Customer due diligence (CDD) is the systematic process by which finansielle institutioner identify, verify, and assess their customers to prevent money laundering and terrorist financing. CDD is a key measure used to combat money laundering, ensuring that financial institutions can identify suspicious activities and comply with anti-money laundering (AML) regulations. If you are responsible for compliance at a bank, wealth manager, fintech, or payment firm, understanding and operationalising customer due diligence requirements is fundamental to your regulatory obligations.
CDD is a legal requirement under anti money laundering and counter terrorist financing frameworks in the UK, EU, Switzerland, and jurisdictions worldwide. The obligations apply broadly to banks, payment service providers, fintechs, wealth managers, insurers, other financial institutions, and any business entity subject to AML regulations.
At its core, CDD focuses on four actions: identifying the customer, performing Identitetsbekræftelse, understanding beneficial ownership, assessing risk, and performing ongoing monitoring. These requirements form the backbone of any effective compliance programme and drive day-to-day decisions about onboarding, maintaining, or exiting customer relationships. CDD helps financial institutions assess risk and manage associated risks linked to customer identities, financial activities, and third-party relationships.
InvestGlass, som en schweizisk suveræn CRM and onboarding solution, is designed to operationalise these CDD requirements within a single platform. Firms can manage the entire CDD lifecycle without relying on American or Chinese cloud infrastructure, preserving full control over sensitive client data.
With the EU’s 6th Anti Money Laundering Directive (AMLD6) adopted in 2023 and transposition required by 2027, plus evolving FATF guidance on virtual assets and beneficial ownership, the regulatory environment continues to tighten. Regulatory requirements now include the collection and verification of required beneficial ownership information to enhance transparency and prevent financial crimes. This article provides a practical guide to meeting customer due diligence requirements in 2024 and beyond.
Hvad er kundekendskab (CDD)?
Customer due diligence (CDD) is the process of identifying and verifying customers, assessing their risk of involvement in money laundering or terrorist financing, and understanding the nature and purpose of the business relationship, including a thorough understanding of the customer’s business. CDD aims to mitigate risks such as money laundering and terrorist financing risks, forming a core pillar of broader AML and KYC frameworks.
The CDD concept originates from FATF Recommendations, which have influenced global standards since 2012, with updates in 2024 reflecting evolving threats. In the UK, obligations flow from the Money Laundering Regulations 2017 (as amended through 2024). The EU framework builds on AMLD4, AMLD5, and AMLD6, while Switzerland relies on its Anti Money Laundering Act and FINMA ordinances.
CDD applies to individual customers, corporates, trusts, foundations, and other legal structures. Whether onboarding a private banking client, an SME seeking trade finance, or a virtual asset service provider, the same foundational requirements apply, albeit with varying intensity based on risk.
The distinction between initial CDD at onboarding and ongoing CDD throughout the klientens livscyklus is critical. Many institutions now refer to ongoing CDD as perpetual KYC, reflecting the need for continuous rather than periodic review. As part of this process, determining the customer’s risk profile is essential, as it guides the level of ongoing monitoring, the depth of information required, and the application of enhanced due diligence for higher-risk customers. CDD directly informs risk based decision making: whether to onboard a customer, maintain the relationship, apply restrictions, or exit entirely.
InvestGlass embeds these CDD concepts into configurable digital onboarding journeys and CRM workflows, ensuring consistent application of policies across jurisdictions and client types.
Risikostyring og -vurdering
Risk management and assessment are fundamental to the customer due diligence (CDD) process, forming the backbone of effective anti money laundering and counter-terrorist financing strategies for financial institutions. As mandated by the Financial Crimes Enforcement Network (FinCEN) and reflected in global regulatory frameworks, financial institutions must undertake comprehensive risk assessments to identify and mitigate risks associated with customer relationships, including those posed by money laundering, terrorist financing, and other financial crimes.
A robust diligence process begins with the collection and verification of customer information, including beneficial ownership information for legal entity customers. By identifying beneficial owners and understanding the structure and purpose of legal entities, institutions can accurately assess each customer’s risk profile. This risk assessment is not a one-off exercise; it is an ongoing obligation that requires continuous monitoring of customer transactions and relationships to detect and report suspicious transactions in a timely manner.
The CDD rule requires covered financial institutions to establish and maintain written procedures that set out risk based procedures for conducting ongoing customer due diligence. These procedures must be tailored to the institution’s risk appetite and regulatory requirements, ensuring that both individual and legal entity customers are subject to appropriate levels of scrutiny. Lower risk customers may be subject to simplified diligence measures, while high risk customers, such as politically exposed persons or those with complex ownership structures, require enhanced due diligence and more frequent reviews.
Effective risk management also involves the verification of beneficial owners, particularly those with significant responsibility to control or manage a legal entity. Institutions must consider a range of risk factors, including adverse media, foreign assets control, and the presence of individuals with significant responsibility or influence. Internal controls, such as regular staff training, independent testing, and audit trails, are essential to ensure compliance with the Bank Secrecy Act and other regulatory requirements.
Continuous monitoring is a critical component of the CDD process. Financial institutions must maintain up-to-date customer information and conduct ongoing reviews to identify changes in customer risk, such as new beneficial owners, changes in business activity, or unusual transaction patterns. This enables institutions to respond swiftly to emerging risks and report suspicious activity as required by law.
In practice, risk management and assessment underpin every stage of the customer due diligence lifecycle, from initial customer identification and verification, through risk assessment and approval, to ongoing monitoring and periodic review. By implementing effective risk based procedures and maintaining accurate records, financial institutions can prevent financial crimes, protect the integrity of the financial system, and ensure regulatory compliance.
Ultimately, a proactive approach to risk management and assessment not only helps institutions meet their legal obligations but also builds trust with customers and regulators alike. By embedding these principles into their CDD processes, financial institutions can safeguard their operations against the evolving threats of money laundering and terrorist financing.
Core Customer Due Diligence Requirements (The Four Pillars)
The widely recognised four elements of CDD align with the FinCEN CDD Rule (effective May 2018) and international practice. These pillars apply globally, though the UK, EU, Switzerland, and Singapore each express them in slightly different legal language.
This section examines each pillar in turn: customer identification and verification, beneficial ownership, understanding purpose and nature, and ongoing monitoring. Later sections will map these pillars to practical checklists and digital workflows that can be implemented inside platforms like InvestGlass.
1. Customer Identification and Verification (ID&V)
The diligence process begins with identifying customers using reliable, independent sources before entering a business relationship or conducting occasional transactions above regulatory thresholds. For example, the EU and UK typically apply enhanced scrutiny for single transactions exceeding 10,000 EUR or the local equivalent.
For individual customers, institutions collect: full legal name, date and place of birth, residential address, nationality, and contact details. For corporates, data points include the registered company number, legal form, registered address, and details of directors.
Customer verification methods inkluderer:
Metode | Application |
|---|---|
Government photo ID | Passports, driving licences |
Electronic identity checks | Credit reference agencies, eID schemes |
Video KYC with liveness detection | Remote onboarding for HNW clients |
Database verification | Companies House, government records |
The UK Customer Identification Programme requirements, EU AMLD5 and AMLD6, and Swiss Anti Money Laundering Act all specify acceptable verification methods. InvestGlass digital onboarding forms, document upload capabilities, liveness checks, and API integrations with identity providers can automate ID&V while storing evidence securely in Swiss or on-premise infrastructure.
A practical example: in 2024, a Swiss private bank onboarded a new high net worth client remotely using digital ID verification and video KYC, reducing manual review time while maintaining full audit trails.
2. Identifying and Verifying Beneficial Owners
Beneficial ownership refers to the natural individuals who ultimately have ownership or control over a legal entity or arrangement. Most regimes use a 25 percent ownership threshold, though some institutions apply lower thresholds for high risk scenarios. The requirement to identify beneficial owners is central to preventing financial crime through complex corporate structures.
Practical steps include obtaining ownership charts, reviewing shareholder registers, analysing multi-layer corporate structures, and identifying persons with significant control. Where ownership is opaque, firms must identify senior managing officials as a fallback. The FinCEN CDD Rule, EU Ultimate Beneficial Owner register requirements, and UK Persons with Significant Control regime all codify these obligations.
High risk scenarios demand particular attention: complex offshore structures, nominee shareholders, and jurisdictions with weak corporate transparency require enhanced scrutiny. A multi-tier corporate client with nominees in several jurisdictions requires tracing to ultimate controllers and updating records when shareholders change.
