The importance of customer due diligence

Olivia Dakeyne, a manager in the Themis Think Tank writes that many firms see customer due diligence (CDD) - the process of understanding who your customers are and the nature of their business - as a burdensome regulatory requirement, but, she says, it is vital as so much more than a compliance exercise. 

It really is the first line of defence against money laundering and terrorist financing and can have a truly tangible effect on preventing crimes that globally affect individuals, societies and the environment, including modern slavery and human trafficking, the illegal wildlife trade, organised criminal rings and drugs crimes.

Impact of inadequate CDD

At a macro level, inadequate CDD enables illicit actors to launder the proceeds of nefarious activity through the global financial system, effectively rewarding or vindicating such illegal ventures and further incentivising criminals. On a more micro level, CDD failures can result in hefty fines from regulators, with analysis showing that regulatory penalties have reached new heights in recent years; watchdogs imposed USD2.2 billion worth of AML fines in 2020 and almost USD1 billion in the first half of 2021 alone. 

There is also a palpable effect on company share price in the days following a regulatory announcement; indeed, consequences may still be visible over a six-month period. Themis conducted an analysis of a sample of the most significant international AML scandals since 2019, showing that across seven banks, the average share price loss one day after the regulatory probe was announced was 5.15 per cent, falling to 20.71 per cent six months following the announcement. In 2019, this was borne out by Denmark's Danske Bank, which reported a 36 per cent fall in its first-quarter net profit, linked to the criminal investigations into the international money laundering scandal that it was embroiled in, with news of its poor financial performance subsequently driving the bank’s share price down by 7 per cent.

Senior managers may consider CDD a specialist exercise for risk, compliance or financial crime managers rather than under their own purview but financial penalties affect company reputations and share price which, in turn, reflect poorly on senior management teams and board members, reducing their chances of re-election by shareholders who have seen the value of their investments plummet. With senior executives frequently granted stock options in addition to their salaries, their own direct interests in the company can also be threatened by poor CDD processes. 

The impact of COVID-19 on CDD

Remote working processes have made it easier for criminals to bypass CDD measures by exploiting temporary weaknesses in internal controls. COVID-19 has presented unique challenges for the onboarding of new clients, with staff unable to access sophisticated systems and best practice which is more easily maintained and monitored in an office environment. It is under such high-stress conditions that criminals exploit systemic vulnerabilities and turn them to their advantage.

The inability to hold face-to-face meetings to verify client identity further compounded pandemic-related risk, with the physical assessment of ID&V documentation lost to the necessity of remote working. So too did delays in passport renewals, difficulties getting documents certified, lack of printer access, bank branch closures and emergency measures put in place to prioritise help for those in most urgent need leading to a reduction in BAU services and requiring analysts to be more flexible in what ID documentation they accepted. When asked what they perceived to be the main risk associated with remote CDD, 40.9 per cent of respondents to a Themis 2020 survey considered fake, forged or invalid identity documents which are difficult to view remotely. 
 
Harnessing technology to help with CDD

Only 47.0 per cent of respondents to another Themis survey conducted in 2021 focused on the investment management sector reported that their firms have robust CDD processes that are able to identify financial crime risks at the onboarding stage and on a periodic basis during the business relationship, with 42.1 per cent, stating that their CDD still relies heavily on manual processes and procedures, which may be less effective at spotting red flags. 

Digitising CDD can be a highly effective way of harnessing new technology to improve its efficiency and reliability, and reduce operational risk. Customer screening via online resources, electronic identity databases, adverse media research and digital ID&V to verify potential clients are all activities which can be readily undertaken online. Indeed, some innovative new technology allows processes to be radically improved by digitisation: Themis Search can identify damaged, slightly altered or forged documents far more effectively than a human eye can during an in-person identity check at a branch.  

Remote AML technology for sanctions screening, AML monitoring systems and cloud technology (all of which underscore Themis Search, which allows firms to search for any individual or company anywhere in the world to see if they have potential links to criminality), reduce reliance on and need for physical documentation. Innovative KYC approaches such as Perpetual or Dynamic KYC, which involves continuous monitoring for events that would alert institutions that they urgently need to update their due diligence analysis are also on the rise, enabling firms to maintain customer profiles dynamically rather than through periodic review. Outsourcing CDD to experts, like Themis’ specialist investigations team, can also take the burden off firms.

Final thoughts

Treating CDD as a compliance-driven tick box exercise alone is an inefficient use of resources in the long term. Firms that fail to effectively analyse CDD outcomes or use it to drive business decisions squander a wealth of valuable data. Ensuring it is conducted at an appropriate juncture is also key; firms must be committed to ensuring that adequate CDD for each client is conducted, completed and approved appropriately before a new business relationship is established, where there is still time to inform the direction and nature of the relationship.