CDD（顧客デューデリジェンス）とは？規制対象企業向けに解説

Customer due diligence sits at the heart of every regulated firm’s compliance framework. For banks, wealth managers, insurers and other 金融機関, understanding what CDD involves and why it matters has never been more critical.

What is customer due diligence (CDD)?

Customer due diligence is the process by which financial institutions identify customers, verify who they are, and assess their risk profile for financial crime. Customer due diligence (CDD) is the process of verifying a customer’s identity and assessing their risk level through background checks and monitoring of their business activities. This structured approach forms a core component of Anti Money Laundering (AML), Counter Terrorist Financing (CTF) and Know Your Customer (KYC) obligations globally.

CDD requirements draw from concrete frameworks such as the Financial Action Task Force Recommendations (updated in 2012 and refined regularly) and EU AML Directives including 4AMLD in 2015, 5AMLD in 2018 and 6AMLD in 2021. In the United States, the FinCEN CDD Rule has applied since May 2018, requiring covered financial institutions to identify and verify 受益者 of legal entity customers. These CDD measures are mandated by AML regulations, which set the overarching legal standards for financial institutions to follow in order to combat financial crime.

Customer due diligence CDD applies to both individuals and legal entities. For companies, trusts and foundations, institutions must verify beneficial owners, typically defined as natural persons owning or controlling at least 25 percent under many EU rules.

InvestGlass provides a Swiss, 君主 alternative to American and Chinese platforms, embedding CDD and KYC workflows for banks, wealth managers, insurers and other regulated institutions while protecting data sovereignty.

Key purposes of CDD include:

• Verifying the customer’s identity before establishing relationships
• Assessing the customer’s risk profile for money laundering and terrorist financing
• Enabling ongoing monitoring of financial transactions throughout the relationship
• Understanding the nature and purpose of customer relationships
• Understanding the customer’s business to assess risk and determine appropriate compliance measures
• To prevent money laundering and related financial crimes

CDD meaning and key objectives

For compliance teams and リレーションシップ・マネージャー, CDD stands for the practical steps taken daily to know who customers are and what risks they present. The diligence process extends beyond simple 本人確認 to encompass continuous risk management.

Core objectives of customer due diligence include:

• Verifying identity through reliable documents and data sources
• Understanding the nature and purpose of customer relationships
• Assessing risk factors related to money laundering and terrorist financing
• Conducting ongoing monitoring of the customer’s activities and financial transactions. Monitoring the customer’s activities is essential for assessing risk and detecting illicit activities over time.

CDD aims to prevent financial crime including narcotics trafficking proceeds, sanctions evasion involving jurisdictions like Iran or North Korea, and terrorist financing cases documented by Financial Action Task Force typology reports.

Robust due diligence helps institutions avoid heavy regulatory penalties, licence restrictions and reputational damage. Since 2015, UK regulators have issued billions in AML fines, with HSBC receiving a £264 million penalty in 2021 for systemic CDD failures.

CDD is diligence important not as a one-off exercise but as the backbone of risk based compliance culture throughout the customer lifecycle. デジタル・オンボーディング and automated CDD, as offered within InvestGlass, reduce friction while strengthening control.

Why is customer due diligence important?

The importance of thorough CDD stems from legal, financial and reputational consequences. EU and US authorities have levied over $10 billion in AML penalties in the last decade for lapses in beneficial ownership checks and monitoring.

Legal and regulatory drivers include:

• FATF Recommendations requiring documented customer identification programmes
• EU AML Directives with enhanced criminal liability under 6AMLD
• UK Money Laundering Regulations 2017 and subsequent amendments
• US Bank Secrecy Act and FinCEN rules for beneficial ownership
• Swiss Anti Money Laundering Act (AMLA) and FINMA circulars

Risk reduction benefits:

• Prevention of identity fraud and account takeover
• Detection of trade-based money laundering
• Protection against sanctions busting in cross border payments
• Early identification of criminal activity

Business benefits:

• Improved trust with counterparties and correspondent banks
• Smoother audits through well documented CDD files
• Enhanced financial stability through sound risk management
• Protecting organisations from reputational damage

For Swiss and European institutions, choosing a sovereign platform like InvestGlass protects both compliance quality and data sovereignty, avoiding exposure to foreign cloud legislation such as the US CLOUD Act.

Core CDD process and steps

CDD operates as a structured, repeatable diligence process rather than an ad hoc set of checks. Regulators expect documented procedures and clear audit trails demonstrating how institutions conduct CDD.