InvestGlass maintains structured beneficial ownership data inside the CRM, links related entities, and runs periodic checks against sanctions and PEP lists for both customers and their UBOs. This approach ensures firms can collect beneficial ownership information systematically and verify beneficial owners against regulatory databases.
3. Understanding the Nature and Purpose of the Relationship
Beyond identity, firms must understand why the customer is opening an account, what products they will use, and the expected pattern of activity. This information shapes the customer’s risk profile and informs ongoing monitoring.
Information gathered typically covers:
- Account opening rationale and intended products
- Expected transaction volumes and counterparties
- Source of funds and, for higher risk individuals, source of wealth
- Main business activities and geographic footprint
For a UK SME seeking a current account and trade finance, this means capturing expected trade volumes and supplier locations. For a Swiss ekstern kapitalforvalter opening custody accounts, it involves understanding the asset classes and client types served. For a fintech onboarding e-commerce merchants across the EU, it means documenting transaction volumes and payment flows.
This information feeds into customer risk assessment, combining factors such as customer type, product risk, channel risk, and country risk. InvestGlass allows firms to configure digital questionnaires, risk scoring matrices, and approval workflows aligned with their written CDD policy and risk appetite.
4. Ongoing Monitoring and Updating Information
CDD is not a one-off event. Regulatory requirements mandate that firms conduct ongoing monitoring of customer transactions and relationships, with intensity determined by risk.
Practical monitoring activities include:
Aktivitet | Frekvens |
|---|---|
Automated transaction monitoring | Kontinuerlig |
Periodic KYC refresh | 1, 3, or 5 years by risk band |
Ad hoc reviews | Triggered by alerts or adverse media |
Beneficial ownership information and key customer data must be updated when material changes occur, such as a new controlling shareholder, change of residency, or sudden spike in cross-border payments. The UK FCA, FINMA, and EU supervisory authorities all expect evidence of effective continuous monitoring.
Consider a scenario: a real estate investment client begins rapidly buying and selling properties in patterns inconsistent with their stated business purpose. This triggers an alert, prompting an ad hoc CDD review and potential enhanced diligence measures.
InvestGlass orchestrates reminders, task assignment, case management, document recollection, and risk re-scoring based on real-time data feeds and rule-based triggers, helping firms conduct ongoing monitoring systematically.
Types of Customer Due Diligence: Simplified, Standard and Enhanced
UK, EU, and most other regimes recognise three CDD levels: simplified due diligence (SDD), standard CDD, and enhanced due diligence (EDD). These levels reflect the risk based approach that underpins modern AML frameworks.
Real-world institutions often implement further granularity, such as sub-tiers within EDD for ultra-high risk segments like correspondent banking or virtual asset service providers. InvestGlass supports conditional forms and workflow branching, so the system automatically applies the correct level of CDD based on the risk rating.
Simplified Due Diligence (SDD)
SDD involves reduced intensity checks applied in clearly defined low risk scenarios permitted by law. Examples include certain listed companies, public authorities, or low value payment instruments.
SDD does not mean zero diligence. Rather, it permits fewer data points, less frequent reviews, or reliance on public information where appropriate. Firms must document their rationale and maintain evidence. Supervisors expect conservative use of SDD, and misapplication can attract regulatory criticism.
InvestGlass policy rules can automatically assign SDD workflows with lighter questionnaires and longer review cycles for lower risk customers, while maintaining a full audit trail to satisfy regulators.
Standard due diligence af kunder
Standard CDD is the default level applying to the majority of customers. It involves full identification and verification, basic risk assessment, and standard transaction monitoring.
Typical steps include:
- Gather core identity and customer information
- Verify using independent sources
- Screen against sanctions and PEP lists
- Capture purpose and expected activity
- Calculate an initial risk score
A retail bank in the UK onboarding a domestic salaried customer in 2024 would apply standard CDD: eID verification, sanctions screening, and documentation of account purpose. InvestGlass pre-configures standard CDD journeys for different product lines, ensuring consistent data collection and facilitating regulatory compliance and reporting.
Udvidet due diligence (EDD)
EDD applies to high risk customers, products, channels, or geographies. It involves deeper investigation and closer monitoring than standard CDD.
