Financial institutions should know who their customers are, and should avoid establishing relationships with clients who could pose integrity risks. The process to achieve this is called Customer Due Diligence (CDD). On this page, we’ll explain what a CDD policy is and why it’s so important for financial institutions to have one in place.
Legislators and regulators expect institutions to have CDD policies, procedures and measures based on a risk analysis. Furthermore, they must make clear how they prevent involvement, for example through third parties (suppliers, outsourcing partners etc), in money laundering and terrorist financing.
In addition to preventing risks, an institution must also define in the policy what to do if there are clients who pose an unacceptable risk. Clients with unacceptable risks cannot be accepted. Existing relationships with unacceptable risks must be terminated. If there is an unacceptable risk because there are indications that the client is involved in money laundering or terrorist financing, a notification must be sent to FIU Netherlands.
Studies by financial regulators show that preparing a risk analysis is an obligation that companies struggle with. In practice, companies have difficulty making the translation from risks to control measures, and from control measures to policy and procedures. Subsequently, it is also difficult for many institutions to demonstrate that CDD risks are adequately controlled.
Institutions are required to establish, document, and regularly update an assessment of the risks of money laundering and terrorist financing.
In a risk assessment, the institution analyses the inherent money laundering and terrorist financing risks that may arise with respect to risk factors related to the type of customer, product, service, transaction and delivery channel and to countries or geographical areas.
The institution then assesses the effectiveness of the management measures in the face of these inherent risks, after which the gaps in existing management measures can be determined. This should be used to determine what additional measures should be taken. This risk assessment is the basis for policy procedures.
A risk analysis is therefore always customized, depending on the specific context of an institution.
The policy you establish is tailored to the size and nature of your business. With our compliance software Ruler, you have an overview at a glance of which current (and future) standards you must comply with, so that your policy can be adjusted accordingly. In addition, you are required to review them regularly and update them where necessary, based in part on the update of your company’s risk assessment.
Do you have an independent compliance officer? If so, it is obvious that this review should be performed by your compliance officer. The persons who determine the day-to-day policies of your company must approve the policies. Our consultants can also support you as your external compliance officer.
Institutions should record the CDD policy in such a way that supervisors can review it afterwards. DNB’s guideline states:
‘It is important that the institution makes and records its considerations in a systematic and consistent manner, such that they can be followed and assessed by a supervisor or other third party. This applies to both formulating policy and deciding to make exceptions to that policy. In performing its supervisory task, DNB tests the risk-based approach of institutions.’ – Guideline Wwft and SW DNB
If you want to learn more about Anti Money Laundering (AML) and CDD, you can follow one of the trainings from our learning institute, The Ministry of Compliance.
We are happy to help you set-up CDD policies and procedures. For more information, please feel free to get in touch.