Customer Due Diligence (CDD) is the broader set of checks and ongoing monitoring that obliged entities are required to carry out on their customers. It encompasses KYC identity verification but goes further — requiring businesses to understand the purpose and intended nature of the business relationship, and to conduct ongoing monitoring of transactions to ensure they are consistent with what the customer said they would do. CDD applies at the start of a relationship, and on a continuous basis throughout it.
EU law sets out three levels of CDD: standard, simplified, and enhanced – these standards are also followed in other jurisdictions such as UK or US. Standard CDD applies to most customers. Simplified Due Diligence (SDD) may be applied where the risk is demonstrably lower — for example, certain regulated financial products. Enhanced Due Diligence (EDD) is mandatory where the risk is higher — for instance, when dealing with Politically Exposed Persons or customers from high-risk third countries. Obliged entities must be able to demonstrate to regulators that their CDD procedures are appropriate and effective.
