White outlines of customers under a magnifying glass

Authors: Alexandra Hoskins & Alexander Norrish

What is Customer Due Diligence?

In Australia, Customer Due Diligence (or CDD) generally involves taking steps to understand who your customers are and ensuring that your business is managing the money laundering and terrorism financing risks they pose.

The legal and regulatory requirements associated with CDD are primarily located in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). The AML/CTF Act is enforced by the Australian Transaction Reports and Analysis Centre (AUSTRAC), which is responsible for monitoring and regulating financial institutions in Australia.

Under the AML/CTF Act, regulated entities (being those that provide prescribed “designated services” under the AML/CTF Act) are required to implement a risk-based approach to CDD. This means that organisations must assess their customers' level of risk based on factors such as their type of business, location, transaction activity, and other relevant information.

CDD can be understood as having three components:

The initial identification and verification (IDV) of the customer. This is sometimes referred to as ‘Know Your Customer’ checks;
The ongoing CDD (OCDD) which includes ensuring the information you have about the customer is up to date, and processes for transaction monitoring; and
Enhanced CDD (ECDD) which includes what actions a business will take when the ML/CT risk is high.

Identification and Verification (IDV) and Ongoing Customer Due Diligence (OCDD)

A CDD process begins by identifying and verifying the identities of a business’ customers. This IDV process involves collecting and verifying information such as name, address, date of birth, and government-issued identification documents. By doing so, organisations can ensure that they are dealing with legitimate individuals or entities and not imposters or criminals using false identities.

However, this is not a set and forget type of check. An organisation must also have OCDD systems and controls in place to enable it to decide whether additional customer and beneficial owner information should be collected and verified on an ongoing basis. This process involves monitoring customer behaviour to identify additional money laundering and terrorism financing risks and being able to mitigate and manage those risks. OCDD applies to individual customers as well as patterns of risk across multiple customers.

Combined IDV and OCDD allows the business to assess the potential risks associated with a customer, particularly regarding money laundering, terrorist financing, and other illicit financial activities. This also enables the organisation to identify any suspicious or unusual behaviour that may be indicative of illicit activities.

Enhanced Customer Due Diligence (ECDD)

In addition to IDV and OCDD, regulated entities may also be required to perform ECDD in certain situations. ECDD is a higher level of scrutiny, monitoring, and due diligence that is necessary for customers who pose a higher risk due to factors such as their business activities, geographical location, or political exposure.

There are several instances where organisations should consider conducting ECDD. These include:

When dealing with Politically Exposed Persons (PEPs), which refers to individuals who hold prominent public positions or have close relationships with PEPs.
When dealing with high-risk countries or regions that have been identified as having significant money laundering or terrorist financing risks.
When conducting transactions that are complex, unusual, or large in value and have no apparent economic or lawful purpose.
When dealing with customers who use non-face-to-face channels for transactions, such as online or over the telephone.
When there are suspicions of money laundering or terrorist financing activities.

By conducting ECDD in these situations, organisations can further mitigate potential risks and ensure compliance with legal and regulatory requirements. It is essential to have clear policies and procedures in place regarding when and how to conduct ECDD to ensure consistency and effectiveness in risk management.

Benefits of CDD processes

In addition to complying with the legal and regulatory requirements of the AML/CTF Act, the benefits of a strong and structured CDD processes are as follows:

Providing a clear understanding of who an organisation’s customers are, and the risks associated with their activity. Organisations can ensure that they are dealing with legitimate individuals or entities and not imposters or criminals using false identities.
Protecting the business from financial and reputational harm by mitigating risks. Recent AUSTRAC prosecutions against businesses have resulted in significant civil penalties. For example, Crown Melbourne and Crown Perth paid an AUD$450 million penalty for breaches of the AML/CTF Act.
Preventing fraud and identity theft. By confirming a customer’s identity, organisations can prevent unauthorised access to personal or financial information.
Enhancing an organisation’s reputational by demonstrating a commitment to ethical business practices. By implementing robust CDD processes, organisations can build trust with their customers and stakeholders, promoting transparency and accountability.

A robust set of implemented CDD processes are crucial for organisations to mitigate risks associated with money laundering and financial crimes. It is an essential part of an overall risk management strategy. However, it is not enough to have the processes written down, they need to be implemented effectively. This is an ongoing process that requires continuous review and adaption to stay compliant and effectively manage risks. Overall, while there may be costs and resources required for implementing CDD processes, the long-term benefits of mitigating risks and maintaining compliance far outweigh the cost.

Please contact the team at Senet if you would like to discuss any of the topics covered in this article in further detail.

Learn more about our AML/CTF services:

Contact us