Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AML/CFT BSA Rules and Regulation Customer Due Diligence Fraud Prevention

What is customer due diligence? Risk-based CDD in an uncertain legislative environment

Terri Luttrell, CAMS-Audit, CFCS
March 20, 2025
Read Time: 0 min

This article covers these key topics:

CDD for banks amidst regulatory uncertainty

Customer due diligence (CDD) is a fundamental component of a strong anti-money laundering/countering the financing of terrorism (AML/CFT) program. Banks and credit unions should ensure their risk-based CDD policies and procedures are both comprehensive and adaptable, especially as regulatory policies change in today’s legislative environment.

What is customer due diligence?

Customer due diligence is the process of verifying customer identities, assessing risk levels, and monitoring transactions to detect and prevent financial crime. This process helps financial institutions understand their customers and identify suspicious activity. Effective, risk-based CDD processes also keep banks and credit unions compliant with the CDD Final Rule, which amended the Bank Secrecy Act to include beneficial ownership requirements. The rule's intent is to enhance financial transparency and prevent criminals from using shell companies to hide illicit activities.

Staying on top of fraud is a full-time job. Let our Advisory Services team help when you need it.

Connect with an expert

Beneficial ownership requirements and CDD for banks

The Corporate Transparency Act (CTA), which took effect on January 1, 2024, introduced new beneficial ownership reporting requirements designed to enhance financial transparency and combat illicit financial activities. Under the CTA, most U.S. corporations, LLCs, and similar entities were to report beneficial ownership information (BOI) to the Financial Crimes Enforcement Network (FinCEN), identifying individuals who own or control at least 25% of a business or exert significant control. This law was intended to strengthen AML/CFT efforts by making it harder for bad actors to hide behind anonymous corporate structures.

On February 27, 2025, FinCEN announced that it would not impose fines, penalties, or enforcement actions against companies for failing to file or update beneficial ownership information under the CTA. No enforcement measures will be taken until a forthcoming interim final rule, expected by March 21, 2025, is in effect and the new due dates are outlined. This reflects the current administration’s approach to easing what it views as excessive regulatory burden.

In this evolving legislative environment, banks and credit unions should stay informed about CTA developments. The new reporting framework could influence CDD processes and beneficial ownership verification. Institutions may need to adjust their risk assessments and compliance procedures as regulators refine how the CTA interacts with existing CDD rules and AML/CFT regulations.

Regardless of the status of the CTA, AML/CFT professionals should do what is right for their institutions. Their critical mission is to ensure that the proceeds from illicit activity do not flow through their bank or credit union.

The components of an effective, risk-based CDD program

A well-executed CDD program helps institutions detect and prevent fraud, money laundering, and terrorist financing while maintaining regulatory compliance and protecting their reputation by:

  • Identifying and reporting suspicious activity that could expose the institution to risk
  • Preventing criminal exploitation of banking products and services
  • Maintaining compliance with regulatory requirements and safe banking practices

The current CDD rule outlines key requirements for financial institutions that should be included in your processes and procedures and followed through in daily practice:

  • Customer identification and verification – Collecting and verifying key customer information, such as name, date of birth, address, and identification number.
  • Beneficial ownership identification – Determining the individuals who own or control legal entities opening accounts.
  • Understanding customer relationships – Developing customer risk profiles to anticipate expected transaction patterns.
  • Ongoing monitoring – Identifying and reporting suspicious transactions, including expected vs. actual activity, while updating customer risk profiles as needed.
  • Risk assessment: Evaluating customer profiles based on transaction patterns, business type, and geographic exposure
  • Enhanced due diligence: Applying deeper scrutiny and enhanced monitoring for higher-risk customers

Recognizing high-risk customers

The Federal Financial Institutions Examination Council (FFIEC) BSA/AML Manual highlights several customer types that may present higher risks, including:

  • Independent ATM owners and operators
  • Nonresident aliens and foreign individuals
  • Charities and nonprofit organizations
  • Professional service providers
  • Cash-intensive businesses
  • Non-bank financial institutions
  • Politically exposed persons (PEPs)

Understanding these risks allows financial institutions to tailor CDD procedures appropriately, applying additional due diligence where necessary.

Ongoing risk monitoring and reassessments

A customer’s risk profile is not static. Periodic reviews ensure financial institutions stay ahead of emerging risks. When reassessing risk, consider:

  • Source of funds and wealth
  • Business type and ownership structure
  • Financial statements for business customers
  • Geographic risk factors
  • Transaction volume and patterns

Regular risk assessments help institutions adjust monitoring efforts and apply enhanced due diligence as needed.

Documenting CDD procedures

Clear documentation is essential for regulatory compliance and audit preparedness. Financial institutions should maintain detailed records of:

  • Customer risk reviews and justifications for risk ratings
  • Updates to risk profiles based on ongoing monitoring
  • Higher-risk periodic reviews and outcomes

CDD software solutions can streamline this process, helping compliance teams efficiently track and analyze customer data while maintaining a complete audit trail.

Staying ahead of compliance challenges

AML/CFT Officers should carefully document each customer risk review to include the reasons for a specific risk rating. This CDD checklist will assist with writing complete CDD procedures, which will help the outcome of your subsequent examination.

It’s also essential to provide AML/CFT staff with customer due diligence software that can tailor CDD questions to meet the institution’s unique needs and help the team quickly review information for CDD and EDD. Having easy access to a comprehensive view of each customer relationship and tools that provide an entire review history and audit trail for each customer and account makes the team more efficient and effective. CDD violations are frequent findings in audits and exams and CDD requirements, customer risk ratings, and periodic higher-risk reviews cannot be neglected.

A strong CDD program helps banks prevent crime, maintain compliance, and protect their reputation. With evolving regulations and regulatory scrutiny, ensuring your institution has the right processes and resources in place is more important than ever. If your team needs additional support to manage these critical responsibilities, consider working with AML/CFT advisors who can provide expert guidance and staffing solutions to strengthen your compliance efforts and safeguard your institution from illicit activity.

Keep track of important CDD information in one central location.

Learn more
Webinar

Fast payments, faster fraud: Staying ahead of scammers

Read More
Success Stories

Texas National Bank amplifies fraud prevention with Abrigo Fraud Detection

Read More
Webinar

AML/CFT & fraud hot topics for 2025: What to expect for Financial Crime

Read More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.