Customer Due Diligence (CDD) is the standard process of gathering and verifying information about customers to assess and manage anti-money laundering (AML) risk. For business customers, CDD drives KYB requirements.
The CDD Framework
CDD sits between Simplified Due Diligence (SDD) for low-risk relationships and Enhanced Due Diligence (EDD) for high-risk cases—implementing the risk-based approach mandated by FATF.
The FinCEN CDD Rule (Four Pillars)
The 2016 FinCEN rule requires covered institutions to:
| Pillar | Requirement |
|---|---|
| 1. Customer Identification | Identify and verify customer identity |
| 2. Beneficial Ownership | Identify and verify UBOs of legal entity customers |
| 3. Understanding the Relationship | Understand the nature and purpose of the relationship |
| 4. Ongoing Monitoring | Conduct ongoing monitoring and update customer information |
The beneficial ownership requirement was groundbreaking—before the CDD Rule, there was no explicit federal mandate to identify the individuals behind business customers.
CDD for Business Customers
When the customer is a business, CDD encompasses:
- Entity verification: Confirm the legal entity exists via Secretary of State records
- Beneficial ownership: Identify all individuals with 25%+ ownership or significant control
- KYC on owners: Verify each beneficial owner’s identity
- Risk assessment: Evaluate based on industry, jurisdiction, ownership complexity
CDD vs. CIP
Customer Identification Program (CIP) establishes the baseline: verify that customers are who they claim to be. CDD builds on this with deeper understanding of customers and their risk profiles.
See Customer Due Diligence for a complete framework.