Client Due Diligence (CDD)
The purpose of client due diligence is to know and understand your client. The process involves three key stages:
- Identification (information gathering)
- Client Risk Assessment (CRA)
- Verification (evidence gathering stage)
These stages are interlinked and may need to be re-visited throughout the process. For example, if the CRA result is high risk, you’ll need to go back and gather more information.
All information obtained must be documented and added to the client’s record. AMLCC allows documents to be added within the CRA, and to the client record itself. This ensures there is a full audit trail of how any potential risks associated with money laundering have been considered and managed.
Stage 1: Identification
- Obtain full legal names, trading names, and registration details of the client.
- Identify the legal structure of the client’s business (e.g., sole trader, partnership, limited company).
- Obtain details on beneficial ownership, including the names and addresses of individuals with significant control or ownership.
- Understand the purpose and intended nature of the business relationship with the client.
- Identify the source of funds and the expected level of financial activity.
- Use online ‘Know Your Client’ resources. These include:
- ICAEW client screening service (more details here)
- Open-source database and online tools, such as:
- Reverse image searches that allow you to put an image into the search box rather than a description. When trying to put a name to a face, a reverse image search may be useful.
- Cluster searches look for connections using individual and entity names. They can help if you have concerns about an individual’s other business interests.
- Social media searches can provide evidence of business activity, for example marketing on social media can help verify products and services offered by the business.
- Adverse media searches look for negative news associated with an individual or company Negative news search strings may be used to carry out searches on an entity or an individual such as:
Name AND bribe OR corruption OR court OR conviction OR crime OR fraud OR money laundering OR sanctions OR terrorism, etc.
These can also be modified using wildcard searches (where you replace the suffix of a particular search term with an asterisk). Where this occurs, a search engine will identify all variants of the root search term (e.g. corrupted, corruption, corrupting, etc.):
Name AND bribe* OR corrupt* OR court* OR convict* OR crim* OR fraud* OR money launder* OR sanction* OR terroris*, etc.
Firms with overseas clients should also consider using negative search terms in multiple languages.
- Street view services such as Google Street allow images of an address or location to be viewed. This helps to verify whether the address matches your understanding of the business.
Stage 2: Client Risk Assessment
- Assess the risk associated with the client based on factors such as industry, location, and the complexity of the financial transactions. For those offices not yet on AMLCC, these should be performed using your current systems.
- Consider any politically exposed persons (PEPs). A PEP is an individual who is entrusted with prominent public functions, other than as a middle-ranking or more junior officials, whether within or outside the UK The risk also extends to certain family members and known close associates of a PEP. Enhanced due diligence (EDD) is required for all PEPs
- Consider if the individual or entity has connections to any high-risk jurisdictions. HM treasury publishes its list of all such countries here: High Risk Third Countries.
TC policy is that all PEP clients, and those with links to high-risk jurisdictions, must be approved by Helen Kay (TC Group MLRO) before the engagement is accepted.
Stage 3: Verification of Information
- Verify the client’s identity through official documents such as a valid passport, valid photo card driving licence, national identity card (non-UK nationals) or identity card issued by the Electoral Office for Northern Ireland.
CCAB guidance states that if the original copy can’t be seen, a suitably certified copy should be obtained.
Biometric ID verification checks are useful when you can’t meet a client in person and certified ID copies aren’t available, or if they’re based overseas. See AMLCC for more details.
- Verify the client’s current address with a document issued within the last 3 months. For example, a utility bill, HMRC correspondence or bank statement.
- Obtain financial statements, tax returns, and other relevant financial information from the client.
- Verify the accuracy of financial information provided by comparing it with external sources or documentation.
All records and risk levels should be updated regularly, and at least annually.
Changes in ownership and structure would always be a trigger for an early review, as would significant changes in trading activities / locations.
Continue to keep an eye on industry-specific news and publications that may contain relevant information about your client’s activities and potential risks, and ensure all reviews are documented.