The typical stages include customer identification, verification, risk profiling, application of appropriate CDD measures, onboarding decision, and ongoing monitoring. After understanding the nature and purpose of customer relationships, it is essential to assess the risk associated with the customer’s business, including monitoring the customer’s activities and transaction patterns as part of ongoing due diligence and risk assessment, to determine suitable monitoring and compliance measures. Under the FinCEN CDD Rule and FATF guidance, financial institutions must identify and verify ultimate beneficial owners of legal entities.

InvestGlass provides configurable digital workflows mapping to these steps: online forms, document collection, approval rules and automatic reminders for review cycles.

顧客の識別

Customer identification collects core identity data before any business relationship is established. For a potential customer who is an individual, typical data includes:

• Full legal name, date and place of birth
• Nationality and residential address
• 納税者番号
• Source of funds and wealth information for higher risk profiles

For legal entity customers, institutions collect:

• 登録名および登録番号
• Incorporation date and registered address
• Legal form and business activities
• Directors and authorised signatories
• Ultimate beneficial owners controlling specified thresholds

Information sources include official identity documents, company registries such as Companies House in the UK, Swiss commercial registers and public records. InvestGlass digital onboarding pre-structures information collection with dynamic forms adapting to client type and jurisdiction.

Customer verification

Verification confirms that collected customer information is accurate and relates to a real person or entity. Identity verification techniques include:

• Document checks using passports and national ID cards
• eID systems and liveness tests
• Address verification through utility bills, bank statements or property tax bill documentation
• Cross checks against government databases

Corporate verification includes confirming registration status, reviewing constitutional documents and cross checking beneficial ownership against official registers. Automated verification integrated into InvestGlass reduces manual review time while maintaining strict control using third party services under European or Swiss legal frameworks.

Risk profile assessment

Once identity is verified, institutions evaluate the customer’s risk level using a documented risk scoring model. The customer’s risk level determines how often reviews are performed and highlights the need for ongoing, perpetual monitoring to detect any changes in the risk profile. The customer’s risk level directly influences how frequently reviews are conducted and ensures that risk management strategies are proportional to the assessed risk, with higher risk customers requiring more frequent and detailed ongoing due diligence.

Major risk factors include:

リスクカテゴリー	例
Geographic risk	FATF high risk jurisdictions, sanctioned countries
Product risk	Complex investment structures, trade finance
Channel risk	Non face to face onboarding, digital-only relationships
顧客タイプ	Politically exposed person, trusts, foundations
Behaviour indicators	Cash intensive businesses, frequent cross border transfers

Risk scoring translates into categories such as low risk customers, medium risk and high risk customers, determining due diligence intensity and review cadences. InvestGlass centralises risk data, sanctions screening, adverse media information and PEP screening results into a single customer risk view.

Determining appropriate CDD measures

A risk based approach means CDD measures scale in proportion to assessed risk, as encouraged by FATF and EU regulations.

Three levels of due diligence:

• 簡易デューデリジェンス: For demonstrably low risk cases, though increasingly restricted
• スタンダードCDD: Baseline measures for most customers
• デューデリジェンスの強化: Additional checks for higher risk triggers

Standard CDD applies to basic customer relationships such as a low risk salaried individual in a low risk country. Enhanced due diligence applies to a politically exposed person or corporate with complex offshore ownership, requiring senior management approval and more frequent reviews.

InvestGlass workflows automatically route files for enhanced review based on risk scores and screening hits.

Ongoing monitoring and periodic review

CDD continues after onboarding through continuous monitoring of transactions and periodic file reviews, often called perpetual KYC. Monitoring activities include:

• Real time or near real time transaction screening
• Threshold and pattern based alerts for suspicious activity
• Regular sanctions, PEP and adverse media rescreening
• Review of unusual customer’s activities

Review frequency typically follows the customer’s risk profile: annual reviews for high risk, every two years for medium risk and every three to five years for low risk customers. InvestGlass triggers automatic tasks for periodic reviews and maintains complete audit trails.

Suspicious activity detection and reporting

Information from CDD and monitoring feeds into decisions to escalate unusual patterns for investigation by the compliance team. When suspicion of money laundering or terrorist financing arises, regulated firms must submit Suspicious Activity Reports to relevant authorities such as the UK’s NCA or Switzerland’s MROS.

Deadlines and confidentiality obligations require prompt filing once suspicion is formed. Detailed, well structured CDD records support SAR submissions and regulatory enquiries. InvestGlass centralises customer information and interaction history, helping compliance officers assemble facts for reports.

Conducting CDD: Practical Steps for Regulated Firms

Conducting customer due diligence is a fundamental responsibility for regulated firms, particularly those operating within financial services. The process is designed to ensure that financial institutions not only comply with regulatory requirements but also actively prevent financial crime such as money laundering and terrorist financing.