EDD triggers include:
- Politically exposed persons (PEPs)
- Complex ownership structures
- Non-face-to-face onboarding across borders
- High risk countries per FATF grey or black lists
- High value private bankforbindelser
EDD measures typically involve obtaining additional identification documents, detailed source of wealth and source of funds confirmation, senior management approval, and more frequent review cycles.
Example: onboarding a PEP based in a high risk jurisdiction in 2025 would require comprehensive background documentation, intense adverse media screening, and sign-off from senior compliance leadership.
InvestGlass supports EDD through dynamic risk scoring, tiered approval workflows, integration with adverse media and PEP databases, and configurable review frequencies.
Customer Due Diligence Process and Practical Checklist
Converting regulatory requirements into a practical, step-by-step diligence process helps compliance teams operate consistently. The chronological flow typically runs: pre-onboarding risk assessment, onboarding CDD, account opening approval, and post-onboarding monitoring.
Pre-onboarding: Screen the prospective customer against sanctions lists and assess initial risk factors before collecting detailed information.
Data collection and verification: Gather customer identity data, beneficial ownership information, and documentation of purpose. Verify using independent sources and capture evidence.
Screening: Run sanctions, PEP, and adverse media checks on the customer and identified beneficial owners. Document results and escalate hits for review.
Risk rating and approval: Calculate the customer’s risk profile using defined criteria. Route higher risk cases for senior approval per internal controls.
Ongoing refresh: Schedule periodic KYC reviews based on risk band. Configure alerts for material changes or suspicious transactions.
A European wealth manager standardised CDD across several EU and Swiss entities using a unified workflow, replacing fragmented spreadsheets with a single source of truth. Onboarding times dropped from weeks to days.
InvestGlass acts as the single repository for CDD data, supporting each checklist stage with digital forms, integrations, and audit-ready records.
Customer Due Diligence Requirements in Key Jurisdictions
Financial institutions often operate across borders and require harmonised processes that satisfy multiple regulators. This section compares CDD requirements in the UK, European Union, Switzerland, and the United States.
InvestGlass is positioned as a European and Swiss alternative to American and Chinese platforms, making it ideal for firms wanting to centralise CDD data within European legal frameworks.
United Kingdom CDD Requirements
UK obligations derive from the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, updated through 2023. The Financial Conduct Authority and Joint Money Laundering Steering Group provide guidance.
CDD is required when establishing a business relationship, conducting occasional transactions above 10,000 EUR equivalent, suspecting money laundering, or doubting previously obtained information. The Persons with Significant Control regime requires identification of beneficial owners via Companies House data.
UK regulations specify simplified, standard, and enhanced due diligence categories, with specific focus on PEPs, correspondent banking, and high risk third countries. InvestGlass can be configured to reflect UK specific rules, including FCA record keeping periods and appropriate risk based procedures.
European Union CDD Requirements
EU AMLD4, AMLD5, and AMLD6 establish the CDD framework, including the risk based approach, UBO identification, central beneficial ownership registers, and mandatory EDD for high risk third countries.
The EU AML Package includes creation of the Anti Money Laundering Authority (AMLA), expected operational around 2026, which will harmonise supervision across borders. Updates in 2020 and 2021 extended requirements to virtual asset service providers.
InvestGlass supports multi-country EU groups by applying one group CDD standard while retaining flexibility for local deviations and language variations within the same platform.
Swiss CDD Requirements
Switzerland’s Anti Money Laundering Act and FINMA ordinances require identification of contracting parties and beneficial owners, clarification of transaction economic backgrounds, and source of funds documentation, particularly in private banking.
Self-regulatory organisations and Swiss Bankers Association guidelines provide practical standards. Switzerland places strong emphasis on data protection under the Federal Act on Data Protection (revised 2023), favouring sovereign hosting to maintain client confidentiality.
InvestGlass is a Swiss sovereign platform that can be hosted entirely in Switzerland or on the client’s own infrastructure. A Swiss wealth manager using InvestGlass to manage CDD for cross-border clients from the EU, UK, and Middle East benefits from both regulatory alignment and data sovereignty.
United States and the FinCEN CDD Rule
The Financial Crimes Enforcement Network’s Customer Due Diligence Rule became effective in May 2018, requiring covered financial institutions to identify and verify beneficial owners of legal entity customers.
