Simplified Due Diligence (SDD) is the most basic form of Customer Due Diligence (CDD), an essential step in Anti-Money Laundering (AML) security checks. Having efficient SDD procedures in place can speed up your operations, helping you deliver better service while keeping your customers safe and your business in regulatory compliance.
In this article, we’ll explain what SDD is, how it relates to other types of customer verification procedures used, and what’s required for compliance. We’ll also share how automation can help you increase the efficiency of your SDD and CDD procedures.
What Is the Difference Between CDD and KYC?
Understanding SDD will help to place it in the context of Customer Due Diligence and Know Your Customer (KYC) regulations. CDD regulations are AML safeguards to prevent money laundering by terrorist and criminal organizations. They build on legislation introduced after the terrorist attacks of 2001, and they have been strengthened since 2014 to address more recent terrorism and cybercrime. They require financial providers to:
- Verify customer identity, including the ultimate owners or controlling interests (Ultimate Beneficial Owners or UBOs) behind business entities
- Assess the risk posed by identified customers
- Monitor transactions for risk
- Take precautionary measures when high risk is identified
Know Your Customer is the first step in the CDD process. It requires financial providers to verify the identity of customers opening new accounts. This step is performed through a Customer Identification Program (CIP). For example, customers may be required to provide proof of identity by submitting documents such as driver’s licenses or passports or by having official ID photos checked against live selfies for biometric verification.
Once CIP procedures have fulfilled KYC requirements by confirming a customer’s identity, financial providers must apply criteria to evaluate how much risk of money laundering the customer poses. Different risk factors are assigned numerical weights on a scoring system to provide an objective basis for assessment. Additional security protocols may be invoked when a designated risk threshold is exceeded. Certain red flags may trigger closer scrutiny automatically.
Identity verification and risk assessment procedures are often automated for accuracy and efficiency. For example, text from ID documents can be scanned for comparison with digital databases, while ID photos can be checked by artificial intelligence for authenticity.
Within this framework, SDD functions in the context of CDD. Let’s take a closer look at how this works:
What Are the Three Levels of Due Diligence?
SDD is one of three different levels of due diligence, corresponding to increasing levels of preliminary risk assessment:
- Simplified Due Diligence: relaxed procedures used for low-risk customers
- Customer Due Diligence (Standard Customer Due Diligence): standard procedures used for normal-risk customers
- Enhanced Due Diligence: strengthened procedures used for high-risk customers
Let’s briefly clarify what each of these three levels involves before expanding on SDD:
Simplified Due Diligence (SDD)
SDD is the most basic type of CDD check. It is used for individual customers, and business entities which preliminary screening indicates poses the lowest risks of money laundering. Organizations can use it for the most routine CDD checks to save time. Coupled with automation, Simplified Due Diligence can significantly speed up customer verification for faster customer service.
Customer Due Diligence (CDD or Standard Customer Due Diligence)
CDD is the standard type of due diligence check. It’s used for individuals and business organizations which preliminary screening determines to represent a normal level of risk. It includes procedures to verify customer identity, assess risk, monitor transactions, and mitigate risk when detected.
Enhanced Due Diligence (EDD)
Enhanced Due Diligence is a stricter CDD check performed when a new customer or transaction has been identified as high-risk. For example, it may be used when:
- A customer is operating out of a country subject to sanctions
- A customer is operating in a high-risk industry
- A customer is performing a large transaction that exceeds designated thresholds
- A customer is determined to be a Politically-Exposed Person (PEP) at risk of bribery, extortion, or espionage
EDD requires following more rigorous and robust procedures to verify customer identity, assess risk, and document the due diligence process. For example, more extensive documentation or in-person application may be required to verify customer identity.
So the big picture is that SDD is the least rigorous type of the three levels of Customer Due Diligence, reserved for the least risky situations. Now let’s dig deeper into SDD itself:
What Is Simplified Due Diligence?