The practical steps for conducting customer due diligence (CDD) begin with gathering and verifying the customer’s identity using reliable documentation and data sources. This initial verification is essential for establishing a trustworthy relationship and forms the basis for further risk assessment. Once the customer’s identity is confirmed, firms must assess the customer’s risk profile by considering factors such as geographic location, type of business activities, transaction patterns, and whether the customer is a politically exposed person or linked to high-risk sectors.

A risk-based approach is central to effective CDD. This means tailoring the depth and frequency of due diligence measures to the customer’s risk level. For example, low risk customers may require only standard checks, while high risk customers such as those with complex ownership structures or connections to sanctioned jurisdictions will necessitate enhanced due diligence and more frequent reviews.

Ongoing monitoring is another critical component of the CDD process. Financial institutions must continuously review customer activities and financial transactions to detect any unusual or suspicious behaviour. This includes regular screening against updated sanctions lists, adverse media checks, and periodic reassessment of the customer’s risk profile. Automated systems can support ongoing monitoring by generating alerts for transactions that deviate from expected patterns, enabling compliance teams to respond swiftly to potential risks.

Maintaining accurate records throughout the diligence process is vital for demonstrating regulatory compliance and supporting investigations if suspicious activity is detected. Firms should ensure that all customer information, risk assessments, and monitoring activities are documented and readily accessible for audit purposes.

By following these practical steps verifying identity, assessing risk, applying appropriate due diligence measures, and conducting ongoing monitoring regulated firms can strengthen their defences against financial crime and uphold the highest standards of regulatory compliance. This structured approach to customer due diligence not only protects the organisation but also fosters trust with clients and relevant authorities.

The main types of CDD

Three recognised CDD types align with FATF guidance and EU AML frameworks: simplified, standard and enhanced. Not all jurisdictions permit simplified due diligence, which requires clearly demonstrated low risk.

All customers undergo at least standard CDD. Enhanced measures apply to high risk cases including PEPs, customers in high risk third countries or other entities with complex structures.

Standard customer due diligence

Standard CDD represents the baseline identification, verification and risk assessment steps applied to most customers. This includes collecting and verifying customer information, initial 制裁とPEPスクリーニング, and setting expectations for the relationship.

A typical example involves onboarding a retail banking client or small local business with transparent ownership. InvestGlass templates for standard CDD can be customised to each institution’s risk appetite and regulatory requirements.

Enhanced due diligence (EDD)

Enhanced due diligence involves additional checks when higher risk indicators are present. Typical triggers include:

• PEP status or connections to board members of state entities
• Links to high risk or sanctioned jurisdictions
• Complex or opaque ownership structures
• Negative adverse media related to corruption or tax evasion

EDD measures include deeper source of wealth analysis, additional documentation, open source research, site visits and frequent senior level review. Sectors often subject to EDD include casinos, virtual asset service providers and high value dealers.

InvestGlass orchestrates EDD workflows including task assignment and escalation to senior management within a controlled Swiss environment.

Ongoing and event driven CDD

Beyond periodic reviews, event driven refreshes occur when significant changes affect the customer’s risk profile. Triggers include:

• Changes in ownership or control persons
• Switches in main business activity
• Sudden spikes in transaction volume
• New countries involved in payments

Ongoing CDD combines automated rules with human review. InvestGlass allows staff to capture key events directly in the CRM, automatically prompting CDD updates.

Regulatory expectations and CDD requirements

Detailed diligence requirements differ by jurisdiction but generally follow FATF standards. Common building blocks include customer identification and verification, beneficial ownership identification, understanding relationship purpose, and ongoing monitoring.

Key regulations include:

• EU: 5AMLD and 6AMLD with enhanced criminal liability
• UK: Money Laundering Regulations 2017
• スイス: AMLA and FINMA circulars
• US: FinCEN CDD Rule effective May 2018

Regulators expect documented CDD programmes with written policies, training and record keeping for typically five years after relationship end. InvestGlass helps institutions meet these regulatory compliance expectations while keeping data within European or Swiss legal frameworks.

The four core elements under the FinCEN CDD Rule

The 2018 FinCEN CDD Rule requires covered financial institutions to implement four core elements:

1. 顧客の識別と確認
2. Identification and verification of beneficial owners of legal entity customers
3. Understanding the nature and purpose of customer relationships
4. Conducting ongoing monitoring for suspicious activity and maintaining accurate records

While specific to US institutions, these principles echo FATF and EU frameworks. InvestGlass workflows can enforce these elements for institutions serving US-related clients.

Relationship between CDD, KYC and AML

KYC focuses on knowing and verifying the customer’s identity. CDD extends this through risk based assessment and ongoing monitoring. AML represents the overarching framework integrating CDD with transaction monitoring, sanctions controls and governance.

