Conducting customer due diligence (CDD) does not come without its potential challenges and pitfalls. Here are some insights to help you identify the challenges and navigate the pitfalls of applying enhanced CDD (ECDD).
Challenges and Pitfalls 1 - Incorrect Risk Assessment of Customers
One of the biggest pitfalls right out of the blocks is getting the risk assessment process wrong. By not identifying those customers that should be subjected to ECDD, compliance measures would be arguably inadequate. This one facet – the incorrect risk assessment of customers – is an area that is often on the radar of your regulator during their inspections. And, failing to properly risk-assess customers has a cascading effect on the due diligence process!
Two Things I've Recognized
As a regulator, I have had evolving views on this topic. However, I’ve recognized two things:
- compliance officers are trying to get it right in many cases, and
- there are as many variables as clients that could cause one customer to slip down the risk rating scale.
NB: those cases did not include politically exposed persons (PEPs).
Two Things Regulators Should Keep in Mind
However, part of the assessment process of a regulator should include the understanding that:
- compliance officers do not risk-assess, collect and evaluate 100% of the customer base (except in increasingly rare cases), and
- applied compliance is never 100% perfect as humans are not infallible.
Challenges and Pitfalls 2 - Lack of Differentiation between CDD and ECDD
A significant challenge to applying ECDD is the lack of material differentiation between the ‘baseline’ customer due diligence and ECDD. If compliance procedures leave too little scope to have an understandably different requirement for high-risk customers and PEPs, a firm runs the risk of not carrying out ECDD when required. This issue is the case if staff are also unclear on what elements are needed between the two categories of clients.
Identifying the cause may be simple – i.e., a compliance manual that would benefit from revision to delineate what was required and when. However, the root cause may be more difficult to detect. For example, ‘compliance drift’ is where the actual compliance practices have drifted over time to one end of the spectrum and policies mirrored this evolution. Whatever the reason, having clear differentiation on the due diligence requirements for all tiers of risk assessed customers is crucial in correctly obtaining and updating due diligence.
Challenges and Pitfalls 3 - Due Diligence Requirements too Prescriptive/Inflexible
Another pitfall is being constrained to very specific information to satisfy due diligence requirements without scope for alternatives. An explanation for such an occurrence is when compliance manuals can are too prescriptive. An extremely prescriptive compliance manual may also frustrate staff and customers who require flexibility to permit alternative submissions.
Additionally, there are due diligence asks that, in the evolving world, have less value for true due diligence. Some documents requested, such as reference letters, no longer hold the value that they once held. Nevertheless, some firms continue to hold fast to requesting low-value documents that can give a false sense of compliance.
On the point of flexibility, compliance asks, such as utility bills, are at times, just not available! This is especially so for high-net-worth individuals (HNWIs) who do not have utility bills in their names (to protect their privacy) or live on properties owned through family structures. Therefore, asking for utility, mobile or, other bills for HNWIs may be a non-starter that is completely normal for the world in which they live.
An Alternative Due Diligence Ask
An alternative may lie in seeking high-quality documents where certain undertakings and attestations have been made or affidavits provided instead of utility bills. This is especially relevant where the customer may habitually reside in more than one location.
Challenges and Pitfalls 4 - Lack of Priority to Compliance / Senior Management Sign-off
Another pitfall is that ECDD must be updated and signed off on an annual basis by senior management (and is in regulation in most jurisdictions – check your local regulatory requirements to be sure).
Updating ECDD does not mean collecting information that is already on file – though I am aware that this is a practice in some jurisdictions – but rather, a process to update key data points. This is an area that would benefit from more nuanced compliance manuals in some cases and clearer regulatory guidance in others. Crafting the updating of any due diligence could be a ‘one-touch’ approach where the firm determines the lead time needed, what a comprehensive but concise request looks like and the application of soft skills. Protracted processes can lead to your most valuable clients feeling harassed.
The Five-star Resort Concierge Approach
Anecdotally, I have often suggested a five-star resort concierge approach to the updating process. Reduce the friction in collecting needed information and provide exceptional service in doing so. Some approaches have proven to be superbly effective in overcoming the gaps in updating.
Techniques for Encouraging Adherence
Concerning obtaining senior management sign-off, adherence to this requirement is a derivative of good governance within the firm. Boards of directors who embed accountability for the compliance function they have delegated will likely have better adherence to this requirement. Senior managers are typically busy persons, and compliance may not be given the priority it deserves. Therefore, the Board may consider incentive mechanisms being aligned towards effective compliance can also ensure full adherence by the staff that is needed to make for a more comprehensive compliance system.
Challenges and Pitfalls 5 - Ignoring High-Risk Transactions
ECDD is also required for customers that may not be risk assessed as high-risk but seek to carry out a high-risk transaction. This is a lesser appreciated facet of applied compliance that I have observed. It presents a gap that could present its own compliance risks. Similar to the thinking that a terrorist only needs to get it right once to have devastating effects. In the same vein, one transaction can have a similarly devastating effect if ECDD and, more broadly, compliance measures are not properly calibrated and tuned to real risks.
Addressing these challenges and navigating these pitfalls exemplify due diligence done differently.
Challenges and Pitfalls 1 – Incorrect Risk Assessments of Customers
Challenges and Pitfalls 2 – Lack of Differentiation between CDD and ECDD
Challenges and Pitfalls 3 – Due Diligence Requirements too Prescriptive/Inflexible
Challenges and Pitfalls 4 – Lack of Priority to Compliance / Senior Management Sign-off
Challenges and Pitfalls 5 – Ignoring High-Risk Transactions
Want to learn more about Customer Due Diligence? Check out our courses.