Customer Due Diligence for Banks: Best Practices When Opening an Account

By Freed Maxick Cybersecurity Team on January 8, 2018
Back to main Blog
Freed Maxick Cybersecurity Team

importance-of-cdd-at-account-opening-336958-edited.jpgLower Risk for Your Bank and Better Customer Service Starts at Account Opening

Customer due diligence (CDD) at account opening is the foundation for anticipating the expected activity of your bank’s customers at the onset and throughout the duration of your relationship. With the right processes, policies and practices in place, your bank can lower risk and improve customers’ service throughout your relationship.

CDD involves the collection of information and documentation about a new customer per your bank’s policies and procedures. It will assist your understanding of: (1) the customer’s use of the account - purpose, intended use, source of funds, (2) the ownership structure of the account - beneficial ownership, and (3) whether enhanced due diligence (EDD) is required based on your risk-rating thresholds.  

We recommend that all information gathered as a result of CDD be used for building a “Know Your Customer” (KYC) Profile and updated periodically using a risk-based approach.

Customer Due Diligence Procedures at Bank Account Opening

Completing the following CDD procedures at account opening are considered to be best practices:

  • Capturing required information about the customer based on the bank’s customer identification program (CIP);
  • Understanding the customer’s ownership structure and, if required, documenting the names of and required information about the beneficial owners of the account;
  • Determining the purpose and intended use of the account, and building the expected activity profile of the account; and
  • Understanding the initial source of funds/assets for the account.

You should also have good procedures for maintaining and updating customer information using a risk based approach. Be sure to adhere to regulatory requirements on document retention.

Impact of Customer Due Diligence on Downstream Banking Processes

Customer due diligence impacts other areas of a bank’s BSA/AML Program such as alert management and investigation, suspicious activity report (SAR) filing and Enhanced Due Diligence (EDD).

As compliance costs continue to rise, gathering CDD information at account opening, is critical because this information is used in each of these processes. Not having this information readily available can delay the completion of these functions, which could result in a violation of regulatory requirements.

Alert Management and Investigation

Being able to predict the expected activity of a customer at account opening can reduce the number of alerts generated for that customer.

For example, if initial due diligence indicates that a customer will be conducting a high volume of wire transactions, this insight can be built into the customer’s profile and alerts will not be generated for related activities  that may appear to be unusual. Going as far as indicating a high volume of wire activity may not be enough though. Many AML applications allow for thresholds to be set for transaction activity so it may be worthwhile for the bank to also understand the amount of the expected wire activity so that reasonable parameters may be set for account alerts.

Complementary Best CDD Practices Review

If you have any questions about banking customer due diligence procedures, or wish to have an expert review your procedures, we are pleased to offer a complementary overview and discussion.

Suspicious Activity Report (SAR) Filing

When a bank identifies and determines that a customer’s activity is suspicious and should be reported to FinCEN, a SAR is filed on the customer to detail the activity and why it is suspicious. Understanding what type of activity is suspicious for each customer can be challenging as each customer has a unique activity profile and their activity levels may vary. Knowing the expected source of funds flowing into the account (at account opening and throughout the relationship), the purpose for the account and in what ways the account will be used allows the bank and its investigators to better identify what is suspicious and requires reporting.

Having complete and accurate information on each customer is critical for SAR filing. When the decision to file a SAR is made, the bank has 30 days to complete the SAR and file through FinCEN. If customer information is missing or inaccurate, this could delay the filing process, resulting in regulatory violations. Additionally, incorrect information about the customer may result in an erroneous SAR filing or missing suspicious activity that should require a SAR. Finally, if you have information on a customer that has been documented through your due diligence processes, be sure to include it in your filed SAR. FinCEN is keen on having all known information filed, even if it is not a required field on the SAR form.

Enhanced Banking Customer Due Diligence

Performing sufficient due diligence assists in identifying customers that are higher risk to the bank based on their risk-rating model. When a customer is considered high risk, EDD should be performed to more closely identify and monitor activity after account opening. If information is not captured through CDD, high risk customers may not be identified in a timely manner, increasing the bank’s exposure to money-laundering activities.

Information gathered at account opening and throughout the relationship should be used in EDD reviews. This information, used along with account activity during the review period, is used to determine if the customer has engaged in any suspicious activity that requires the filing of a SAR. Investigators should use this information to identify and document any trends that can be followed from review period to review period. When information on hand appears to be stale, the investigator should reach out to the business unit to determine if updated information is available or if customer outreach is required to obtain this information.

Talk to Freed Maxick about Independently Testing Your BSA/AML Program Compliance

Independent testing of your BSA/AML program is considered to be one of the pillars of a strong financial institution compliance program. Freed Maxick's testing methodology is based on the steps outlined in the Federal Financial Institution Examining Council's (FFIEC) examination manual. We understand that BSA/AML compliance costs are constantly growing so our proven testing approach is designed to complete testing in an effective manner, while providing value added feedback and recommendations for your program.

Our experienced team of BSA/AML Compliance professionals can help. 

For more information about having Freed Maxick perform an independent review of your BSA/AML Program, contact me at or connect with me on LinkedIn.

Stay up to date