This article appears as the "Discussion of the month" topic in AML News and Updates Newsletter - May 2023 edition which can be found here.
If you work in AML compliance, you have likely heard that "enhanced due diligence" (EDD) must be applied to high-risk customers since most of the AML problems come from them. How do we identify high-risk customers, what is EDD, and why is it so important?
What is EDD and why it is important
EDD is an additional layer of customer due diligence that financial institutions and other regulated entities must undertake as part of anti-money laundering (AML) obligations, specifically when dealing with high-risk customers, products, or transactions.
EDD goes beyond the standard customer due diligence measures and includes obtaining a deeper understanding of the risks involved in a business relationship and identifying any potential vulnerabilities that could expose the organization to financial, regulatory, or reputational harm.
The importance of EDD cannot be overstated, as it plays a crucial role in mitigating the risk of financial crime and protecting institutions from potential consequences of money laundering (ML), terrorism financing (TF), and other illicit activities.
Example: In 2021, Capital One bank was fined $390 million by the US Treasury Department for violating AMLlaws. The bank failed to perform adequate EDD on its high-risk customers, mainly involved in check cashing and money services businesses.
The importance of a risk-based approach in identifying high-risk customers
A risk-based approach is critical in identifying high-risk customers, as it enables institutions to tailor their due diligence and monitoring activities to the specific risks posed by each customer. Even two high-risk customers, in some cases, can expose a company to different levels of ML/TF risks.
Example: A high-net-worth individual who conducts infrequent and low-value transactions may pose a lower ML/TF risk than a politically exposed person (PEP) who conducts high-value transactions on a regular basis.
What information is required for high-risk customers?
When assessing their clients, including high-risk customers, entities must obtain additional information that will help them to:
Understand the customer's business operations, reputation, ownership structure, and financial history in greater detail
Identify any potential red flags, such as past criminal activity or involvement in high-risk industries
Conduct ongoing monitoring of the customer's transactions and activities
Example: In the previous example, the PEP customer requires more scrutiny and verification of their information, more approval and oversight from senior management, more frequent and intensive monitoring of their transactions and activities, and more reporting of any suspicious or unusual transactions.
Examples of high-risk customers in various industries
Different entities define high-risk customers based on their approach and risk appetite, following national laws and supervisory authority guidance. Additionally, entities may consider certain factors as potentially higher-risk situations, such as:
Risks related to the customer:
Unusual circumstances in the business relationship (e.g., significant geographic distance between the financial institution and the customer)
Legal persons or arrangements that act as personal asset-holding vehicles
Companies with nominee shareholders or shares in bearer form
Unusual or excessively complex ownership structure, given the nature of the company's business
Risks related to geography or countries:
Countries with inadequate AML/CFT systems identified by credible sources, such as mutual evaluation, detailed assessment reports, or published follow-up reports.
Countries subject to sanctions, embargoes, or similar measures issued by credible sources, for example, the United Nations.
Countries identified by credible sources as having significant levels of corruption or other criminal activity.
Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities or designated terrorist organizations operating within their country.
Risks related to the product, service, transaction, or delivery channel risk factors:
Anonymous transactions (which may include cash).
Non-face-to-face business relationships or transactions.
Payment received from unknown or un-associated third parties
Conducting EDD on High-Risk Customers
When dealing with high-risk customers, entities are usually required to implement Enhanced Due Diligence (EDD) measures. These measures are defined in the national law and often include a range of activities and controls, such as:
Gathering additional information on the customer such as occupation, volume of assets, and publicly available information,
Obtaining more information on the intended nature of the business relationship.
Gathering information on the source of funds or wealth of the customer.
Gathering information on the reasons for intended or performed transactions.
Obtaining senior management approval to start or continue the business relationship.
Conducting enhanced monitoring of the business relationship by increasing the number and timing of controls and selecting patterns of transactions that need further examination.
Requiring the first payment to be made through an account in the customer's name with a bank subject to similar CDD (customer due diligence) standards.
Requesting additional documentation to verify the customer's identity or the identity of the beneficial owner.
Updating customer and beneficial owner identification data more frequently.
Using specific indicators to identify suspicious behavior or patterns of activity.
The challenges of identifying high-risk customers
It can be challenging to identify high-risk customers because:
criminals may deliberately try to conceal their true identities and activities through complex structures or transactions, making it difficult for regulated entities to accurately assess their risk level.
high-risk customers may not always be easily distinguishable from other customers, requiring additional time and resources to conduct proper due diligence.
entities may not have access to all the necessary information to assess the risks associated with a particular customer.
The Role of technology in Facilitating EDD
With the increasing importance of identifying and managing high-risk customers to prevent financial crimes such as money laundering and terrorism financing, technology has become an important tool for facilitating enhanced due diligence (EDD).
Various technological solutions can help financial institutions identify and manage high-risk customers. These include:
Customer Relationship Management (CRM) Systems: These systems are used to store and manage customer information and can be used to identify high-risk customers and trigger additional due diligence measures.
Data Analytics Tools: These tools can analyze customer transaction activity and identify potentially suspicious behavior or patterns.
Artificial Intelligence (AI) and Machine Learning (ML): These technologies can screen customers against sanctions and watchlists and identify potential red flags. They can also analyze customer data and identify potential connections or relationships with other high-risk individuals or entities.
Risk Scoring Models: These models use statistical algorithms to analyze customer data and assign risk scores to customers based on their characteristics, behavior, and other factors.
Identity Verification Technologies: These technologies can be used to verify the identity of customers and ensure that they are who they claim to be.
Enhanced Screening Solutions: These solutions use advanced screening techniques to identify potential risks associated with high-risk customers, such as adverse media screening, politically exposed person (PEP) screening, and enhanced country risk screening.
KYB tools: used to verify the identity and business information of a company or entity, and they can help identify potential risks associated with conducting business with that entity. Examples of KYB tools include Business Information Providers,
Business Verification Services and Compliance Screening: that perform checks against sanctions and watchlists.
EDD plays a critical role in identifying and managing high-risk customers to prevent financial crime and protect businesses from reputational and financial harm.
As criminals become more sophisticated in their methods, it's essential that compliance programs are able to adapt and perform appropriate checks and EDD measures to stay ahead of the evolving threats.
Although the use of technology can greatly enhance the effectiveness and efficiency of EDD, it's important to remember that human judgment and oversight are still necessary to ensure that the results generated by these tools are accurate and meaningful.
By staying vigilant and proactive in their approach to EDD, businesses can better protect themselves from the risks associated with high-risk customers and maintain the integrity of their operations.