Due diligence is a fundamental rule of business which is basically a process carried out by businessmen to identify their business opponents. One important process that is carried out is Customers or Clients’ Due Diligence (CDD), which is an important element in managing business risk effectively and protecting businesses from potential financial crimes and other malicious activities.

The CDD process, also known as Know-Your-Customer/Clients (KYC), is a business process by verifying the client’s identity, physically, operationally, financially, as well as business potential. This process is one of the obligations carried out by businessmen around the world as well as by financial institutions with the aim of being anti-fraud and anti-money laundering (AML).

In addition to preventing business fraud, KYC rules also limit the financial activities of criminals and terrorists and ensure that politically exposed persons (PEPs) are not caught up in bribery or corruption.

However, most businessmen in Indonesia are not familiar with the importance of the KYC process and only rely on connections in doing business. Thus, many of their business developments are limited by the scope of these connections and experience slow business growth and even tend to decline. Another thing that happens is that there is anxiety in making partnerships with companies that they do not know about their business professionalism. Not a few companies are also involved in a case experienced by their clients or customers.

As every businessman knows, where there is a mine, there is money, and this led to an opportunity that business criminals will take advantage of. For example, the Board of Commissioners for Education and Consumer Protection from the Financial Services Authority revealed that there were 195 investment companies in Indonesia that raised funds or investments without holding clear licenses, which indicate they are fake. These illegal investments are currently operating in the regions, but most of them are in the capital city of Jakarta. (Sources: Otoritas Jasa Keuangan, 2020).

Another example, online activities have become an alternative business that have become trend in recent years. Since 2019, the Cyber Crime Directorate of Criminal Investigation Agency (BAREKSRIM) has recorded 1,617 cases of online fraud. In detail, as many as 534 cases happened from Instagram, 413 on Whatsapp, and the remaining 304 cases from Facebook (Source: www.liputan6.com). This fraud does not only attack individuals, but also businessmen, especially the small and middle class, because they are one of the major contributors of middle to upper class business.

Not only that, in the Commercial Court Case Management Information System (SIPP-PN), January-October 2020, there were 578 cases of bankruptcy and suspension of obligation for payment debt and petition for declaration of bankruptcy. The company involved as the reported party in this case caused late payment to the partner company.

By doing KYC, businessmen will avoid business partners who are at risky financial level that is approaching bankruptcy. Therefore, apart from being the right thing to do morally, the Customers/Clients’ Due Diligence (CDD) or KYC process is a smart business strategy to avoid major losses due to fraud, hefty fines, and sanctions, as well as payment of transactions and bad publicity. This is to conclude, running a business without knowing your customers today is not easy.

KYC in Worldwide:

While caveat emptor (buyer beware) has been around since Roman days, the concept was first codified into law in the U.S. Security Act of 1933, where the phrase due diligence came into being. Cut to 2001, and the U.S. Patriot Act, where the idea of due diligence was applied to knowing your customers. Since then, the U.S. has strengthened CDD requirements, and similar laws have been passed around the world.

There are generally three steps in the KYC process:

  1. Identify your customer, through a proper Customer Identification Program (CIP)
  2. Understand the customer activities
  3. Assess money laundering risk

Taken together, steps 2 and 3 are the basis of CDD.

As of 2016, according to PwC, at least 92 countries have AML legislation with some form of CDD requirements. Here is a sampling:

Due diligence in China

  • Due Diligence Type I

This account type is the most basic of the three, with transaction limits for outgoing transfers set to just over a total of USD 150, which includes transfers to the user’s own bank account. However, satisfying the KYC requirements for this account only requires an online identity check. Once exceeding the limit, the customer must undergo additional identity checks to continue using the account.

  • Due Diligence Type II

For a Type II account, the KYC requirements are more stringent. To open this type of account requires an in-person identity verification or three external identity database checks. With this higher level of security in place, there is also a higher limit for outgoing transactions, at just over USD 15,000 annually. Additionally, this limit does not apply to transfers to the user’s own bank account. This allows eCommerce merchants to use this type of account to receive and withdraw funds with no restrictions.

  • Due Diligence Type III

With a limit set to just over USD 30,000 per year, the Type III account would be suitable for investments as well as for making purchases. Because of the higher limit, the KYC requirements are, by far, the strictest. To open a Type III account requires either an in-person identity check or five external identity database checks. Like Type II accounts, transfers to a user’s own bank account do not apply to the annual transaction limit.

Due diligence in South Africa

Like many other Financial Action Task Force (FATF) member countries, part of the standard KYC process requires Customer Due Diligence checking. Also, Enhanced Due Diligence (EDD) procedures are mandatory in South Africa for both foreign and domestic PEPs, which describes anyone entrusted with a prominent public function or anyone who is closely related to such an individual.

