to mitigate risks and comply with legal requirements.

What Is Customer Due Diligence? 

Customer Due Diligence (CDD) is the process of verifying and authenticating a client’s identity and quantifying the risks they may introduce in business relationships. CDD processes begin before institutions provide clients with services and, in some cases, may continue at regular intervals throughout the client’s tenure. The purpose of CDD requirements is to prevent financial crimes such as money laundering and identity theft. 

Financial institutions use five kinds of CDD procedures based on initial client risk assessments: Standard CDD, Simplified CDD, Enhanced CDD, Delayed CDD, and Ongoing CDD. 

1. Standard CDD

Standard CDD applies to clients who present no significant risks on initial assessment. Standard CDD requires personally identifiable information about the client, beneficial owners, and any persons authorised to act on behalf of the client. This information should include:

  • Full names
  • Dates of birth
  • Relationship to the client in cases of authorised persons
  • Business and home addresses
  • Designation of the proposed business relationship
  • Any data required by applicable regulations

For best practices to make initial assessments and verify information provided, institutions can consult the guidelines prescribed in Australia’s 2006 Anti-Money Laundering and Counter-Terrorism Financing Act.

2. Simplified CDD

Typically, financial institutions only approve simplified CDD for clients that have prior obligations to transparency and public disclosure such as government entities, local authorities, and public service agencies. The 18(2) of the AML/CFT Act lists qualified client types for reference. This process requires that institutions:

  • Confirm that the client meets the simplified CDD criteria
  • Identify the nature and purpose of the proposed business relationship
  • Identify all authorised parties associated with the client entity

3. Enhanced CDD

Enhanced CDD applies to clients assessed to be at high risk for financial crimes. Typical high-risk triggers include the following circumstances:

  • The client has a trust or other separate financial instrument containing personal assets
  • The client owns or has control over a company with nominee shareholders
  • The client is a politically exposed person (PEP)
  • The client is a non-resident in the country where the financial institution is headquartered and has citizenship or permanent resident status in a country with minimal or ineffective anti-money laundering and anti-terrorism financing laws. 

When enhanced CDD is required, institutions should gather all information required by standard CDD procedures and supplement the file with a detailed exposition of the client’s sources of wealth and funds. Records of this investigation and disclosure should clearly indicate that the institution took reasonable steps to verify all claims regarding the sources of funds.

4. Delayed CDD

While financial institutions typically cannot begin any work for clients prior to satisfying CDD requirements, a few exceptions exist to allow institutions to begin work processes essential to preventing the interruption of ongoing business operations. These exceptions are only available to clients with low-risk assessments. Delayed CDD has three requirements:

  • The institution must complete know your customer (KYC) requirements
  • Identity verification must be completed as soon as is reasonably possible
  • If the client does not meet verification requirements, the institution must stop work and report any suspicious findings associated with the client.

5. Ongoing CDD

Institutions should practice ongoing CDD with all clients at intervals indicated by the client’s risk status. Low-risk clients require CDD confirmation once a year. Medium to high-risk clients should undergo the process every six months. Additionally, institutions should apply CDD procedures any time significant changes are made to the existing business relationship. 

Cutomer Due Diligence: Everything You Need to Know About CDD (And How to Protect Your Organization  from Criminals)

Why Customer Due Diligence Matters

As white-collar office workers largely shifted to work-from-home during the last two years, financial institutions around the globe saw an unexpected rise in new accounts opened. Following reports issued by watchdog organizations in the U.K. and the U.S. in 2021, it became clear that the surge in new accounts had concealed a parallel increase in money laundering and other criminal activities that rely on financial services.

In the U.K. alone, suspicious activity reports in 2021 came in at 20% over 2020 and 2019 totals. In response, government offices responsible for the prevention and prosecution of financial crimes such as the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Australia’s Serious Financial Crime Taskforce (SFCT) are tightening their requirements for compliance with customer due diligence (CDD) processes

Financial institutions in affected countries have already begun enhancing their CDD procedures, with some collecting over 600 unique fields of information. 

At the end of the more strident processes, it would be no exaggeration to say that the vetting financial institution may know more about their clients than their own friends and family. With CDD requirements evolving rapidly – and generally becoming more complex – financial institutions should prioritize developing a comprehensive understanding of the different kinds of CDD processes. 

Secure Document Collection with FileInvite

FileInvite offers financial institutions a document collection platform and file sharing service with bank-grade security and KYC templates. FileInvite maintains SOC 2 Type 2 compliance and employs 256-bit encryption in client portals.

To learn more and request a demo, visit FileInvite today.

New call-to-action

You might also like:

Similar posts

Gather all the documents, signatures, and data you require up to 80% faster.

Eliminate the monotony of back-and-forth emails and inefficient systems when gathering client information. Get hours back each week as FileInvite handles the most time-consuming work for you.

Get started in as little as 5 minutes.

Stay in-the-loop. Subscribe here to receive the latest from FileInvite.