Customer Due Diligence: Preparing for Focus in U.S. Regulatory Examinations

November 22, 2019 by Jason Tran


The customer due diligence (CDD) rule went into effect May 11, 2018. Now that firms have had sufficient time to make any necessary changes needed to implement the rule, it is likely that regulators will focus on CDD implementation within examinations.

The second and third lines of defense at a financial institution need to be able to anticipate areas of supervisory interest connected to the CDD rule so they can ensure proper compliance prior to an examination. They should also understand that these areas present potential risks, beyond just compliance risk if they are not managed correctly.

Below are six key areas to focus on when preparing for a CDD supervisory exam:

  1. Look through a risk-based lens – Having a good risk assessment program in place that leads to the identification of key risks is crucial. In particular, internal auditors should pay attention to how their organization identifies CDD risks in the new products they offer to customers.
  2. Engage responsibly with CDD RegTech – New smartphone apps designed to assist authentication of customer identities should be carefully considered and properly vetted. These apps enable customers to take pictures of and upload their personal documents. These apps are popular with customers because they streamline the customer experience and save time by eliminating a physical trip to their bank. Internal audit teams should diligence and review these apps carefully to ensure they meet today’s CDD regulatory standards.
  3. Ensure compliance with beneficial ownership – Internal auditors should also look closely at beneficial ownership identification programs. Financial institutions must, under the CDD rules, identify individuals or organizations that have more than a 50% stake in a company as a beneficial owner. There are also challenging requirements about identifying combined stakes. For example, if two siblings each owned 25% of a company, the combined 50% would mean they would be considered beneficial owners. Identifying beneficial ownership correctly requires good data as well as alert analysts and investigators. Supervisors may be expected to pay close attention to beneficial ownership compliance over the next year.
  4. Invest in employee education – Firms need to ensure proper training is provided to their employees regarding their personal responsibilities within the new CDD policies and processes. Training should be specific and tailored to suit individual roles as needed. For example, employees that develop new products should be trained to include CDD considerations from the early stages of the design process. All training should be tracked and documented should proof of training be needed within an examination.
  5. Build a culture of compliance – Employees need to understand the rules and the processes they must follow, it is also important for them to understand why the processes are in place, what the expected outcomes are, and what level of personal responsibility they carry when following the rules. Employees taking responsibility for their work should be able to catch common issues like contradictory data (such as birth date and age not matching) and flag them within the CDD process itself.
  6. Embrace financial crime detection technology – Regulators are investing in technology and expect financial institutions to do the same. Not only does technology make CDD compliance processes more sustainable, it automatically creates an audit trail of those processes, which can then be evidenced to both internal audit teams and supervisory examiners. When it comes to suspicious transaction monitoring software, organizations should ensure their model validation approach can stand up to scrutiny from both auditors and regulators.

The second and third lines of defense at a financial institution need to be aware of the important areas of supervisory interest when conducting their own internal audits of the CDD element of anti-money laundering programs. Paying particular attention to the six areas listed above can help firms to better prepare for a regulatory exam and reduce risk for the firm as a whole.

How ACA Can Help

ACA Telavance has expertise in implementing BSA, CDD, and OFAC solutions for Financial Institutions. We can assist your firm with:

  • Defining rules to identify the legal entities and accounts that are subject to the CDD rule
  • Modifying questionnaires or onboarding systems to capture necessary information required for beneficial owners and controlling persons
  • Enhancing the interface of existing OFAC and CIP systems to include minimum screening and verification
  • Introducing additional risk elements to identify high risk customers based on beneficial ownership information
  • Defining rules in BSA and CTR systems to include beneficial owners in SAR and CTR reporting

ACA can also assist with vendor due diligence of CDD technology providers you may use or consider using. Find out how we can help your company save valuable time and resources managing your third-party vendors.

For more information about how we can help your company meet the CDD rules, contact us to submit an inquiry.

Additional Resources

About the Author

Viet (Jason) Tran is a Director at ACA Telavance with over 12 years of experience in providing audit and consulting services in the financial services industry. He has extensive regulatory compliance experience advising financial institutions, online payment processors and FinTech organizations in the areas of Bank Secrecy Act (BSA) / Anti-Money Laundering (AML) and Office of Foreign Asset Control (OFAC Sanctions) requirements. He also has extensive accounting and operations experience and he is CAMS certified.

Prior to ACA Telavance, Jason was a VP at a Top 10 Global Financial Institution, leading the AML Audit group as Head of Assignment for all U.S. AML audit assignments.

Jason received his Bachelors of Business Administration accounting degree from James Madison University in Harrisonburg, Virginia.