Customer Due Diligence
This article discusses the Customer Due Diligence process and the solution that DEX Regulatory Suite provides to support the Customer Due Diligence process.
Customer Due Diligence
In recent years, issues such as money laundering, terrorist financing, fraud, corruption and sanctions legislation have received full attention, because these crimes have a major impact on our society. Because these crimes are manifested through our financial system, legislation has been developed for financial institutions to prevent and combat these crimes. DNB and the AFM supervise financial institutions.
Literally, Customer Due Diligence means 'due diligence for the customer'. This means that financial institutions must know their customers well to ensure that no financial crimes are committed. Some important things a financial institution should know about its customer in the context of CDD are:
The Customer Due Diligence process is developed by financial institutions to know their clients and not to establish relationships with persons who could damage trust in the financial company. When a company falls under the scope of a law or regulation (Wwft, SW, AMLD) and a relationship is entered into with a potential customer, a CDD investigation must be performed. A CDD study is a risk assessment and risk assessment in accordance with the guidelines of relevant legislation.
Without CDD, companies expose themselves to fraud and fines for non-compliance with the requirements set out in laws and regulations. Failure to comply with laws and regulations can result in large fines for companies, not to mention possible reputational damage.
Implementation CDD
Financial organizations develop CDD and Sanctions policies on the basis of legislation and regulations. This policy describes how financial institutions want to implement CDD legislation and regulations.
Implementing the developed policy seems simple, but practice shows otherwise. In addition, developments in this area follow each other in rapid succession and it is important to adapt the CDD processes quickly. But why is implementing policy so difficult now?
The Wwft and Sanctions Act consist of abstract descriptions in which it is not stated how the CDD investigation should be carried out. Many organizations have difficulty translating CDD policy into practical implementation. However, it is crucial to get this right right away. When the policy has been implemented and adjustments have to be made, this often means remedial work. This is time consuming and therefore costs a lot of money.
A few points are listed below that a good methodology must meet:
DEX Data Explorers has developed DEX Regulatory Suite for Customer Due Diligence (CDD). The software supports organizations that fall under the Wwft to properly implement their CDD policy. The solution is designed in such a way that someone who has less experience with conducting CDD research can still carry out a good investigation. The process is shown in the next section.
DEX Regulatory Suite CDD Process
In the CDD process, an institution collects a lot of information, which is often recorded in a rather unstructured way, for example in a Word file. DEX CDD supports the entire CDD process for Natural Persons (NP) and Non Natural Persons (NNP, business entities).
The diagram below briefly shows the CDD process.
The CDD process is explained below per process step.
Create customer profile
The term Know Your Customer (KYC) means that you know who your customer is. That is why every CDD study starts with creating a customer profile. This is the basis of good customer research. The better this is carried out, the better the risks can be determined at the customer. The customer profile includes the following elements:
When the customer profile has been drawn up (based on supporting documentation), you basically already know a lot about the customer. Now it is important that a risk assessment must be made of the customer in relation to the risks specified in the law (money laundering, terrorist financing, fraud, corruption and sanctions legislation). This is done by conducting the basic research.
DEX RS for CDD records the files, the different aspects of the CDD file can be maintained.
Basic research
In the basic research, risk indicators have been identified for Natural persons and Non-natural persons to be able to detect risks as specified in the Wwft and Sanctions Act. The following risk indicators apply to the NP and NNP.
Natural Persons |
Non-Natural Persons |
Geographical Risk |
Geographical Risk |
Sector Risk |
Sector Risk |
Transaction Risk |
Transaction Risk |
Product/service risk |
Product/service risk |
PEP risk |
PEP risk |
Transaction Risk |
Transaction Risk |
Third Party Risk |
Third Party Risk |
Negative Signals Risk |
Negative Signals Risk |
- |
Structure Risk |
- |
Legal Form Risk |
Basic questions have been developed for each risk indicator. When the customer profile is properly drawn up, the basic questions of the risk indicators can be answered. By answering these questions it becomes clear whether there are risks at the customer that need to be further investigated.
