Customer Due Diligence (CDD)
Customer Due Diligence (CDD): standard-level identity verification obligations financial institutions must perform to prevent money laundering.
Summary
Customer Due Diligence (CDD) refers to the standard-level obligations that financial institutions and other obliged entities must apply when establishing and maintaining business relationships with customers. CDD is defined in FATF Recommendation 10 (formerly Recommendation 5 in the 2003 revision) and its associated Interpretive Notes. It is a cornerstone of anti-money laundering compliance and forms the foundation of the risk-based approach under FATF standards.
- Identity verification: Identifying and verifying customer identity using reliable, independent sources
- Beneficial ownership: Identifying the ultimate beneficial owner for legal entities
- Business relationship: Understanding the purpose and intended nature of the business relationship
- Ongoing monitoring: Continuous monitoring of the relationship and transactions carried out
- Risk-based approach: Intensity of checks proportionate to the customer's risk profile
History
In the EU, basic customer identification obligations were first established by the First Money Laundering Directive (1991). However, formal CDD requirements in the modern sense emerged with the 2003 FATF Recommendations (Recommendation 5) and were implemented in EU law through the 3rd AMLD (2005). Subsequent directives (4AMLD 2015, 5AMLD 2018) progressively expanded these requirements. CDD gained particular prominence following the September 11, 2001 terrorist attacks, which intensified international pressure for stricter customer due diligence standards. The FATF 2012 revision refined and restructured CDD requirements, clearly differentiating between simplified (SDD), standard (CDD), and enhanced due diligence (EDD), and consolidated the Special Recommendations into the overall framework (now Recommendation 10). The 6th AMLD (2018/1673/EU, applicable from December 2021) strengthened criminal penalties for money laundering. The comprehensive EU AML Package, adopted on 19 June 2024, harmonises CDD requirements for the first time as directly applicable EU law through the new AML Regulation (AMLR) and establishes the Anti-Money Laundering Authority (AMLA) as a new European supervisory body.
Scope
CDD applies globally to financial institutions (banks, insurers, securities firms), money service businesses, and certain non-financial businesses and professions (notaries, lawyers, real estate agents, accountants, casinos). It affects all jurisdictions that have implemented FATF Recommendations, as well as all countries with AML/CFT legislation. In the EU, CDD is mandatorily governed by the EU Anti-Money Laundering Directives.
Key Requirements
- Identification and verification of the customer's identity upon establishing the business relationship
- Identification and verification of the beneficial owner
- Obtaining information on the purpose and intended nature of the business relationship
- Ongoing monitoring of transactions and keeping customer records up to date
- Refusing or terminating the business relationship when CDD cannot be completed
- Risk-based intensity levels: simplified, standard, enhanced
- Enforcement and penalties: Failures to comply with CDD obligations can result in significant fines, supervisory measures (e.g. licence revocation), and criminal consequences
Corrections & Errata
2 corrections:
- Contradiction: CDD as distinct concept in 2003 vs. 2012
- History: First AMLD 1991 did not contain formal CDD requirements
2 updates:
- Missing reference to FATF Recommendation 10 as core CDD standard
- 6AMLD and EU AML Package 2024 completely missing
3 clarifications.
3 notes.