5 Steps to Customer Due Diligence Compliance
in Compliance & Regulatory
By: Nicola Foggie, NJCUL Vice President, Compliance and Regulatory Affairs

The Financial Crimes Enforcement Network’s (FinCEN) final rule, in 2016, added a 5th BSA Compliance Pillar that imposed new requirements for identifying and verifying beneficial owners of legal-entity customers. This new rule, amending the Bank Secrecy Act, became effective in July 2016, and all federally insured credit unions must comply fully by May 11, 2018.  Along with credit unions requirement to comply with the existing components of the Customer Due Diligence (CDD) rule, it can all get a bit confusing.

So, what exactly is CDD? And why is it so important?
CDD is a critical element of effectively managing risk and protecting you, and your business, against potential association or involvement with financial crimes and nefarious activities. CDD processes are crucial for knowing your member (KYM), and in most cases, CDD involves identifying your member and understanding their activities. This then allows you to assess their risk profile. In the case of high-risk members sometimes, Enhanced Due Diligence (EDD) is needed.  This is additional information that must be collected for in order to provide a deeper understanding of member activity to mitigate risks. Member risk assessments can be used to determine which level of due diligence is required.

In order to ensure that your credit union is following best practices, here are 5 steps to improve your CDD processes:

Step 1 – Perform CDD measures before entering into a business relationship with your member to detect any bad actors early on.
Ascertain the identity and location of the potential member, and gain a good understanding of their business activities. This can be as simple as locating documentation that verifies the name and address of your member. You have to first decide whether a member fits your established risk profile, before entering into a business relationship with them. You can only do this by undertaking the appropriate CDD measures. This ensures that identity thefts and any potential forgeries can be detected early on.

Step 2 – Strengthen your processes when vetting third parties.
You may rely on third parties to help you perform due diligence, however it’s important to choose these parties or providers wisely because the ultimate responsibility for CDD measures remain with you, the credit union, – not the third party. Sometimes, the only way to get the information required for CDD is through a trusted third-party so it’s important to ensure that their standards and best practices are aligned with your business. At the end of the day you are liable and will be fined or penalized for non-compliance.

Step 3 – Ensure that pertinent information has been collected and stored securely.
When authenticating or verifying a potential member, classify their risk category and define what type of member they are, before storing this information and any additional documentation digitally. Having a meticulous and comprehensive process for documenting CDD-related information is not only highly effective, it also mitigates any potential risk for you as a business.

Step 4 – Detect if there is a need for EDD.
Beyond basic CDD, it’s important that you carry out the correct processes to ascertain whether EDD is necessary. This can be an ongoing process, as members have the potential to transition into higher risk categories over time so, conducting periodic due diligence assessments can be beneficial. For example, most jurisdictions require politically exposed persons (PEPs) to go through the EDD process. Other factors that might trigger EDD are high transaction value accounts, accounts that deal with high-risk countries, or accounts that deal with high risk activities. Factors to consider to determine whether EDD is required include, but are not limited to the;

  • Location of the person
  • Occupation of the person
  • Type of transactions
  • Expected pattern of activity in terms of transaction types, dollar value and frequency
  • Expected method of payment

Again, this protects you and your business against any involvement with nefarious activities and also ensures that you are meeting various KYM and Anti-Money Laundering (AML) regulatory requirements.

Step 5 – Keep historical records on hand.
Store records of instances of CDD and EDD securely, in a digital format. Keeping records of all the CDD and EDD performed on each member, or potential member, is necessary in case of future regulatory obligations.

Want to know more? Join us for the NJCUL's FREE "Beneficial Membership is Here: Customer Due Diligence Compliance" webinar on Thursday, May 10, 10:00 am – 11:00 am. Click here to register to attend.