DEX RS shows the customer's risk profile based on the answers given.
Example of determining geographical risk
A Private Limited Company (BV) that wants to become a customer of your organization has activities in a high-risk country, Syria. The analyst can indicate in the basic research that the client has activities in Syria.
Syria is a high risk country, but why is this country a high risk? In a database, it is worked out per country whether the country concerned has risk-increasing factors in the area of the risks specified in the Wwft and SW (money laundering, terrorist financing, fraud, corruption, sanctions legislation).
Syria is a high-risk country where all risks (listed in the Wwft and SW) apply. This means that it must be investigated whether the aforementioned risks can be mitigated for the potential customer. By filling in Syria in the basic questions, follow-up questions are automatically triggered in the field of money laundering, terrorist financing, corruption/fraud and sanctions legislation. By answering these questions it becomes clear whether the geographic risk has been mitigated enough to enter into a business relationship.
If none of the basic questions results in a medium or high risk, it is determined that there are no risk-increasing factors and the customer can be classified in the low risk category.
In that case, the investigation is completed. When there is a 'hit' on one of the basic questions, in-depth questions must be answered, i.e. the follow-up research.
Follow-up research
The in-depth questions are automatically selected depending on which questions are triggered in the basic survey. The example below shows which questions are triggered based on the increased Geographical risk.
This makes it clear to everyone within the organization which follow-up research must be carried out for the risks that are triggered in the basic research.
Below are some of the follow-up questions that have been selected on the basis of identified risks.
Assess risk based on the conducted research
After the basic research has been carried out and possibly also the follow-up research, the final conclusion can be drawn up. In this final conclusion it should be made clear which risk classification is advised and why it is advised. It is then important that the risk classification is accepted by an authorized employee(s). This data is all logged, so that everything is reproducible.
Determine how the risks are managed
In the previous step, the final conclusion was established and the risk classification was accepted. The risk classification is already a kind of management measure. The higher the risk, the more often the customer must be analyzed for changes in the customer situation that could influence an increased risk.
Additional management measures may also be required. For example, if new annual figures will be released soon and the organization would still like to receive this, a management measure can be introduced.
In DEX Regulatory Suite for CDD, the control measures can be recorded and monitored for proper compliance. This completes the CDD process.
Output, management information, recording documentation
With DEX RS for CDD, an entire file can be easily exported to Excel.
DEX RS for CDD has a number of predefined management reports, with which, for example, the progress of the handling of follow-up actions can be followed. It is also possible to easily add your own reports.
It is also possible to archive underlying documentation, for example identification documents or transaction overviews, in the system. In this way, an easily accessible archive is built up per file.
Benefits of DEX Regulatory Suite for CDD
Below we list some key benefits of DEX Regulatory Suite for CDD:
Norwin van Harmelen and Addition Knowledge House
DEX RS for CDD was developed in a collaboration between Norwin van Harmelen and Addition Knowledge House.
Norwin van Harmelen has many years of experience in setting up, implementing and managing Due Diligence processes. Based on this experience, Norwin developed the process that underpins DEX Regulatory Suite for CDD.
Addition Knowledge House (http://www.addition.nu) is a DEX Regulatory Suite reseller. Addition Knowledge House provides the following services related to DEX Regulatory Suite:
Every situation is unique. That is why Addition Knowledge House is happy to discuss with you how we can optimally support your process.
DEX Regulatory Suite
DEX Regulatory Suite is the solution of DEX Data Explorers marketed by Addition Knowledge House. In addition to DEX RS for CDD, there are modules of DEX Regulatory Suite that support various regulatory reports. DEX Regulatory Suite supports the following regulations:
Available solutions
DEX Regulatory Suite supports the following regulations:
Addition Knowledge House and DEX Regulatory Suite
Addition Knowledge House (www.addition.nu) is a reseller of DEX Regulatory Suite. Addition Knowledge House delivers the following services with regards to DEX Regulatory Suite: