Customer Due Diligence (CDD)
The baseline level of customer scrutiny required for any new business relationship - identification, purpose-of-relationship understanding and ongoing monitoring.
Definition
Customer Due Diligence (CDD) is the set of measures every obligated entity must apply when entering a business relationship, occasional transactions over a threshold, or whenever a suspicion of money laundering or terrorist financing arises. CDD answers four questions: who is the customer, who controls the customer, what is the purpose of the relationship, and does observed activity match the declared profile.
Standard CDD measures
- Identify the customer and verify the identity against a reliable, independent source.
- Identify the beneficial owner.
- Understand and obtain information on the purpose and intended nature of the relationship.
- Conduct ongoing monitoring of the relationship, including transaction monitoring and document refresh.
When risk is elevated - PEPs, high-risk jurisdictions, complex structures, unusual transaction patterns - CDD escalates to EDD. When risk is demonstrably low, simplified due diligence may apply, but never an exemption.
Regulatory anchor
FATF Recommendation 10 codifies the baseline. In the EU it is implemented through Articles 13–14 of AMLD4 (as amended). The upcoming AML Regulation harmonises CDD thresholds and definitions across member states, ending the long tail of national divergences that complicated cross-border banking.
Operational tips
- CDD is not a one-off file: trigger a refresh on material change (new UBO, new business model, sanctions hit, adverse media).
- Document the rationale for the assigned risk score - supervisors look for traceable decisions, not just outcomes.
- Tie CDD outputs directly into transaction monitoring rules so that the declared profile becomes the comparison baseline.