Client acceptance

The Money Laundering and Terrorist Financing Act (Wwft) requires financial institutions to carry out customer due diligence when entering into a business relationship. This wiki page explains what customer due diligence entails.

What does customer due diligence involve?

As a financial institution, you are required to carry out customer due diligence. This is to prevent money laundering and terrorist financing. Based on the customer due diligence process, you decide whether or not to accept a customer. Based on certain results, you are also obliged to report to the supervisory authorities or the Dutch Financial Intelligence Unit (FIU).

What is client acceptance?

Customer or client acceptance is the process you go through, prior to entering a business relationship with a customer. Customer acceptance must also take into account sanctions regulations. Financial institutions are required under the Financial Supervision Act, the Wwft and the Sanctions Act 1977 to check whether the potential customer is included on sanctions lists. If an institution establishes that this is the case then the regulator must be notified and the potential customer in question will be refused.

Step-by-step customer acceptance process

In the customer acceptance process, the following steps must be completed. The depth of these steps depends on the risk of money laundering and terrorist financing.

  • Client identification and verification
  • UBO identification and verification
  • Understanding the ownership and control structure
  • Determining the nature and objective of the relationship
  • Determining the source of the resources
  • Initial risk classification
  • Customer Due Diligence
  • Final risk classification
  • Acceptance

First, you determine the identity of the client. You do this by requesting and documenting the identity information. Next, you determine that the stated identity matches the customer’s true identity. This is also known as the know-your-client principle – or Know Your Customer (KYC).

Identification and verification must be performed before the customer relationship is established.

If there is little risk of money laundering or terrorist financing, the law indicates that a financial institution is permitted to verify the identity of the customer (and the UBO) during the establishment of the business relationship. In that case, you verify the identity as soon as possible after the first contact with the customer, and at the latest before the product or service is provided.

You should also identify and verify the identity of the natural person representing the customer. You must take reasonable steps to determine whether the natural person is acting on his or her own behalf or on behalf of others. For example, if there appears to be a strawman construction, this may be grounds for conducting enhanced customer due diligence and even for not entering into the relationship with the (potential) customer. A strawman is a person acting under his own name but acting on behalf of someone else.

Establishing the identity of the parties involved can be done in various ways. Permitted means to verify the identity of natural persons are:

  • A valid passport, identity card, driver’s license;
  • A valid identity card or driving license from a member state;
  • Travel documents for refugees and aliens;
  • Foreigner documents.

For a legal entity, you can request a Chamber of Commerce/Trade Register extract. You can also consult trusted third-party sources, such as registers like Graydon and Dun&Bradstreet.

What is an UBO?

The Wwft requires you to identify the Ultimate Beneficial Owner (UBO). The UBO is the ultimate beneficial owner. This is always a natural person. You must take reasonable measures to verify the identity of the UBO. This means that the intensity with which you do this depends on the risk of money laundering and terrorist financing. For example, you can use a so-called UBO statement or Internet sources. You can also consult the UBO register for free.


You must be able to determine whether the client and/or the UBO is a “politically exposed person” (PEP). A PEP is a politically exposed person. A PEP may be especially susceptible to corruption.

This means you must screen the client and UBO against PEP lists. If there is indeed a PEP, the institution will need to conduct enhanced customer due diligence and ongoing enhanced monitoring of the customer. The IRS and the Ministries of Finance and Justice publish and maintain a list of politically exposed positions.

Sanction screening is also part of the client acceptance process. Sanction screening is often conducted simultaneously with screening against PEP lists. Where a true hit on a PEP list leads to a , a true hit on a sanctions list leads to refusal of the potential client. In such a case, a notification must also be made to the regulator.

Insight into ownership and control structure

If the (potential) customer is a legal entity, you must also gain insight into the ownership and control structure. You must be able to understand and find the (legitimate) structure plausible.

1. Purpose and nature of the relationship: Based on the service being requested, you should be able to identify why it is desired and whether it is plausible.

2. Source of funds: In this step, you test the legitimacy of the resources coming from the client.

3. Initial risk classification: The assessment of the risk of money laundering and terrorist financing occurs at several points in the customer acceptance process. Therefore, it is also referred to as initial risk classification and final risk classification.

The initial risk classification determines which customer due diligence should be performed. To support this assessment, many organizations use risk rating models and risk rating software to detect so-called red flags.

The risk factors of client, transaction, product/service are taken into account. You also consider the purpose of the relationship, the financial exposure and the regularity or duration of the relationship. In any case, you should consider the risk factors listed in Appendices II and III to the Fourth Anti-Money Laundering Directive.


The term CDD is often used as a comprehensive term for customer due diligence, transaction monitoring, risk classification and sanction screening. The law distinguishes between:

  • Simplified customer due diligence (simpliefied due diligence)
  • Customer due diligence
  • Enhanced due diligence

Based on the information you have gathered in the previous steps, you make a choice  which customer due diligence can or should be conducted.

In determining to what extent customer due diligence measures should be applied, the financial institution assesses the money laundering risk and the risk of terrorist financing.

If the risk is proven to be low, simplified customer due diligence measures are sufficient. This includes demonstrably collecting sufficient data to determine whether a simplified customer due diligence can be performed with respect to a customer.

If there is a so-called normal risk, the institution maintains the normal customer due diligence, the components of which are listed above under the first paragraph.

If there is a higher risk of money laundering or terrorist financing, you conduct an enhanced customer due diligence. This may mean, for example, additional research into the origin of client assets and the origin of funds involved in a transaction.

Final risk classification

The final risk classification is done based on the results of the relevant client due diligence. It is often based on the professional judgment of the first line and any advice from the second line. Risk rating models and risk rating software are mainly supportive of the examination, the final risk classification will ultimately depend on the complete client examination.

The client acceptance process can be completed after the client due diligence has been done and the client risk has been adequately established. The established client risk is the basis for monitoring and reviewing during the period of the client relationship.

Want to know more?

Want to know more about the process of client acceptance? You can follow our Wwft Customer Investigation e-learning, or read more about our CDD services.