On May 11, 2018, the FFIEC released new Customer Due Diligence (CDD) Examination procedures that reflect and codify the requirements of FinCEN’s final CDD rule.
These updates detail how financial institutions must establish appropriate risk-based CDD procedures to understand the nature and purpose of their customer relationships, in addition to “[c]onducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information”.
Below is a high-level look at some of the key areas in the updated examination procedures:
An End-to-End, Risk-Based Approach
These updates emphasize the importance of establishing and maintaining a risk-based approach to CDD and Enhanced Due Diligence (EDD).
To capture and accurately report suspicious activity, such as money laundering or human trafficking, it is essential to go beyond one-size-fits-all transaction monitoring. An institution must bake a risk-based mentality into their approach to a customer relationship, starting from account opening and extending throughout the association. This is reflected throughout the updates and emphasized in statements such as:
“Improper identification and assessment of a customer’s risk can have a cascading effect, creating deficiencies in multiple areas of internal controls and resulting in an overall weakened BSA compliance program.”
Risk Profile
Whereas the former procedures stated, “The objective of CDD should be to enable the bank to predict with relative certainty the types of transactions in which a customer is likely to engage,” the updated version alters this in an important way:
“The objective of CDD is to enable the bank to understand the nature and purpose of customer relationships, which may include understanding the types of transactions in which a customer is likely to engage.”
Successful CDD procedures are no longer about simply predicting transactional behavior. Institutions are now expected to take a more nuanced approach, building robust customer profiles that help develop an understanding of the customer’s relationship with the FI, which helps investigators better isolate customers that pose the highest risk.
Enhanced Due Diligence on Higher Risk Customers
“Performing an appropriate level of ongoing due diligence that is commensurate with the customer’s risk profile is especially critical in understanding the customer’s transactions to assist the bank in determining when transactions are potentially suspicious.”
An institution’s BSA/AML program, through the establishment of a risk-based approach that utilizes CDD and ongoing monitoring to develop more robust customer risk profiles, is in a better position to achieve success.
It is notable that the updates highlight the importance of stratification within high-risk categories. For example, every MSB does not necessarily pose the same level of risk to the institution. By building a strong customer risk profile and then performing ongoing due diligence appropriate to both their high-risk category and the level of risk associated with their individual profile, an institution can perform more efficient and effective monitoring.
In Summary
By following an end-to-end, risk-based approach to CDD and ongoing EDD, institutions position themselves to successfully develop and maintain in-depth customer risk profiles. This allows the creation of a more accurate institutional risk profile and helps BSA/AML teams place increased focus where it is needed most — on higher-risk customers.
