The customer due diligence (CDD) rule went into effect May 11, 2018. Now that firms have had sufficient time to make any necessary changes needed to implement the rule, it is likely that regulators will focus on CDD implementation within examinations.
The second and third lines of defense at a financial institution need to be able to anticipate areas of supervisory interest connected to the CDD rule so they can ensure proper compliance prior to an examination. They should also understand that these areas present potential risks, beyond just compliance risk if they are not managed correctly.
Below are six key areas to focus on when preparing for a CDD supervisory exam:
- Look through a risk-based lens – Having a good risk assessment program in place that leads to the identification of key risks is crucial. In particular, internal auditors should pay attention to how their organization identifies CDD risks in the new products they offer to customers.
- Engage responsibly with CDD RegTech – New smartphone apps designed to assist authentication of customer identities should be carefully considered and properly vetted. These apps enable customers to take pictures of and upload their personal documents. These apps are popular with customers because they streamline the customer experience and save time by eliminating a physical trip to their bank. Internal audit teams should diligence and review these apps carefully to ensure they meet today’s CDD regulatory standards.
- Ensure compliance with beneficial ownership – Internal auditors should also look closely at beneficial ownership identification programs. Financial institutions must, under the CDD rules, identify individuals or organizations that have more than a 50% stake in a company as a beneficial owner. There are also challenging requirements about identifying combined stakes. For example, if two siblings each owned 25% of a company, the combined 50% would mean they would be considered beneficial owners. Identifying beneficial ownership correctly requires good data as well as alert analysts and investigators. Supervisors may be expected to pay close attention to beneficial ownership compliance over the next year.
- Invest in employee education – Firms need to ensure proper training is provided to their employees regarding their personal responsibilities within the new CDD policies and processes. Training should be specific and tailored to suit individual roles as needed. For example, employees that develop new products should be trained to include CDD considerations from the early stages of the design process. All training should be tracked and documented should proof of training be needed within an examination.
- Build a culture of compliance – Employees need to understand the rules and the processes they must follow, it is also important for them to understand why the processes are in place, what the expected outcomes are, and what level of personal responsibility they carry when following the rules. Employees taking responsibility for their work should be able to catch common issues like contradictory data (such as birth date and age not matching) and flag them within the CDD process itself.
- Embrace financial crime detection technology – Regulators are investing in technology and expect financial institutions to do the same. Not only does technology make CDD compliance processes more sustainable, it automatically creates an audit trail of those processes, which can then be evidenced to both internal audit teams and supervisory examiners. When it comes to suspicious transaction monitoring software, organizations should ensure their model validation approach can stand up to scrutiny from both auditors and regulators.
The second and third lines of defense at a financial institution need to be aware of the important areas of supervisory interest when conducting their own internal audits of the CDD element of anti-money laundering programs. Paying particular attention to the six areas listed above can help firms to better prepare for a regulatory exam and reduce risk for the firm as a whole.