Customer Due Diligence (CDD) Process under MLR 2017

CDD Process under MLR 2017
Download : Customer Due Diligence (CDD) Process under MLR 2017

Customer Due Diligence (CDD) Process under MLR 2017

Criminals often attempt to conceal their identities in order to slip through detection and commit financial crimes such as Money Laundering, Terrorist and Proliferation Financing (MLTPF). Customer Due Diligence (CDD)  acts as a defence, protecting Relevant Persons under Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) from such bad actors. CDD aims to identify and verify a client’s identity as well as assess and manage the MLTPF risks emanating from them. This infographic provides a detailed overview of the Customer Due Diligence (CDD) process under MLR 2017.

The Customer Due Diligence (CDD) process includes the following steps:

Step 1: Conducting Customer Identification and Verification

In this step, the Relevant Person needs to identify a customer by collecting information such as their name, residence, nationality, etc. Then, the Relevant Person must verify the identification information obtained against documents or information obtained from reliable sources.

When the customer is a body corporate, the Relevant Person must:

  • Identify and verify the name, company or other registration number of the body corporate
  • Identify and verify the address of its registered office and its principal place of business if such principal place of business is different from its registered office
  • Determine and verify the law to which the body corporate is subject, as well as its constitution.
  • Determine and verify its board of directors or members of an equivalent management body if there are no board of directors
  • Determine and verify the senior persons responsible for the body corporate’s operations

However, it must be noted that if the customer is a company listed on the regulated market, the obligation to determine and verify the law to which is body corporate is subject, its constitution, board of directors or members of an equivalent management body, and senior persons is not applicable.

Step 2: Conducting Identification and Verification of Beneficial Owners of the Customer

When customers are legal persons, trusts, companies, foundations, or any other similar legal arrangement, Relevant Persons must understand their ownership and control structure. If it is found that the customer is beneficially owned by another person, Relevant Persons must identify and verify the identities of the Beneficial Owners as well.
If the Beneficial Owners are themselves legal persons, companies, foundations, etc, the Relevant Person must take steps to understand their ownership and control structure.

It must be noted this obligation does not apply when the customer is a company listed on a regulated market.

Step 3: Conducting the Identification and Verification of Persons Acting on Behalf of the Customer

When a person seeks to act on behalf of a customer, the Relevant Person must identify that person, verify their identity, and verify if the person is duly authorised to act on behalf of the customer.

Step 4: Assessing the Purpose and Intended Nature of Business Relationship

The purpose and intended nature of the business relationship must also be assessed, and where appropriate, information on the same must also be obtained.

Step 5: Conducting Name Screening

The name screening process has three components:

  • Sanctions Screening: It helps Relevant Persons determine if a customer is sanctioned under UK sanctions lists as prescribed by the Office of Financial Sanctions Implementation (OFSI) and other authorities. If a target match is found, it needs to be reported to the OFSI, and the funds of such a person need to be frozen.
  • Adverse Media Screening: It helps Relevant Persons detect if any adverse media or negative news is associated with the customer, which indicates that the customer is involved in financial crimes.
  • Politically Exposed Persons (PEP) Screening: It helps Relevant Persons detect if a customer is a PEP. MLR 2017 mandates that enhanced due diligence (EDD) measures be adopted for PEPs; therefore, detecting if a customer is PEP is extremely important.

Step 6: Conducting Customer Risk Assessment

MLR 2017 mandates that CDD measures and their extent must reflect the following:

  • Relevant Person’s Business-Wide Risk Assessment (BWRA)
  • Relevant Person’s assessment of the level of risks arising in specific cases

This means that the Relevant Person must conduct a Customer Risk Assessment (CRA) for each customer and their Beneficial Owners. The CRA methodology it adopts should be aligned with the broader BWRA and its findings.

CRA helps Relevant Persons determine the degree of MLTPF risks a customer poses and adopt the level of CDD accordingly. If the MLTPF risks posed by the customer are beyond the risk appetite of the Relevant Person, it may choose not to establish a business relationship with the customer.

Step 7: Selecting the Type of CDD to Be Applied

Relevant Persons are required to apply adequate CDD measures to the customer, based on the results of the CRA. There are three types of CDD:

  • Simplified Due Diligence for customers that have been assessed to pose low MLTPF risks
  • Standard Customer Due Diligence for customers that have been assessed to pose medium MLTPF risks
  • Enhanced Due Diligence for customers assessed to pose high MLTPF risks, such as Politically Exposed Persons (PEP), customers from high-risk third countries, etc.

Step 8: Conducting Ongoing Monitoring

CDD is not a one-time process. Ongoing monitoring of business relationship with the customer must be conducted to:

  • Scrutinise transactions and ensure that they are in line with the Relevant Person’s knowledge of the customer, as well as the customer’s business and risk profile
  • Review existing CDD records and ensure that the information and documents are up-to-date and relevant

Customer Due Diligence (CDD) Process: Final Thoughts

CDD process helps Relevant Persons make risk-based decisions regarding MLTPF risk management. It ensures a balanced approach between taking calculated risks and implementing effective risk controls, both of which are necessary parts of business functioning. Adopting best practices such as leveraging CDD software, conducting staff awareness and training, etc, further enhances the CDD process.