Enhanced Due Diligence Is Non-Negotiable. Here is How to Do It Right
As a financial institution, you already do your customer due diligence (CDD) - but when do you need to step it up to enhanced due diligence (EDD)? The answer: surprisingly often. In this industry, you simply can't be too careful, which is why it's always a good time to review how to keep your EDD processes up to scratch.
Of course, EDD is nothing new - it's been an essential part of Know Your Customer (KYC) regulations since the Patriot Act of 2001. EDD mandates the collection of additional customer information in cases where customers are high risk, in order to better understand their activity and head off vulnerabilities. New rules from FinCEN around CDD and EDD went into effect in July 2016 with a compliance deadline of May 2018, meaning it's more critical than ever to ensure you are implementing the right systems to keep your processes in shape.
Both CDD and enhanced due diligence are part of a complete KYC process. Identity verification (IDV) at the account-opening stage is one of the most critical moments in the process, but it doesn't end there: read on to identify when your due diligence should kick up a notch.
Raising the Enhanced Due Diligence flag
EDD might seem like something you save for high-stakes situations, but the truth is, it should be a lot more routine. Any customer who qualifies as high-risk or high-net-worth automatically merits more scrutiny, as do those who conduct large transactions. According to the Federal Financial Institutions Council (FFIEC), there are three risk categories to consider:
- Customers and entities
- Geographic location
- Products and services
Customers and entities
When considering individuals and entities, you will most often want to be tracking politically exposed persons, or PEPs . PEPs include anyone who holds an influential position in a nation's government - that can be in the public or adjacent private sector-as well as their close associates and family members. It's a given that these individuals are screened and scanned more extensively given their higher risk assessment. If an individual is identified as high-risk, then you should collect additional information on their personal and business relationships.
Some other factors for which to watch:
- foreign clients opening accounts with your financial service, despite being non-residents of your country of operation;
- nominee shareholders of a company, or those who possess shares in the company's bearer form; and
- personal asset-holding vehicles who are not actual people, but who are considered legal persons.
For all of these individuals and entities, it is essential to know the nature of their business or occupation, the sources of their funds or wealth, as well as the typical pattern, volume, frequency, and purpose of their transactions, all of which can be risk factors. You will need to understand who their customers are too, whether they're expected to be domestic or international, and the normal origin and method of payment. With a totality of information, you can watch for transactions that appear abnormal, convoluted, or pointless.
Keep track of the individuals' approximate salaries or the organization's annual sales, as well as articles of incorporation, partnership agreements, and business certificates. Know who the account's ultimate beneficial owner (UBO) is. Monitor adverse media for any unsavory mentions of the clients with which you are working.
In terms of places to be wary, the list is long. The Financial Action Task Force (FATF) retains records of countries that lack adequate AML systems, as well as watchlists like the Call for Action Jurisdictions and Other Monitored Jurisdictions. Watch out for customers or entities operating out of these places and those whose country of origin is not a member of the FATF or its partners.
Some other reliable sources of information:
- The State Sponsor of Terrorism list names countries that are known financiers or supporters of terrorist activity.
- Some countries have widespread corruption reported by credible sources such as the Transparency Index List .
Financial businesses need to be cognizant of the diplomatic relations between their country of operation and foreign states. If your company is based in the U.S., you need to be blocking business with countries that currently have sanctions, embargoes, or other restrictions against them. Also, even if a country or a foreign bank doesn't directly support terrorist organizations, it's critical to monitor whether there are any operating within its borders to avoid inadvertently supporting terrorist financing. However, EDD should be used to determine if someone has associations with any sanctioned organization indirectly.
Products and services
Regulators also keep an especially close eye on certain types of financial services, like people who use a correspondent account. For example, because private and correspondent banking is extremely confidential, money laundering is a problem in that sector. Here are some other organizations or offerings that are subject to higher scrutiny:
- shell banks;
- cash-intensive businesses; and
- industries associated with high cash flow, such as casinos.
Putting Enhanced Due Diligence into action
Where do you start with EDD? Regulators recommend a risk-based approach. Have an effective system for recognizing and categorizing customers according to their risk rating, and create a customer risk profile that is reviewed regularly.
Additionally, regulators require your policies to meet specific criteria:
- they must be rigorous and robust in the quality and quantity of information collected;
- there must be detailed documentation so regulators have EDD reports on demand;
- regulators want reasonable assurance that your organization has done every necessary step in calculating KYC risk ratings; and
- all relevant information must be considered, including negative media, and anything suspicious must be reported.
One of the most effective ways to implement EDD is to make sure you apply consistent and frequent monitoring of high risk customer activity, as well as screen against international AML watchlists periodically. Experts strongly recommend a compliance software solution that can automate this process. Cognito covers your bases with:
- an industry-leading IDV solution for authenticating new customers;
- best-in-class AML Watchlist algorithms with transliteration across 18+ languages; and
- regular rescans to catch any changes or anomalies in customer status.
With the right IDV partner, you can ensure your due diligence reflects the risk level at hand, no matter who is looking to access your services.
Compliance has never been more critical. Try Cognito today and see the difference it makes for your business.