Industry

Know Your Customer (KYC) vs. Customer Due Diligence (CDD): What's the difference?

Learn what KYC and CDD are, why they're important, how they differ, and more.

Icon of a person signifying KYC
Last updated:
5/31/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • KYC is a process that involves verifying current or prospective customers’ identities, while CDD is a set of ongoing processes designed to assess customer risk. CDD is a key component of KYC.
  • The biggest difference between KYC and CDD processes is when they occur during the customer interaction.
  • KYC and CDD are required for some industries, and they can also help deflect bad actors.

For the ever-growing number of businesses interacting with customers solely in the digital world — from insurance agencies to cryptocurrency exchanges — ensuring reliable identity verification (IDV) processes is an absolute must. 

Cautionary tales of failed identity verification are not hard to come by: in 2022, Credit Suisse was embroiled in a rolling wave of scandals for failing to verify the identities of criminals, corrupt politicians, and drug traffickers using its services.

The only way to avoid such failures is to understand two key customer identification processes: Know Your Customer (KYC) and Customer Due Diligence (CDD).

What are KYC and CDD?

Know Your Customer (KYC) is a process that involves verifying current or prospective customers’ identities. It’s sometimes referred to as “Know Your Client” or simply “identity verification.” KYC can be applied to both individual users and businesses (though business verification is called Know Your Business (KYB) or corporate KYC and has slightly different requirements). 

Many countries legally require specific industries — such as cryptocurrency exchanges, banks, and gambling companies — to meet certain KYC compliance standards to aid in the detection, reporting, and ultimate reduction of fraud and financial crimes.

Customer due diligence (CDD) is a set of ongoing processes designed to assess customer risk, and is a key component of KYC. In the US, CDD is enforced by FinCEN, which requires financial institutions to meet four key requirements:

  1. Identify and verify all customers or clients.
  2. Identify and verify all beneficial owners of companies you want to do business with. (It’s generally accepted to investigate any individual(s) who controls and/or owns 20% or more of the company.)
  3. Understand the nature and purpose of customer relationships to develop customer risk profiles.
  4. Conduct continuous monitoring of customer activity and transactions to identify and report suspicious activity.

Why are KYC and CDD important?

Some businesses are required to know who they are doing business with. This includes financial institutions — such as cryptocurrency exchanges, insurers, and fintech companies — which are subject to anti-money laundering (AML) rules under the Bank Secrecy Act and related laws. But it also includes businesses that operate in other regulated industries, such as online gambling, travel, and age-restricted commerce, amongst others.

Compliance failures can come at an exceedingly high cost. In 2017, Deutsche Bank AG was fined $425 million by the New York State Department of Financial Services for failing to maintain appropriate AML control policies.

Additionally, KYC protocols can deflect bad actors during the account creation process and help organizations gather information for use in subsequent monitoring — for example, where a user usually logs in and the types of transactions they typically make. Companies that ensure proper KYC and CDD processes safeguard their customers against fraud by continuously monitoring for suspicious activity. CDD can also assist law enforcement by gathering data to document crimes — such as money laundering, terrorist financing, and fraud.

Free white paper
See how experts evaluate KYC solutions

What is the main difference between KYC and CDD?

The biggest difference between KYC and CDD processes is when they occur during the customer interaction. 

KYC checks — such as verifying an ID card or a home address — are sometimes limited to the beginning of the customer transaction or account creation process, while CDD explicitly requires continuous monitoring of customers’ interactions with the service.

What are the main functions of KYC?

KYC processes include three main functions:

1. Customer identification program (CIP)

Financial services companies are required by the USA PATRIOT Act to “form a reasonable belief that it knows the true identity of each customer.” This means companies must collect four pieces of identifying information from potential clients: full name, date of birth, legal address, and valid identification number (such as an SSN or TIN).

2. Customer due diligence (CDD)

CDD checks create a risk profile for each customer using identity verification, transaction records, and wealth sources. These checks are ongoing and may occur at any time during the transaction process.

3. Ongoing monitoring

Continuous monitoring includes, at a minimum, monitoring transactions to identify suspicious activity that might point to financial crimes. It can also include additional measures, such as regularly rescreening customers based on relevant risk profiles.

Understanding the different levels of CDD

Companies may enforce different levels of CDD for different types of customer interactions. For example, a customer withdrawing $50 from their banking app should experience only minimal friction, versus if they tried to empty their entire account from a new location. 

The three levels of CDD are as follows:

1. Simplified due diligence

Simplified due diligence is applied to low-risk transactions or customers with known and reliable fund sources. While identity verification is still required, simplified frameworks streamline the process by requiring fewer in-depth checks.

2. Standard due diligence

Standard due diligence is generally required by law for any transaction or customer that doesn’t qualify for simplified due diligence. These processes include the collection and verification of basic customer information, such as customers’ full names and addresses, to decrease risk.

3. Enhanced due diligence (EDD)

Enhanced due diligence is applied to high-risk transactions and individuals. This may include high-value transactions or transactions from higher-risk individuals such as politically exposed persons. Enhanced checks often ask for additional identity documentation or verify asset sources before transactions are approved.

Improve your KYC and CDD procedures with Persona

Poorly integrated KYC procedures bog down your user experience. That’s why it’s important to ensure your verification processes are as streamlined and secure as possible. 

With Persona’s KYC solutions, identity verification decisions can take just seconds, so users can get verified quickly and be on their way. Thanks to Persona’s customizable platform, you can personalize every element — from theme to copy — along the customer’s journey to ensure it feels native to your brand.

Businesses using Persona can offer a custom eKYC experience for each use case and customer. For example, you might offer different verification options for customers without a Social Security number, or add additional steps for individuals whose password has been leaked in a data breach.

Persona’s KYC solutions are constantly being updated to help businesses meet shifting KYC/AML compliance standards and regulation changes worldwide, giving organizations confidence that they’re meeting the right compliance standards no matter where they do business.

Want to learn more about Persona’s KYC and CDD solutions? Read our case studies from Coursera and Square, or get in touch to speak with our experts about your business’s specific needs. We’d love to chat!

Published on:
4/18/2023

Frequently asked questions

No items found.

Continue reading

Continue reading

What is Know Your Customer (KYC) — and why does it matter?
Industry

What is Know Your Customer (KYC) — and why does it matter?

KYC and AML are regulations that require businesses to verify their customers’ identities. Here’s what you need to know.

CDD vs EDD: What’s the difference?
Industry

CDD vs EDD: What’s the difference?

Explore how CDD and EDD work and learn when each is necessary.

What is a Customer Identification Program (CIP)?
Industry

What is a Customer Identification Program (CIP)?

Learn what a CIP is, how it works, and what requirements CIPs need to meet.

Ready to get started?

Get in touch or start exploring Persona today.