The rule codifies four components: customer identification and verification, beneficial ownership identification, understanding nature and purpose, and ongoing monitoring. Key references include 31 C.F.R. Parts 1010, 1020, 1023, 1024, and 1026, plus requirements for internal controls, independent testing, a designated compliance officer, and regular training.
Under the Bank Secrecy Act, covered financial institutions must maintain written procedures and report suspicious transactions. Even firms preferring not to rely on American cloud providers can comply using a European hosted platform like InvestGlass when serving US clients.
Technology, Automation and Customer Due Diligence
Manual, paper-based CDD is no longer sustainable for institutions handling large client volumes or complex corporate structures. Onboarding that once took weeks now needs to complete in days while maintaining regulatory robustness.
RegTech platforms digitise ID&V, data collection, sanktioner og PEP-screening, workflow management, document storage, and audit trails. This automation improves both efficiency and the quality of evidence available for regulators.
Sovereign European solutions like InvestGlass contrast with American or Chinese technology stacks. Data residency, control over encryption keys, and alignment with European privacy culture matter to institutions managing sensitive customer relationships.
Key technological capabilities include:
- API integrations with KYC data providers
- Rules-based workflows with conditional logic
- AI-assisted risk analysis and scoring
- Dashboard reporting for compliance officers and boards
A mid-sized European bank migrated from spreadsheets and email-based CDD processes to an integrated platform. Onboarding times dropped from several weeks to days, and audit trails became instantly accessible.
How InvestGlass Supports Compliant, Sovereign CDD
InvestGlass is a Swiss sovereign CRM, onboarding, and compliance automation platform built for financial institutions, wealth managers, insurers, and other regulated entities that prioritise data sovereignty.
The platform covers the full CDD lifecycle: digital onboarding forms, identity and document verification, beneficial ownership mapping, risk scoring, workflow approvals, ongoing monitoring tasks, and periodic review reminders. Everything resides in a single client profile with full audit history.
Hosting options include Switzerland or on-premise deployment. Firms retain full control over client data and avoid dependence on American or Chinese hyperscale clouds. This approach aligns with the risk management expectations of regulators who scrutinise outsourcing and data residency.
InvestGlass integrates with third-party KYC providers for sanctions, PEP, and adverse media screening, centralising results alongside customer information. Portfolio management, marketing automation, and client portal capabilities mean CDD data can drive personalised yet compliant engagement without duplicating information across systems.
An EU wealth manager implemented InvestGlass across three jurisdictions, achieving faster onboarding, stronger AML controls, and simplified regulatory reporting through a unified platform.
Governance, Training and Culture Around CDD
Technology alone is insufficient. Strong governance, documented policies, and staff training are essential to meet diligence requirements in practice.
Firms should maintain a documented CDD policy approved by the board, with clear roles and responsibilities for front office, operations, and compliance. Regular independent testing or internal audit reviews validate that CDD processes operate as designed.
Ongoing training for staff must be tailored to roles and updated with regulatory changes. Front office teams need to understand what information to collect and when to escalate. Compliance staff require deeper knowledge of risk assessment and regulatory expectations.
InvestGlass supports governance through audit logs, management information dashboards, exception reports, and workflow-based approvals reflecting organisational structures. Boards typically track metrics such as overdue KYC reviews, EDD completion times, and percentage of clients with complete beneficial ownership information.
Key Takeaways on Customer Due Diligence Requirements
The four core CDD requirements (customer identification, beneficial ownership, understanding purpose, and ongoing monitoring) remain constant foundations for compliance teams worldwide. The three CDD levels (simplified, standard, and enhanced) reflect the risk based approach mandated by regulators across jurisdictions.
Regulatory expectations in the UK, EU, Switzerland, the US, and other major centres continue converging around similar CDD principles, even where detailed rules differ. Firms operating across borders benefit from harmonised processes that satisfy multiple regulators while remaining efficient and client-friendly.
Balancing robust regulatory compliance, efficient client experience, and protection of client data sovereignty is the challenge for modern financial institutions. For organisations seeking an integrated, Swiss-hosted or on-premise CDD and CRM solution independent of American and Chinese providers, InvestGlass offers a compelling path forward. Explore a demo or speak with the InvestGlass team about mapping your specific CDD policy into configurable workflows that ensure compliance and protect data sovereignty.
Relaterede artikler
Swiss Sovereign CRM: Bygget på AI.
Klar til at handle.
