Learning objectives

By the end of this module, you will: 

• Understand what customer due diligence (CDD) involves, 

• Which checks are required at onboarding, 

• How screening applies to individuals, businesses, and beneficial owners, 

• How to handle incomplete or refused information. 

This module will give you the confidence to explain which checks to run your clients through and the vital role they play in your own success.

Introduction: Why customer due diligence matters

Customer due diligence (CDD) is one of the most visible parts of an AML program. It is often the first thing regulators review because it shows how you decide who you are willing to do business with.

At this stage, customer due diligence is not about collecting as much information as possible. It is about collecting the right information based on the risks you identified in your risk assessment.

This module will help you design onboarding and screening controls that are proportionate, defensible, and aligned with regulatory expectations.

Section 1: What customer due diligence means

CDD refers to the steps you take to identify your customers, understand who they are, and assess their risk before establishing a business relationship.

At a minimum, this includes identifying the customer, verifying their identity, and screening them against relevant risk indicators, such as sanctions or watchlists. 

For higher-risk customers, due diligence becomes more detailed and may involve additional checks.

Customer due diligence is not a single step. It sets the baseline for how a customer will be monitored over time. You can learn more about CDD in this article. 

Section 2: Customer due diligence versus enhanced due diligence

Not all customers require the same level of scrutiny. A risk-based approach means distinguishing between standard customer due diligence and enhanced due diligence (EDD).

Standard due diligence (SDD) applies to customers who fall within your expected risk profile. Enhanced due diligence (EDD) applies when risk factors indicate a higher likelihood of financial crime

• These factors may relate to the customer, the product, the geography, or the transaction behavior.

Enhanced due diligence should be clearly defined. Regulators expect firms to explain what triggers it and what additional steps are taken in response.

Pause and reflect. 

Could you clearly explain what makes a customer higher risk in your business and what changes when that threshold is crossed?

Section 3: What screening is required at onboarding

Screening is a core part of customer due diligence. At onboarding, regulators typically expect firms to screen customers against sanctions lists and other relevant risk indicators.

Screening should be aligned with your risk assessment and jurisdictional obligations. This includes screening individuals and, where applicable, businesses and their beneficial owners.

The goal of screening is not to eliminate all risk. It is to identify known risk factors early and decide whether additional controls are needed before onboarding proceeds.

Section 4: Screening individuals, businesses, and beneficial owners

Customer screening applies differently depending on who your customer is.

For individual customers, screening focuses on identifying sanctions exposure and other indicators of heightened risk. 

For business customers, screening extends beyond the entity itself to include beneficial owners and, in some cases, key controllers.

Beneficial ownership screening helps regulators determine whether a business is ultimately controlled by an individual who poses elevated risk. This is especially important when ownership structures are complex or cross-border.

Your approach should be consistent with your risk assessment and clearly documented.

Section 5: Handling incomplete or refused information

Not all customers will provide the information you request. Regulators expect firms to define how they handle incomplete, inconsistent, or refused information.

At an early stage, this often means declining to onboard the customer or limiting activity until information is provided. What matters is that the decision is intentional and consistently applied.

Your procedures should explain which information is mandatory, what flexibility is available, and when onboarding cannot proceed. This protects your business and demonstrates control.

Section 6: Connecting onboarding decisions to your AML program

Customer due diligence decisions should not exist in isolation. They should connect directly back to your risk assessment and risk-based approach.

When regulators review onboarding controls, they often test whether decisions align with documented risks. Consistency across these documents is critical.

This is why customer due diligence design follows risk assessment, not the other way around.

Learning checkpoint: What good looks like after step 4

At the end of this module, you should:

• Be able to describe your onboarding and screening process clearly and confidently.

• Know what checks you run for different customer types.

• What triggers make up enhanced due diligence.

• How you handle missing information. 

Most importantly, you should be able to explain why your approach is appropriate for your risk profile.

If your onboarding controls align with your documented risks and are consistently applied, you are meeting regulatory expectations at this stage.

Preparing for step 5

In the next module, you will go deeper into sanctions, politically exposed persons, and adverse media to understand how different risk types fit together and when screening alone is not enough.

Further reading & resources: 

• The CDD essentials

• When to step up: Enhanced due diligence

• Unmasking the owners (UBO)