Your Guide to Ongoing Customer Due Diligence (OCDD)

Global regulatory bodies are making Customer Due Diligence (CDD) an ongoing process for reporting entities to operate legally. CDD is a risk-based process for assessing customers’ risk profiles andverifying their identityby involving a number of regulatory obligations.AUSTRAC, Australia’s financial watchdog, has explicitly prohibited reporting entities from providing a designated service ifcustomer identification procedurescannot be performed.

In recent years, CDD is evolving to a proactive process with more regular verifications and risk profiling. An Ongoing Customer Due Diligence (OCDD) helps you identify, mitigate andmanagemoney laundering and terrorism financing (ML/TF) risk. This includes developing and documenting an Enhanced Customer Due Diligence (ECDD) program and a transaction monitoring program.

Your AML/CTF program must include OCDD structure and controls to decide whether the additional customer and beneficial owner information should be collected and verified on an ongoing basis. OCDD includes ensuring that your customer’s information is updated and processes fortransaction monitoringandthe ECDDprogram are planned.

According to AUSTRAC

Your Transaction Monitoring Program Must:

• Define the processes you follow to identify suspicious customer transactions
• Document appropriate risk-based systems and controls that capture all necessary sources of customer and transaction data or information
• Set out systems and controls that trigger alerts for further review
• Implement processes to consistently review and manage the internal escalation and investigation of alerts
• Prioritise alerts according to the level of risk
• Document processes to consistently manage the reporting of potentially suspicious matters
• Detail sufficient assurance processes to review the management of alerts
• Continually monitor transactions at all levels, not just, for example, by branch or venue level
• Document processes with sufficient specificity to enable them to be consistently applied
• Document and audit any automated transaction monitoring processes

Your Enhanced Customer Due Diligence (ECDD) Program Must:

• Define the types of customers, designated services, channels and jurisdictions that you consider to be a high or greater level of risk, and ensure procedures allow for consistent implementation of ECDD processes
• Specifically identify who is responsible for carrying out ECDD
• Establish controls for consistently applying ECDD to ensure its operation, monitoring and internal reporting

OCDD and ongoing monitoring go hand in hand to identify risk patterns across customers and mitigate and manage that risk at a business level. You must beproactiveand monitor your customers throughout your entire relationship with them.

Example: Ongoing Customer Due Diligence in Action

As a result of a recently updated risk assessment, BusinessCO identifies transactions by certain customers involving a $5,000 threshold of physical cash as posing a higher risk. Prior to this updated risk assessment, only transactions of this nature above $8,000 were considered to be of higher risk. Three months later, a periodic audit of BusinessCO’s transaction monitoring program reveals that it is designed to trigger alerts for transactions in physical cash of $8,000 or more; however, no triggers were in place that aligned with the updated risk assessment for transactions between $5,000 and $8,000.

BusinessCO acts swiftly to rectify the oversight and ensure it aligns with its risk profile. BusinessCO also undertakes a back capture to identify all transactions in physical cash that fall within the $5,000 to $8,000 bracket and, in so doing, identifies the activities of one customer that, upon review, raises suspicion and is referred for ECDD. ECDD indicates that this customer may be evading tax payments by undertaking cash-in-hand jobs, and a suspicious matter report is provided to AUSTRAC. Following the initial referral, the customer was subject to increased monitoring to ensure any suspicious activity was detected and reported to AUSTRAC.