Customer due diligence (CDD) is a vital process in building a proper Know Your Customer (KYC) system, and simplified due diligence (SDD) is the lowest level of CDD that’s meant to be employed for low-risk customers. Typically, standard due diligence is applied for low and medium-risk customers, while enhanced due diligence (EDD) suits high-risk customers.
In this article, we’ll discuss simplified due diligence, its use cases, and how it compares to full CDD processes like EDD. By the end, you’ll have a better understanding of how to establish your own due diligence program.
What is Simplified Due Diligence (SDD)?
Simplified due diligence (SDD) is a streamlined approach to a more straightforward form of due diligence when the risk for a customer (individual or legal entity), such as money laundering or terrorist financing, is deemed as low or negligible. Compared to other forms of due diligence, the SDD process consists of fewer clicks and is a quicker model of identity verification.
Based on the level of risk associated with customers, different levels of due diligence can be applied. Naturally, customers with lower risk will undergo simplified due diligence (1). Customers with moderate risk will undergo standard due diligence (2), while customers with higher risk will follow enhanced due diligence (3).
Simplified Due Diligence Requirements
Since it’s the lowest level of due diligence, SDD consists of less intensive methods to gather customer information. However, it shares the same requirements as standard due diligence but with a lower threshold for meeting these requirements.
According to the Financial Action Task Force (FATF), simplified due diligence must include:
- Verifying and identifying all customers
- Verifying and identifying all beneficial owners (when doing business with companies)
- Understanding the purpose and nature of the relationship (developing customer risk profiles)
- Conducting ongoing monitoring
Financial institutions have the freedom to build their own SDD protocols. Despite that, if their enforced measures do not align with the mentioned CDD requirements, it can lead to non-compliance and legal penalties.
Simplified Due Diligence vs Customer Due Diligence
Simplified due diligence differs from higher-level due diligence approaches in terms of scope. SDD has a narrower focus, primarily collecting information from publicly available sources. In contrast, customer due diligence involves more extensive investigations and in-depth analysis. Another key difference is that SDD is generally used for low-risk transactions.
The simplified due diligence process should align with the lower risk factors. For example, SDD measures may be applied only to some aspects of ongoing monitoring or may be shifted towards the customer acceptance process.
How simplified due diligence measures differ and must include:
- Identity verification. Verifying customers and beneficial owners after establishing the business relationship. This is particularly important when the customer’s account transactions exceed a specific threshold.
- Data collection. Instead of collecting information or implementing specific measures to understand the nature of the business relationship, SDD involves inferring such details from the type of transaction or business relationship that has been established.
- Frequency. SDD means reducing the frequency of customer identification updates. Similarly, decreasing the level of ongoing monitoring based on the reasonable monetary threshold.
However, it is important to note that while a customer may have a lower risk of money laundering and terrorist financing during identification and verification, it doesn’t necessarily mean that they are also at a lower risk during the whole stage of ongoing monitoring. In other words, customer risk levels can change over time.
💡 Related: What is the Difference Between CDD and EDD?
When is Simplified Due Diligence Needed?
When a customer, product, or service meets the criteria for simplified due diligence, your main obligation is to verify the customer. However, it’s also very important to monitor the business relationship for any trigger events that might necessitate additional due diligence in the future.
Remember that simplified due diligence is only needed when there’s a low risk of financial crime, tax evasion, money laundering, or terrorist financing.
The FATF recommends that due diligence measures need to be applied in cases when:
- Establishing a new business relationship.
- Suspicion arises regarding possible money laundering or terrorist financing.
- The institution doubts the quality of previously obtained customer identification data.
- Executing occasional transactions above the threshold of USD/EUR 15,000.
Some scenarios when simplified due diligence is needed are when the customer is a government entity, they are a publicly-known company, are known to be regulated by an authoritative body, or their products and services are known to carry a low risk of money laundering.
What are the Stages of Simplified Due Diligence?
These stages explain the whole cycle of simplified due diligence:
1. Obtaining Identifying Information
The first stage of SDD is the customer identification process (CIP). Companies conduct this process before starting a new business relationship. During the customer onboarding procedure, businesses must obtain identifying data that will be used to verify their clients. That means they must ensure that the data they collected and verified is correct. This way, organizations mitigate the risk of onboarding individuals with altered ID documents or fake identities.
2. Determining the Level of Due Diligence
After the companies verify the customer’s identity, they must choose the type of due diligence that must be performed. When selecting the appropriate due diligence level, organizations need to take into account various factors, including the customer’s type, occupation, ownership structure, as well as the products and services they offer. It depends on the jurisdiction, compliance requirements, operating industry, and level of security the company aims to build when conducting its risk assessment.
3. Proceeding With the Chosen Type of Due Diligence
If it’s a low-risk customer, then a simplified and less detailed identity verification process is acceptable. In this stage, companies can use public information or fewer documents to confirm their identity. Beneficial owners can be identified without extra information or documentation. However, it’s important to note that manual methods are more time-consuming and labor-intensive compared to automated verification solutions. These AI-powered tools can scan and validate IDs, check beneficial owners, and perform quick background checks on both companies and individuals being verified.
4. Conducting Ongoing Monitoring
After the company verifies the customer’s identity and successfully onboards them to their platform, they must ensure that no fraud arises during the time they use their services. Usually, organizations undertake ongoing monitoring measures to guarantee that the customer remains low-risk during the whole customer cycle. If any suspicious activity is detected or “flagged” during the monitoring process, companies can decide to switch to higher levels of due diligence, such as enhanced due diligence.
Simplified Due Diligence Use-Case Examples
Take a look at a few use-case examples of simplified due diligence for businesses:
- Employee hiring. Organizations can perform simplified due diligence before hiring new staff members, especially those who are applying for security-related positions. This can involve verifying educational qualifications, checking references, conducting basic background checks, and reviewing online presence.
- Customer onboarding. Companies, especially those in the financial sector, can employ simplified due diligence measures when onboarding new customers for low-risk products, such as basic savings accounts. This approach helps ensure compliance and minimizes the expenses required for extensive due diligence processes.
- Vendor check. Businesses can assess the risks linked to a new supplier or a vendor by using simplified due diligence. That means companies must check their legal status, financial stability, and track record by accessing public data and requesting key documents such as licenses or certifications.
While simplified due diligence provides valuable insights, remember that it may not be appropriate in riskier scenarios. For high-stakes situations, organizations need to conduct a higher level of due diligence or seek the assistance of compliance professionals.
Effective Simplified Due Diligence Using Automation
It’s clear that SDD compliance is simpler and less time intensive than standard due diligence, but it can be a hassle for compliance officers to manually gather documents, check identity information, review adverse media resources, or access and download various documents from public databases.
Using iDenfy’s feature-rich fraud prevention platform, you can automate your onboarding process, ensure complete KYC/AML/KYB compliance and streamline due diligence checks that can actually help you scale, not to mention reduce friction for your users.