Due diligence in Mexico

On April 16, 2019, Mexico updated its AML law, the Federal Law for the Prevention and Identification of Transactions with Funds from Illicit Sources.

Regulated parties, according to the FATF, “are generally prohibited from opening or maintaining anonymous accounts.” An exception is made to promote financial inclusion for deposits of pesos into individual accounts that don’t exceed a threshold. For financial transfers above USD 10,000, basic information is required, while amounts over USD 5,000 require more detailed customer information. Further regulations and AML provisions vary based on the industry and regulator.

Mexican identity verification has grown in the past few years. While there has not been a legal requirement for independent verification, copies of identification are generally provided upon account openings. Furthermore, verification of Mexican identities is important for many U.S. businesses.

Due diligence in Canada

Canada has updated its Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), with most amendments coming into force as of June 1, 2020. The definition of acceptable documents to ascertain identification has been changed from “original, valid and current” to “authentic, valid and current,” enabling the use of document verification as a fully legal process to help establish identity.

Going forward, there are three acceptable methods for identity verification:

  1. Government-issued photo identification method where the document must be authentic, valid, and current
  2. Credit file method where the information must be valid and current
  3. Dual-process method where the information must be valid and current and from different sources.

According to FINTRAC, a reliable source is either an originator or issuer of information that can be trusted to verify a client’s identity. FINTRAC gives a few examples of what it considers reliable sources, including all levels of government, crown corporations, financial institutions and utilities.

Canada’s existing rules already require that regulated financial service businesses monitor foreign PEPs. Those same requirements also apply to domestic PEPs as well as the heads of international organizations and family members and close associates of such persons.

Due diligence in Europe

  • Customer authentication

Most significantly, PSD2 (Payment Service Directive) calls for considerably tougher rules on verifying the identities of payment service users. PSPs must apply “strong customer authentication” for senders who initiate electronic payments. Based on the definition given in the Directive, this means that two-factor authentication will be the minimum standard. Unless the senders themselves have committed fraud, PSPs that do not comply with this requirement will be responsible for any losses due to identity fraud.

In August 2016, the European Commission amended their due diligence requirements in AMLD 4.1:

The Due Diligence requirements are now more stringent. There are fewer scenarios where SDD (Simplified Due Diligence) for e-Money are allowable. There are more situations where CDD (Customer Due Diligence) need to be re-done. And, there has been an expansion of the definition of high risk, wherein enhanced due diligence is necessary (including remote transactions).

Due diligence in the United States

The Final Rule refers to new FinCEN rules with the applicability date of May 11, 2018 regarding Customer Due Diligence (CDD) requirements. Under the FinCEN CDD Rule, collecting, maintaining and reporting of beneficial ownership information is now a requirement for financial institutions:

Covered financial institutions must collect from the legal entity customer the name, date of birth, address, and social security number or other government identification number (passport number or other similar information in the case of foreign persons) for individuals who own 25% or more of the equity interest of the legal entity (if any), and an individual with significant responsibility to control/manage the legal entity at the time a new account is opened.

In general, there are four elements the FinCEN considers crucial when performing due diligence:

  1. Customer identification and verification
  2. Beneficial ownership identification and verification
  3. Understanding the nature and purpose of customer relationships to develop a customer risk profile,
  4. Ongoing monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information.


  • Different risk profiles

As the types of financial accounts, and account holders, vary widely, so does the risk profile. Many jurisdictions take these different risk profiles into account when considering Customer Due Diligence and create different CDD levels.

  • Simplified Due Diligence

In some situations, if the risk for money laundering or terrorist funding is low, a full CDD is not necessary. In these cases, a Simplified Due Diligence (SDD) process is enough to satisfy legal requirements.

For example, low-transaction-value accounts limit the opportunity to use the account for illegal purposes. Therefore, to reduce friction to customers and financial institutions for these small value accounts, they are exempt from a stringent CDD. Each jurisdiction will have its own maximum limit for different types of accounts that can fall under the rules for SDD.

Another class of activities that can possibly use SDD are accounts that are already reporting under other checks and reporting systems. If a bank, for example, is under the same jurisdictional rules, it is already on record for its due diligence, so it does not face further requirements. Or a public company, which has its records already in the public domain, has its financial activities already monitored, and need not face full due diligence requirements.

  • Enhanced Due Diligence

On the other hand, there are types of activities or account holders that require extra scrutiny. If an account type or account owner has a higher risk of money laundering or terrorist funding, then it is subject to Enhanced Due Diligence (EDD).

For example, most jurisdictions require PEPs to go through the EDD process. Other factors that might trigger EDD are high-transaction-value accounts, accounts that deal with high-risk countries, or accounts that deal with high-risk activities.

In the end, while some EDD factors are specifically enshrined in a country’s legislations, it’s up to a financial institution to determine their risk and take measures to ensure that they are not dealing with bad customers.

(Source: www. medium.com)