Customer due diligence (CDD) is a process of checks designed to identify, risk assess and verify your client to make sure they are who they say they are.

The purpose of CDD is to know and understand a client’s identity and business activities so that any money laundering and terrorist finance risks can be properly managed.

We find that firms are not performing, and updating, their CDD throughout the duration of the client relationship. We raise this finding if there is no evidence of updated CDD on at least one of our sampled client files. Some of the firms in this bracket will have updated CDD on some of their clients but not all. Some firms may have considered whether there are changes but not recorded the review. In some firms, their electronic CDD system makes it difficult to document how they have updated their review.

The firm should regularly review the documentation it has obtained as part of the know-your-client checks. If any of the information has changed, it should be fed back into the client risk assessment.

The frequency of the review should be determined on a risk basis but there may also be trigger events such as providing a new service to an existing client, significant changes to key office holders, the introduction of a politically exposed person or if a suspicious activity report has been made.

• Watch our AMLbites CDD part 3 for best practice tips on performing ongoing CDD
• Guidance from the CCAB on AML and Counter-Terrorist Financing for the Accountancy Sector
• Watch our webinar on how CDD should operate in practice