Are you struggling to understand when to do Enhanced Customer Due Diligence (ECDD) on a prospective customer? If you’re feeling confused about when to do ECDD, you’re not alone.
Engaging with customers and activities that pose greater money laundering and terrorism financing (ML/TF) risks calls for anti-money laundering (AML) reporting entities to apply an enhanced level of Customer Due Diligence (CDD) – this is known as Enhanced Customer Due Diligence (sometimes called “EDD” or “ECDD”).
ECDD helps to minimize the risks of engaging with high-risk customers or carrying out high-risk transactions by requiring AML reporting entities to apply a greater level of scrutiny when conducting CDD in these situations.
However, knowing exactly when to apply ECDD is not always clear-cut. In many cases, there are explicit legal requirements that automatically call for ECDD to be applied. In other cases, you will need to weigh up ML/TF risk factors in the context of your business to decide if a potential customer or activity requires ECDD.
In this blog, we’ll explore when to apply ECDD in more detail, including:
- Customers and activities that automatically call for ECDD
- Other ECDD factors to consider
- Maintaining effective ECDD compliance standards
Customers that automatically call for ECDD
Let’s start with the easy ones. There are various circumstances set out in the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (The AML/CFT Act) where ECDD is automatically required.
These circumstances may apply to a customer that is seeking to conduct an occasional transaction or activity with you, or a new customer you are establishing a business relationship with.
You must conduct ECDD whenever your customer is:
- A trust or another vehicle for holding personal assets
- A non-resident customer from a country that has insufficient AML/CFT systems or measures in place
- A company with nominee shareholders or shares in bearer form
- A company with nominee directors
- A limited partnership or overseas limited partnership with nominee general partners
- A Politically Exposed Person (PEP)
- Seeking to conduct a complex, unusually large transaction or unusual pattern of transactions that have no apparent or visible economic or lawful purpose
You must also conduct ECDD in situations when:
- You establish a relationship with a customer that involves new or developing technologies or new or developing products that might favour anonymity
- You are an ordering institution, an intermediary institution, or a beneficiary institution in relation to a wire transfer greater than $1,000
- You have, or propose to have, a correspondent banking relationship
- You become aware that you must report a Suspicious Activity Report (SAR)
Whenever one or more of these customers or situations is present, you must conduct ECDD on your customer, usually before any activities or transactions have commenced.
Other ECDD factors to consider
But wait, there’s more to it. The AML/CFT Act also specifies a requirement that ECDD should apply whenever a reporting entity considers that the level of risk involved is such that ECDD should apply. Essentially, this is a board requirement that captures any other situation that you deem to be high-risk for ML/TF that is not specifically identified in the Act.
The situations may arise from factors associated with the size, nature and complexity of your business, your customers, your products/services, and your methods of delivery, as well as the types of institutions and countries that you deal with. We’ve pulled together some factors that may help you consider if a potential customer or activity requires ECDD.
These include:
- Country risks (e.g. engaging with customers from countries associated with sanctions, conflict or terrorism, high-levels of crime or corruption)
- Customer behaviour (e.g. customers requesting anonymity, urgency or offering to pay extraordinary fees for services)
- Other ML/TF ‘red flag’ indicators (e.g. large quantities of physical cash, requests to structure transactions in unusual or unexpected ways, third-party involvement)
- Customer’s business and networks (e.g. your customer’s customers, your customer’s products and/or services, adverse media coverage)
- Accuracy and legitimacy of identity documents (e.g. fraudulent documents or IDs)
- What is normal or expected (e.g. expected wealth profile and/or patterns of activity/transactions given what you know about a customer)
The starting point for situations where these ML/TF risks may arise should be based on the findings of your AML Risk Assessment and they will be particular to your business.
Maintaining effective ECDD compliance standards
Well-documented policies and procedures are the way to go. As an AML reporting entity, you need to take steps to Know Your Customer (KYC) to comply with AML legislation as well as protect yourself and your business from criminal activity.
Effective CDD compliance starts with taking steps to ensure you know who you are dealing with, understanding their activities, and assessing their risk of ML/TF. Gathering required identity information and validating the accuracy of that information is often the first step to CDD compliance and reducing risk.
After that, you need to determine what is a low or medium-risk customer or account activity in the context of your business (requiring Standard CDD or even Simplified CDD), and the types of customers or activities that present higher ML/TF risks, where ECDD will apply.
These determinations might form the basis of a customer classification system you put in place to set out the different types of customers or account activities where ECDD will apply. Having clearly defined and documented procedures will make it easier for staff to adhere to your ECDD procedures and for compliance staff to report to supervisors, if necessary.
Train your staff on ECDD
Engage in some good quality training. AML laws also require reporting entities to have staff AML training programmes in place for appropriate or relevant employees. Training is one of the most important ways to stress the importance of AML requirements and educate employees about when ECDD will apply.
If you are ready to deliver a revolutionary training experience to train your team on ECDD, have a look at our Enhanced Customer Due Diligence (ECDD) course, browse our website, or get in touch with our friendly team.
Remember… ask for help
Before you go. Don’t forget that there are places you can go for additional guidance. We hope the thoughts we have shared in this article are helpful, but they’re not intended to be taken as legal advice. Always consult the legislation when making decisions about your AML compliance programme. If you have questions about a specific situation, you can reach out to the AML supervisors at Financial Market Authority or The Department of Internal Affairs for additional guidance.
