Contact Us
  • White paper

Anti-money laundering in the post-CDD era

How the new Customer Due Diligence rule impacts anti-money laundering in the years to come

Tens of thousands of hours of preparation have gone into the policies, procedures, and technologies needed to effectively respond to the Financial Crimes Enforcement Network's (FinCEN) Customer Due Diligence (CDD) rule. Since the rule was announced in May 2016, every anti-money laundering (AML) industry conference, peer working group, and compliance department planning meeting has focused extensively on CDD rule preparations. Now that the rule is in effect as of May 2018, what comes next will require AML programs to have a solid plan to operationalize this data to improve overall compliance.

The CDD rule examined

The CDD rule lays out, for the first time, the four core elements of customer due diligence that FinCEN says should be requirements of all AML programs at institutions covered by the rule, which include federally regulated banks and federally insured credit unions, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities.

These elements are:

  1. Customer identification and verification, which has long been a standard part of “know your customer” programs but will likely involve increased collection of identification documents and growing reliance on third-party data providers for verification services.
  2. Beneficial ownership identification and verification, which is an expansion over previous requirements. This somewhat controversial element significantly expands data collection and research needs of financial institutions with regard to legal entity customers.


Anti-money laundering in the post-CDD era
  1. An understanding of the nature and purpose of customer relationships to develop a customer risk profile. This necessitates the development of a risk matrix for use in evaluating customer risk that incorporates reliable customer data, along with other financial activity information.
  2. Monitoring and reporting suspicious activity and also updating customer information on a risk basis. This longstanding requirement ties together the other three elements by requiring that the first and second are updated based on the results of the third.

Of the four elements, FinCEN notes that the first is already an explicit AML program requirement, while the second is new and the last two are both implicit requirements now being made explicit. As a whole, the rule has two major requirements: collecting reliable information on customers and using that customer information to evaluate risk and improve AML processes.

Get your copy of the full whitepaper here.

Visit our risk page