Regulators view CDD as the operational heart of AML programmes. Weaknesses in CDD processes often lead to enforcement action and regulatory penalties. InvestGlass brings KYC, CDD and AML workflow elements together in one centralised platform.

Who needs to perform CDD and in which sectors?

CDD is mandatory for a wide range of regulated entities in financial services firms and high risk sectors. Typical obliged entities include banks, private banks, wealth managers, asset managers, insurance companies, payment institutions, real estate agents and property owners involved in transactions, casinos, and professionals such as lawyers and accountants.

Note that community development district arrangements and local government structures may also involve CDD requirements when handling significant funds.

CDD in banking and wealth management

Banking and wealth management remain most closely associated with CDD. The Danske Bank scandal involving €200 billion in suspicious flows through Estonia highlighted the consequences of inadequate controls.

For private banks dealing with high net worth individuals, identifying UBOs and understanding source of wealth is critical. International frameworks including Basel Committee guidelines and FATF Recommendations shape banking CDD, alongside local rules like FINMA circulars.

InvestGlass is specifically designed for banks and wealth managers, providing integrated CRM, onboarding, portfolio management and compliance workflows. Typical use cases include opening investment accounts and cross border private banking relationships.

CDD in real estate and other high risk sectors

Real estate transactions represent a recognised channel for money laundering, especially through high value properties. Many jurisdictions now require property owners, agents and notaries to conduct CDD.

Specific tasks include verifying buyer and seller identities, understanding payment sources, and identifying beneficial owners of purchasing entities. Other high risk sectors include virtual asset service providers and gambling operators.

InvestGlass can be deployed beyond traditional banking for real estate investment firms and specialised financial intermediaries requiring robust onboarding. The same data sovereignty concerns apply outside banking.

Manual vs automated CDD and the role of technology

Legacy manual CDD processes suffer from high operational costs, slow onboarding times, inconsistent quality and difficulty maintaining accurate records. Industry benchmarks suggest manual processes consume up to 40 percent of onboarding time.

Automation delivers structured data capture, rules based risk scoring, automated screening, workflow management and centralised documentation. However, automation should support expert human judgement, particularly for complex cases.

How InvestGlass streamlines CDD while preserving data sovereignty

We host data in Switzerland or on premises, helping institutions meet strict privacy rules restricting data transfer to foreign jurisdictions.

Key CDD capabilities include:

• Configurable digital onboarding journeys
• Integrated KYC and CDD questionnaires
• Automatic risk scoring and screening
• Document collection and renewal alerts
• セキュアなクライアントポータル for information exchange

Our solution appeals to European, Swiss, Middle Eastern and African institutions avoiding reliance on American or Chinese platforms. By centralising CRM, portfolio management and compliance in one platform, InvestGlass reduces duplication, lowers costs and strengthens oversight across the 顧客ライフサイクル.

Best practices for effective customer due diligence programmes

Beyond meeting formal rules, effective CDD requires sound governance, training and continuous improvement. Best practice elements include:

• Risk based policies with clear roles and responsibilities
• Board level oversight and board members accountability
• Written procedures and checklists tailored by segment
• Regular testing and internal audit reviews
• Staff training covering typologies and red flags

Quality data sources matter: reliable sanctions lists, updated company registries, accurate international identity data and curated adverse media. InvestGlass supports best practices through version controlled workflows and reporting dashboards illustrating CDD performance.

Record keeping and audit readiness

CDD effectiveness depends on maintaining accurate records kept for statutory periods, often at least five years. Documents to retain include:

• Copies of identification documents
• Corporate records and UBO information
• Risk assessment outputs and screening results
• Review notes and correspondence

Secure storage requires role based access, encryption and clear retention policies respecting GDPR. Regulators and auditors rely on these records to test CDD quality. InvestGlass maintains structured electronic files with full history of changes and approvals.

Conclusion: CDD as a foundation of secure, sovereign client relationships

Customer due diligence remains central to combating money laundering, terrorist financing and other financial crimes. Beyond regulatory compliance, robust CDD supports trust between institutions and their clients, enabling more customers to be served confidently.

The key messages are clear: adopt a risk based approach, maintain ongoing monitoring on an ongoing basis, align with regulatory requirements, and leverage technology to manage volume and complexity. Informed decisions about CDD protect financial stability and organisational reputation.

Institutions seeking to protect the sovereignty of their client data while avoiding dependency on American or Chinese providers can rely on InvestGlass as a Swiss, sovereign platform. Our solution ensures compliance with strict European and Swiss expectations while delivering efficient, auditable CDD processes.

Explore how InvestGlass can digitise your onboarding and CDD workflows while keeping your client data exactly where it belongs.