Simplified Due Diligence is a streamlined CDD process used when preliminary screening indicates that a new individual or business client poses a low risk of money laundering. When this is the case, financial providers may elect to relax CDD procedures by applying modifications such as:
- Omitting identification of business client UBOs
- Omitting identification of a company’s board of directors
- Omitting determination of the nature of a customer’s business
- Omitting the determination of the laws applicable to a company
- Reducing the intensity of ongoing transaction monitoring procedures
- Reducing the frequency of periodic updates of client information
Relaxing such procedures may allow SDD checks to be performed more quickly by simplifying them and leveraging automation. This automation can increase customer convenience and satisfaction and reduce the provider’s workload. Automated tools can handle most customer applications and transactions, freeing security teams to focus on higher-risk cases. Meanwhile, customers are released from the burden of unnecessarily lengthy security checks, freeing up their time to focus on doing business with you and making them more likely to remain loyal customers.
When Is Simplified Due Diligence Used?
Simplified Customer Due Diligence is typically used under specific scenarios. These include situations when:
- A client is already publicly known to be supervised or regulated by a legitimate organization
- A client is listed on public stock exchanges and already subject to regulatory disclosure requirements
- A client is a government entity
- The customer sells a product or service which represents a low risk of money-laundering
- The transaction amount is low
- The type of payment method or product delivery channel being used represents a low risk
- The customer resides in a country deemed low-risk
To illustrate, a well-known publicly traded company such as Apple probably would qualify for Simplified Customer Due Diligence under most circumstances. On the other hand, a substantial cash deposit might not be eligible for SDD expediting. A client operating out of a country known as a terrorist or money-laundering haven might automatically trigger additional scrutiny.
In addition to the scenarios listed above, financial providers may apply SDD in other situations at their discretion. It’s up to the individual provider exactly when and how to apply SDD procedures. Financial providers seek to develop policies that balance expediency and regulatory compliance. Methods used to achieve this balance may vary significantly by client size, location, industry, and other criteria.
Simplified Due Diligence Requirements
In general, CDD requirements obligate financial providers to adhere to four main categories of requirements:
- Identifying and verifying individual customer identity: confirming who a customer claims to be and establishing that they are who they claim to be
- Identifying and verifying business customer Ultimate Beneficial Owners: determining who ultimately owns and controls a business entity or nonprofit
- Evaluating customer risk by understanding the nature and purpose of customer relationships: given that the customer is who they claim to be, weighing how much risk of money laundering they pose
- Monitoring transaction risk: tracking transactions, flagging suspicious activity, establishing reporting procedures, and keeping customer identifying data up-to-date (for example, confirming a business address hasn’t changed since the customer opened the account)
This framework establishes minimums to which auditors expect financial providers to adhere, but they don’t prescribe policy. Beyond general requirements, regulations don’t specify what procedures providers should follow. For example, which procedures and documentation a business uses to verify customer identity may vary. Similarly, financial providers must assess risk, but they are not required to use any specific risk-scoring system. While institutions must keep customer account information up-to-date, how often they need to update it isn’t specified by regulatory authorities. Some institutions may use media research to check for negative items about customers, but regulators do not require this.
This broad latitude allows providers a significant amount of flexibility when applying SDD. Some providers may elect to use SDD under a broader range of situations. Others may invoke them less frequently. Individual institutions may develop very customized procedures.
Just because an initial assessment identifies a client as low-risk doesn’t mean risk perception can’t change. For example, suppose a periodic update of customer information reveals a higher risk than the original assessment. In that case, SDD may no longer apply, and standard CDD or EDD procedures may kick in.
Efficiently Perform Simplified Due Diligence with Incode
With today’s financial customers accustomed to instant online transactions and the high volume of customers and transactions handled by digital financial providers, manual Due Diligence checks have become impractical. To keep customers satisfied, you need rapid Due Diligence procedures that let clients complete business quickly without compromising security while allowing you to meet regulatory requirements.
Incode’s Omni digital identity verification platform is designed to help you meet your CDD requirements while delivering customer-satisfying service. Incode Omni is powered by artificial intelligence to enable rapid processing of customer data obtained through technology such as facial recognition, automated risk assessment, and real-time transaction monitoring. Contact our team today to request a demo and see how Incode can speed up your Customer Due Diligence procedures, strengthen your security, and satisfy your customers.