Financial institutions need to know who their customers are, and must prevent forming relationships with clients who could pose an integrity risk. The process to achieve this is called Customer Due Diligence (CDD). On this page, we explain what a CDD policy is and why it’s so important for financial institutions to have one.
Legislators and regulators expect institutions to have a CDD policy, procedures and measures based on a risk analysis. They also need to clarify how they prevent, for example, through third parties (suppliers, outsourcing parnters, etc.), being involved in money laundering and terrorist financing.
In addition to risk prevention, an institution must also determine in its policy what to do if clients pose an unacceptable risk. Clients with unacceptable risks cannot be accepted and existing relationships with unacceptable risks must be terminated. If there are indications that a client is involved in money laundering or terrorist financing, a report must be made to FIU-the Netherlands.
Research by financial regulators shows that conducting a risk analysis is an obligation companies struggle with. In practice, companies find it difficult to translate risks into control measures and from control measures into policies and procedures. Subsequently, many institutions also struggle to demonstrate that CDD risks are adequately managed.
Institutions are obligated to conduct, document, and regularly update an assessment of the risks of money laundering and terrorist financing.
In such a risk assessment, the institution analyses the inherent money laundering and terrorist financing risks that may arise concerning factors related to the type of customer, product, service, transaction and delivery channel, as well as countries or geographical areas.
Subsequently, the institution evaluates the effectiveness of the control measures against these inherent risks, identifying any gaps I the existing control measures. Based on this, additional measure that need teed to be taken are determined. This risk assessment is the basis for policy procedures.
Therefore, a risk analysis is always tailored to the specific context of an institution.
The policy you develop is tailored to the size and nature of your organisation. With our compliance software Ruler, you have an overview of which current (and future) standards you need to comply with at a glance, so you can adapt your policy accordingly. Additionally, you are obligated to regularly asses and update them, based on the ongoing risk assessment of your businesss.
Does your organisation have an independent compliance officer? If so, it is obvious that this assessment should be carried out by your compliance officer. The individuals who are responsible for the day-to-day policies of the company must approve the policy. Our consultants can also support you as your external compliance officer.
Institutions should document their CDD policy in a way that allows supervisors to review it later. DNB’s guideline states:
‘It is important that the institution makes and records its considerations in a systematic and consistent manner, such that they can be followed and assessed by a supervisor or other third party. This applies to both formulating policy and deciding to make exceptions to that policy. In performing its supervisory task, DNB tests the risk-based approach of institutions.’ – Guideline Wwft and SW DNB
If you want to learn more about Anti Money Laundering (AML) and CDD, you can enroll in one of the trainings offered by our learning institute, The Ministry of Compliance.
We are happy to help you set-up CDD policies and procedures. For more information, please feel free to get in touch.