Global regulatory bodies are making Customer Due Diligence (CDD) an ongoing process for reporting entities to operate legally. CDD is a risk-based process for assessing customers’ risk profiles and verifying their identity by involving a number of regulatory obligations. AUSTRAC, Australia’s financial watchdog, has explicitly prohibited reporting entities from providing a designated service if customer identification procedures cannot be performed.
In recent years, CDD is evolving to a proactive process with more regular verifications and risk profiling. An Ongoing Customer Due Diligence (OCDD) helps you identify, mitigate and manage money laundering and terrorism financing (ML/TF) risk. This includes developing and documenting an Enhanced Customer Due Diligence (ECDD) program and a transaction monitoring program.
Your AML/CTF program must include OCDD structure and controls to decide whether the additional customer and beneficial owner information should be collected and verified on an ongoing basis. OCDD includes ensuring that your customer’s information is updated and processes for transaction monitoring and the ECDD program are planned.
According to AUSTRAC
Your Transaction Monitoring Program Must:
Define the processes you follow to identify suspicious customer transactions
Document appropriate risk-based systems and controls that capture all necessary sources of customer and transaction data or information
Set out systems and controls that trigger alerts for further review
Implement processes to consistently review and manage the internal escalation and investigation of alerts
Prioritise alerts according to the level of risk
Document processes to consistently manage the reporting of potentially suspicious matters
Detail sufficient assurance processes to review the management of alerts
Continually monitor transactions at all levels, not just, for example, by branch or venue level
Document processes with sufficient specificity to enable them to be consistently applied
Document and audit any automated transaction monitoring processes
Your Enhanced Customer Due Diligence (ECDD) Program Must:
Define the types of customers, designated services, channels and jurisdictions that you consider to be a high or greater level of risk, and ensure procedures allow for consistent implementation of ECDD processes
Specifically identify who is responsible for carrying out ECDD
Establish controls for consistently applying ECDD to ensure its operation, monitoring and internal reporting
OCDD and ongoing monitoring go hand in hand to identify risk patterns across customers and mitigate and manage that risk at a business level. You must be proactive and monitor your customers throughout your entire relationship with them.
Example: Ongoing Customer Due Diligence in Action
As a result of a recently updated risk assessment, BusinessCO identifies transactions by certain customers involving a $5,000 threshold of physical cash as posing a higher risk. Prior to this updated risk assessment, only transactions of this nature above $8,000 were considered to be of higher risk. Three months later, a periodic audit of BusinessCO’s transaction monitoring program reveals that it is designed to trigger alerts for transactions in physical cash of $8,000 or more; however, no triggers were in place that aligned with the updated risk assessment for transactions between $5,000 and $8,000.
BusinessCO acts swiftly to rectify the oversight and ensure it aligns with its risk profile. BusinessCO also undertakes a back capture to identify all transactions in physical cash that fall within the $5,000 to $8,000 bracket and, in so doing, identifies the activities of one customer that, upon review, raises suspicion and is referred for ECDD. ECDD indicates that this customer may be evading tax payments by undertaking cash-in-hand jobs, and a suspicious matter report is provided to AUSTRAC. Following the initial referral, the customer was subject to increased monitoring to ensure any suspicious activity was detected and reported to AUSTRAC.