What is customer due diligence (CDD)?

What customer due diligence (CDD) is and why it matters


In this post, we’ll define CDD, provide an overview of how it applies, explain why it’s important, and offer some ways we can help you perform it.


CDD involves conducting background checks, and screening potential and existing customers to ensure they’re correctly risk-assessed and not involved in money laundering, sanctions, terrorism or money muling. Minimum CDD includes checking customers against prohibited lists (PEPs and sanctions), as well as capturing and verifying:

  • Full name
  • Residential address
  • Date of birth
  • Photo ID

To increase confidence in your customers’ digital identities, further checks can be performed, such as phone numberemail addressdevice, location, bank account and card verification.

What’s the difference between CDD and KYC?

Whereas ‘know your customer’ (KYC) checks focus on screening potential customers before establishing business relationships, CDD also covers ongoing monitoring of suspicious activities.

What if a higher money laundering risk is determined?

In that case, enhanced due diligence (EDD) may be required. If the risk is acceptable and a business relationship begins, it’s prudent to monitor that account for suspicious activity.

What’s the purpose of CDD?

The primary purpose of CDD is to help businesses establish their customers are not involved in illegal activity and are who they say they are. CDD aims to prevent organised financial crime, including money laundering and terrorist funding, and associated crime like money muling and drug cartels.

Who is CDD applicable to?

Traditionally, CDD only covered financial services, but regulators widened the scope to other regulated sectors and, more recently, unregulated sectors, such as cryptocurrencies and art. Here are some sectors in which CDD must be conducted on business relationships:

Who oversees CDD?

The Financial Conduct Authority (FCA) monitors and enforces CDD compliance in the UK. Sectors within and outside of financial services will also have advisory or regulatory bodies; in fact, there are over 100,000 businesses subject to money laundering regulations. Some examples of these regulators include: The Office for Professional Body Anti-Money Laundering Supervision (OPBAS); HRMC; The Solicitors Regulation Authority; UK Gambling Commission; and the Association of Chartered Certified Accountants, which issues requirements businesses must follow and guidance to align closely with the principles of CDD and prevention of financial crime.  

Why comply with CDD?

Aside from the moral and ethical case for fighting organised financial crime and terrorism by performing CDD, there’s also potential for significant financial impact from fines, imprisonment and reputational damage if guidelines are not followed correctly.

How to comply with CDD?

Each business is responsible for its own compliance with CDD. However, the FCA and other regulatory bodies, such as the Gambling Commission, require firms to take a risk-based approach to CDD and AML.

What is a risk-based approach to CDD and AML?

Once a customer’s details have been captured for CDD, a business must decide whether to engage with them based on the information presented. Businesses can use a risk scoring or rating system, such as ‘low risk’ or ‘high risk,’ or a score to help them determine the level of risk the customer poses and which action to take. Possible actions include decline, pass or investigate further. For example, an instance where a PEP is identified would trigger the need for EDD checks. It’s worth noting there’s no specific way businesses must implement a risk-based approach. 

The FCA notes businesses using a risk-based approach should not only rely on their own experiences and observations, but also take a proactive approach in seeking out information about money-laundering trends and threats from external sources. This helps businesses ‘effectively review and revise their use of AML tools to fit the specific risks they face.’

Three Steps to help support you with CDD AML

  • Step 1. Verify customer identities. Validate your customer’s full name, residential address and date of birth. Then capture and validate their photo identity against government-issued documents like a passport. Simplify and automate this process using: Identity VerificationDocument Verification and Facial Recognition
  • Step 2. Screen your customer against prohibited lists. Check whether your customer is present on PEPs, sanctions, and/or fraud watchlists. Simplify and automate this process using the TransUnion TruValidate Identity Verification solution, which can integrate these checks as part of your process and is available via web portal or API.
  • Step 3. Risk assess your customer. Make an informed, risk-based decision on how risky your customer is from your CDD assessments and wider insights. Simplify this process using Consultancy Services to help give you a robust view, and decisioning that can then be implemented and automated.

At TransUnion, we aim to enable businesses and consumers to transact with confidence. We can help you establish trust and develop a risk-based approach to CDD through our TruValidate Identity Proofing, PEPs and sanctions and Document Verification services, as well as by offering expertise and guidance through our Consultancy Services.

The potential benefits of automated simplicity

Improved operational efficiency: Automating the majority of initial CDD checks to pinpoint those that are high risk and need further investigation saves you time, resources, operational costs and risk of human error — allowing your teams to focus efforts on more value-added areas.

Better conversion rates with faster onboarding: Reducing processing time from hours to near real-time for low-risk customers helps you meet their expectations and engage them before your competitors.

Proactive decisioning and alerts: Automating your risk scoring means fewer decisions for your team to consider, while proactive fraud alerts enable you to investigate concerns as soon as they appear, reducing the likelihood of the fraud going undetected.

In summary

CDD consists of performing background checks, and screening potential and existing customers to ensure they’re not involved in illegal activity. At a minimum, CDD checks include verifying a customer’s name, address, date of birth and photo ID and screening them to ensure they’re not on prohibited lists. The FCA enforces and requires a risk-based approach to CDD. Other regulatory bodies, such as the UK Gaming Commission, issue additional guidance and requirements. Some non-regulated sectors have also adopted CDD processes.

The key steps to performing CDD are verifying, screening and risk assessing customers. Automating your CDD checks can help improve your operational efficiency through cost and resource savings, and potentially increase onboarding rates by minimising application processing time, thereby improving the customer’s experience. TransUnion has deep expertise in identity and fraud prevention and can support you with CDD regulatory requirements. 

Contact your TransUnion representative directly, complete the form below to learn more about the TruValidate suite of solutions, or book a consultation to discover how you can turn CDD into a business enabler.

CDD Resources

Follow the links for further reading and insights.

The Challenge of Identity Validation and Authentication Amidst Economic Uncertainty, TransUnion, June. 2020

Optimising the Onboarding Flow: Biometrics, TransUnion, Sept. 2021

Friction-Right Customer Journeys: How to Optimise CX Whilst Fighting Fraud

Your responsibilities under money laundering supervision

For more details on CDD, visit HMRC site contact HMRC.

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 388 4300

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.